Introduction
The Ellsim Group (ABN: 11 556 103 468) ('we', 'us', 'our') is a family-owned property care and cleaning business operating in Melbourne and the surrounding regions of Victoria, Australia.
We are committed to protecting the privacy of individuals whose personal information we collect, use, store and disclose in the course of operating our business. This Privacy Policy explains how we handle your personal information in accordance with our legal obligations.
This Privacy Policy applies to all personal information collected by The Ellsim Group through our website (ellsim.com.au), by telephone, in person, by email, or through any other means in connection with our services.
Applicable Legislation
Our privacy practices are governed by the following Australian and Victorian laws:
- Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) - as a registered NDIS provider, we are bound by the APPs regardless of annual turnover.
- Privacy and Other Legislation Amendment Act 2024 (Cth) - which introduced a statutory tort for serious invasions of privacy and strengthened transparency obligations.
- Health Records Act 2001 (Vic) - which regulates health information in both the public and private sectors in Victoria.
- National Disability Insurance Scheme Act 2013 (Cth) and the NDIS Practice Standards.
- Privacy and Data Protection Act 2014 (Vic) - which establishes the 10 Information Privacy Principles (IPPs).
- Spam Act 2003 (Cth) - which governs commercial electronic messaging.
What Is Personal Information?
'Personal information' means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not.
'Sensitive information' is a subset that includes health information, disability information, racial or ethnic origin, religious beliefs and criminal record. It attracts a higher level of protection under both the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic).
What Personal Information We Collect
4.1 Clients and Prospective Clients
- Full name and preferred name
- Residential or property address
- Telephone numbers and email address
- Details of the service requested and property information
- Billing and payment information
- Communications with us
4.2 NDIS Participants
- NDIS participant number and plan details
- Health information relevant to safe service delivery
- Information from plan managers or support coordinators
4.3 Website Visitors
- IP address and approximate location
- Browser type, pages visited, referring URL
- Device type and operating system
How We Collect Personal Information
- Directly from you - by phone, email or via our website enquiry form
- From your representative - plan managers, support coordinators, agents or strata managers
- In the course of service delivery - during site visits or assessments
- From publicly available sources - such as the NDIS portal where authorised
- Automatically through our website - via cookies and analytics tools
Why We Collect and Use Personal Information
- Providing cleaning, property care and restoration services
- Delivering registered NDIS home care and cleaning services
- Responding to enquiries and providing quotes
- Scheduling appointments and processing payments
- Complying with legal obligations including NDIS Practice Standards
- Managing complaints and improving service quality
Disclosure of Personal Information
7.1 When We May Disclose
- Service partners - subcontractors bound by equivalent privacy obligations
- Payment processors - for secure transaction processing
- NDIS parties - NDIS Commission, NDIA, plan managers, support coordinators
- Insurance providers - in connection with claims
- Legal and regulatory bodies - where required by law
- With your consent - where you have authorised specific disclosure
7.2 We Do Not Sell Personal Information
We do not sell, rent or trade personal information to any third party for commercial purposes.
7.3 Overseas Disclosure
We store personal information on systems located in Australia. Where cloud providers may use overseas servers, we take reasonable steps to ensure equivalent privacy protections apply, in accordance with APP 8.
Storage and Security
- Access restricted to authorised personnel on a need-to-know basis
- Password-protected and encrypted digital storage
- Physical records secured in locked storage
- Team members trained in privacy obligations
- Reputable third-party software providers with appropriate security standards
Access and Correction
You have the right to request access to personal information we hold about you, and to request correction of any information that is inaccurate, out of date, incomplete, irrelevant or misleading.
Requests will be responded to within 30 days. Where we decline, we will provide written reasons. Contact our Privacy Officer using the details in Section 13.
NDIS-Specific Privacy Obligations
- We collect participant information only with the participant's knowledge and consent
- Participant records are stored securely for the minimum required period
- We do not share participant information without consent, unless required by law
- Participants retain control over who can access their information
- Reportable incidents involving personal information are notified to the NDIS Commission
Cookies and Website Analytics
Our website may use essential and analytics cookies. You may configure your browser to refuse cookies. We do not use cookies for targeted advertising or share cookie data with third parties for commercial purposes.
Complaints
If you believe we have breached our privacy obligations, please contact our Privacy Officer in the first instance. We will respond within 30 days. If unsatisfied, you may escalate to:
Contact Our Privacy Officer
We will acknowledge your enquiry within 5 business days and provide a substantive response within 30 days.
Updates to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the 'Last Updated' date and publish the revised policy on our website. Continued use of our services constitutes acceptance of the updated policy.