Legal

Privacy Policy

Effective Date

1 April 2026Last Updated

March 2026Version

1.0Jurisdiction

Victoria, Australia

Contents

• 1. Introduction
• 2. Applicable Legislation
• 3. What Is Personal Information?
• 4. Information We Collect
• 5. How We Collect
• 6. Why We Collect & Use
• 7. Disclosure
• 8. Security & Storage
• 9. Access & Correction
• 10. NDIS-Specific Obligations
• 11. Cookies & Analytics
• 12. Complaints
• 13. Contact Us
• 14. Policy Updates

Effective 1 April 2026

Section 01

Introduction

The Ellsim Group (ABN: ) (‘we‘, ‘us‘, ‘our‘) is a family-owned property care and cleaning business operating in Melbourne and the surrounding regions of Victoria, Australia.

We are committed to protecting the privacy of individuals whose personal information we collect, use, store and disclose in the course of operating our business. This Privacy Policy explains how we handle your personal information in accordance with our legal obligations.

This Privacy Policy applies to all personal information collected by The Ellsim Group through our website (ellsim.com.au), by telephone, in person, by email, or through any other means in connection with our services.

Section 02

Applicable Legislation

Our privacy practices are governed by the following Australian and Victorian laws:

• Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) – as a registered NDIS provider, we are bound by the APPs regardless of annual turnover.
• Privacy and Other Legislation Amendment Act 2024 (Cth) – which introduced a statutory tort for serious invasions of privacy and strengthened transparency obligations.
• Health Records Act 2001 (Vic) – which regulates health information in both the public and private sectors in Victoria.
• National Disability Insurance Scheme Act 2013 (Cth) and the NDIS Practice Standards.
• Privacy and Data Protection Act 2014 (Vic) – which establishes the 10 Information Privacy Principles (IPPs).
• Spam Act 2003 (Cth) – which governs commercial electronic messaging.

Section 03

What Is Personal Information?

‘Personal information‘ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not.

‘Sensitive information‘ is a subset that includes health information, disability information, racial or ethnic origin, religious beliefs and criminal record. It attracts a higher level of protection under both the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic).

As a registered NDIS provider, we may collect health and disability-related information from or about participants. This is handled under the highest level of protection in accordance with the NDIS Practice Standards and the Health Records Act 2001 (Vic).

Section 04

What Personal Information We Collect

4.1 Clients and Prospective Clients

• Full name and preferred name
• Residential or property address
• Telephone numbers and email address
• Details of the service requested and property information
• Billing and payment information
• Communications with us

4.2 NDIS Participants

• NDIS participant number and plan details
• Health information relevant to safe service delivery
• Information from plan managers or support coordinators

4.3 Website Visitors

• IP address and approximate location
• Browser type, pages visited, referring URL
• Device type and operating system

Section 05

How We Collect Personal Information

• Directly from you – by phone, email or via our website enquiry form
• From your representative – plan managers, support coordinators, agents or strata managers
• In the course of service delivery – during site visits or assessments
• From publicly available sources – such as the NDIS portal where authorised
• Automatically through our website – via cookies and analytics tools

Section 06

Why We Collect and Use Personal Information

• Providing cleaning, property care and restoration services
• Delivering registered NDIS home care and cleaning services
• Responding to enquiries and providing quotes
• Scheduling appointments and processing payments
• Complying with legal obligations including NDIS Practice Standards
• Managing complaints and improving service quality

Direct marketing: We will not use your personal information for direct marketing without your express consent. You may opt out at any time.

Section 07

Disclosure of Personal Information

7.1 When We May Disclose

• Service partners – subcontractors bound by equivalent privacy obligations
• Payment processors – for secure transaction processing
• NDIS parties – NDIS Commission, NDIA, plan managers, support coordinators
• Insurance providers – in connection with claims
• Legal and regulatory bodies – where required by law
• With your consent – where you have authorised specific disclosure

7.2 We Do Not Sell Personal Information

We do not sell, rent or trade personal information to any third party for commercial purposes.

7.3 Overseas Disclosure

We store personal information on systems located in Australia. Where cloud providers may use overseas servers, we take reasonable steps to ensure equivalent privacy protections apply, in accordance with APP 8.

Section 08

Storage and Security

• Access restricted to authorised personnel on a need-to-know basis
• Password-protected and encrypted digital storage
• Physical records secured in locked storage
• Team members trained in privacy obligations
• Reputable third-party software providers with appropriate security standards

Notifiable Data Breaches: In the event of an eligible data breach under the NDB scheme (Part IIIC, Privacy Act 1988 Cth), we will notify affected individuals and the OAIC as required by law.

Section 09

Access and Correction

You have the right to request access to personal information we hold about you, and to request correction of any information that is inaccurate, out of date, incomplete, irrelevant or misleading.

Requests will be responded to within 30 days. Where we decline, we will provide written reasons. Contact our Privacy Officer using the details in Section 13.

Section 10

NDIS-Specific Privacy Obligations

• We collect participant information only with the participant’s knowledge and consent
• Participant records are stored securely for the minimum required period
• We do not share participant information without consent, unless required by law
• Participants retain control over who can access their information
• Reportable incidents involving personal information are notified to the NDIS Commission

Section 11

Cookies and Website Analytics

Our website may use essential and analytics cookies. You may configure your browser to refuse cookies. We do not use cookies for targeted advertising or share cookie data with third parties for commercial purposes.

Section 12

Complaints

If you believe we have breached our privacy obligations, please contact our Privacy Officer in the first instance. We will respond within 30 days. If unsatisfied, you may escalate to:

Office of the Australian Information Commissioner (OAIC)

www.oaic.gov.au  .  1300 363 992

Office of the Victorian Information Commissioner (OVIC)

ovic.vic.gov.au  .  1300 006 842

NDIS Quality and Safeguards Commission

ndiscommission.gov.au  .  1800 035 544

Victorian Health Complaints Commissioner

hcc.vic.gov.au  .  1300 582 113

Section 13

Contact Our Privacy Officer

Privacy Officer – The Ellsim Group

Phone 03 9395 2855

Email info@ellsim.com.au

Address PO BOX 6344, Point Cook, VIC, 3030

We will acknowledge your enquiry within 5 business days and provide a substantive response within 30 days.

Section 14

Updates to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the ‘Last Updated’ date and publish the revised policy on our website. Continued use of our services constitutes acceptance of the updated policy.

This Privacy Policy reflects the requirements of the Privacy Act 1988 (Cth), Privacy and Other Legislation Amendment Act 2024 (Cth), Health Records Act 2001 (Vic), Privacy and Data Protection Act 2014 (Vic), National Disability Insurance Scheme Act 2013 (Cth) and NDIS Practice Standards. For legal advice specific to your circumstances, consult a qualified Australian privacy lawyer.

© The Ellsim Group  · 

Contact The Ellsim Group today. We respond within 2 business hours.