top of page

Privacy Policy

1. Purpose of this Policy

Learn by Heart is committed to protecting the privacy and confidentiality of personal information in accordance with the Privacy Act 1988, the Australian Privacy Principles (APPs), and the NDIS Quality and Safeguards Commission’s Practice Standards, including Standard 2.7 – Privacy and Dignity.

This Privacy Policy explains how we collect, use, store, and disclose personal and sensitive information in the course of providing tutoring, educational consultation, and support services to NDIS participants and private clients.

 

2. Scope

This policy applies to all clients, their families, staff members, contractors, and representatives engaged with Learn by Heart.
It covers all personal and sensitive information collected in any form—whether verbal, digital, or written.

 

3. What Personal Information We Collect

We collect personal information necessary to deliver our services safely and effectively, including:

  • Client identification details: name, date of birth, gender, address, and contact details.
     

  • Parent/guardian information (for clients under 18).
     

  • Educational and learning details: academic performance, assessment results, reports, and learning goals.
     

  • NDIS-related details: NDIS number, plan information, support categories, and plan manager or support coordinator contact details.
     

  • Health and support information: relevant diagnoses, learning disabilities, communication preferences, and accessibility needs.
     

  • Billing and financial information: invoices, payment details, and funding arrangements.
     

  • Service records: session notes, progress reports, and correspondence.
     

We will not collect any information that is not reasonably necessary for our service delivery or compliance obligations.

 

4. Collection of Information

We collect personal information:

  • Directly from clients, parents, guardians, or authorised representatives.
     

  • From NDIS plan managers, support coordinators, or allied health professionals (with consent).
     

  • Through forms, emails, phone calls, meetings, and digital communications.
     

  • From schools or other educational institutions (where consent is provided).
     

We will always seek your informed consent before collecting or using sensitive information such as health, disability, or cultural background data.

 

5. Purpose of Collecting Personal Information

We collect and use your information for the following purposes:

  • To plan, deliver, and evaluate educational and support services.
     

  • To communicate with you, your representatives, and relevant support team members.
     

  • To comply with NDIS reporting and quality assurance requirements.
     

  • To manage administrative functions such as billing, scheduling, and service agreements.
     

  • To improve our services through analysis and feedback.
     

  • To meet our legal and insurance obligations.
     

We do not use or share your information for marketing purposes without your express consent.

 

6. Consent and Participant Rights

Learn by Heart obtains consent before collecting, sharing, or using personal information.
Clients and their representatives have the right to:

  • Withdraw consent at any time.
     

  • Access or request correction of personal information.
     

  • Be informed about how information is used or disclosed.
     

  • Request that information not be shared with certain parties.
     

We will respect your preferences to the greatest extent possible, consistent with our legal and safeguarding obligations.

 

7. Disclosure of Personal Information

We may disclose information to the following parties, where appropriate and with consent:

  • Your authorised representative, plan manager, or support coordinator.
     

  • The NDIS Quality and Safeguards Commission or NDIA, if required by law or for compliance purposes.
     

  • Other service providers, educators, or health professionals involved in your support (with consent).
     

  • Our professional advisors (e.g., accountants, IT providers, or insurers) where required for business operations.
     

  • Government agencies or regulators, if legally required.
     

We do not sell or rent personal information to third parties.

 

8. Storage and Security of Personal Information

Learn by Heart takes all reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Measures include:

  • Secure electronic record systems with password protection and access controls.
     

  • Locked filing cabinets for paper records.
     

  • Staff confidentiality agreements and privacy training.
     

  • Secure disposal or de-identification of records when no longer required.
     

If a data breach occurs that is likely to cause serious harm, Learn by Heart will follow the Notifiable Data Breaches Scheme and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

 

9. Access to and Correction of Information

You may request access to or correction of your personal information at any time by contacting us at chellekrobertson@gmail.com.
We will respond within 30 days and provide access unless there is a lawful reason to refuse.

If we cannot make a requested correction, we will record your request and the reason for refusal.

 

10. Retention of Records

We retain personal information for as long as required by law and our NDIS provider obligations.
When no longer required, information is securely destroyed or de-identified in accordance with Australian privacy and record-keeping standards.

 

11. Overseas Disclosure

We do not routinely disclose personal information to overseas recipients.
If we use cloud-based systems or third-party providers located overseas, we ensure they comply with privacy protections consistent with Australian law.

 

12. Digital Information and Website Use

Our website and digital platforms may collect limited usage data such as IP address, browser type, and analytics cookies.
This information helps us improve user experience and does not identify individuals.
Cookies can be disabled through browser settings if preferred.

 

13. Complaints and Feedback

If you believe Learn by Heart has breached your privacy, you may lodge a complaint by contacting our Privacy Officer:

Privacy Officer
Chelle Robertson
📧 chellekrobertson@gmail.com
📞 (+61) 422 955 108
📍 24 Downie St, Maryville, NSW, 2293 AUSTRALIA

We will investigate and respond within a reasonable time.

If you are not satisfied with the outcome, you may contact:
Office of the Australian Information Commissioner (OAIC)

For NDIS-related privacy concerns, you may also contact:
NDIS Quality and Safeguards Commission

 

14. Review and Updates

This Privacy Policy is reviewed annually or when relevant laws or NDIS requirements change.
The most recent version will always be available on our website or upon request.

 

15. Contact Us

For questions about this Privacy Policy or the way Learn by Heart manages personal information, please contact:

Privacy Officer
  Chelle Robertson
📧 chellekrobertson@gmail.com
📞 (+61) 422 955 108
📍 24 Downie St, Maryville, NSW, 2293 AUSTRALIA

 

✅ This policy meets the following compliance requirements:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
     

  • NDIS Practice Standards: Rights and Responsibilities – Privacy and Dignity
     

  • NDIS Quality Indicators (2021) for participant information management
     

humoftheheart@gmail.com

+61 422 955 108

  • LinkedIn
  • Facebook
  • Instagram

Privacy Policy

All Learn by Heart tutors have current WWC approvals and are fully accredited to teach by NESA.

ABN: 24 008 415 438

bottom of page