Last updated: 14 April 2025

Purpose

Endeavour Foundation Limited and its subsidiary organisations (Endeavour Foundation) is committed to providing quality services and supports to the people who access our services, to our employees and to our supporters. This policy outlines how we collect, use, protect and share personal information for that purpose.

Endeavour Foundation has obligations under the Privacy Act 1988 (Cth), and our privacy framework is based on the Australian Privacy Principles (APPs). The APPs govern the way in which we collect, use, protect and share personal and sensitive information. We also have obligations under state and territory legislation.

A copy of the APPs may be obtained from the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.

Scope

This policy applies to all Endeavour Foundation officers, executives, employees, volunteers, Advisory Group members, consultants, and contractors.

Policy

Endeavour Foundation will:

• explain to people what personal and sensitive information we are collecting, why we are collecting the information, and how we plan to use it
• obtain consent to collect, use or disclose personal information, unless required by law
• only use sensitive information:
• • for the primary purpose for which it was obtained
• • for a secondary purpose that is directly related to the primary purpose, AND
• • with consent, or where required by law
• take reasonable steps to ensure that people accessing our services are made aware of any information about them shared with or provided to us by a third party
• ensure personal information is stored and managed in a way that reasonably protects it from misuse or loss, and/or unauthorised access, modification of disclosure
• ensure individuals, or their appointed guardian or supportive decision-maker, have access to their personal information as outlined below, and in accordance with the APPs
• take reasonable steps to ensure that personal information is accurate, complete, and current.

Policy Elements

What is personal information?

Personal information is information or an opinion that identifies an individual. It includes name, address, date of birth, photographs, and bank account details, among other things.
Some examples of personal information which may be collected by Endeavour Foundation include:

• People we support: name, date of birth, address, personal history, photographs.
• Family of people we support name, contact details.
• People accessing employment services: name, work experience, contact details.
• Employees: name, contact details, work experience, bank account details.
• Donors: name, contact details, credit card details.

What is sensitive information?

Sensitive information is information or opinion about such things as an individual’s racial or ethnic background, political opinion, religious or philosophical beliefs, criminal record or sexual identity and preferences.
A subset of sensitive information is health information. This is information relating an individual’s current and past medical history. It also includes information about disabilities.
Some examples of sensitive information which may be collected by Endeavour Foundation include:

• People we support: disability information, health information, religious beliefs.
• People accessing training or apprenticeship services: health information following a Work Health and Safety incident.
• Employees: vaccination details, immigration status.

Why do we collect personal and sensitive information?

Endeavour Foundation collects personal and sensitive information from people accessing our services, donors, employees, volunteers, and contractors to deliver supports and services and carry out Endeavour Foundation business activities. We will only collect personal information that is necessary to carry out these activities.

How do we collect personal and sensitive information?

We collect personal and sensitive information by asking an individual or their representative to provide it. In the case of people accessing our services, we first ask you to complete a Privacy Statement and Consent Form (QF 5013.02), which sets out why we are asking for the information, how we may use or disclose, it and how to make a complaint. In some instances, personal information must be provided in order to provide a service or support.

We also collect personal information while providing supports or services. For example, a support worker will record personal information about a person we support to complete daily progress notes, or personal information may be collected about a trainee in the process of evaluating their progress in their traineeship.

We may collect information about an individual from a third party, but we will obtain the individual’s consent when doing so. For example, we will obtain consent from a job applicant before contacting their former employer for a referee report, our we may collect information from a health care provider about a person we support.

What is the primary purpose of collection?

The primary purpose of collection refers to the reason we ask an individual to provide us with personal or sensitive information. We will only collect and use information that is reasonably necessary to perform one or more of our functions or activities (out primary purpose). Functions or activities for which we collect personal information include:

• assessing whether we will support a potential client
• providing support services in Home, Community or Work
• providing NDIS support coordination, behaviour support or allied health services
• providing employment services
• complying with our legal and contractual obligations with government agencies
• fundraising
• administrative functions.

What is a secondary purpose?

We may also use and disclosure personal or sensitive information for a purpose other than the primary purpose if an individual has given their consent OR it would be reasonably expected that we would use or disclose information for a purpose directly related to the primary purpose. This is the secondary purpose.

Secondary purposes for which we may use or disclose personal or sensitive information include:

• sharing with the NDIS Quality and Safeguards Commission to ensure we are providing are receiving quality supports
• sharing with other providers of supports and services, such as:
• • a client’s behaviour support practitioner
• • a client’s NDIS support coordinator
• • health specialists to provide medical or health-related supports
• with auditors or regulatory bodies to ensure we meet our compliance obligations
• when requested by a law enforcement agency.

When sharing information with other organisations we will ensure that the organisation has a right to the information and genuinely needs it to provide supports or services, or to assist Endeavour Foundation in its operations.

For NDIS purposes, do Endeavour Foundation and Community Solutions share personal and sensitive information?

For NDIS purposes, Endeavour Foundation and Community Solutions are separate entities. Although we do share some clients, in many cases the two entities do not, and thus it is important to ensure their client information is kept separated.

When the two entities share a client, requests to disclose information between the two must be managed as a third-party request through the Privacy Team.

Security of personal information

Personal and sensitive information is stored in a manner that reasonably protects it from misuse or loss, and from unauthorised access, modification, or disclosure.

When your personal information is no longer needed for any purpose, we will take reasonable steps to destroy or permanently de-identify the records as outlined in our Archiving, Retention and Disposal Policy (QD 5601).

Accessing personal information

Individuals may request to access the personal information we hold, including to update or correct it. Individuals wishing to access their personal information, please contact us in writing at the below mail or email address.

If a guardian, family member or supportive decision-maker for a child or adult we support wishes to access personal information about the person we support, they may be required to demonstrate right to access the person’s information. This is done via completion of our Application for Access to Information (QF 8300.02) form, which can be provided by the Privacy Officer or any Endeavour Foundation, Community Solutions or BRACE employee.

If access is approved, the information will be provided in a manner you request in a reasonable timeframe.

Why has information been removed or redacted (blacked-out) from the personal information provided following a request?

Due to the nature of Endeavour Foundation’s business, records containing personal information about an individual may also contain personal information about other individuals, such as other people we support or our employees. Unless we have consent from those individuals to share their information, we will remove it prior to providing the records.

How to request Endeavour Foundation to stop sending communications

An individual wishing to cease receiving communications may do so by either clicking the ‘Unsubscribe’ link on an email, or by contacting the Privacy Team using the details below. However, if we need to continue to send you communications, such as for financial matters, we will not be able to stop this.

Contact Us

If you have any questions or complaints about our privacy practices, or you wish to access your personal information, please contact:

Endeavour Foundation Privacy Officer
PO Box 355
Tingalpa QLD 4173

OR [email protected]