This Privacy Policy was last updated on 28/07/2025
This policy applies to personal information collected from:
NDIS participants receiving our services;
Family members, nominees, legal guardians, or advocates of participants;
Boldli employees, contractors, and volunteers;
Third parties whose information may be collected during service delivery or business operations.
We only collect personal information reasonably necessary for our functions or activities.
For Participants:
Full name, contact details, date of birth, and gender;
Health and medical information, diagnoses, and disability-related information;
NDIS plan data, funding allocation, goals, and progress notes;
Risk assessments, incident reports, and behaviour support documentation;
Service preferences and communications.
For Staff, Contractors, and Volunteers:
Identity and contact information;
Qualifications, police checks, Working with Children Check, NDIS Worker Screening;
Employment and tax-related data.
How We Collect Information:
Directly from individuals via forms, phone calls, online portals, or in-person;
From family members, guardians, or authorised representatives;
Through third-party referrals (e.g., support coordinators or health professionals) with consent;
Via publicly available sources where legally allowed.
Where appropriate, we will obtain explicit, informed consent unless collection is otherwise authorised or required by law.
We use personal information to:
Deliver tailored, person-centred supports and manage service delivery;
Communicate regarding appointments, changes, and service planning;
Meet contractual, legal, and NDIS regulatory obligations;
Improve and monitor the quality, safety, and compliance of our services;
Conduct internal audits, investigations, and staff supervision.
We do not use personal information for direct marketing unless express consent is provided.
We may disclose personal information in circumstances where it is reasonably necessary, including:
To health professionals, service providers, or allied support workers involved in care (with consent);
To the NDIA, NDIS Quality and Safeguards Commission, or other authorities as required by law;
To legal or regulatory bodies under subpoena, summons, or lawful directive;
To contracted auditors, compliance consultants, or assessors during internal or external audits;
To IT service providers or cloud-based systems under binding confidentiality agreements.
All third parties must adhere to applicable privacy laws and confidentiality obligations.
We implement robust technical and administrative security measures to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These include:
Encrypted electronic storage systems with secure login access;
Role-based permissions and access restrictions;
Routine cyber and data integrity audits;
Physical security measures for hard-copy records;
Secure disposal and data destruction protocols in line with legal retention requirements;
Mandatory staff training on privacy and information handling procedures.
You have the right to:
Request access to your personal information held by Boldli;
Request correction if the information is inaccurate, incomplete, or out-of-date.
All access and correction requests will be processed within 30 calendar days unless exceptional circumstances apply. Proof of identity may be required to protect privacy.
NDIS participants have the right to:
Be informed about the purpose and handling of their personal information;
Choose who can access or share their information;
Withdraw consent where legally appropriate.
Where a participant cannot legally or practically provide consent, we will seek direction from an authorised representative, such as a guardian, advocate, or nominee.
If you believe your privacy rights have been breached, you can:
Lodge a complaint directly with Boldli using the contact details below;
If unresolved, escalate the matter to:
We take complaints seriously and will investigate promptly in accordance with principles of procedural fairness.
While Boldli is an Australian-based provider, some of our services—such as data storage, customer service support, or administrative processing—may involve offshore third parties. These may include contractors or cloud-based platforms based outside Australia.
We ensure that:
All overseas service providers are subject to binding contractual terms that reflect Australian privacy standards;
Offshore parties are required to sign and comply with strict confidentiality and data protection agreements;
Personal data is only disclosed to overseas entities where adequate safeguards exist.
Boldli may use AI-based or automated tools to support operational efficiencies, improve service planning, or assist in administrative tasks (e.g., scheduling, data insights).
AI is only used in the following ways:
To support human-led decision-making (never to replace it);
In systems that do not use identifiable participant data without consent;
Within secure, privacy-compliant platforms under contractual controls.
No AI tool will access or make autonomous decisions about sensitive or personal data unless consent has been explicitly provided and appropriate legal safeguards are in place.
This Privacy Policy is reviewed at least annually and updated as necessary to reflect changes in law, technology, or service delivery. The most current version will always be available on our website.
For privacy-related questions, complaints, or access requests, please contact us at:
Email: feedback@boldli.com.au
Phone: 1300 265 354
