Privacy policy.

uglas Legacy Group Pty Ltd

Privacy Policy

Version 1.0 | Date: 18.06.2025

1. Purpose

Douglas Legacy Group Pty Ltd (“the Company”) is committed to protecting the privacy of all individuals and stakeholders with whom we engage, including clients, employees, suppliers, and community partners. This policy outlines how personal and sensitive information is collected, used, stored, and disclosed, in accordance with the Australian Privacy Principles (APPs) and aligned with our core values of respect, integrity, and cultural responsibility.

2. Scope

This policy applies to all employees, contractors, and representatives of Douglas Legacy Group Pty Ltd who handle personal or sensitive information in the course of their duties.

3. Our Privacy Commitment

Douglas Legacy Group upholds strong moral, ethical, and cultural standards. We recognise the right to privacy and confidentiality and ensure all personal information is handled lawfully, respectfully, and transparently.

Our approach to privacy is grounded in:

  • Respect for cultural identity and personal dignity

  • Accountability in managing sensitive and confidential information

  • Trust in professional and community relationships

  • Responsibility in complying with legal and ethical obligations

4. What Information We Collect

We may collect the following types of information where necessary for service delivery:

  • Full name and contact details

  • Demographic and cultural background (with consent)

  • Health and disability-related information (for service provision)

  • Financial or legal details (if required by program funding)

  • Employment, educational, or support history

  • Any other information relevant to client wellbeing or employee obligations

5. How We Use Personal Information

Personal information is used only for purposes that are directly related to our functions or activities, including:

  • Providing NDIS and community support services

  • Assessing client needs and developing support plans

  • Employee onboarding and administration

  • Risk management and compliance with funding requirements

  • Communication with stakeholders, partners, or government agencies (where permitted)

6. Confidentiality and Data Security

All employees must treat personal information as confidential. We take reasonable steps to:

  • Store records securely (physical and electronic)

  • Restrict access to authorised personnel only

  • Protect against misuse, loss, unauthorised access, or disclosure

  • Dispose of personal data safely when no longer needed

Breach of privacy obligations may result in disciplinary action and, where appropriate, notification to regulatory authorities.

7. Cultural Sensitivity in Privacy

As a First Nations-led company, we understand privacy includes cultural and community-based dimensions. We commit to:

  • Seeking informed consent before sharing information within or across community networks

  • Respecting cultural protocols in the management and handling of data

  • Ensuring cultural safety and trust in all client interactions

8. Disclosure of Information

We will not disclose personal information to third parties without consent, unless:

  • Required or authorised by law

  • Necessary to prevent serious risk to health, safety, or welfare

  • Required for legal or regulatory reporting

9. Access and Correction

Individuals have the right to request access to their personal information or request corrections where data is inaccurate, outdated, or incomplete. Requests can be made in writing to the Company’s Privacy Officer.

10. Complaints and Enquiries

Concerns or complaints about a breach of privacy can be directed to:

Privacy Officer

Douglas Legacy Group Pty Ltd

Complaints will be managed promptly and respectfully in accordance with our complaints handling procedures.