Privacy Policy

June 2022

In this Privacy Policy, 'us', 'we' or 'our' means My Plan Manager.com.au Pty Ltd (ABN 52 617 963 676), the operator of the Kinora Platform, our website and any related services (Platform). We are committed to respecting your privacy and are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act). Our Privacy Policy sets out how we collect, use, store, disclose and otherwise handle your personal information.

By providing personal information to us, including through the Platform, you consent to our collection, use and disclosure of that personal information in accordance with this Privacy Policy and any other relevant arrangements between us such as the Platform Terms. We may change our Privacy Policy from time to time by publishing changes to it on the Platform and our website. We encourage you to periodically check our website and Platform to ensure that you are aware of the most up-to-date version of the Privacy Policy.

This Privacy Policy relates only to how we manage Personal Information in relation to the Kinora Platform, and does not cover our management of Personal Information for other services provided by My Plan Manager.com.au Pty Ltd. Our general Privacy Policy (which relates to services other than the Kinora Platform) can be found at: https://myplanmanager.com.au

This Privacy Policy should be read in conjunction with any other specific collection notice or consent form that we provide to you.

  1. Who do we collect personal information from?

    We collect personal information from users of the Platform including:

    • Service providers providing their services through the Platform;

    • NDIS participants receiving services managed through the Platform, or their carers;

    • Individuals with an interest in Kinora and our activities; and

    • Guest Speakers or other agencies/people who may be invited to the platform to provide relevant information to participants.

  2. What personal information do we collect?

    Personal information includes information or an opinion about an individual that is reasonably identifiable. Within this Privacy Policy unless indicated otherwise, references to personal information also include sensitive information (as described in section 2 below).

    We may collect the following types of personal information:

    • identity information, such as your full name and date of birth;

    • the username and profile picture associated with your account;

    • contact details, such as your email and phone number;

    • government identifiers, such as your participant number under the National Disability Insurance Scheme (NDIS) if applicable;

    • the relevant NDIS Plan information when provided

    • any information or documents which you upload to the Platform, and any personal information about you which another Kinora user discloses or uploads in any document, photo or other file uploaded to a private feed on the Platform of which you are a member (Circle) or in a direct message;

    • information about your interactions with us on or via the Platform, such as: your activity, such as likes, messages, comments and engagement with forum topics, Circles and other elements of the Platform;

    • information you provide via free text inputs on or via the Platform;

    • your occupation;

    • your preferences;

    • your relationship to other users of the Platform (eg. within a Circle); information about you, which is held by third parties, where you have provided your separate consent to such collection, namely: information that is or was held by the National Disability Insurance Agency (protected agency information); and for individuals with an existing account with My Plan Manager.com.au Pty Ltd (MPM), details associated with your MPM account (such as NDIS plan dates); and

    • other personal information that may be required in order to facilitate your dealings with us.

Where possible, we will allow you to interact with the Platform and other users anonymously (for example, by allowing you to use a pseudonymised username, or if you submit a general question). However for the majority of our functions – including where you register for an account – we usually require your name and contact information and enough information to allow us to verify users of the Platform and efficiently handle our interaction with you.

3. Sensitive Information

If you are an NDIS Participant, due to the nature of our business and the Platform – and only where necessary in relation to our business –we may also collect 'sensitive information', as that term is defined in the Privacy Act, about you. This will include information about you which would be classified as 'health information' under the Privacy Act, such as information or opinions about your health and/or disability, your wishes about the future provision of health services to you (including any goals and aspirations in your NDIS Plan, if disclosed) and information about health services which have or will be provided to you (including those facilitated through the Platform or off-Platform).

While we will generally collect such sensitive information directly from you (as part of registration, or your interactions with the Platform), we may also collect such sensitive information from third parties where it is unreasonable or impracticable to collect it directly from you, including where information is provided via the Kinora website (https://www.kinora.com.au) by:

  • a parent, guardian or decision maker (such as a carer who has consent to share your information), on your behalf;

  • a service provider (including a provider of health services to you); or

  • members of your Circle (where they upload information such as appointment reminders, or notes about your health or doctor visits about you in the Circle).

Unless otherwise specified, all references to 'personal information' in this privacy policy should be read to include sensitive information.

4. How do we collect and hold personal information?

We receive personal information about you in several ways, including from:

  • you directly, including when you: register for an account to use the Platform;

  • communication with us through correspondence, phone, email, Platform communication channels or otherwise; or

  • interaction with the Platform, our website, services, content and advertising;

  • someone with responsibility for you (such as your parent, guardian or carer), or another person who is part of your Circle;

  • other third parties, where they post information about you to the Platform, although our Community Guidelines prohibit users from posting identifiable information of other individuals publicly on the Platform, outside of Circles.; and

  • the NDIA or My Plan Manager (MPM), where we have obtained your consent, or where permitted under the Privacy Act.

5. Why do we collect, hold, use and disclose personal information?

We collect, hold, use and disclose your personal information for our business operations and activities, including:

to provide you with use of our Platform and manage our relationship with you (including setting up your account and Circles and verifying your identity);

  • to operate, protect, moderate, improve and optimise our Platform, business and our users' experience, such as to perform analytics to identify user segments who share common characteristics and traits, and conduct research on use of the Platform. This may include disclosure of personal information to MPM or third parties which perform moderation or other activities on the Platform on our behalf;

  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you and respond to any of your queries or requests;

  • to provide you with information regarding services offered by service providers who are registered with the Platform;

  • to present you or, where relevant, your parent, guardian or decision maker, with content about the Platform (including specific discussion topics or posts), other users of the Platform, or other services and products (on or off the Platform) that you or your parent, guardian or decision maker might be interested in;

  • as part of a sale or transfer of assets or other corporate transaction;

  • to comply with our legal or industry obligations (including the NDIS Code of Conduct), resolve any dispute that we or a user may have with any of our users and enforce our agreements with third parties;

  • to verify your identity and ensure that our Platform remains safe and secure for all users;

  • to match, share and use your Personal Information to provide services across the My Plan Manager.com.au Pty Ltd suite of services; and

  • for other purposes identified in the Platform Terms.

From time to time, we may also seek your consent (or that of your parent, guardian, plan nominee or legally appointed decision maker) to collect, use, disclose or otherwise handle your personal information for other purposes.

6. To whom do we disclose your personal information?

We may disclose your personal information to our related bodies corporate, including MPM, or to third parties that help us deliver our services (including information technology suppliers, communication suppliers and our business partners), or to third party service providers, or as required, authorised or recommended by applicable law, the NDIS Code of Conduct, or other guidelines or codes issued by the National Disability Insurance Agency. These entities are located within Australia.

If you are a service provider using the Platform we may disclose your phone number and contact details to individuals seeking products or services.

We store your data in Australia, but some features of third party applications may involve access of information by those third parties as overseas recipients of information in order for them to make their functionality available for Platform use.

7. Security and storage of personal information

We take reasonable steps (including using a number of physical, administrative, personnel and technical measures) to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. However, we cannot guarantee the security of your personal information.

We will store your personal information while we continue to provide our services to you, unless otherwise required by law. After this time, we will continue to store your personal information to the extent required by any law applicable to our business (including retaining any health information until you are at least 25 – for information collected before you were 18 – and otherwise for a period of seven years from when it was last altered), and for our compliance and risk management purposes. Following such retention periods, if we no longer require personal information for a purpose permitted by Australian law, we will take reasonable steps to securely destroy or de-identify your personal information.

8. Do we use your personal information for direct marketing?

  • If you use the Platform to request a service from a third party service provider, you are consenting to receiving marketing material from that provider. Additionally, by having a public profile on the Platform, service providers may reach out to you via the platform (eg. a response to a post on one of our forums) to offer you their services.

  • We may use your personal information to communicate directly to you promotional and marketing material about Kinora or the broader suite of services offered by My Plan Manager.com.au Pty Ltd.

  • We use direct marketing to provide you with information about our services and third party providers’ services. If you receive direct marketing material from us or a third party provider, and do not wish to continue receiving it, please contact us by the method stated in this Policy, asking to be removed from all future direct marketing programs. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable, and request that service providers do the same. Please be aware that unsubscribing from one part of our services will not automatically remove you from all other services.

We are unable to control the conduct of service providers and if you continue to receive material from a service provider after requesting they cease, you must raise this with the service provider directly. If, however you believe that a provider is ignoring or failing to comply with their obligations to cease contacting you, please contact us so that appropriate action can be taken.

9. Links

Our Platform or website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

10. Accessing or correcting your personal information

You may request (i) details of what personal information we hold about you; or (ii) access to, or that corrections be made to, the personal information we hold about you, by contacting us at the details set out in section 10 below. If you do so, please specify your identity and the details and format of the information which you are seeking access to, or correction of (including the element of inaccuracy or incompleteness, and information required to correct your information). We will respond to your request to access or correct your personal information within a reasonable time, which will be no longer than that required by any relevant State or Territory law.

There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request, and informing you of how you can complain about our refusal. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

11. Making a complaint

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, please follow the process set out in our ‘Client Feedback & Complaints Policy Statement’ at https://myplanmanager.com.au/contact/. We will handle your complaint in line with that policy.

12. Contact Us

For further information about our Privacy Policy or practices or to access or correct your personal information, please contact us at contact@kinora.com.au.

Effective June 2022