Privacy Policy

Company Details

Haven Disability Services WA Pty Ltd
Trading as Haven OT
ABN: 92 667 017 807
Address: 314/17 Freeman Loop, North Fremantle WA 6159 (Postal Only)
Email: hello@haven-ot.com

Purpose:

Haven OT is committed to protecting your privacy and handling personal and health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. This Privacy Policy explains how we collect, use, store, and disclose personal information.

1. What Information We Collect

We may collect the following types of personal information:

  • Full name, date of birth, and contact details

  • NDIS number and plan details

  • Guardian or nominee details

  • Medical history and health information

  • Assessment results and therapy notes

  • Progress notes and reports

  • Support plans and recommendations

  • Billing and payment information

  • Communication records (email, phone, Teams)

  • Information submitted through our website

Health information is considered sensitive information under privacy law.


2. How We Collect Information

We collect information:

  • Directly from participants

  • From guardians or nominees

  • From support coordinators

  • From the National Disability Insurance Agency (NDIA)

  • From other treating professionals (with consent)

  • During assessments and service delivery

  • Through phone, email, Microsoft Teams, and other communications

  • Via our website contact forms

Where reasonable and practical, we collect information directly from you.

3. Why We Collect Information

We collect, use, and hold personal information for the following purposes:

  • To provide occupational therapy services

  • To assess, plan, and deliver supports

  • To prepare reports and recommendations

  • To communicate with participants, guardians, and support teams

  • To comply with NDIS and legal requirements

  • For billing and administrative purposes

  • To meet insurance and regulatory obligations

We only collect information that is reasonably necessary for these purposes.

4. Disclosure of Information

We may disclose personal information to:

  • Participants and their guardians

  • Plan managers

  • Support coordinators

  • The NDIA

  • Other health professionals involved in care (with consent)

  • Insurers

  • Legal or regulatory authorities where required

  • IT and cloud service providers who host or support our systems

We do not sell personal information.


5. Release of Information to Third Parties

Haven OT may release personal and health information to third parties in certain circumstances, with your consent or as required by law. This may include:

  • External health professionals or specialists involved in your care

  • Third-party service providers assisting with administration, billing, or IT support

  • Educational institutions or researchers, where information is de-identified or consent is provided

  • Legal representatives, courts, or regulatory bodies where disclosure is legally required

We only release information that is necessary for the purpose for which it is being shared and take reasonable steps to ensure third parties handle information securely and in accordance with privacy laws.

You have the right to request details of any third parties to whom your personal information has been released.


6. Storage and Security

Haven OT takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

We store information:

  • In Splose (our secure cloud-based practice management system)

  • In Google Drive

  • In Microsoft 365 (including Outlook and Teams)

Security measures include:

  • Password-protected systems

  • Multi-factor authentication

  • Restricted access to authorised staff only

  • Secure devices

  • Confidentiality obligations for all employees and contractors

Where paper documents are received, they are scanned into our secure systems and securely destroyed.


7. Overseas Disclosure

Some of the cloud-based systems we use (including Google and Microsoft services) may store or process data on servers located outside Australia.

We take reasonable steps to ensure service providers have appropriate data protection safeguards in place.


8. Access and Correction

You may request access to personal information we hold about you. You may also request correction of inaccurate, incomplete, or outdated information.

Requests should be made in writing to hello@haven-ot.com. We will respond within a reasonable timeframe (generally within 30 days).

In some circumstances permitted by law, we may refuse access. If this occurs, we will provide reasons.


9. Complaints

If you have concerns about how your information has been handled, please contact us in writing at hello@haven-ot.com.

We will investigate and respond within a reasonable timeframe. If you are not satisfied with our response, you may lodge a complaint with the NDIS Quality and Safeguards Commission.

10. Data Breaches

If we become aware of a data breach that is likely to result in serious harm, we will:

  • Assess the breach promptly

  • Notify affected individuals where required

  • Notify the Office of the Australian Information Commissioner where required under the Notifiable Data Breaches Scheme


11. Updates to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on our website.