Registered NDIS Provider

Privacy policy

At Chirpy Hearts, we understand your privacy is very important and we are committed to protecting your privacy and maintaining the trust you have placed in us to provide your disability services and the access you have granted to your personal and health information.

Chirpy Hearts is committed to ensuring the privacy of all participants, staff and sub-contractors and is maintained to the highest standards.

The following policy includes information about how we handle personal information (which includes sensitive information) and health information. The appropriate collection, storage, disclosure and disposal about participants is a legitimate part of providing services and keeping people safe. These activities will be performed by Chirpy Hearts in accordance with the law.

Chirpy Hearts is bound by privacy and other laws, including

  • Privacy and Data Protection Act 2014
  • Charter of Human Rights and Responsibilities Act 2006
  • Freedom of Information Act 1982
  • National Disability Insurance Scheme Act 2013
  • Disability Act 2006

This policy applies to all personal and health information collected, stored, used and disclosed about any individuals including participants, staff and sub-contractors.

Chirpy Hearts collects personal and health information necessary to the organisation’s functions and delivery of disability services. Chirpy Hearts collects personal and health information only by lawful and fair means and not in unreasonable intrusive ways. If is reasonable and practicable to do so, Chirpy Hearts collects personal and health information only from yourself/or your nominated representative/guardian/nominee.

When collecting data directly from yourself, Chirpy Hearts will take reasonable steps to ensure you are aware of why the information is being collected ( including the purpose for the collection and any relevant laws), who it may be disclosed to, the main consequences if you do not disclose the information, and how you may contact Chirpy Hearts to gain access to the information collected. Chirpy Hearts collects sensitive information where:

  • The individual has consented to the collection;
  • The collection is required by law;
  • The collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns is physically or legally incapable of giving consent to the collection or physically cannot communicate consent to the collection; or
  • The collection is necessary for the establishment, exercise or defence of a legal or equitable claim

Chirpy Hearts uses and discloses personal, health and sensitive information for the primary purpose of delivering disability service to the participant or related secondary purpose. The information collected may be shared with Chirpy Hearts and with service providers to enable efficient and effective delivery of quality services. Information will be shared with service providers only in relation to the services they deliver to meet the needs of the participant.

Chirpy Hearts collects, uses, holds and discloses personal and health information about a range of matters including, but not limited to:

  • Individuals participating in fee for services;
  • To issue invoices and/or notifications for payment. Under the Privacy Act, we require your consent to collect and store your information including your email address for the purposes of generating invoices and/or sending notifications. Your data will be automatically deleted and will not be stored or held by our financial establishment if we stop working with you and/or the financial establishment;
  • Managing contracts and funding arrangements;
  • Employment and personal matters concerning staff and sub-contractors;
  • Complaints made, and the feedback provided;
  • Requests made under the Freedom of Information Act 1982;
  • Investigating incidents;
  • Planning, monitoring and evaluating Chirpy Hearts’ functions and services;
  • Policy development and research; or
  • Meeting the reporting requirements of government and external oversight agencies.

Chirpy Hearts takes all reasonable measures to ensure all personal and health information held is accurate, complete and up to date and is relevant to Chirpy Hearts’ current functions and activities. We depend largely on you to provide us with the accurate personal information. If changes to your personal information required, please let us know by contacting us.

We also take all reasonable measures to protect, health and sensitive information from misuse, loss, unauthorised access, modification or disclosure. Such measures taken include:

  • Password protection for IT systems,
  • Securing paper files in locked cabinets,
  • Physical access to restrictions to buildings where information is held; and
  • Restricting access to your information to those dully authorised to have access.

You or your guardian/representative/nominee can ask to access your information by contacting Chirpy Hearts in writing detailing your request and the reason for your request. This request can be made in writing to the Manager, Chirpy Hearts GPO Box: 3141 or via an email sent to

If we do not provide you with access to all your personal information, we will tell you the reason why we have not done so. You or your guardian/representative/nominee can make a complaint about a potential privacy incident (breach) by contacting the Manager at Chirpy Hearts via email at  or phone number 0449960877.