Menu
close
1800 861 272
Contact us
Join now
Heads up! Our phone lines will be down from 4pm (SA time) on Friday 6 December and they'll reopen as usual at 8am (SA time) on Monday 9 December. Thanks for your understanding. 

Privacy & Dignity
Policies and Procedures

Last Updated: 20 December 2024

Purpose

This Policy sets out how My Plan Manager.com.au Holdings Pty Ltd ACN 623 117 993 and My Plan Manager.com.au Pty Ltd ACN 617 963 676 and our related bodies corporate (together, MPM Group, we, our or us) collect, use and disclose the Personal Information (as defined in the Privacy Act 1988 (Cth) of our clients and their key representatives (together, Clients, you or your). It also explains the ways in which you can contact us about or make a complaint in relation to the Personal Information that we hold about you.

Policy statement

This Policy sets out how we collect, use, store, disclose and otherwise handle Personal Information, and ensures that supports accessed by you through MPM Group promote, uphold, and respect your legal and human rights. This includes your rights to access supports that respect and protect your privacy and dignity.

This means we will:
  • respect your privacy and dignity in your interactions with us, and in the delivery of the supports you receive;
  • ensure you understand what Personal Information we collect about you, and for what purpose;
  • ensure you understand how we manage Personal Information collected by our organisation to assist us in the provision of your supports; and
  • where you have a nominee/parent/child representative or legal guardian (authorised person) make decisions for you, including in relation to the sharing of your Personal Information, work with the authorised person as required to maximise your wellbeing

Policy overview

By providing Personal Information to us, including through MPM Group Platforms (e.g. client portal, mobile app, Kinora etc), you consent to our collection, use and disclosure of that Personal Information in accordance with this Policy and any other relevant arrangements between us such as the Platform terms.

We may change our Policy from time to time by publishing changes to it on the Platforms and our websites. We encourage you to periodically check our websites and Platforms to ensure that you are aware of the most up-to-date version of the Policy.

This Policy should be read in conjunction with any other specific collection notice or consent that we provide to you.

Collection of personal information

Within this Policy, unless indicated otherwise, references to Personal Information also include sensitive information.

We provide plan management services to assist you to manage the funding set out in your National Disability Insurance Scheme (NDIS) plan.
Naturally, we collect and handle your Personal Information in the course of providing these services including:
  • name, date of birth and contact details, including address, phone number, and email address;
  • information about preferred modes of communication;
  • NDIS plan details, including government identifiers such as a participant NDIS number if applicable and when provided to us by you;
  • information relating to 'consent to obtain and release' information;
  • any information or documents which you provide or upload to an MPM Group Platform in relation to the services and supports provided, as well as information provided by MPM Group in relation to your NDIS plan or NDIS supports;
  • any information about your interactions with MPM Group services, Platforms or websites, including engagement with others whilst using MPM Group Platforms (e.g. feedback, 'likes', comments, choices, preferences, messages);
  • details about the services or products we have provided to you or that you have enquired about, including any additional information necessary to deliver those services and products and respond to enquiries;
  • information relating to bank accounts if you have chosen 'reimbursements' as a payment option for plan management services;
  • audio recording collected for quality purposes, with the consent of the person making the call; and
  • any other relevant information required by MPM Group for us to undertake the roles and responsibilities of a plan manager.

Collection of sensitive information

Due to the nature of our business and our service Platforms – and only where necessary in relation to our business – we may also collect 'sensitive information' about you (including through the provision of consent on your behalf for the purposes of this Policy). This includes information about your health and/or disability, your wishes about the future provision of services (including any goals and aspirations in your NDIS plan, if disclosed), and information about services which have or will be provided by MPM Group (including those facilitated through MPM Group Platforms).

We will collect such sensitive information directly from you (as part of your registration with MPM Group or your interactions with MPM Group and/or MPM Group Platforms) where it is reasonably necessary for, or directly related to, one or more of our functions or activities, or as otherwise authorised by law.  

In addition, we ensure you expressly acknowledge and agree that we may also collect such sensitive information from third parties to provide them with the relevant services where it is unreasonable or impracticable to collect it directly from you, including where information is provided by:
  • your primary decision maker, or for MPM Group Platforms, your authorised representative (including a provider of disability services to you) - for example, in the form of information provided on an invoice or in relation to a service booking; or
  • members of your chosen community of support, but only when you upload information such as appointment reminders or notes to you or about you in our community Platform (i.e. Kinora).
We will only collect information reasonably required for MPM Group to provide plan management services.

How we collect and hold personal information

MPM Group may collect this information from you or your authorised representative, or the National Disability Insurance Agency (NDIA) when:
  • you sign up or register for one or more of our services;
  • you visit MPM Group websites or Platforms (e.g. client portal, mobile app, Kinora etc); 
  • you communicate or interact with us by any method, such as telephone, email, post, websites, Platforms, communication channels, or in person;
  • you authorise us to process invoices on your behalf;
  • we contact you while undertaking our plan management or individual capacity building roles and responsibilities (e.g. budget discussions, seeking approvals, individual capacity building and social and community engagement using MPM Group Platforms or other communication channels etc);
  • we represent a matter, with your consent, as applicable, to the NDIA or other relevant government agency; or
  • as we may otherwise notify you from time to time, including by way of a collection notice.
There may, however, be some instances where Personal Information about you will be collected indirectly because it is unreasonable or impractical to collect Personal Information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected. For example, MPM Group may collect information from third parties such as nominated service providers, including your support coordinator, and persons approved by you for participation in MPM Group Platforms (e.g. when information is posted on one of our Platforms).

Audio recordings

MPM Group will seek your consent when you telephone MPM Group before proposing to record your voice or using that recording for internal training. MPM Group will advise you if a supervisor or other staff member is to monitor a telephone call for the purpose of training or supporting staff.

Purpose of collection and use of your personal information

The Personal Information that we collect and hold about you depends on your interaction with us. Generally, My Plan Manager will only collect, use, and disclose your Personal Information if it is reasonably necessary for, or directly related to, our role and the responsibilities set out in the My Plan Manager service agreement and the services and supports we provide to you.

We may also collect, hold, use and disclose Personal Information, for the purposes of:
  • providing you with information in relation to the services and products we provide; 
  • providing you with information in relation to the other services and products we offer or propose to offer;
  • providing you with information to 'opt out' of or temporarily 'suspend' access to services and products we offer or propose to offer;
  • sending SMS or email notifications;
  • responding to your questions or suggestions;
  • improving the quality of our products or services; 
  • improving the quality of your visit to our websites;
  • improving the quality of your visit to our Platforms;
  • to provide you with use of our Platforms and manage our relationship with you (including setting up your account and verifying your identity);
  • to operate, protect, moderate, improve and optimise our Platforms, business and our users' experience, such as to perform analytics to identify user segments who share common characteristics and traits, and conduct research on use of the Platforms - this may include disclosure of Personal Information to MPM Group or third parties which perform moderation or other activities on the Platforms on our behalf;
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you and respond to any of your queries or requests;
  • to present you (where relevant), your parent, guardian or decision maker, with content about the Platforms (including specific discussion topics or posts), other users of the Platforms, or other services and products (on or off the Platforms) that you or your parent, guardian or decision maker might be interested in;
  • to comply with our legal or industry obligations (including the NDIS Code of Conduct), resolve any dispute that we or a user of our Platforms may have with any of our other users and enforce our agreements with third parties;
  • to verify your identity and ensure that our Platforms remain safe and secure for all users; and
  • for other purposes identified in the Platform terms of use and community guidelines.

Failure to provide information

You have the right to refuse to provide Personal Information to MPM Group. If you refuse to provide MPM Group with the information requested by MPM Group, MPM Group will try to advise how this may impact upon the delivery of services and supports provided to you by MPM Group and whether it will be possible for MPM Group to provide services to you without the required information.

Disclosing personal information

Generally, we only use or disclose Personal Information about you  for the purposes for which it was collected (as set out above) which may involve disclosing your Personal Information to our related entities in the MPM Group, including to fulfil plan management obligations and associated capacity building activities, expand each entity’s service capabilities, and improve the services (including the efficiency and scope of services) offered by each entity within MPM Group. We will ensure those related entities handle your Personal Information in accordance with this Policy.

From time to time, we may also disclose Personal Information to third party contractors (including information technology suppliers, administration service providers, communication suppliers and our business partners, including entities engaged by MPM Group to oversee and moderate Platforms), who help us conduct our business or as otherwise required by other Policy requirements. Some third party contractors may be located outside of Australia, including in India, New Zealand, the Philippines and the United States of America.

Where information is shared with these third parties, we will take all reasonable steps to ensure that these third parties observe the confidential nature of such information and are prohibited from using or disclosing such information beyond what is necessary to assist us in collecting, processing and storing the information on our behalf as contemplated by this Policy.

Other than third party contractors, MPM Group will seek written consent from you (or your authorised representative) prior to the release of any information about you to an external party (for example, consent will be obtained prior to us speaking with other support providers). This is ordinarily documented in our 'Consent to Obtain and Release Information' form.

If the 'Consent to Obtain and Release Information' form is not completed or does not contemplate the requested release, MPM Group may ask the person(s) seeking information to liaise directly with you or your nominated representative.

You have the right to withhold consent. My Plan Manager will advise you of any known impacts this may have on service delivery and the ability of MPM Group to provide its services.

MPM Group shall work with nominated representatives/guardians in circumstances where you are unable to give informed consent (e.g. to a service agreement). In these cases, nominees and guardians must reflect the needs and goals as identified by you and make decisions regarding privacy and dignity to best maximise your wellbeing in all aspects of your life. MPM Group will try to work with the nominee as required to achieve this end but ultimately the authorised representative is responsible in this regard.

Security of personal information

The Personal Information we collect will be stored electronically and securely protected. We take appropriate security measures to protect Personal Information from misuse, interference or loss, and from unauthorised access, modification or disclosure. This includes the use of technologies and security software, network firewalls, and physical security to protect the privacy of your Personal Information.

We will store Personal Information while we continue to provide our services to you, unless otherwise required by law. After this time, we archive or destroy Personal Information in to the extent required by any law applicable to our business, as may vary from time to time.

Disclosure of personal information overseas

We store Client data in Australia, but our use of:
  • third party service providers and some features of third party applications may involve access to information by individuals located outside of Australia, including in India, New Zealand, the Philippines and the United States of America; and
  • third party applications may involve access of information by third parties as overseas recipients of information in order for them to make their functionality available for Platform use.

Access to your personal information

We take reasonable steps to ensure that your Personal Information is accurate, complete, and up to date whenever we collect or use it. You may access your Personal Information at any time upon making a written request. We will respond to a request within a reasonable period.

We may decline a request for access to Personal Information in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice within a reasonable time that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint

Correction of personal information

If, upon receiving access to Personal Information or at any other time, you believe the Personal Information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you have the right to ask for the information to be changed. In such circumstances, an amendment note shall be added to the relevant file to advise that you disagree with the information and set out how you wish to see the information presented.

If we refuse to correct the Personal Information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.

Marketing

As set out above, we may use Personal Information to provide you with information about research, products and services which we think may be of interest to you. You may opt out of receiving marketing communications from us at any time if you no longer wish to receive this information.  In order to do so, contact My Plan Manager at [email protected] and request that we no longer send marketing communications to you or opt out in the way suggested in our communications.

Links

Our Platforms or websites may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy & Dignity Policy, so we encourage individuals to read them before using those websites.

Feedback and complaints

You may make a complaint or provide feedback about privacy matters. In doing so, you  should access the My Plan Manager Feedback and Complaints Policy, located on the My Plan Manager website, and send such complaints to [email protected] 

My Plan Manager shall treat all complaints in a confidential manner. Nothing in this Policy prevents a complaint about how My Plan Manager has treated your personal information from being made to the Office of the Australian Information Commissioner (Tel: 1300 363 992) at any time.

Glossary of terms

TermDefinition
Australian Privacy Principles (APPs) These outline how all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use, and manage personal information. The APPs are included in the Australian Privacy Act (1988) (Cth).
Client A client of My Plan Manager or the nominated decision-maker person.
Confidential information  Any information made available to, or generated by, MPM Group which is not already publicly available or about to become publicly available. All personal information is strictly confidential.
Personal information (includes sensitive information)

Information or an opinion about an identified individual, or an individual who is identifiable:

  • whether the information or opinion is true or not.
  • whether the information or opinion is recorded in a material form or not.
Personnel/staff Anyone, paid or unpaid, who works for or with My Plan Manager. It includes members of the governing body, or any other similarly empowered committee constituted by MPM Group.
PlatformsAny MPM Group technology platform used for plan management and/or individual capacity building, including the client portal, mobile app, and Kinora community platform.
Policy  A statement of intent that sets out how an organisation should fulfil its vision, mission, and goals.
Procedure A statement or instruction that sets out how a policy will be implemented and by whom.

Subscribe

Stay up to date with the latest information, updates and NDIS news. Sign up to our e-news today.
For disability sector participants, supporters and advocates.
Subscribe now
For service providers, intermediaries and industry partners.
Subscribe now

Blog

FAQs
NDIS provider number: 405 000 1826

My Plan Manager acknowledges the objectives of the United Nations Convention on the Rights of Persons with Disabilities.

My Plan Manager acknowledges the Traditional Owners of Country throughout Australia, and their continuing connection to land, sea and community. We pay our respects to them and their cultures, and to Elders both past and present.
© My Plan Manager 2024 | Privacy & Dignity | Terms of Use
arrow-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram