Personal information, handled with care.

This policy applies to information we collect through our website, our contact and referral forms, by phone, email, in person and through any onboarding or service delivery interaction with Hawa Health Care.

By using our website or engaging our services, you consent to the handling of your information as described in this policy.

The information we collect depends on how you interact with us. It may include:

• Contact details — name, email address, phone number, suburb or address.
• Participant details — date of birth, NDIS participant number, plan management type, support coordinator name and contact, services of interest, urgency of supports needed.
• Sensitive information (with your consent) — disability, health, cultural background and other support-related information required to deliver safe, person-centred care.
• Employment information — for careers enquiries: résumé, qualifications, work rights, references and screening checks where required by law (e.g. NDIS Worker Screening, Working With Children Check).
• Website usage data — IP address, device and browser type, pages visited, referring URL and approximate location.

We collect information directly from you whenever possible — through our enquiry and referral forms, by phone on +61 424 788 627, by email at ahmad@hawahealthcare.com.au, or in person during service delivery.

With your consent, we may also collect information from third parties such as support coordinators, plan managers, family members, guardians, allied health professionals or the NDIA where this is necessary to arrange or deliver your supports.

We use personal information to:

• Respond to enquiries and referrals.
• Assess eligibility, prepare service agreements and onboard participants — including same-day or next-day onboarding.
• Roster and deliver NDIS supports safely and in line with your goals.
• Communicate with you, your nominated representatives and your support network.
• Meet our regulatory, reporting and record-keeping obligations under the NDIS Act, NDIS Practice Standards and other Australian law.
• Improve our website, services and participant experience.
• Recruit and screen support workers and other staff.

We will not use your information for a purpose that is unrelated to those above unless you consent, or we are required or permitted by law.

We do not sell your personal information. We may share it with:

• Our support workers, coordinators and administrative staff on a need-to-know basis.
• Your nominated representatives, plan manager, support coordinator, guardian or family members where authorised.
• The NDIA, NDIS Quality and Safeguards Commission, or other government bodies where required by law.
• Emergency services and health professionals where there is a serious threat to life, health or safety.
• Trusted third-party service providers who help us run our business — for example email, cloud hosting, anti-spam and analytics providers — subject to confidentiality obligations.

Personal information is generally stored and processed in Australia. If we ever need to disclose information overseas (for example to a cloud provider with offshore data centres), we take reasonable steps to ensure recipients handle it consistently with the APPs.

Our website uses cookies and similar technologies to remember preferences, secure form submissions and understand how visitors use the site. These may include first-party cookies set by us and third-party cookies set by analytics or advertising platforms such as Meta (Facebook), Google or similar providers.

Tracking pixels and conversion tags allow us to measure the effectiveness of our marketing, understand which pages drive enquiries and show relevant ads to people who have shown interest in NDIS supports. Data collected this way is aggregated and does not identify you personally on its own.

You can disable cookies in your browser settings, opt out of interest-based advertising via youronlinechoices.com.au, and manage Meta ad preferences in your Facebook or Instagram account settings. Disabling cookies may affect how parts of the site work.

To deliver this website and respond to enquiries we may rely on reputable third-party providers, including:

• Cloudflare Turnstile — to verify form submissions are made by a human and not automated spam.
• Email and hosting providers — to deliver enquiries to our team and host the website.
• Google Maps — to display our service area.
• Meta (Facebook & Instagram), Google and similar platforms — for advertising, retargeting and measuring campaign performance.

These providers have their own privacy policies. We encourage you to review them where relevant.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. These measures include access controls, encryption in transit, secure cloud hosting, staff training, confidentiality agreements and regular review of our systems.

We keep records only for as long as needed to deliver supports and to meet our legal obligations under the NDIS Act, taxation law and other applicable legislation. When information is no longer needed, we take reasonable steps to securely destroy or de-identify it.

Under the Australian Privacy Principles, you have the right to:

• Ask what personal information we hold about you.
• Request a copy of your information.
• Ask us to correct information that is inaccurate or out of date.
• Withdraw consent to receive marketing communications at any time.
• Request that we delete information we are not legally required to keep.
• Be told how to make a privacy complaint.

To exercise any of these rights, contact us using the details below. We may need to verify your identity before acting on a request and will respond within a reasonable time.

If you believe we have mishandled your information, please contact us first — we take privacy concerns seriously and will work with you to resolve the issue.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

• Web: oaic.gov.au
• Phone: 1300 363 992

For concerns about NDIS service delivery, you can also contact the NDIS Quality and Safeguards Commission on 1800 035 544 or at ndiscommission.gov.au.

We may update this policy from time to time to reflect changes in our practices or legal obligations. The latest version will always be available on this page with the “last updated” date at the top. Material changes will be communicated through our website or, where appropriate, directly to participants.

Questions or requests about your privacy can be directed to our Privacy Officer:

Prefer to talk to a human? Reach us through our contact page or send a feedback or complaint at any time.