Privacy Policy

Support Referrals Australia Pty Ltd (we, us, our) is committed to protecting the privacy of all individuals who interact with our platform. This Privacy Policy explains how we collect, use, disclose and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

By using our website or submitting a referral or registration form you consent to the collection and use of your personal information as described in this policy.

Support Referrals Australia Pty Ltd operates the platform at supportreferrals.com.au. We are a placement service connecting NDIS participants with verified NDIS service providers across Australia.

Contact: info@supportreferrals.com.au

From participants and referrers

• Full name, date of birth and gender
• Contact details including phone number and email address
• NDIS number and plan details
• Disability and support needs information
• Location details including suburb, postcode and state
• Cultural background, language and interpreter requirements
• Aboriginal and Torres Strait Islander status
• Referrer details if submitted by a third party
• Communication preferences

From providers

• Business name, ABN and contact details
• Insurance documents and expiry dates
• NDIS registration details
• Service areas, specialisations and capacity information
• Billing contact details
• Staff contact information

From website visitors

• IP address and browser information
• Pages visited and time on site
• Referral source and UTM parameters
• Cookie data where consented

We collect personal information:

• Directly from you when you submit a referral form, provider registration or contact form
• From referrers such as hospital staff, Local Area Coordinators, allied health professionals or family members acting on behalf of a participant
• Automatically when you visit our website through cookies and analytics tools
• From third party verification services such as the Australian Business Register for ABN verification

We collect and use personal information to:

• Match NDIS participants with appropriate verified providers
• Contact participants and referrers regarding their referral
• Verify provider credentials and compliance documents
• Send notifications and updates regarding referrals and placements
• Issue invoices to providers for successful placements
• Improve our platform and services
• Comply with our legal obligations
• Respond to complaints and enquiries

We only share your personal information in the following circumstances:

• With matched providers who have been verified on our platform — participant details are only shared after a provider accepts a referral
• With our placement officers and internal staff for the purpose of managing your referral
• With third party service providers including our email platform, payment processor and database provider — all bound by confidentiality obligations
• With regulators or law enforcement where required by law
• With your consent

We will never sell, rent or trade your personal information to any third party for marketing purposes.

We recognise that information about NDIS participants including disability, health and cultural information is sensitive. We apply additional safeguards to sensitive information including:

• Restricting access to authorised placement officers only
• Anonymising participant details shared with providers until a referral is formally accepted
• Encrypting all sensitive data at rest and in transit
• Maintaining strict access controls and audit logs

Your personal information is stored securely on servers located in Australia (Sydney, ap-southeast-2 region). We implement the following security measures:

• AES-256 encryption for all data at rest
• TLS 1.3 encryption for all data in transit
• Row Level Security enforced at the database level
• Access controls and multi-factor authentication for staff
• Regular security audits and penetration testing
• Audit logs of all access to personal information

We retain personal information for the following periods:

• Referral and case records: 7 years minimum in line with NDIS and tax requirements
• Provider records: 7 years minimum
• Audit logs: permanently retained
• Website analytics: 26 months
• Enquiry and contact form submissions: 3 years

After the retention period personal information is securely deleted or de-identified.

Under the Australian Privacy Act you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or outdated information
• Make a complaint about how we have handled your information
• Request deletion of your information subject to our legal retention obligations
• Withdraw consent to certain uses of your information

To exercise any of these rights please contact us at info@supportreferrals.com.au. We will respond within 30 days.

Our website uses cookies and analytics tools including Google Analytics 4 to understand how visitors use our site. You can control cookie preferences through your browser settings. By continuing to use our website you consent to our use of analytics cookies.

We do not use cookies for advertising or retargeting purposes.

We do not transfer personal information outside of Australia. All data is stored and processed in Australia in accordance with Australian Privacy Principle 8.

Some NDIS participants may be children or young people. Where a referral is submitted for a minor we require consent from a parent, guardian or authorised representative. We apply additional care to the handling of information relating to minors.

We may update this Privacy Policy from time to time. The current version will always be available at supportreferrals.com.au/privacy. We will notify registered providers of material changes by email.

If you believe we have breached your privacy you can:

• Contact us at info@supportreferrals.com.au
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992