Skip to main content
Lumincare Logo

Caring for our community

Privacy Policy

How we handle your personal and sensitive information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Last updated:  ·  Effective date:

Lumin Care Services Pty Ltd ("Lumincare", "we", "us", "our") is an NDIS Registered Provider (Provider Number: 405 017 3056) and is bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). We take the privacy of our participants, staff, and visitors seriously.

1. Open and Transparent Management of Personal Information (APP 1)

We manage personal information openly and transparently. This Privacy Policy explains our practices and you may contact our Privacy Officer at any time with questions. We will update this policy when our practices change and publish the updated version on this website.

2. Anonymity and Pseudonymity (APP 2)

Where lawful and practicable, you may interact with us anonymously or using a pseudonym. However, if you seek NDIS supports or services from us, we generally require your real identity to comply with the NDIS Act 2013 and our obligations as a registered provider.

3. Collection of Solicited Personal Information (APP 3)

We only collect personal information that is reasonably necessary for our functions and activities. This may include:

  • Identity: Full name, date of birth, gender
  • Contact: Address, phone number, email address
  • NDIS: NDIS Participant Number, Plan details, funding categories
  • Health & Disability: Diagnoses, medications, support needs, behaviour support plans
  • Financial: Bank account details (for invoicing), plan management details
  • Representative: Guardian, nominee, or carer details
  • Employment (staff): Tax file number, superannuation, qualifications, Working With Vulnerable People checks

We collect information directly from you, or with your consent from:

  • Your nominee, guardian, or carer
  • Allied health professionals and treating doctors
  • The National Disability Insurance Agency (NDIA)
  • Other service providers involved in your care

Sensitive Information: Health and disability information is sensitive information under the Privacy Act. We only collect it with your consent or as required or authorised by law.

4. Dealing with Unsolicited Personal Information (APP 4)

If we receive personal information we did not solicit, we will determine whether we could have collected it under APP 3. If not, we will destroy or de-identify it as soon as reasonably practicable, provided it is lawful to do so.

5. Notification of Collection (APP 5)

At or before the time we collect your personal information, or as soon as practicable afterwards, we will notify you of the purposes of collection, our contact details, whether collection is required or authorised by law, and any third parties to whom we may disclose the information. This policy serves as that notice.

6. Use or Disclosure of Personal Information (APP 6)

We use and disclose your personal information for the primary purpose for which it was collected. We may also use or disclose it for a related secondary purpose if you would reasonably expect us to do so, or with your consent.

We may disclose your information to:

  • The National Disability Insurance Agency (NDIA)
  • The NDIS Quality and Safeguards Commission
  • Allied health professionals or other providers involved in your support
  • Our staff, on a strict need-to-know basis
  • Plan managers or support coordinators as authorised by you
  • Law enforcement or government agencies where required by law

We will not disclose your information to third parties for marketing purposes without your express consent.

7. Direct Marketing (APP 7)

We do not use personal information for direct marketing without your consent. If we send you communications about our services, you may opt out at any time by contacting us or using the unsubscribe function. We will not charge you for processing an opt-out request.

8. Cross-Border Disclosure of Personal Information (APP 8)

We store your personal information on servers located in Australia. We do not routinely disclose personal information to overseas recipients. If we need to do so (e.g., cloud services with overseas data centres), we will take reasonable steps to ensure the recipient handles your information in a manner consistent with the APPs, or obtain your consent.

9. Adoption, Use or Disclosure of Government Related Identifiers (APP 9)

We do not adopt your NDIS Participant Number or any other government-related identifier as our own identifier for you. We only use such identifiers to the extent necessary to fulfil our obligations as an NDIS registered provider.

10. Quality of Personal Information (APP 10)

We take reasonable steps to ensure the personal information we collect, use, and disclose is accurate, up to date, complete, and relevant. Please tell us if your information changes so we can update our records.

11. Security of Personal Information (APP 11)

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure using:

  • Secure encrypted electronic record-keeping systems
  • Physical security measures for paper documents
  • Restricted staff access on a need-to-know basis
  • Staff training on privacy and confidentiality obligations
  • SSL/TLS encryption on our website for data in transit

We will destroy or de-identify personal information once it is no longer needed, unless we are required by law to retain it (e.g., under the NDIS Act 2013).

12. Access to Personal Information (APP 12)

You have the right to access the personal information we hold about you. To make an access request, contact our Privacy Officer. We will respond within 30 days. We will not charge a fee for making a request, though reasonable fees may apply for providing access (e.g., photocopying costs). We may decline access in limited circumstances permitted by law, and will give you written reasons for any refusal.

13. Correction of Personal Information (APP 13)

You have the right to request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information we hold about you. We will respond within 30 days. If we refuse to correct, we will give reasons and note your request in your file.

14. Website Data and Cookies

When you visit our website, we may collect non-personal information such as browser type, IP address, and pages visited via cookies and analytics tools. This helps us improve the user experience. You may disable cookies in your browser settings; however, some parts of the website may not function correctly.

Our website contact form collects personal information you voluntarily provide. This is transmitted securely and stored on our CMS in Australia.

15. Electronic Communications (Spam Act 2003)

Any commercial electronic messages we send comply with the Spam Act 2003 (Cth). We will only send you promotional or informational emails with your consent, we will always identify ourselves, and every message will contain an unsubscribe option.

16. Complaints

If you believe we have breached the Privacy Act or the APPs, please contact our Privacy Officer. We will acknowledge your complaint within 5 business days and provide a substantive response within 30 days.

If you are not satisfied with our response, you may contact:

Contact Our Privacy Officer

Lumin Care Services Pty Ltd

Email: info@lumincare.com.au

Phone: (03) 8000 3999

ABN: 70 681 305 671  ·  NDIS Provider No: 405 017 3056

Compassionate hands holding as a symbol of care and support
Your Journey Starts Here

Ready to Discuss Your Path of Care?

Book a complimentary, no-obligation consultation with our care coordinators to explore how we can support your goals.

Request Free ConsultationCall (03) 8000 3999