GNA Services Pty Ltd (ABN: TBC), trading as GNA Services ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the NDIS Act 2013, and relevant aged care privacy obligations.
1.Introduction
GNA Services is a registered NDIS provider and aged care service provider operating across Australia. We work with people with disability, older Australians, veterans, and their families. Because of the nature of our work, we handle sensitive personal information including health information.
This policy applies to all interactions with GNA Services, including our website, services, support workers, contractors, and back-office systems.
2.Information We Collect
The types of personal information we collect depend on your relationship with us. This may include:
Participants & clients
- Name, date of birth, address, phone, email
- NDIS plan details, NDIS number, plan management arrangements
- My Aged Care reference, government program eligibility
- Health, disability and medical information relevant to your care
- Emergency contacts, family or guardian details, decision-making support arrangements
- Cultural, language, religious or accessibility needs
- Goals, support preferences, behaviour support plans (where applicable)
- Service delivery records, progress notes, incident reports
- Payment, banking and invoicing details
Workers, contractors & applicants
- Employment history, qualifications, references, right-to-work documents
- NDIS Worker Screening Check, Working with Children Check, police check results
- Tax and superannuation details
Website visitors & enquirers
- Information you provide via contact, referral, feedback or job-application forms
- Technical data such as IP address, browser type, pages visited (see Cookies & Analytics)
3.How We Use Your Information
We collect and use your personal information only for the purpose for which it was given, related secondary purposes, or where you would reasonably expect us to. Examples include:
- Assessing eligibility and onboarding you to our services
- Delivering NDIS, Aged Care, DVA, CIS or other support services
- Coordinating with health professionals, plan managers, support coordinators and family
- Claiming payments from the NDIA, Services Australia, DVA or other funding bodies
- Managing service quality, training, audits and continuous improvement
- Responding to feedback, complaints and incident reports
- Meeting legal, regulatory, tax and reporting obligations
- Sending service-related communications (we will not send marketing emails without your consent)
4.Disclosure to Third Parties
We may share your personal information with:
- Other healthcare or care providers involved in your support (e.g. GP, allied health, support coordinator)
- Government bodies including the NDIA, NDIS Quality and Safeguards Commission, Aged Care Quality and Safety Commission, Services Australia, Department of Veterans' Affairs (where relevant)
- Plan managers and financial intermediaries for invoicing and claiming purposes
- Our employees, support workers and approved contractors who need the information to deliver services
- Specialist software providers (e.g. care management platform, payroll, communications) under contractual confidentiality obligations
- Emergency services or law enforcement where necessary to protect your safety or that of others, or where required by law
- Auditors and legal advisors bound by professional confidentiality
We do not sell, rent or trade your personal information.
5.Sensitive & Health Information
Health information and other sensitive information (such as racial or ethnic origin, religious beliefs, sexual orientation) attracts a higher level of protection under the Privacy Act. We only collect such information with your consent or where required by law, and only when it is reasonably necessary for delivering safe and appropriate care.
Health information is stored separately and access is strictly limited to staff involved in your care.
6.Data Security
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Our measures include:
- Role-based access controls in our care management system
- Encrypted storage and secure transmission (TLS) of digital records
- Locked physical files and secure document destruction
- Mandatory privacy and information-security training for all workers
- Incident response procedures aligned with the Notifiable Data Breaches scheme
We retain personal information only for as long as required by law (typically a minimum of 7 years for health and care records).
7.Access & Correction
You have the right to access and request correction of personal information we hold about you. To do so, contact our Privacy Officer using the details at the bottom of this page. We will respond within 30 days. We may charge a reasonable cost-recovery fee for large or complex requests; we will tell you in advance if this applies.
8.Cookies & Analytics
Our website uses cookies and similar technologies to remember your preferences and understand how visitors use the site. We may use third-party analytics tools (e.g. Google Analytics) which collect anonymised usage data. You can disable cookies in your browser settings; some site features may not work as a result.
9.Overseas Disclosure
Some of our software providers may store data on servers located outside Australia (typically the United States or European Union). Where this occurs, we take reasonable steps to ensure the recipient handles your information in line with the Australian Privacy Principles.
10.Children's Privacy
Where we provide services to a person under 18, we collect and use personal information with the consent of a parent, legal guardian, or person with parental responsibility, as appropriate. We protect children's information with the same care as adult information.
11.Changes to this Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website with the "Last updated" date below. Material changes will be communicated to active participants and clients.
12.Complaints & Contact
If you believe we have breached your privacy, you can lodge a complaint with our Privacy Officer using the contact details below. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
If you are not satisfied with our response, you can escalate to:
- Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au · 1300 363 992
- NDIS Quality and Safeguards Commission — www.ndiscommission.gov.au · 1800 035 544
- Aged Care Quality and Safety Commission — www.agedcarequality.gov.au · 1800 951 822
Questions about this policy?
We're here to help. If you have any questions, concerns, or wish to exercise your rights under this policy, please reach out to our team.