1800 861 272Join now
My Plan Manager Logo

Privacy & Dignity
Policies and Procedures

Web page last updated: 10 March 2026

 

Purpose

This Policy sets out how My Plan Manager.com.au Pty Ltd ACN 617 963 676 and our related bodies corporate (together, My Plan Manager, we, our or us) collect, use and disclose the Personal Information (as defined in the Privacy Act 1988 (Cth)) of our clients and their key representatives (together, Clients, you or your). It also explains the ways in which you can contact us about or make a complaint in relation to the Personal Information that we hold about you.

 

Policy Statement

This Policy sets out how we collect, use, store, disclose and otherwise handle Personal Information, and ensures that supports accessed by you through My Plan Manager (MPM) promote, uphold, and respect your legal and human rights. This includes your rights to access supports that respect and protect your privacy and dignity.

This means we will:

  • respect your privacy and dignity in your interactions with us, and in the delivery of the supports you receive
  • ensure you understand what Personal Information we collect about you, and for what purpose
  • ensure you understand how we manage Personal Information collected by our organisation to assist us in the provision of your supports; and
  • where you have a nominee/parent/child representative or legal guardian (Authorised Person) make decisions for you including in relation to the sharing of your Personal Information, work with the authorised person as required to maximise your wellbeing.

 

Policy Overview

By providing Personal Information to us, including through MPM Platforms (e.g. client portal, mobile app), you consent to our collection, use and disclosure of that Personal Information in accordance with this Policy and any other relevant arrangements between us, such as the Platform terms.

We may change our Policy from time to time by publishing changes to it on the Platforms and our websites. We encourage you to periodically check our websites and Platforms to ensure that you are aware of the most up-to-date version of the Policy.

This Policy should be read in conjunction with any other specific collection notice or consent that we provide to you.

 

Collection of Personal Information

Within this Policy, unless indicated otherwise, references to Personal Information also include sensitive information.

We provide plan management services to assist you to manage the funding set out in your National Disability Insurance Scheme (NDIS) plan. Naturally, we collect and handle your Personal Information in the course of providing these services, including:

  • name, date of birth and contact details, including address, phone number, and email address
  • information about preferred modes of communication
  • NDIS plan details, including government identifiers such as a participant NDIS number if applicable and when provided to us by you
  • information relating to 'consent to obtain and release' information
  • any information or documents which you provide or upload to an MPM Platform in relation to the services and supports provided, as well as information provided by MPM in relation to your NDIS plan or NDIS supports
  • any information about your interactions with MPM services, Platforms or websites, including engagement with others whilst using MPM Platforms (e.g. feedback, 'likes', comments, choices, preferences, messages)
  • details about the services or products we have provided to you or that you have enquired about, including any additional information necessary to deliver those services and products and respond to enquiries
  • information relating to bank accounts if you have chosen 'reimbursements' as a payment option for plan management services
  • audio recording collected for quality purposes, with the consent of the person making the call
  • in conjunction with artificial intelligence systems to deliver such service; and
  • any other relevant information required by MPM for us to undertake the roles and responsibilities of a plan manager.

 

Collection of Sensitive Information

Due to the nature of our business and our service Platforms – and only where necessary in relation to our business – we may also collect 'sensitive information' about you (including through the provision of consent on your behalf for the purposes of this Policy). This includes information about your health and/or disability, your wishes about the future provision of services (including any goals and aspirations in your NDIS plan, if disclosed) and information about services which have or will be provided by MPM (including those facilitated through the Platforms).

We will collect such sensitive information directly from you (as part of your registration with MPM, or your interactions with MPM Platforms) where it is reasonably necessary for, or directly related to, one or more of our functions or activities or as otherwise authorised by law.

In addition, we ensure you expressly acknowledge and agree that we may also collect such sensitive information from third parties to provide them with the relevant services where it is unreasonable or impracticable to collect it directly from you, including where information is provided by:

  • your Primary Decision Maker, or for MPM Platforms your Authorised Representative (including a provider of disability services to you) - for example, in the form of information provided on an invoice or in relation to a service booking; or
  • members of your chosen community of support but only when you upload information such as appointment reminders.

We will only collect information reasonably required for MPM to provide plan management services.

 

How We Collect & Hold Personal Information

MPM may collect this information from you or your Authorised Representative, or the National Disability Insurance Agency (NDIA) when:

  • you sign up or register for one or more of our services
  • you visit MPM websites or Platforms (e.g. client portal, mobile app etc)
  • you communicate or interact with us by any method, such as telephone, email, post, websites, Platforms, communication channels, or in person
  • you authorise us to process invoices on your behalf
  • we contact you while undertaking our plan management or individual capacity building roles and responsibilities (e.g. budget discussions, seeking approvals, individual capacity building and social and community engagement using MPM Platforms or other communication channels etc)
  • we represent a matter, with your consent, as applicable, to the NDIA or other relevant government agency; or
  • as we may otherwise notify you from time to time, including by way of a collection notice.

There may, however, be some instances where Personal Information about you will be collected indirectly because it is unreasonable or impractical to collect Personal Information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected. For example, MPM may collect information from third parties such as nominated service providers, including your support coordinator, and persons approved by you for participation in MPM Platforms (e.g. when information is posted on one of our Platforms).

 

Audio Recordings

MPM will seek your consent when you telephone MPM before proposing to record your voice or using that recording for internal training. MPM will advise you if a supervisor or other staff member is to monitor a telephone call for the purpose of training or supporting staff.

 

Purpose of Collection & Use of Your Personal Information

The Personal Information that we collect and hold about you depends on your interaction with us. Generally, MPM will only collect, use, and disclose your Personal Information if it is reasonably necessary for or directly related to our role and the responsibilities set out in the MPM service agreement and the services and supports we provide to you.

We may also collect, hold, use and disclose Personal Information, for the purposes of:

  • providing you with information in relation to the services and products we provide
  • providing you with information in relation to the other services and products we offer or propose to offer
  • providing you with information to 'opt out' of or temporarily 'suspend' access to services and products we offer or propose to offer
  • sending SMS or email notifications
  • responding to your questions or suggestions
  • improving the quality of our products or services
  • improving the quality of your visit to our websites
  • improving the quality of your visit to our Platforms
  • to provide you with use of our Platforms and manage our relationship with you (including setting up your account and verifying your identity)
  • to operate, protect, moderate, improve and optimise our Platforms, business and our users' experience, such as to perform analytics to identify user segments who share common characteristics and traits, and conduct research on use of the Platforms - this may include disclosure of Personal Information to MPM or third parties which perform moderation or other activities on the Platforms on our behalf
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you and respond to any of your queries or requests
  • to present you (where relevant), your parent, guardian or decision maker, with content about the Platforms (including specific discussion topics or posts), other users of the Platforms, or other services and products (on or off the Platforms) that you or your parent, guardian or decision maker might be interested in
  • to comply with our legal or industry obligations (including the NDIS Code of Conduct), resolve any dispute that we or a user of our Platforms may have with any of our other users and enforce our agreements with third parties
  • to verify your identity and ensure that our Platforms remain safe and secure for all users.

 

Failure to Provide Information

You have the right to refuse to provide Personal Information to MPM. If you refuse to provide MPM with the information requested by MPM, MPM will try to advise how this may impact upon the delivery of services and supports provided to you by MPM and whether it will be possible for MPM to provide services to you without the required information.

 

Disclosing Personal Information

Generally, we only use or disclose Personal Information about you for the purposes for which it was collected (as set out above) which may involve disclosing your Personal Information to our related entities in the MPM, including to fulfil plan management obligations and associated capacity building activities, expand each entity’s service capabilities, and improve the services (including the efficiency and scope of services) offered by each entity within MPM. We will ensure those related entities handle your Personal Information in accordance with this Policy.

From time to time, we may also disclose Personal Information to third-party contractors (including information technology suppliers, administration service providers, communication suppliers and our business partners, including entities engaged by MPM to oversee and moderate Platforms), who help us conduct our business or as otherwise required by other Policy requirements. Some third-party contractors may be located outside of Australia, including in India, New Zealand, the Philippines and the United States of America.

Where information is shared with these third parties, we will take all reasonable steps to ensure that these third parties observe the confidential nature of such information and are prohibited from using or disclosing such information beyond what is necessary to assist us in collecting, processing and storing the information on our behalf as contemplated by this Policy.

Other than third-party contractors, MPM will seek written consent from you (or your authorised representative) prior to the release of any information about you to an external party (for example, consent will be obtained prior to us speaking with other support providers). This is ordinarily documented in our 'Consent to Obtain and Release Information' form.

If the 'Consent to Obtain and Release Information' form is not completed or does not contemplate the requested release, MPM may ask the person(s) seeking information to liaise directly with you or your nominated representative.

You have the right to withhold consent. MPM will advise you of any known impacts this may have on service delivery and the ability of MPM to provide its services.

MPM shall work with nominated representatives/guardians in circumstances where you are unable to give informed consent (e.g. to a service agreement). In these cases, nominees and guardians must reflect the needs and goals as identified by you and make decisions regarding privacy and dignity to best maximise your wellbeing in all aspects of your life. MPM will try to work with the nominee as required to achieve this end but ultimately the authorised representative is responsible in this regard.

 

Security of Personal Information

The Personal Information we collect will be stored electronically and securely protected. We take appropriate security measures to protect Personal Information from misuse, interference, or loss, and from unauthorised access, modification, or disclosure. This includes the use of technologies and security software, network firewalls, and physical security to protect the privacy of your Personal Information.

We will store Personal Information while we continue to provide our services to you, unless otherwise required by law. After this time, we archive or destroy Personal Information in to the extent required by any law applicable to our business, as may vary from time to time.

 

Disclosure of Personal Information Overseas

We store Client data in Australia, but our use of:

  • third-party service providers and some features of third-party applications may involve access to information by individuals located outside of Australia, including in India, New Zealand, the Philippines and the United States of America, and
  • third-party applications may involve access of information by third parties as overseas recipients of information in order for them to make their functionality available for Platform use.

 

Access to Your Personal Information

We take reasonable steps to ensure that your Personal Information is accurate, complete, and up to date whenever we collect or use it. You may access your Personal Information at any time upon making a written request. We will respond to a request within a reasonable period.

We may decline a request for access to Personal Information in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice within a reasonable time that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint

 

Correction of Personal Information

If, upon receiving access to Personal Information or at any other time, you believe the Personal Information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you have the right to ask for the information to be changed. In such circumstances, an amendment note shall be added to the relevant file to advise that you disagree with the information and sets out how you wish to see the information presented.

If we refuse to correct the Personal Information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.

 

Marketing

As set out above, we may use Personal Information to provide you with information about research and services which we think may be of interest to you. You may opt out of receiving marketing communications from us at any time if you no longer wish to receive this information. In order to do so, contact MPM at enquiries@myplanmanager.com.au and request that we no longer send marketing communications to you or opt out in the way suggested in our communications.

 

Links

Our Platforms or websites may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites and have no control over, or rights in, those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy & Dignity Policy, so we encourage individuals to read them before using those websites.

 

Feedback & Complaints

You may make a complaint or provide feedback about privacy matters. In doing so, you should access the MPM Feedback and Complaints Policy, located on the MPM website, and send such complaints to feedback@myplanmanager.com.au

MPM shall treat all complaints in a confidential manner. Nothing in this Policy prevents a complaint about how MPM has treated your personal information from being made to the Office of the Australian Information Commissioner (Tel: 1300 363 992) at any time.

Glossary of Terms

TermDefinition
Australian Privacy Principles (APPs)These outline how all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use, and manage personal information. The APPs are included in the Australian Privacy Act (1988) (Cth).
ClientA Client of MPM or the nominated decision-maker person.
Personal Information (includes sensitive information)

Information or an opinion about an identified individual, or an individual who is identifiable:

  • whether the information or opinion is true or not
  • whether the information or opinion is recorded in a material form or not.
Personnel/StaffAnyone, paid or unpaid, who works for or with MPM. It includes members of the governing body, or any other similarly empowered committee constituted by MPM.
PlatformsAny MPM technology platform used for plan management and/or individual capacity building, including the client portal and mobile app.
PolicyA statement of intent that sets out how an organisation should fulfil its vision, mission, and goals.
ProcedureA statement or instruction that sets out how a policy will be implemented and by whom.