Privacy policy
L&R Services PTY LTD trading as Living Right Care
Living Right Care ("we", "us", "our") is committed to protecting the privacy and confidentiality of personal and sensitive information collected in the course of providing services to all clients, including participants under the:
National Disability Insurance Scheme (NDIS)
Support at Home Program (formerly Home Care Packages)
Department of Veterans’ Affairs (DVA)
Private fee-for-service arrangements
This Privacy Policy outlines how we manage personal and sensitive information in accordance with:
The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
The NDIS Act 2013 (where applicable)
The Aged Care Act 1997 (Cth) and Support at Home regulatory requirements (where applicable)
The Health Records Act 2001 (VIC) (where applicable)
Any other applicable Commonwealth or State legislation.
1. Collection of Personal Information
We collect personal and sensitive information that is reasonably necessary to provide safe and effective services, meet compliance obligations, and manage our business operations.
Personal information we collect may include:
Full name, date of birth, address and contact details
NDIS number and plan details (if applicable)
Support at Home details (if applicable)
Health and medical information
Care notes, support needs, goals and preferences
Emergency contact and authorised representative details
Financial or billing information (where required).
This information is collected through:
Direct contact (in person, phone, SMS, iMessage, email, photos)
Service agreements and intake forms
Referrals from health professionals or community professionals
Our website and associated forms
Secure client management systems
Authorised third parties or publicly available sources (where lawful).
2. Use of Personal Information
We use your personal and sensitive information:
Deliver, manage and review care and support services
Coordinate supports with other providers and stakeholders
Meet obligations under NDIS, Support at Home, DVA and other programs
Maintain accurate records and clinical documentation
Manage rostering, staffing and service delivery
Issue invoices and manage payments
Respond to enquiries, feedback or complaints
Conduct quality assurance and internal audits
Meet legal, regulatory and contractual requirements
With consent, we may also use information for surveys, feedback, or service improvement initiatives. We do not sell personal information.
3. Disclosure of Information
We may disclose your personal information where reasonably necessary to deliver services, meet legal or regulatory obligations, or operate our business. This may include disclosure to:
Support coordinators, recovery coaches, plan managers and allied health professionals
Government agencies or regulators (e.g. NDIA, NDIS Commission, Department of Health and Aged Care)
External auditors or certification bodies
Technology service providers used to operate our business systems
Other third parties with your consent or as required by law
Technology Platforms We Use
To operate securely and efficiently, Living Right Care uses approved business systems, including:
ShiftCare (client management and care documentation system)
Google Workspace
Microsoft Office 365
ClickUp (internal project and operational management)
Company-licensed AI tools (including OpenAI’s business version of ChatGPT and Google’s Gemini used internally for administrative and operational assistance only, and not for clinical decision-making)
DocuSign (electronic signatures)
Apple products, including secure iCloud, SMS and iMessage communication.
Where third-party platforms are used, we take reasonable steps to ensure they:
Maintain appropriate security safeguards
Comply with applicable privacy and data protection laws
Only process information in accordance with contractual agreements
AI tools are used in accordance with our internal data governance, privacy and confidentiality policies. Personal and sensitive information is only entered where necessary, authorised and proportionate to the task. AI tools are used to support administrative and operational functions only and are not used to replace professional judgement, make independent clinical decisions, or override care-based decision-making by qualified staff.
Staff are trained in appropriate use of communication platforms and are prohibited from sharing unnecessary or excessive personal information.
4. Storage and Security of Personal Information
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
Security measures include:
Encrypted cloud-based systems
Password-protected platforms and role-based access controls
Secure data backups and system monitoring
Staff confidentiality agreements
Ongoing privacy and cybersecurity awareness training
Staff may access work systems using company-issued or approved personal devices. All devices used for work-related purposes must comply with our internal privacy, confidentiality and device security policies, including secure password protection and appropriate handling of personal information.
Where available and appropriate, additional security measures such as multi-factor authentication may be implemented.
Work-related communication may occur via mobile devices (including SMS and iMessage). Staff are required to follow internal policies to ensure confidentiality, appropriate record keeping, and secure handling of personal information.
We retain client records for a minimum of seven (7) years, or longer where required under NDIS, Support at Home, taxation, or other applicable legislation.
When personal information is no longer required, it is securely destroyed or permanently de-identified in accordance with legal requirements.
5. Overseas Disclosure
Some of our technology providers may store or process data using secure servers located outside Australia.
Where overseas disclosure occurs, we take reasonable steps to ensure the recipient does not breach the Australian Privacy Principles in relation to the information. This includes taking reasonable measures to ensure appropriate contractual, technical and organisational safeguards are in place to protect personal and sensitive information.
We only engage service providers that maintain appropriate privacy, confidentiality and security standards consistent with Australian privacy law.
6. Access and Correction
You have the right to request access to the personal information we hold about you and to request correction of inaccurate, out-of-date or incomplete information. Please contact us in writing to make such a request. Proof of identity may be required.
7. Complaints and Enquiries
If you believe we have breached your privacy rights, or if you have a complaint about how your information has been handled, please contact us:
Living Right Care
Registered Address: 13 Baringhup Road, Carisbrook VIC 3464
Seaford Office Address: Unit 5/5A Apsley Place, Seaford VIC 3198
Email: hello@lrcare.com.au
Phone: +61 455 599 927
Website: www.lrcare.com.au
We will acknowledge your complaint promptly and aim to resolve it within 30 days.
If you are not satisfied with our response, you may contact:
Office of the Australian Information Commissioner (OAIC)
www.oaic.gov.auNDIS Quality and Safeguards Commission (for NDIS participants)
www.ndiscommission.gov.auAged Care Quality and Safety Commission (for Support at Home clients)
www.agedcarequality.gov.au
8. Updates to this Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal obligations. The latest version will always be available on our website at: www.lrcare.com.au/privacy-policy
Consent
By engaging with our services or using our website and providing personal information, you consent to the collection, use and disclosure of your personal information as described in this Privacy Policy. You may withdraw your consent in writing at any time, subject to legal and contractual obligations.
Last updated: 28/02/2026