Privacy Policy

Effective Date: 01/01/2025

Last Updated: 03/03/2025

 

1. Introduction

DyslexAbility Pty Ltd (“DyslexAbility”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality, and security of personal information in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the National Disability Insurance Scheme (NDIS) Act 2013, and other relevant legislation.

 

This Privacy Policy explains:

• What personal information we collect

• How we use and disclose this information

• How we store and protect your data

• Your rights regarding your personal information

 

This policy applies to all individuals who engage with DyslexAbility, including NDIS participants, private clients, and their families or representatives.

​

2. What Personal Information Do We Collect?

We collect personal information necessary to provide high-quality, personalised intervention services.

The types of personal information we may collect include:

 

2.1 General Information

• Full name

• Date of birth

• Contact details (address, phone number, email)

• Emergency contact details

 

2.2 Health and Disability Information

• Diagnosis and disability-related information

• NDIS plan details (if applicable)

• Reports from allied health professionals (e.g., psychologists, speech therapists, occupational therapists)

• Medical history relevant to learning interventions

• Behavioural support requirements

• Learning needs and progress records

 

2.3 Educational Information

• Current and past education history

• Learning assessments and reports

• Individualised education plans (IEPs)

• Progress tracking data

 

2.4 Financial and Payment Information

• NDIS funding details

• Payment and billing information

• Medicare details (if applicable)

• Bank account details (for direct payments or refunds)

• Credit card details (securely stored via stripe for direct debits)

 

2.5 Media and Communication Data

• Photos and videos taken during sessions (with consent)

• Recordings for learning progress documentation

• Communication records between DyslexAbility staff and families

 

2.6 Website and Digital Platform Data

• Website interactions and analytics

• IP addresses and device information

• Any information submitted through online forms or digital learning platforms

 

We only collect the minimum amount of personal data necessary to provide effective services and meet legal or regulatory requirements.

​

3. How Do We Collect Your Personal Information?

We collect information through various means, including:

​

• Directly from you – via enrolment forms, consent forms, phone calls, emails, or face-to-face interactions.

• From parents, guardians, or authorised representatives – in cases involving minors or individuals with guardianship arrangements.

• Through referral sources – including medical professionals, NDIS plan managers, and educational institutions.

• Via our website and online platforms – when you interact with DyslexAbility online, including using learning management systems or portal access.

• During service delivery – where observations, reports, and progress notes are created as part of our intervention programs.

​

4. Why Do We Collect and Use Personal Information?

We collect and use personal information for the following primary purposes:

 

4.1 Providing and Managing Services

• Delivering educational interventions tailored to individual learning needs

• Developing and monitoring progress in literacy, numeracy, and skill-building programs

• Communicating session updates, reports, and relevant information to clients and guardians

 

4.2 Meeting Legal, Regulatory, and Compliance Requirements

• Complying with NDIS registration and auditing requirements

• Submitting required reports to regulatory authorities

• Ensuring compliance with duty of care obligations

 

4.3 Administrative and Business Operations

• Managing bookings, scheduling, and invoicing

• Processing payments and handling financial transactions

• Conducting internal audits, quality control, and staff training

 

4.4 Safety, Security, and Risk Management

• Safeguarding staff and clients in emergency situations

• Responding to complaints, incidents, or investigations

• Protecting against fraud, cyber threats, or unauthorised data access

 

5. Who Do We Share Your Personal Information With?

We respect your privacy and only share personal information when necessary. Your information may be disclosed to:

1. NDIS and Regulatory Bodies – including the National Disability Insurance Agency (NDIA), Medicare, and the Australian Taxation Office.

2. Healthcare and Educational Professionals – such as doctors, therapists, and school staff involved in your care.

3. Authorised Representatives – including parents, guardians, legal representatives, and support coordinators.

4. Service Providers and Contractors – including IT providers, payment processors, and administration services.

5. NDIS Auditors and Quality Assurance Bodies – for compliance and service quality monitoring.

6. Government and Law Enforcement – when required by court orders, subpoenas, or to prevent harm or fraud.

7. Financial Institutions – for payment processing purposes.

8. Others, where legally required or with your explicit consent.

 

We do not sell or rent personal information to third parties.

​

6. How Do We Store and Protect Your Information?

We take strong security measures to safeguard your data, including:

• Secure Digital Storage – encrypted databases, access controls, and firewalls.

• Physical Security – locked filing cabinets and restricted office access.

• Staff Training – ensuring employees understand privacy obligations.

• Data Retention Policy – personal information is stored only as long as necessary and securely disposed of when no longer needed.

 

We continuously review and update our security measures to protect against unauthorised access or misuse.

​

7. Your Rights and Choices

• You have the following rights regarding your personal information:

• Access – You can request a copy of your data at any time.

• Correction – If your information is incorrect or outdated, you can request a correction.

• Consent Management – You can withdraw consent for data collection or media use.

• Data Deletion – You may request that we delete personal data, subject to legal requirements.

• Opt-Out of NDIS Audits – If you are an NDIS participant, you can opt out of audits upon request.

 

To exercise these rights, please contact us using the details below.

​

8. Privacy and Consent Forms

All clients (or their guardians) will be asked to complete a Privacy Consent Form to specify:

• What information you consent to share

• Who can access your information

• Preferences for media (photos/videos)

• Your decision regarding NDIS audit participation

 

Consent can be updated or withdrawn at any time.

​

9. How to Make a Privacy Complaint

If you have concerns about your privacy, you can:

 

1. Contact DyslexAbility Directly – We take privacy complaints seriously and will respond promptly.

2. Lodge a Formal Complaint – If unresolved, you may contact:

• Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au)

• NDIS Quality and Safeguards Commission (www.ndiscommission.gov.au)

​

10. Contact Information​

For questions about this Privacy Policy or to exercise your rights, contact:

 

DyslexAbility Pty Ltd

1/45 Futures Road, Cranbourne West, Victoria, 3977

admin@dyslexability.com.au

03 5996 4006

 

We are committed to ensuring your privacy and security throughout your experience with DyslexAbility.