top of page

Privacy Policy

Yamba Behaviour Support and Assessments Pty Ltd (“we,” “us,” “our”) trading as The Neurodiverse Clinic is committed to protecting the privacy, rights, and safety of clients, families, employees, contractors, and professional partners. We manage personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the National Disability Insurance Scheme Act 2013 (privacy requirements), the NDIS Practice Standards, and the NDIS Code of Conduct.

What this policy covers
This policy explains how we collect, store, use, and share personal information, and how we identify and manage conflicts of interest. It applies to all staff, including employees and contractors.

 

Definitions
Personal information means information about an identified individual, or an individual who is reasonably identifiable.
Sensitive information includes health and disability information and other sensitive categories covered by the Privacy Act.

 

Collection of personal information
We collect personal information that is reasonably necessary to deliver services safely and effectively, and to meet legal and regulatory requirements.

 

This may include:

  • Clients and families: name, date of birth, contact details, identity and consent details, NDIS plan information, goals, service history, risk and safety information, medical and disability information, behaviour support information, relevant reports, and other information needed to provide supports.

  • Employees and contractors: name, contact details, role details, qualifications, registrations, screening checks, employment history, banking and payroll information (where applicable), supervision records, and training records.

  • Service providers and referrers: business and contact information needed to coordinate supports and professional relationships.

We collect sensitive information only with consent, or where authorised or required by law.

 

How we collect information
We may collect information directly from you (or your guardian), and with your consent, from relevant third parties such as schools, medical professionals, allied health providers, plan managers, and funding bodies. We may also collect information through service delivery activities such as observation, assessment, progress notes, incident records, and reports.

If you choose not to provide information we request, it may limit our ability to provide services safely or to the standard required.

 

Use of personal information
We use personal information to:

  • deliver and manage services, including assessment, planning, intervention, training, and review

  • communicate with you and relevant stakeholders involved in your supports

  • coordinate information where needed to support consistency, safety, and goal progress

  • process billing, invoicing, and service administration

  • meet legal, regulatory, and quality and safeguarding requirements

  • manage incidents, complaints, feedback, and continuous improvement

 

We only use personal information for the purpose it was collected, unless you consent to another use or the law permits or requires it.

 

Artificial Intelligence (AI) use
We may use AI tools to assist with administrative and clinical support tasks such as drafting documents, summarising information, analysing de-identified data, preparing resources, and improving internal processes. AI tools are used to support work processes, not replace professional judgement. All clinical opinions, assessments, recommendations, and decisions are reviewed and finalised by a qualified practitioner. We do not use AI to make automated decisions about eligibility, funding, service access, restrictive practices, or participant outcomes.

 

When AI tools are used, we take reasonable steps to protect privacy and sensitive information, including:

  • minimising the amount of personal information entered into AI systems

  • de-identifying information wherever practicable

  • restricting access to authorised staff only

  • using AI providers and systems subject to confidentiality and privacy obligations

  • completing internal risk checks before introducing new AI tools

 

Personal information is used only for service delivery and administration. We do not use client information to train external AI systems. If an AI service provider stores or processes information outside Australia, we take reasonable steps to ensure overseas handling aligns with the Privacy Act and the APPs, including applying safeguards consistent with APP 8.

Disclosure of personal information
We may share personal information with others only where it is necessary for service delivery, required by law, or you have provided consent. This may include:

  • the NDIA and the NDIS Quality and Safeguards Commission

  • schools and education settings (where relevant)

  • medical practitioners and allied health providers involved in care

  • other disability service providers involved in supports

  • contractors and third-party providers who assist with service delivery or business operations (for example, IT, practice management systems, or accounting support)

  • legal, financial, or professional advisors

  • other parties where required or authorised by law, or with your consent

 

Where we share information with third parties, we take reasonable steps to ensure appropriate confidentiality and privacy expectations apply.

 

Overseas disclosures
Some service systems and third-party providers may store or process information on servers located outside Australia. Where this occurs, we take reasonable steps to ensure the provider handles information in a way that is consistent with the Australian Privacy Principles and applicable Australian privacy obligations.

 

Information storage and security
We store personal information securely using approved systems with access controls. We use measures such as:

  • role-based access restrictions

  • multi-factor authentication where available

  • secure storage and access protocols

  • staff confidentiality obligations

  • policies and training for privacy and information handling

 

We take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure.

 

Retention and destruction
We keep records for the period required by law and relevant professional standards. When information is no longer required, we take reasonable steps to securely destroy or de-identify it.

 

Data breach response
If a data breach occurs and is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme. This includes taking steps to contain the breach, assessing risk, and notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

 

Conflict of interest management
We are committed to providing supports that prioritise participant choice, control, and wellbeing. We identify and manage conflicts of interest in line with the NDIS Practice Standards and relevant NDIA guidance on conflicts of interest. A conflict of interest may arise where personal, financial, or professional interests could influence, or appear to influence, decision-making. 

 

Our conflict management approach includes:

  • identifying potential conflicts early and discussing them transparently

  • documenting conflicts and agreed management strategies

  • using a Conflict of Interest Declaration process for staff and contractors

  • ensuring participants are offered genuine choice, including at least three alternative provider options for referrals wherever practicable

  • separating roles and responsibilities where needed to maintain integrity and avoid undue influence

  • reviewing conflicts regularly, and whenever circumstances change

 

Participant rights
You have the right to:

  • request access to the personal information we hold about you (subject to lawful exceptions)

  • request correction of information if it is inaccurate, incomplete, or out of date

  • withdraw consent for collection, use, or sharing of information (where lawful and applicable)

  • ask questions about how your information is stored, used, and shared

  • make a complaint if you believe your privacy, rights, or safety have been affected

 

Consent
By signing our service agreements, plans, or intake forms, you consent to the collection, use, and disclosure of personal information as described in this policy, including the use of AI tools as outlined above. You can withdraw consent in writing. Withdrawal applies to future actions and may affect our ability to provide services safely or effectively.

Complaints and enquiries
 

For privacy or conflict of interest enquiries or complaints, contact:

Yamba Behaviour Support and Assessments Pty Ltd
Trading as The Neurodiverse Clinic
Phone: (02) 6646 8942
Email: lw@ndclinic.net

We will acknowledge and respond to complaints as soon as practicable. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) or the NDIS Quality and Safeguards Commission.

 

Changes to this policy
We may update this policy to reflect changes to legislation, best practice, or our operations. The current version will be published on our website or provided on request.

 

© 2025 The Neurodiverse Clinic and Participant Choice Services are registered businesses trading under Yamba Behaviour Support and Assessments Pty Ltd

ABN: 90676018081

Privacy Policy

 

All rights reserved.

 

Now hiring Occupational Therapists, Speech Pathologists, Allied Health Assistants, OT students, and Speech students in flexible roles across Australia.

bottom of page