Privacy Policy

Protecting privacy and handling personal information in regulated environments
Updated: March 2024

Regulated Services Advisory Pty Ltd is committed to protecting privacy and handling personal information in an open and transparent way, consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1

Purpose

Regulated Services Advisory is committed to protecting privacy and handling personal information in an open and transparent way, consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We work with organisations operating in regulated environments, including Aged Care and NDIS. While providing advisory services, we may receive information relating to provider operations, workforce, clients and participants. We handle information carefully and only for legitimate business purposes.

Privacy Act 1988 (Cth) Compliance • Australian Privacy Principles
2

Scope

This Privacy Policy describes how we collect, hold, use and disclose personal information, including sensitive information (such as health information), and how you can access or correct your information or make a complaint.

3

What Information We Collect

We may collect the following types of information:

Identity & Contact Details

  • Name, role, organisation
  • Email, phone, address

Business Information

  • ABN, provider type
  • Operational contacts

Engagement Details

  • Messages, meeting notes
  • Proposals, service scope

Documentation

  • Policies, registers
  • Audit evidence packs
  • Governance documents

Additional Information Collected:

  • Website usage information (IP address, device data, pages visited, cookies, analytics)
  • Sensitive information where provided and necessary for our services (for example, incident details or de-identified participant information; or if you supply personal or health information for compliance review)

Note: We do not require individuals to provide sensitive information to submit general enquiries. If you provide sensitive information, you consent to us handling it as set out in this policy, unless otherwise required by law.

4

How We Collect Information

We collect personal information when you:

  • Submit a contact form or documentation access request
  • Email, call or meet with us
  • Engage our services under a proposal, retainer or other agreement
  • Provide documents or data for review
  • Use our website (cookies and analytics)
5

Why We Collect, Use and Disclose Information

We collect, use and disclose personal information to:

  • Respond to enquiries and provide advisory services
  • Assess eligibility and manage access to policy libraries, templates and documentation packs
  • Prepare proposals, engagement letters and invoices
  • Deliver governance, audit readiness, documentation and decision intelligence services
  • Manage quality, security, risk and business operations
  • Meet legal, regulatory and professional obligations

Important: We do not sell personal information.

6

Disclosure to Third Parties

We may disclose personal information to:

  • Our professional advisers (legal, accounting, insurance)
  • IT service providers (secure hosting, cloud storage, email, analytics)
  • Contractors assisting us in delivering services, subject to confidentiality
  • Regulators or law enforcement where required or authorised by law

Where practicable, we take reasonable steps to ensure third parties handle information securely and consistent with this policy.

7

Cross-Border Disclosure

Some IT providers may store or process data outside Australia. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place consistent with the APPs.

International Data Transfers • APP Compliance
8

Data Security and Retention

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. This may include:

  • Access controls and secure storage
  • Encryption where appropriate
  • Least privilege access principles

We retain information only as long as necessary for business, legal, regulatory or professional requirements, then securely delete or de-identify it where appropriate.

9

Access and Correction

You may request access to personal information we hold about you and request correction if it is inaccurate, out of date, incomplete, irrelevant or misleading.

We will respond within a reasonable timeframe, subject to permitted exceptions under the Privacy Act.

10

Cookies and Analytics

Our website may use cookies and analytics tools to improve performance and understand usage. You can adjust cookie settings in your browser. Some functions may not work properly if cookies are disabled.

11

Complaints

If you have a privacy complaint or concern, contact us using the details below. We will acknowledge your complaint and respond within a reasonable timeframe.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

Privacy Contact

Regulated Services Advisory Pty Ltd

Privacy Officer

Email: privacy@regulatedservicesadvisory.com

We respond to privacy enquiries within 5 business days

12

Aged Care and NDIS Context

Aged Care

Our work supports provider governance and audit readiness in line with the new rights-based Aged Care Act environment and associated expectations.

NDIS

We recognise that the NDIS Act includes protections around the handling and disclosure of certain information held by the NDIA and related settings.

13

Updates

We may update this Privacy Policy from time to time. The updated version will be published on our website with a new effective date.

Regulatory Compliance: This Privacy Policy has been developed in accordance with Australian Privacy Principles and considers our advisory work in regulated Aged Care and NDIS environments. For specific questions about how we handle information in these contexts, please contact us.