Privacy Policy
Last updated: June 2026
1. Introduction
Align Network ("we", "us", "our") is committed to protecting the privacy of personal information collected from NDIS participants, families, carers, support coordinators, and allied health professionals. This policy outlines how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
2. Information We Collect
We may collect the following types of personal information:
- Name, contact details (email, phone, address)
- NDIS participant number and plan details
- Health and disability information (sensitive information)
- Service provider details and qualifications
- Financial information for plan management purposes
- Website usage data (analytics, cookies)
3. How We Use Your Information
We use personal information to:
- Provide NDIS plan management, behaviour support, and allied health services
- Process referrals and service agreements
- Manage invoicing and provider payments
- Comply with NDIS Quality and Safeguards Commission requirements
- Communicate with you about our services
- Improve our services and website
4. Sensitive Information
We collect sensitive information (including health and disability information) only with your consent and only where it is reasonably necessary for the provision of NDIS services. Sensitive information is handled with additional security measures.
5. Data Storage and Security
Personal information is stored and processed using reputable third-party service providers, some of which are located overseas (including in the United States). We take reasonable technical and organisational security measures to protect personal information against misuse, interference, loss, and unauthorised access, modification, or disclosure.
These measures include:
- Encryption of personal information in transit and, where appropriate, at rest
- Role-based access controls limiting who can access personal information
- Use of reputable service providers with their own security practices
- Staff training on privacy and data handling
6. Cross-Border Disclosure (APP 8)
Some of the service providers we rely on operate or store data outside Australia, including in the United States. This means certain personal information may be processed overseas, for example in connection with:
- Website and application hosting and content delivery
- Email delivery and communications
- Website analytics and usage measurement
Where we disclose personal information to an overseas recipient, we take reasonable steps to ensure that the recipient handles it in a manner consistent with the Australian Privacy Principles.
7. AI and Clinical Decision Support
Where we use AI-assisted tools to support clinical decision-making, we limit the personal information provided to those tools to what is reasonably necessary. AI outputs are reviewed by a qualified practitioner before being included in any clinical document. We do not permit personal information provided to these tools to be used to train AI models.
8. Disclosure of Information
We may disclose personal information to:
- The NDIA and NDIS Quality and Safeguards Commission (as required)
- Service providers involved in your care (with consent)
- Government agencies where required by law
- Our professional advisors (accountants, lawyers)
We do not sell personal information to third parties.
9. Your Rights — Access and Correction (APP 12 and APP 13)
You have the right to:
- Access the personal information we hold about you (APP 12)
- Request correction of inaccurate, out-of-date, incomplete, or misleading information (APP 13)
- Request deletion of your information (subject to our legal and NDIS record-keeping obligations)
- Withdraw consent for marketing communications
- Make a complaint about our handling of your information
To request access to or correction of your personal information, email us at info@alignnetwork.com.au. We will respond to your request within a reasonable period (ordinarily within 30 days). There is no charge for making a request, although in some cases a reasonable charge may apply for providing access. If we are unable to grant a request, we will explain our reasons in writing.
10. Data Retention (APP 11.2)
We retain personal and health information only for as long as it is necessary for the purposes for which it was collected, and to meet our legal, professional, and NDIS record-keeping obligations. When information is no longer needed and we are no longer required to retain it, we take reasonable steps to securely destroy it or to de-identify it.
11. Notifiable Data Breaches
In the event of an eligible data breach that is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth). This includes taking reasonable steps to contain the breach and, where required, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC).
12. Cookies and Website Analytics
Our website uses Google Analytics and Google Tag Manager to understand how visitors use the site. These tools set cookies and collect usage data (such as pages visited, approximate location, device, and browser information) on our behalf. This information helps us measure and improve the website experience. You can disable or delete cookies in your browser settings, and you can opt out of Google Analytics using the tools Google provides.
13. Contact Us
For privacy enquiries, access requests, or complaints, contact us at:
- Email: info@alignnetwork.com.au
- Phone: 08 7509 4185
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC).