Kids Blossom OT (Standard)
Kids Blossom OT (Standard)
  • Home
  • About Us
  • About OT
  • Services & Fees
  • Meet the Team
  • Contact Us
  • More
    • Home
    • About Us
    • About OT
    • Services & Fees
    • Meet the Team
    • Contact Us
  • Home
  • About Us
  • About OT
  • Services & Fees
  • Meet the Team
  • Contact Us

Privacy Policy

NDIS Provider Privacy Policy (Policy) and Privacy Notice (Notice)


Thank you for accessing our Privacy Policy and this Notice. 


Your privacy is important to us

We are committed to protecting your privacy in your dealings with us. Through this Policy and Notice, we would like to tell you about:

  • what kinds of personal information we collect from you; and 
  • how we collect, hold, use, and disclose your personal information, in the course of providing services to you and in the context of our business.

We are Kids Blossom Occupational Therapy (Kylie McMahon), of https://www.kidsblossomot.com and Caloundra, QLD, 4551,with Australian business number 16 355 701 822 (we, us, our). We are an unregistered National Disability Insurance Scheme (NDIS) provider.


Privacy and the National Disability Insurance Scheme

Privacy is a human right, and we respect the privacy of people with a disability. People with a disability have a right to privacy, including in relation to the collection, use and disclosure of information concerning them and the services they receive. 

As an NDIS provider, we are subject to the NDIS Code of Conduct (2023) (the NDIS Code). Amongst other things, this means we must:

  • respect and protect the privacy of everyone that receives supports and services from us and our workers;
  • manage health information about any people we support and our workers in accordance with privacy laws related to the management of health information; and
  • have this Policy and provide you with this Notice about our privacy policy and procedures to help ensure we (and our workers) understand our obligations.


We are committed to treating you in a dignified way that maintains your personal privacy

Privacy is about more than simply meeting our legal obligations. It is also about the way we deliver our services to people with a disability. We will work hard to be aware of your privacy needs and preferences and will deliver our services in a way that maintains your personal dignity. Without limiting what we mean by this commitment, we will:

  • request your and your child's permission to perform tasks that involve physical touch or the invasion of your child’s personal space, for e.g. providing your child with physical support to enable them to complete a therapy task safely.


What, specifically, are this Policy and Notice about?

In this Policy and Notice, we explain:

  • the kinds of personal information that we collect and hold, including visual materials;
  • why we hold this information;
  • who will have access to this information;
  • how we ensure that information is secure;
  • how we use the information;
  • how you can access and amend information held about you; and
  • how to make a complaint if you feel that we have breached our privacy obligations to you.

We have several obligations to you under the Privacy Act 1988 (Cth) (including the Australian Privacy Principles) (the Privacy Laws). This Policy and Notice are intended to reflect our obligations under the Privacy Laws as well as under the NDIS Code.

Hard copies of this Policy and Notice are available for free, you may request a portable document format (pdf) copy by way of email to kylie@kidsblossomot.com or request a hard copy before or during an appointment so that we may provide this to you, again this is free of charge. If you are attending a clinic-based appointment you will be able to collect a copy from the therapy room. 

When we refer to “clients” or "you" below, we mean both former and current clients, as well as people who make inquiries about our products and services (i.e. potential clients).


What kinds of personal information do we collect and hold?

In this Policy and Notice, “personal information” means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained. To provide our services to clients, we need to know personal information about them and others, including:

  • names, ages, dates of birth, genders, and other identifying information;
  • Medicare and health fund details (including Medicare numbers and health fund insurers and the extent of their coverage);
  • developmental, medical, ethnic, language, cultural and social histories (including medications, diagnoses, surgeries, and allergies);
  • details about disabilities, impairments, challenges, barriers and facilitators;
  • family histories, to the extent they may be relevant to our services;
  • work and education histories;
  • hobbies, motivations, interests, and activities in which clients and their families like to participate; 
  • details related to the NDIS, including details of negotiations, assessments, plans and packages; 

For sensitive information – such as information about your health that is reasonably necessary for us to provide you with services or products – we will seek your informed consent via a written consent form as part of our client intake processes.


How do we collect personal information?

We may collect personal information about you in several ways, including:

  • by telephone (e.g. when you or someone else call us);
  • via our website when you use our contact form
  • via pages on our social media sites;
  • through our client questionnaires;
  • by written letters, reports and other documents (e.g. through reports you provide to us);
  • through emails, SMS and other forms of electronic communication;
  • in interviews and other interactions with you (including face-to-face interviews and interviews conducted electronically, such as by way of Skype, Zoom, Coviu or other means); and
  • by taking notes and making recordings of our interactions with you (including visual recordings). Visual recordings would typically be photos of your child’s posture and pencil grasp for assessment and review assessment purposes, to measure progress of therapy. These photos may also used in written reports to illustrate clinical observations.

When we ask for your consent to use your personal information, we will ensure that consent is opt-in, affirmative and freely given. At any time, you have the ability to withdraw consent by contacting us to tell us that you are withdrawing your consent.


Who do we collect personal information from?

We collect personal information from clients or someone authorised to act on the behalf of clients (e.g. their parents, carers or guardians). Wherever practicable, we will ask for the information directly. However, we may need to contact others when relevant to a client’s circumstances (e.g. when working with clients who cannot communicate their needs without the assistance of others). In these cases, we will, when practicable, make you aware of the fact that we have collected this information and the circumstances of the collection.

When you give us information about other people, we rely on you to have obtained their prior consent and tell them of the types of third parties we may provide the information to and why.


Why do we collect personal information?

We collect personal information to deliver, review and improve the services that we provide. Generally, these services relate to Occupational Therapy services. If we didn’t collect this information, we wouldn’t be able to carry out our business or provide our services to you in accordance with the standards required by law, the NDIS Code, or our professional ethics requirements. If you do not provide the personal information that we request, we would not be able to carry out our business and provide our Occupational Therapy services to you.

More specifically, we need personal information (including health information) to provide clients with assessment, treatment planning, goal setting, regular therapy sessions, home programs, school strategies, school and home visits, report writing etc. We also need this information for:

  • administrative purposes of managing our business;
  • when necessary, to fulfil our obligations under law, regulation, the NDIS Code and/or our professional ethics rules;
  • billing management (either directly or through insurers or other compensation agencies);
  • discussions between workers related to the care of clients;
  • discussions and other communications, e.g. with your doctors, other health professionals, and others related to your care;
  • discussions with insurers (including the NDIS and its agents); 
  • any insurance or compensation or other claims or litigation (including threatened litigation); 
  • security and workplace safety purposes, e.g. to monitor the safety of participants, workers and others; 


Can people access our services anonymously?

No. Due to the nature of our services, we cannot offer them to people who wish to be anonymous, wish to use a pseudonym or who do not provide us with enough information to properly identify them for the purposes of providing services and products.


Who will see or have access to your personal information?

Your information may be seen or used by people working for or on behalf of us and other service providers including (without limitation):

  • our directors and owners;
  • our professional workers (employed or contracted);
  • our administrative staff (employed or contracted);
  • our third-party professional advisors and service providers, including (without limitation) our lawyers, book-keepers, accountants, auditors, tax consultants, actuaries, management consultants and IT service providers (including software-as-a-service providers);
  • Medicare, private health insurance providers, our insurers and reinsurers;
  • the National Disability Insurance Agency and its agents; and

We will not rent, sell, trade or otherwise disclose to any other third parties any personal information about you without your consent, or unless we are required to by law (including pursuant to a court or tribunal order), or where a permitted general situation (including a permitted health situation) exists within the meaning of the Privacy Act 1988 (Cth), or if we reasonably believe disclosure is necessary for enforcement-related activities.


Security of your personal information and data retention

We know that you are concerned about your personal information – especially your health information. We will use reasonable endeavours to prevent unauthorised access to, modification of, disclosure, misuse, or loss of that information, except as required by law (e.g. under mandatory reporting laws, and our obligations to report incidences of violence, exploitation, neglect and abuse, and sexual misconduct to the NDIS Quality and Safeguards Commission and the police). 

Our directors and staff have reviewed the requirements of the Privacy Laws and our third-party service providers are aware that they are required to comply with the requirements of the Privacy Act 1988 (Cth).

We have data protection measures in place including:

  • password-locked computers, email accounts, and online assessment tool accounts;
  • patient management software system that complies with Australian Privacy Principle Standards for when we store personal information electronically;
  • some assessment tools require hard copy forms to be completed by your child. Hard copy forms are then uploaded to our patient management software system for electronic storage, and stored in a locked filing cabinet on site accessible only to authorised staff. Upon discharge these forms will be appropriately de-identified and destroyed;
  • our website has a secure socket layer (SSL) certificate which encrypts data to deter hacker interference and displays a browser padlock 

If we no longer need personal information about you for any purpose described above, then we will take reasonable steps to destroy the information or to ensure that such information is de-identified. This obligation is subject to an important exception – we may be required to retain some information (e.g. health, financial or tax records) to comply with our statutory and other legal obligations.


Access to and accuracy of your personal information

We take reasonable steps to ensure that personal information we collect about or from you is accurate, complete, up-to-date and relevant whenever it is used, collected or disclosed. 

Subject to the recognised exceptions to access for organisations contained in the Australian Privacy Principles (APP12.3), you have a right to access your information if you wish (subject to any privilege or legal restrictions); and, if it is reasonable and practicable to do so, we will give you access to the information in the manner requested by you. By law, we may charge you a reasonable fee to cover the cost of retrieving and processing the information.

If you believe personal information that we hold about you is inaccurate, out-of-date, incomplete or misleading, we will, on receipt of your request, take steps that are reasonable in the circumstances to correct the information.


What happens if personal information is disclosed outside Australia?

Given the increasing globalisation of electronic information systems and the businesses of service providers, it is likely that personal information may be disclosed to a person or entity outside Australia (e.g. to a third-party technology-related service provider managed outside Australia). For the same reason, it is not practicable to specify the countries in which such recipients may be located.

If your personal information is disclosed by us to an overseas recipient (e.g. to an insurer or IT-service provider), we will take reasonable steps in the circumstances to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information.


Information about social media plug-ins

To improve the quality of our services to clients, our website includes social media plug-ins of the large social media networks, including Instagram. Upon opening a website on which a social media plug-in is embedded, the social network provider will collect and process information on your visit to our website for its own business purposes. This is not initiated or controlled by us, but is a built-in feature of most social media plug-ins. For further information about these plug-ins and privacy, refer to the social media platform’s privacy policy.


Information about cookies

Our websites use cookies to enable, optimise and analyse site operations, as well as to provide content and to allow you to connect to social media. Cookies are small text files that are stored on your computer’s browser directory or program data subfolders when you visit our website. They are stored on your computer for the duration of your visit or for when you re-visit our website at a later time. They allow our website to store or access information from your browser about you, your settings, or your device. They are used mainly to ensure our website works well and, as a rule, do not contain information that could identity you directly. You can find out more about cookies via: www.allaboutcookies.org. 

When you first click on our website, you may get a message that says something like: 

“We use cookies to analyse website traffic and optimise your website experience. By accepting our use of cookies, your data will be aggregated with all other user data”


Complaints and asserting your privacy rights

If you believe your privacy has been prejudiced by something we have done or failed to do, you have a legal right to lodge a complaint. If you make a complaint to us, our Privacy Officer will treat it very seriously, and will apply our complaints and resolution policy. 

Our Privacy Officer is Kylie McMahon, who can be contacted by phone at 0493 818 341, and in writing via email at kylie@kidsblossomot.com

In any event, we will respond to you in writing within 15 days of receiving your complaint. If you are not satisfied with our response, please contact us again and we will do our best to resolve the matter.  

A breach of your privacy may constitute a breach of the NDIS Code. In this situation, you or anyone can make a complaint to us, or to the NDIS. As suggested in the NDIS Code, we encourage you to contact us first, to see if we can resolve the matter directly.

You also have the right to lodge a complaint with the Office of the Australian Information Commissioner, who is the competent supervisory authority.

A breach of privacy by a professional who works for us (e.g. an Occupational Therapist) may also be in breach of their professional code of conduct or code of ethics. 

As noted above, you have several statutory rights under privacy laws, including rights to information, access, rectification, and the withdrawal of your consent to the collection and use of personal information. If you wish to assert any of these rights, please contact our Privacy Officer using the contact details included above. 


Want more information?

If you have any questions about this Policy or this Notice, or have any concerns about the personal information you or others have given us about you, please contact us at kylie@kidsblossomot.com.

More information on the Privacy Act 1988 (Cth) can be found on the website of the Office of the Australian Information Commissioner: https://www.oaic.gov.au/


This Policy and Notice are in addition to, and do not relieve, remove or replace our rights and responsibilities under applicable laws. If there is a conflict between this Policy and this Notice, on the one hand, and an applicable law, on the other hand, the law shall prevail to the extent of any conflict.


Last update: 09/01/2024

  • Home
  • Privacy Policy
  • T&C'S
  • Cancellations Policy

Copyright © 2024 Kids Blossom Occupational Therapy ABN 16 355 701 882 - All Rights Reserved.