logo

Privacy Policy

PlanCare Holdings Pty Ltd (PlanCare, we, us, our) is committed to protecting the privacy of individuals who interact with our website, client portal, and services. This Privacy Policy explains how we collect, hold, use, and disclose personal information, including health information and other sensitive information.

1. This policy applies to:

  • visitors to our website at www.plancare.com.au;
  • individuals who use our client portal or digital services;
  • NDIS participants, aged care clients, carers, and authorised representatives; and
  • any other individuals whose personal information we handle.

PlanCare handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we provide services to NDIS participants, we also comply with obligations under the National Disability Insurance Scheme Act 2013 (Cth) and the NDIS Practice Standards and Code of Conduct. Where we provide aged care services, we also comply with the Aged Care Act 2024 (Cth) and the Aged Care Quality Standards.

2. What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.

Health information and other sensitive information attracts heightened protections under APP 3 and APP 6. Health information includes information about an individual's health, disability, care needs, medical history, or support requirements. PlanCare may collect and handle health information in connection with the provision of aged care and disability support services through the client portal.

3. What personal information we collect

3.1 Website visitors

When you visit our website, we may collect:

  • browser and device information (type, version, operating system);
  • IP address and approximate location;
  • pages visited, time on site, and referring URLs; and
  • information you voluntarily submit through contact or enquiry forms (name, email address, phone number, message content).

3.2 Client portal users

When you access our client portal, we may collect:

  • identity information (full name, date of birth, address);
  • contact details (email, phone number);
  • NDIS participant or aged care client identifiers;
  • health information, care needs, support plans, and care management records;
  • carer or representative details; and
  • service delivery records and interactions.

3.3 Cookies and tracking technologies

Our website uses cookies, pixels, tags, analytics tools and similar tracking technologies. We use:

  • Google Analytics: to analyse website traffic, page visits, and user behaviour. Data is collected via cookies and may be processed by Google on servers outside Australia. See Google's Privacy Policy at policies.google.com/privacy.
  • Google Search Console: to monitor website performance in Google Search results and improve website visibility and functionality.
  • Google Tag Manager: to manage and deploy website tags, analytics tools and marketing technologies.
  • Meta Pixel: to track conversions from advertising campaigns. Data may be shared with Meta Platforms Inc. See Meta's Privacy Policy at www.facebook.com/privacy/policy.
  • HubSpot: to track engagement with our website and marketing communications. See HubSpot's Privacy Policy at legal.hubspot.com/privacy-policy.
  • Klaviyo: to manage email communications, newsletters, marketing campaigns and customer engagement activities. Klaviyo may collect information relating to email interactions, subscription preferences and website engagement. Klaviyo's Privacy Policy is available at https://www.klaviyo.com/legal/privacy-policy

You may manage or disable cookies through your browser settings. Disabling cookies may affect the functionality of parts of our website. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

4. How we collect personal Information

We collect personal information in a number of ways:

  • directly from you when you complete forms, make enquiries, or use our website or portal;
  • from your nominated carer, representative, or support coordinator where you have authorised this;
  • from government agencies, funding bodies (including the NDIA and Services Australia), or other authorised parties involved in your care or support; and
  • automatically via cookies and tracking technologies when you use our website.

Where practicable, we will collect personal information directly from you. We will notify you of our collection at or before the time of collection, or as soon as practicable afterwards.

5. Why we collect and use personal information

We collect and use personal information for the following purposes:

  • delivering, managing, and coordinating aged care and disability support services;
  • communicating with you about your services, enquiries, and appointments;
  • managing our relationship with you and maintaining service records;
  • meeting our obligations under the NDIS Act 2013, Aged Care Act 2024, and related legislation;
  • complying with regulatory requirements, quality standards, and audit obligations;
  • improving our services, website, and client experience;
  • responding to feedback, complaints, and incident reports; and
  • analytics, marketing, and service improvement (website visitors only, using non-identifiable or aggregated data where possible).

We will not use your personal information for a purpose other than the primary purpose of collection unless a permitted secondary use applies under the Privacy Act 1988 (Cth), you have consented, or we are required or authorised by law.

6. Sensitive information and health information

PlanCare handles health information and sensitive information as defined under the Privacy Act 1988 (Cth). This includes information about an individual’s health, disability, care needs, or support requirements collected through the client portal.

We will only collect sensitive information with your consent, or where collection is required or authorised by law. Sensitive information is subject to heightened protections under APP 3 and APP 6. We will not use or disclose sensitive information for a purpose other than the purpose for which it was collected, a directly related purpose, or where permitted by law.

7. Disclosure of personal information

PlanCare may disclose personal information to:

  • government agencies and funding bodies, including the National Disability Insurance Agency (NDIA), Services Australia, and the Aged Care Quality and Safety Commission, as required to administer your services or funding;
  • healthcare providers, allied health professionals, and other support providers involved in your care;
  • our employees, contractors, and affiliates who need access to provide services to you;
  • our technology service providers (including cloud hosting, portal software, and communication platforms) under appropriate data processing agreements;
  • analytics and marketing platforms (Google Analytics, Meta Pixel, HubSpot) for website analytics purposes only, using data subject to those platforms' terms; and
  • other parties where required by law, court order, or regulatory obligation.

We do not sell personal information to third parties. Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure those recipients handle information in accordance with the APPs or an equivalent standard.

8. Cross-border disclosure

Some of our third-party service providers may process or store personal information outside Australia, including in the United States and European Union. These providers include Google (Google Analytics), Meta Platforms Inc. (Meta Pixel), and HubSpot Inc. By using our website and consenting to cookies, you acknowledge that your information may be processed overseas.

PlanCare takes reasonable steps to ensure overseas recipients handle information in a manner consistent with the APPs. However, you acknowledge that by consenting to this disclosure, APP 8.1 obligations may not apply to the overseas recipient.

9. Data quality and security

PlanCare takes reasonable steps to ensure that personal information we hold is accurate, up to date, complete, and relevant. We also take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
Our security measures include:

  • access controls and authentication for portal systems;
  • encryption of data in transit and at rest;
  • staff training on privacy and data handling obligations;
  • regular review of security practices; and
  • incident response procedures for data breaches.

Despite these measures, no system is completely secure. If you suspect unauthorised access to your account or information, please contact us immediately at privacy@plancare.com.au.

10. Data retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Retention periods for client and participant records are determined by the requirements of the Aged Care Act 2024 (Cth), the NDIS Act 2013 (Cth), and other applicable legislation. When personal information is no longer required, we take reasonable steps to destroy or de-identify it.

11. Notifiable data breaches

PlanCare complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we experience an eligible data breach that is likely to result in serious harm to affected individuals, we will notify those individuals and the Office of the Australian Information Commissioner (OAIC) as required.

12. Access and correction

You have the right to request access to the personal information we hold about you, and to request correction of information that is inaccurate, out of date, incomplete, irrelevant, or misleading. To make a request, contact us at privacy@plancare.com.au. We will respond to access and correction requests within a reasonable time and in accordance with the APPs. We may refuse access in limited circumstances permitted by law. If we refuse access or correction, we will give you written reasons and inform you of available avenues for review.

13. Complaints

If you believe we have breached the APPs or your privacy rights, you may make a complaint by contacting us at:

Email: privacy@plancare.com.au

Post: Privacy Officer, PO Box Z5202, St Georges Tce Perth WA 6831

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

14. Cookies and consent management

By continuing to use our website after being presented with a cookie notice, you consent to our use of cookies as described in Section 3.3 of this policy. You may withdraw consent at any time by adjusting your browser settings or using your browser’s opt-out mechanisms for specific platforms. Note that withdrawing cookie consent does not affect the lawfulness of processing carried out before withdrawal, and does not affect personal information collected through the client portal.

15. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available at https://plancare.com.au/privacy. Material changes will be notified to registered users by email where practicable. Continued use of our website or services after an updated policy is published constitutes acceptance of the updated policy.

16. Contact us

For privacy enquiries, requests for access or correction, or concerns about how we handle your personal information, contact our Privacy Officer:

Email: privacy@plancare.com.au

Post: Privacy Officer, PO Box Z5202, St Georges Tce Perth WA 6831

Website: https://plancare.com.au/privacy-policy