Moscare Logo

Privacy Policy

Last Updated: June 2025

1. Introduction

This Privacy Policy explains how Moscare Solutions ABN [ABN NUMBER] ("Moscare", "we", "us", or "our") collects, uses, discloses, and protects information when you use our NDIS care management platform and related services ("Service").

We are committed to protecting your privacy and handling personal and health information in accordance with Australian privacy laws, including the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and applicable state and territory health privacy legislation.

2. Information We Collect

2.1 Account and User Information

We collect information when you create an account or use our Service:

  • Personal Details: Name, email address, phone number, job title, organization details
  • Account Credentials: Username, password (encrypted), security questions
  • Profile Information: Professional qualifications, certifications, roles and permissions
  • Contact Preferences: Communication preferences, notification settings

2.2 NDIS Participant Information

As part of providing care management services, we process:

  • Personal Information: Names, addresses, contact details, dates of birth
  • Health Information: Disability details, care plans, medical history, support needs
  • Service Information: Goals, outcomes, service delivery records, progress notes
  • Financial Information: NDIS funding details, service costs, billing information
  • Emergency Contacts: Family members, guardians, emergency contact details

2.3 Support Worker and Staff Data

  • Employment Information: Work history, qualifications, certifications
  • Scheduling Data: Availability, work schedules, time and attendance records
  • Performance Data: Training records, performance evaluations, incident reports
  • Banking Details: Payment information for payroll processing (where applicable)

2.4 Technical Information

  • Device Information: IP addresses, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns
  • Log Data: Error logs, system performance data, security events
  • Location Data: GPS coordinates when using mobile features (with consent)

2.5 Communications

  • Messages: Internal communications, support requests, feedback
  • Call Records: Customer support calls may be recorded for quality purposes
  • Documents: Files uploaded to the platform, incident reports, assessments

3. How We Collect Information

3.1 Direct Collection

  • Information you provide when registering, using features, or contacting support
  • Data entered into forms, care plans, progress notes, and other platform features
  • Information provided during customer support interactions

3.2 Automatic Collection

  • Technical data collected through cookies, log files, and analytics tools
  • Usage patterns and interaction data while using the Service
  • Location data from mobile devices (with explicit consent)

3.3 Third-Party Sources

  • Information from NDIS databases (where authorized)
  • Data from integrated healthcare systems or software
  • Background check information from authorized screening services

4. How We Use Information

4.1 Primary Purposes

  • Service Delivery: Providing NDIS care management functionality
  • Care Coordination: Facilitating communication between care teams
  • Compliance: Meeting NDIS Practice Standards and regulatory requirements
  • Billing: Processing payments and managing financial records
  • Support: Providing customer service and technical assistance

4.2 Secondary Purposes

  • Improvement: Enhancing Service features and user experience
  • Analytics: Understanding usage patterns to optimize performance
  • Security: Protecting against unauthorized access and misuse
  • Legal Compliance: Meeting our legal and regulatory obligations
  • Business Operations: Managing our business relationships and operations

4.3 Health Information Use

Health information is used solely for:

  • Delivering appropriate care and support services
  • Care planning and goal setting
  • Progress monitoring and outcome measurement
  • Incident management and reporting
  • Compliance with NDIS requirements
  • Communication with healthcare providers (with consent)

5. Information Sharing and Disclosure

5.1 Within Your Organization

  • Information is shared among authorized users within your organization based on role permissions
  • Access controls ensure users only see information necessary for their role
  • Audit trails track all access to sensitive information

5.2 Authorized Third Parties

We may share information with:

  • NDIS Commission: For compliance reporting and auditing purposes
  • Healthcare Providers: With participant consent for coordinated care
  • Emergency Services: In emergency situations to protect health and safety
  • Legal Authorities: When required by law or court order
  • Service Providers: Trusted vendors who assist in service delivery (under strict confidentiality agreements)

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the business transaction, subject to the same privacy protections.

5.4 No Sale of Information

We do not sell, rent, or trade personal information to third parties for marketing purposes.

6. Data Security

6.1 Technical Safeguards

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Multi-factor authentication and role-based access controls
  • Network Security: Firewalls, intrusion detection, and secure network architecture
  • Regular Updates: Security patches and system updates are applied promptly

6.2 Physical Safeguards

  • Data Centers: Information is stored in secure, certified data centers
  • Access Restrictions: Physical access to servers is strictly controlled
  • Backup Systems: Secure backup and disaster recovery procedures

6.3 Administrative Safeguards

  • Staff Training: Regular privacy and security training for all personnel
  • Background Checks: Comprehensive screening for employees with data access
  • Incident Response: Documented procedures for security breaches
  • Regular Audits: Ongoing security assessments and compliance reviews

6.4 Breach Notification

In the event of a data breach, we will:

  • Contain the breach and assess the risk
  • Notify affected parties within 72 hours where required
  • Report to relevant authorities as legally required
  • Implement additional safeguards to prevent future incidents

7. Data Retention

7.1 Retention Periods

  • Account Information: Retained for the duration of your subscription plus 7 years
  • Health Information: Retained in accordance with healthcare record keeping requirements (minimum 7 years)
  • Financial Records: Retained for 7 years as required by taxation laws
  • System Logs: Retained for 12-24 months for security and troubleshooting purposes

7.2 Secure Disposal

When information is no longer required, it is securely deleted or destroyed using industry-standard methods that prevent recovery.

7.3 Legal Requirements

Some information may be retained longer if required by law, regulation, or legal proceedings.

8. Your Rights and Choices

8.1 Access Rights

You have the right to:

  • Request access to personal information we hold about you
  • Receive a copy of your information in a portable format
  • Understand how your information is being used

8.2 Correction Rights

You can:

  • Request correction of inaccurate or incomplete information
  • Update your account information at any time
  • Notify us of changes to contact details or preferences

8.3 Deletion Rights

You may request deletion of your information, subject to:

  • Legal and regulatory retention requirements
  • Legitimate business needs
  • Rights of other individuals

8.4 Consent Management

For health information and location data:

  • You can withdraw consent at any time
  • Withdrawal may limit Service functionality
  • Clear opt-in processes for sensitive data collection

8.5 Communication Preferences

You can:

  • Opt out of marketing communications
  • Adjust notification settings
  • Choose communication methods

9. Cookies and Tracking Technologies

9.1 Types of Cookies Used

  • Essential Cookies: Required for basic Service functionality
  • Performance Cookies: Help us understand how the Service is used
  • Functionality Cookies: Remember your preferences and settings
  • Analytics Cookies: Provide insights into user behavior and Service improvement

9.2 Cookie Management

You can control cookies through your browser settings, though this may affect Service functionality.

9.3 Third-Party Analytics

We use analytics services to understand Service usage. These providers have their own privacy policies governing their use of data.

10. International Data Transfers

10.1 Data Location

Your information is primarily stored in Australian data centers. Any international transfers are subject to appropriate safeguards and comply with Australian privacy laws.

10.2 Cross-Border Protections

When data is transferred internationally, we ensure:

  • Adequate privacy protections are in place
  • Legal mechanisms protect your information
  • You are notified of any significant transfers

11. Children's Privacy

11.1 NDIS Participants Under 18

For NDIS participants under 18:

  • Parental or guardian consent is required
  • Special protections apply to children's information
  • Access controls prevent unauthorized viewing
  • Information is handled with extra care and sensitivity

11.2 Direct Collection from Minors

We do not knowingly collect personal information directly from children under 13 without parental consent.

12. Changes to This Policy

12.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our practices or services
  • New legal requirements
  • Feedback from users or regulators

12.2 Notification of Changes

  • Significant changes will be communicated via email or platform notification
  • The "Last Updated" date will be revised
  • Continued use of the Service constitutes acceptance of changes

13. Complaints and Contact Information

13.1 Privacy Complaints

If you have concerns about how we handle your information:

  • Contact our Privacy Officer first
  • We will investigate and respond within 30 days
  • If unsatisfied, you can contact the Office of the Australian Information Commissioner (OAIC)

13.2 Contact Details

Privacy Officer:

Email: privacy@moscare.com.au

Phone: [PRIVACY PHONE NUMBER]

Address: [COMPANY ADDRESS]

General Inquiries:

Email: support@moscare.com.au

Phone: [SUPPORT PHONE]

Australian Information Commissioner:

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

14. Regulatory Information

14.1 Privacy Act Compliance

This policy is designed to comply with:

  • Privacy Act 1988 (Cth)
  • Australian Privacy Principles
  • Notifiable Data Breaches scheme
  • State and territory health privacy legislation

14.2 Healthcare Standards

We adhere to:

  • NDIS Practice Standards
  • Australian Healthcare Standards
  • Information security frameworks (ISO 27001)

14.3 Professional Standards

We maintain compliance with relevant professional standards for healthcare information management and NDIS service delivery.