Privacy Policy

Last updated: 19 January 2024

Commitment to privacy

Group Homes Australia Pty Ltd (GHA/we or us) is strongly committed to protecting the right to privacy of every individual including its clients, team members and providers. GHA abides by the requirements of the Privacy Act 1988 Cth (Privacy Act) in relation to the collection and use of your personal information.

When you provide your personal information to us, we know that you expect us to protect it and keep it safe. This policy sets out how we collect, use, hold, disclose and safeguard your personal information. We are committed to ensuring that at all times your personal information remains private and protected.

This Privacy and Electronic Consent and Data Retention Policy sets out how we collect, hold, use and disclose your personal information.

What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Legislative requirements

The CEO is the designated privacy officer and is responsible for ensuring GHA complies with its privacy obligations including:

  1. the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act);
  2. the Privacy Act 1988 (Cth) (Privacy Act), including under the Australian Privacy Principles and the notifiable data breaches requirements introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth); and
  3. the privacy requirements that GHA must comply with as a registered provider under the National Disability Insurance Scheme (NDIS) and as an approved provider of aged care services provided under the Aged Care Act 1997 (Cth).

Collection of information

When collecting personal information, GHA is bound by the Privacy Act, the Australian Privacy Principles and any other laws that govern the handling of personal information.

GHA collects personal information about residents, team members, casual team members, website users, applicants and providers but this is limited to that which is necessary for us to undertake our services and activities. In general, this will be collected directly from the individual or their representative, but we also may obtain information from other sources.

GHA only collects personal information for purposes which are directly related to our functions or activities and only when it is necessary for or directly related to such purposes.

GHA does not sell the information collected from you to third-party companies. However, GHA may disclose information to cloud-based service providers, such as, health professionals, government agencies and your legally authorised representatives.

The Privacy Act describes how “personal information” and “sensitive information” is to be treated. The Aged Care Act 1997, the Australian Aged Care Quality Act 2018 and associated Principles set out rules for the treatment of “protected information”.

GHA reserves the right to make changes to this policy. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

Please note that during the course of our relationship with you, we may tell you more about how we handle your personal information. When you receive this further information, please consider it carefully.

What types of your personal information do we collect and hold? GHA also collects the following information: 

GHA collects and holds:

  1. Identification information. This includes your name, email, address, contact details and date of birth and is needed to identify individuals.
  2. Device and browsing information. This includes your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information.
  3. Work related information. This includes information about team members and job applicants related, but not restricted to employment history, qualifications and references for the purpose of recruitment, communication and employment-related activities.
  4. Financial information. Information required for making payment related decisions. For example, bank account information.
  5. Sensitive personal information. We collect sensitive personal information, which includes health information about the physical or mental health or disability of an individual, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices and genetic information.
  6. Other information. In particular, other personal information that you provide us for the purposes of enquiring about or using our services or otherwise to facilitate your dealings with us.
  7. Images. We may collect photographs, video recordings and audio recordings for the purpose of communication/updates with families, visitors may also be included in the photographs. More information about the use of images is detailed at our GHA Use of Photographs House Rule.
  8. Recordings. We may collect information during calls. The calls may be recorded and if you wish, you have the option to request for the call to not be recorded. The recordings are used strictly for the purpose of internal training and internal activities and are disposed of as per our data retention and destruction policy.

How does GHA hold personal information?

Much of the information we hold about you will be stored electronically in cloud or other types of networked or electronic storage centres. We use Salesforce, a cloud-based server with servers overseas, and we disclose to people that information does go offshore. Some information we hold about you will be stored in paper files.

Where required by applicable law, we will notify you, and the Office of the Australian Information Commissioner and/or other relevant regulatory authorities, of data breaches affecting your personal information.

If you are considering sending us any personal information through the website or other electronic means, please be aware that the information may be insecure in transit, particularly where no encryption is used (e.g. email, standard HTTP).

Why does GHA collect personal information?

We collect, use and exchange your information so that we can:

  1. assess your eligibility for a service;
  2. provide a safe and responsive service;
  3. monitor the services provided;
  4. fulfil contractual requirements to provide non-identifying data and statistical information to a funding body;
  5. administer our services;
  6. manage our relationship with you;
  7. comply with our legal obligations and assist government agencies.

We may also collect, use and exchange your information in other ways where permitted by law.

Who do we exchange your information with?

We may disclose personal information to:

  1. prevent or lessen a serious and imminent threat to the life or health of you or another person;
  2. to outside agencies with your or your representative’s permission;
  3. to third party suppliers of services to our organisation, to the extent required to operate our business and receive those services;
  4. with written consent from a person with lawful authority to consent on your behalf;
  5. professional advisers;
  6. other persons, including government agencies, regulatory bodies and law enforcement agencies; or
  7. when required, authorised or permitted by law, such as to fulfil legislative obligations such as mandatory reporting.

We may also disclose such information as required by the Privacy Act or any other law.

What could happen if I chose to not give all or part of my information?

If GHA do not collect your personal information (including photographs), we may not be able to provide you with the services you seek. Not sharing the necessary information may result in limitations on the quality of care that GHA is aimed to offer to you. For example, it can affect clinical assessments and the ability of the team to support your health needs. It can also limit how GHA can communicate with you.

Can you get access to and correct your information?

You can request access to the personal information we hold about you, and ask for corrections to be made, by contacting us using the contact details set out in the section titled “Contact us about our Privacy and Information Handling Practices”. Please provide as much detail as you can about the particular information you seek, in order to help us locate it. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Can we deny or limit your request for access?

We are not required to provide you access if we are unable to identify you and in certain circumstances, we are allowed to deny your request, or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we will communicate our decision to you.

Policy updates

GHA’s Privacy and Confidentiality and Records and Information Management Policies and Procedures will be formally reviewed at least annually. Formal reviews will be conducted by the Quality Committee.

Do we transfer your information overseas?

We may disclose your personal information to overseas recipients in order to provide our services and for administrative, data storage or other business management purposes. For example, we disclose your personal information using Salesforce and WhatsApp, and each entity has servers located in the United States of America (and may have servers located in other countries we are not aware of).

We may disclose your personal information to overseas recipients located in countries, such as Philippines, England, and United States of America, which do not provide the same level of protection as the privacy laws of Australia. However, GHA requires all GHA team members to follow and obey the privacy laws of Australia, even team members who are working in other countries. When you provide your personal information to us, you consent to the disclosure and/or transfer of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act. We are required to take reasonable steps to ensure that any overseas recipient deals with personal information in a way that is not inconsistent with the Australian Privacy Principles.

Security and destruction of personal information

Your Personal and Health Information is stored for a period of at least 7 years in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

GHA will manage, dispose and securely destroy personal information that is no longer needed for the purpose for which it was obtained in accordance with the requirements of Australian Privacy Principles (APP) 11.2, Health Privacy Principles 5 and section 25 of the HRIP Act, and the Privacy (Tax File Number) Rule 2015.

For further information about the security and destruction of personal information, please refer to the GHA House Rule Security and Destruction of Personal Information.

Electronic communications

  1. We receive and send documents electronically and sign documents electronically;
  2. we will send you notices and other documents by email;
  3. we may, but are not obliged to, send paper copies of notices and other documents;
  4. you should regularly check your nominated email address for notices.

Changes to this Privacy Policy

GHA reserves the right to make amendments to this Privacy Policy at any time.

Contact us about our Privacy and Information Handling Practices

If you are concerned about how your personal information is being handled or if you have a complaint about a breach by us of the Privacy Act, please contact our privacy officer:

  1. by email to:
  2. by phone on: 1300 015 406;
  3. in writing to: Level 2, 425-429 Pacific Hwy, Crows Nest NSW 2065.

Complaint handling/breaches

Feedback and Complaints can be made to GHA’s Quality Manager:

  • in person;
  • by telephone 1300 015 406;
  • by email to;
  • by letter to The Quality Manager, GHA, Level 2, 425-429 Pacific Highway, Crows Nest NSW 2065

GHA will aim to resolve your concerns in a fair and efficient manner, maintaining your privacy. Once a complaint is raised, the Quality Manager or privacy officer (as applicable) will get in contact with you. For further information, we may refer you to our feedback policy and procedure.

Complaints may also be referred by an applicant to the NDIS Commission (in relation to our NDIS services) or Aged Care Quality and Safety Commission (in relation to our aged care services) for resolution, including if the complainant is dissatisfied with the internal review process.

Internal review

If you still are dissatisfied about how GHA has dealt with personal information you may apply for an internal review. Requests for an internal review may concern conduct a person believes resulted in:

  1. Breaches in information protection procedure.
  2. Breaches in the code.
  3. Inappropriate disclosure by GHA of personal information.

Application for the internal review should be made in writing to the GHA privacy officer (GHA’s CEO is the nominated Privacy officer). This application should be made within 6 months from the time the applicant became aware of the alleged infringing of conduct. Once an application for an internal review is received the review should be completed as soon as reasonably practicable.

In receiving an application and conducting an internal review under the Privacy Act, GHA shall nominate an investigation team within 2 weeks of receiving the compliant by the privacy officer.

The internal review team shall take the following steps in conducting the review:

  1. Assist the applicant as much as possible.
  2. Interview relevant staff, examine records and obtain any other pertinent information on the circumstances of the alleged breach.
  3. Seek advice from court and legal service or from Privacy Council as required.
  4. Determine whether a breach of the HRIP Act has occurred and, if so, what harm or damage it has caused to the applicant.
  5. Prepare a report and submit the finalised investigation report to the privacy officer setting out the relevant facts, the conclusions reached and recommendations for action to be taken to resolve the complaint.

If the review is not conducted with 60 days, the applicant can seek a review of the conduct. Once the review is completed, the Privacy officer may decide to:

  1. take no further action on the matter;
  2. recommend a formal apology to the applicant;
  3. take appropriate remedial action;
  4. provide an understanding that the conduct will not occur again;
  5. implement measures to prevent recurrence of the conduct.

The privacy officer will indicate outcomes to the applicants and ensure that they are aware of the right of appeal to the Administrative Decisions Tribunal.

If the outcome indicates a breach of the Privacy Act 1988 or HRIP Act has been committed, the GHA’s Privacy Officer will refer the matter to the NSW Information and Privacy Commissioner.

Usage of anonymised website data

Our website uses various third-party software tools to gather non-personalised website usage data for the purposes of improving user experience which includes the use of de-personalised ‘cookies’ or similar tracking technologies. Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that puts the cookie on your device to recognise you across different websites, services, devices and or browsing sessions. You can disable cookies, but our website may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information as described in this Privacy Policy.

By continuing to use our website or engaging with our organisation, you acknowledge and consent to the collection, use, disclosure, and storage of their personal information as outlined in this notice.

More information about the third-party tools we use and their privacy policies can be obtained by contacting us at