Skip to main content

Connexus Support Privacy Policy

Current as of: 09 March 2025
Policy Purpose

As a provider of services for people with disabilities, families, and young people, Connexus has access to personal information in every interaction and part of our business. Keeping front of mind, assuming all information is personal information, and respecting and protecting individual’s privacy and confidentiality in every interaction is critical for Connexus, its staff, Board, and partner organisations.

This policy covers the entire information lifecycle from collection, security, use and disclosure, access and correction and destruction of all personal information including sensitive and health information.

Adherence to the policy will ensure that everyone who is provided services by, works for, or works with, Connexus is guaranteed that their personal information will be collected and managed as required by legislation and that Connexus meets client expectations, and delivers on our values of respect, accountability, and service excellence.

Connexus has no tolerance for any intentional breach of privacy. Serious legal, professional, and financial impacts and penalties apply to intentional breaches of privacy. Connexus’ Privacy Policy adheres to applicable Commonwealth and state legislation for the management of personal including health information:

  • Privacy Act 1988 (Cth) (the Privacy Act)
  • Privacy and Data Protection Act 2014 (Vic)
  • Health Records Act 2001 (Vic)
  • Victorian Charter of Human Rights and Responsibilities Act 2006 (Vic)
  • Fair Work Act 2009 (Cth)
  • Human Rights Act 2019 (Qld)
  • National Disability Insurance Scheme (NDIS) Quality and Safeguarding Framework 2017 (Cth)
Policy Scope

This policy applies to the management of client personal information by all Connexus staff including contractors and consultants, partner organisations, and directors.

The legislation and principles set out Connexus’ obligations and individuals’ rights around:

  • the collection, use and disclosure of personal information.
  • an organisation or agency’s governance and accountability.
  • integrity and correction of personal information.
  • the rights of individuals to access their personal information.
Application of Privacy Principles
Collection:

It is an individual’s right to choose whether to share personal information. If an individual (client or staff member) chooses not to share personal information required for Connexus to deliver its service or function, Connexus may not be able to provide some services or to commence or maintain their employment of a staff member. Connexus will only collect personal information where it is necessary for one or more of its functions or activities. The information will be collected lawfully and fairly and not in an unreasonably intrusive way.

Personal information collected may include:
  • an individual’s name, signature, address, phone number or date of birth • sensitive information
  • credit information
  • employee record information
  • photographs
  • internet protocol (IP) addresses
  • location information from a mobile device
Health information collected for a potential or current client may include:
  • personal health history and family history
  • lifestyle, cultural or ethnic background
  • test results to assist in providing appropriate support

Connexus will, as far as practicable and reasonable, collect personal and health information about an individual only from that individual. If required to be collected from someone else, Connexus will take reasonable steps to ensure that the individual is advised of its collection and management as consistent with privacy principles. Connexus will take all reasonable steps to ensure that the personal information collected, used, or disclosed is accurate, complete, and up to date.

Security:

Connexus will take reasonable steps to protect personal information it holds is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification, or disclosure. Connexus security measures include holding personal information in electronic form in secure databases owned and operated by Connexus and by measures including firewalls, SSL data encryption, virus detection methods, and password restricted access.

Connexus adheres to Australian data sovereignty requirements that data is kept in a data centre physically located in Australia and is only accessible by Australian people and companies. Connexus will only transfer personal or confidential data outside of Australia if the transfer is for the benefit of the individual concerned or is necessary for the conclusion or performance of a contract AND if the recipient of the information is subject to a law, binding scheme, or contract which effectively upholds Australian Privacy Principles.

Use and Disclosure:

The personal information disclosed to Connexus by staff or clients will be used:

  • For the purposes for which it was collected.
  • For other related purposes for which the individual would reasonably expect Connexus to use the information including providing to persons/offices having legal authority to access personal information.
  • Some of the services provided within or by Connexus may be outsourced or provided by a contractor (i.e. physiotherapists or outpatient services). Connexus may provide personal information to them to assist in providing support and care. Further, if an individual requires certain medical devices for treatment, Connexus may disclose personal information to suppliers or manufacturers of those devices. Connexus requires all such health professionals and contractors to handle personal information in accordance with the Privacy Act.
  • If the personal information is sensitive information, the secondary purpose is directly related to the primary purpose of collection.
  • Where it is required or permitted by law to do so for other related purposes to which the individual has agreed (either expressed or implied). This may include providing the user with details about other goods or services offered by Connexus, as well as any newsletters, promotions, surveys, or staff training, if applicable. In these instances, Connexus will provide options for a client to request not to receive direct marketing (opt out).
  • From time to time, we may need to collect, use or disclose aspects of your personal information to monitor the standard of services provided, through processes such as accreditation and evaluation, clinical audits, risk and claims management, education and training of staff, and quality assurance activities, including monitoring clinical outcomes.
  • To ensure we are delivering our services to meet our participants’ needs, we monitor participant satisfaction. As a result, we, or someone we authorise, may contact you in the future to request your feedback on our services.
  • Connexus collects, uses and discloses personal information about its staff in order to perform its obligations as an employer and as required by law. However, the handling of past and current employee records is exempt from the Privacy Act where there is a direct relationship between Connexus and the past/current employee. Connexus will retain employee records confidentially and in accordance with the Fair Work Act 2009 (Cth) which sets out entitlements in relation to these documents.
Data Destruction:

When the information is no longer required for service delivery or as required or authorised by law, Connexus will irreversibly destroy the documents using the same level of security that was maintained during the life of the records, or to permanently de-identify personal information. Connexus will record documents destruction.

Electronic Media and Collection of Personal Information:

The Privacy Principles and related legislation apply to the collection and management of personal information acquired through any electronic media platform utilised by Connexus including Connexus web site and social media platforms.

The Connexus website uses ‘cookies’ that collect information from your website usage. This information is used for website administration, statistical analysis, and maintenance. The information is aggregated and not linked to individuals. You can adjust your web browser settings to block cookies.

Some parts of the Connexus website may not function fully for users that disallow cookies. Forms on the Connexus website may request that you complete personal information such as name or contact details. Connexus collects this information so that Connexus can assist you with the query or request you use the form to submit. You are not required to utilise these forms, but Connexus may be limited in responding if this information is not provided.

Breaches of this Policy:

The breach of this policy by a team member, director or officer of the company may lead to disciplinary action being taken in accordance with the company’s disciplinary procedure. Serious breaches may be regarded as gross misconduct.

All team members, directors and officers of the company will be expected to cooperate fully in any investigation into suspected breaches of this policy or any related processes or procedures. If an issue is identified with a supplier, we will work with them to prepare a corrective action plan and resolve all violations within an agreed upon period. We reserve the right to terminate our relationship with individuals and organisations in our supply chain if they breach this policy.

Complaints:

 Any person interacting with Connexus who believes (or whose family or significant person believes) that his or her personal information has been managed inappropriately or illegally or have any concerns on the management of their personal information, is encouraged to advise Connexus. The person may engage an advocate to support them.

Connexus provides ready access for complaints or feedback by email to . Connexus is committed to respecting people’s rights to complain and will ensure no adverse consequences of any complaint or feedback. Connexus will respond to the complaint or feedback within 5 days and will work with affected individuals to achieve a satisfactory resolution. Connexus will provide information on access to other complaints bodies if matters are unable to be resolved. Connexus will record and use all feedback and complaints and use this information to improve its services through its continuous quality improvement cycle.

Legislation:
  • Fair Work Act 2009 (Cth)
  • Health Records Act 2001 (Vic)
  • Human Rights Act 2019 (Qld)
  • National Disability Insurance Scheme (NDIS) Quality and Safeguarding Framework 2017 (Cth)
  • Privacy Act 1988 (Cth) (the Privacy Act)
  • Privacy and Data Protection Act 2014 (Vic)

Victorian Charter of Human Rights and Responsibilities Act 2006 (Vic)