Privacy Policy

Scope
This Privacy Policy explains how Keystone collects, holds, uses, and shares personal information while providing support services. We manage all personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By engaging with Keystone, you agree to the practices described in this policy.

Collection of Personal Information
We collect personal information directly from you when you enquire about our services, apply to work or volunteer with us, or receive supports. This may include your name, contact details, date of birth, and information about your goals and preferences. We may also collect sensitive information, such as health or disability details and NDIS-related information, to ensure we can provide the right supports.

In some cases, we collect information from third parties such as NDIS portals, allied health providers, referees, or your authorised representatives. Our website uses Squarespace and Google Analytics, which collect data like cookies and IP addresses to help us understand visitor behaviour and improve our website.

Use and Disclosure of Personal Information
We use personal information to deliver and improve our services, manage staff and volunteers, communicate with you, and meet legal and funding requirements. We may share information with organisations that support our operations, including NDIS, IT service providers, professional advisors, and community organisations that help deliver supports.

We do not disclose sensitive information without your agreement, unless required by law or where you would reasonably expect it. Keystone never sells personal information, and we will not share your information overseas without your consent.

Storage and Security of Personal Information
Personal information is stored securely using cloud-based systems such as Google Workspace, Microsoft OneDrive and other software as appropriate. Keystone staff access sensitive data via software that is protected via several levels of security and receive training or guidance on privacy obligations and use strong password and access protocols.

Accessing and Correcting Your Personal Information
You can request access to or correction of the personal information we hold by emailing jeremy@keystone.org.au. We will respond to your request within 30 days and aim to make the process straightforward.

Data Breaches
If there is a suspected or confirmed breach of personal information that could cause serious harm, Keystone will assess the situation as soon as possible. If a breach is confirmed, we will notify all affected individuals and inform the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches Scheme.

Complaints
If you believe Keystone has mishandled your personal information, please refer to your Service Agreement for more information on our complaints management process. You can also email jeremy@keystone.org.au if you would like to know more. We will acknowledge your complaint within three business days and aim to resolve it within 30 days.

Review of This Policy
Keystone reviews this Privacy Policy annually or as needed due to legislative or operational changes. The most current version will always be published on our website.

Contact Us
For questions about this Policy or our services, you can contact us at:
Email jeremy@keystone.org.au
Phone 0438 503 785