Bright Access values and respects the privacy of the people we deal with. Bright Access is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws and regulations.This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.This policy was last reviewed and updated on 23/06/2025.
WHAT IS PERSONAL INFORMATION?
“Personal information” means any information or opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable. In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly.
WHAT PERSONAL INFORMATION DO WE COLLECT?
The personal information we collect about you depends on the nature of your dealings with us or what you choose to share with us. The personal information we collect about you may include:
- Name
- Email address
- Phone/mobile number
- Age
- NDIS Plan details
- Location
- Employment History
You do not have to provide us with your personal information. Where possible, we will give you the option to interact with us anonymously or by using a pseudonym. However, if you choose to deal with us in this way or choose not to provide us with your personal information, we may not be able to provide you with our services or otherwise interact with you.
HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
Bright Access employees must only collect personal information by lawful and fair means as required by the Privacy Act. Bright Access employees must also only collect personal information directly from clients or their representatives where this is reasonable and practicable.
We collect your personal information directly from you when you:
- interact with us over the phone
- interact with us in person
- interact with us online
- participate in surveys or questionnaires
- attend a Bright Access event
- apply for a position with us as an employee, contractor or volunteer; or enquire about our services.
We may also collect personal information from:
- referring third parties (for example, the National Disability Insurance Scheme, a guardian or a support coordinator)
- third party funding and Government Agencies such as the NDIA or NDIS Quality and Safeguards Commission
CHILDREN’S PRIVACY
We do not aim any of our services directly at children under the age of 13 and we do not knowingly collect personal information about children under 13.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use personal information for many purposes in connection with our functions and activities, including the following purposes:
- provide you with information or services that you request from us
- deliver to you a more personalised experience and service offering
- improve the quality of the services we offer
- internal administrative purposes
DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
We may disclose your personal information to third parties in accordance with this Policy in circumstances where you would reasonably expect us to disclose your information. For example, we may disclose your personal information to:
- third-party service providers for the purpose of enabling them to provide their services including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, marketing providers, professional advisors, and payment systems operators.
- our employees, contractors, and/or related entities
- referees whose details are provided to Bright Access by job applicants
- government and regulatory bodies, including the National Disability Insurance Agency, Medicare, the Department of Social Services, the Department of Families, Fairness and Housing, and the Australian Taxation Office
- NDIS Quality and Safeguards Commission
- Social Services Regulator
- people acting on their behalf including their nominated representatives, legal guardians, executors, trustees and legal representatives
- courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
- third parties to collect and process data
- an entity that buys, or to which we transfer all or substantially all of our assets and business
TRANSFER OF PERSONAL INFORMATION OVERSEAS
The personal information we collect is stored and/or processed in Australia, or where we or our partners, affiliates, and third-party providers maintain facilities. Some of the third-party service providers we disclose personal information to may be based in or have servers located outside of Australia. Where we disclose your personal information to third parties overseas, we will take reasonable steps to ensure that data security and appropriate privacy practices are maintained. We will only disclose to overseas third parties if:
- you have given us your consent to disclose personal information to that third party; or
- the overseas recipient is subject to a law or binding scheme that is, overall, substantially similar to the APPs; and
- the law or binding scheme can be enforced; or
- the disclosure is required or authorised by an Australian law or court / tribunal order.
we reasonably believe that:
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
Bright Access will take reasonable steps to ensure that the personal information that we hold about you is kept confidential and secure, including by:
- having a robust physical security of our premises and databases / records
- taking measures to restrict access to only personnel who need that personal information to effectively provide services to you
- having technological measures in place (for example, anti-virus software, fire walls)
ONLINE ACTIVITY
COOKIES
The Bright Access website uses cookies. A cookie is a small file of letters and numbers the website puts on your device if you allow it. These cookies recognise when your device has visited our website(s) before, so we can distinguish you from other users of the website. This improves your experience and the Bright Access website(s). We do not use cookies to identify you, just to improve your experience on our website(s). If you do not wish to use the cookies, you can amend the settings on your internet browser so it will not automatically download cookies. However, if you remove or block cookies on your computer, please be aware that your browsing experience and our website’s functionality may be affected.
Our Cookie Declaration contains the following information:
- The user can see view their current consent (what categories of cookies consent has been given for), change their consent or completely withdraw their consent. If the user clicks ‘change your consent’ or ‘withdraw your consent’ the cookie consent banner will re-appear.
- Information about when the Cookie Declaration was last updated.
- A list of all the cookies and trackers in use on the website – categorised in Necessary, Preferences, Statistics and Marketing – along with purpose descriptions and additional information.
WEBSITE ANALYTICS
Our website uses Google Analytics to help us better understand visitor traffic, so we can improve our services. Although this data is mostly anonymous, it is possible that under certain circumstances, we may connect it to you.
RETENTION OF PERSONAL INFORMATION
We will not keep your personal information for longer than we need to. In most cases, this means that we will only retain your personal information for the duration of your relationship with us unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations.
HOW TO ACCESS AND CORRECT YOUR PERSONAL INFORMATION
Bright Access will endeavour to keep your personal information accurate, complete and up to date. If you wish to make a request to access and / or correct the personal information we hold about you, you should make a request by contacting us and we will usually respond within 5 business days.
LINKS TO THIRD-PARTY SITES
Bright Access website(s) may contain links to websites operated by third parties. If you access a third- party website through our website(s), personal information may be collected by that third party website. We make no representations or warranties in relation to the privacy practices of any third-party provider or website, and we are not responsible for the privacy policies or the content of any third-party provider or website. Third party providers / websites are responsible for informing you about their own privacy practices and we encourage you to read their privacy policies.
INQUIRIES AND COMPLAINTS
For complaints about how Bright Access handles, processes or manages your personal information, please complete the Feedback form. Alternatively, you may reach us via our contact details found on our Contact Us page. Note we may require proof of your identity and full details of your request before we can process your complaint.Please allow up to 5 days for Bright Access to respond to your complaint. It will not always be possible to resolve a complaint to everyone’s satisfaction. If you are not satisfied with Bright Access’s response to a complaint, you have the right to contact the Office of Australian Information Commissioner (at www.oaic.gov.au/) to lodge a complaint.
HOW TO CONTACT US
If you have a question or concern in relation to our handling of your personal information or this Policy, you can contact us for assistance as follows:
- Email: enquiries@brightaccess.com.au
- Contact number: (03) 8595 1911
- Post: 2/155 Queen Street, Warragul VIC 3820
