Section 34 Co — NDIS Document Preparation Service
This privacy policy explains how Section 34 Co (ABN 92 721 361 463) collects, holds, uses, discloses, and protects personal information when providing NDIS submission preparation services.
We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because we hold health information about NDIS participants, we are also bound by state health records legislation, including the Health Records and Information Privacy Act 2002 (NSW) where applicable to our operations.
This policy explains: what personal information we collect and why; how we use and disclose your information; how we store and protect your information; how long we keep your information; your rights, including access and correction; and how to make a complaint.
If you have questions about this policy or our handling of your information, contact us at hello@section34.com.au.
Section 34 Co provides NDIS submission preparation services to NDIS participants who self-manage or plan-manage their funding, and to support coordinators who outsource submission preparation work to us.
Your full name, date of birth, NDIS number, contact details (phone, email, postal address), and similar identifiers needed to prepare your submission.
Clinical assessments, medical reports, allied health reports, treatment histories, behavioural information, support needs documentation, and other information about your health or disability. This is sensitive information under the Privacy Act and requires your explicit consent to collect, use, and disclose.
Information about your NDIS plan budget, current and previous funding amounts, prior NDIA decisions, ART proceedings, legal correspondence, and quotes from service providers.
Where your submission references clinicians, support workers, family members, advocates, or others, we may collect personal information about those people. We treat this information under the same protections.
Information about how you interact with our services, including your enquiries, intake form submissions, payment records, and engagement progress.
We only collect information that is reasonably necessary for, or directly related to, providing our services.
Wherever practical, we collect information directly from you.
We collect your information to:
We will not use your information for any other purpose without your consent, unless an exception under the Privacy Act applies (for example, a legal obligation, or a serious threat to life, health, or safety).
Under the Australian Privacy Principles, we may only collect, use, or disclose your health and disability information with your explicit consent, unless a specific exception applies.
By engaging our services and providing health or disability information, you give us explicit consent to collect, use, and disclose that information for the purposes set out in this policy.
You can withdraw your consent at any time by contacting us at hello@section34.com.au. Withdrawing consent may mean we cannot continue to provide our services. We will explain the consequences before acting on a withdrawal of consent.
We use your information to provide the services you have engaged us for, including document preparation, communication about your engagement, and verification of accuracy.
Parts of our document preparation use AI language models. Before any of your information is sent to AI services, identifying information is removed through our de-identification system. AI services do not receive your real name, date of birth, NDIS number, address, or other direct identifiers.
AI providers contracted by us do not train AI models on your information.
We disclose your information only to:
We do not sell your information. We do not use it for direct marketing.
We use the following third-party services to operate our business. These providers have limited access to information necessary to perform their services:
All third-party services are bound by their own privacy policies and security obligations. We do not transfer your identified personal information to providers located outside Australia.
We store your information on encrypted servers located in Australia (Sydney). Backups are also stored encrypted and within Australia.
While we take reasonable steps to protect your information, no electronic storage is completely secure.
If a data breach occurs that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act).
We retain your information for the periods required by Australian law:
These retention periods reflect our obligations under the Privacy Act and state health records legislation, including section 25 of the Health Records and Information Privacy Act 2002 (NSW).
Throughout the retention period, your information is held in encrypted storage with access restricted to authorised personnel.
After the retention period ends, we securely destroy your information. We keep a record of the destruction, including the name of the individual to whom the information related, the period covered, and the date of destruction, as required by section 25(2) of the Health Records and Information Privacy Act 2002 (NSW).
If you ask us to delete your information before the retention period ends, we will comply unless we are legally required to retain it. Where we are legally required to retain information, we will explain why.
You can ask to access the personal information we hold about you. We will respond within 30 days. Where the law permits, we may charge a reasonable fee for access; we will tell you any costs before proceeding.
You can ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within 30 days.
For general enquiries about our services, you can deal with us anonymously or under a pseudonym. For actual document preparation services, we need your real information because the submissions we prepare require accurate identification.
You can withdraw consent for the collection, use, or disclosure of your sensitive information at any time. This may mean we cannot continue to provide our services.
You can ask us to delete your information. We will comply unless we are legally required to retain it.
To exercise any of these rights, contact us at hello@section34.com.au.
Email hello@section34.com.au with details of your concern. We will acknowledge your complaint within seven (7) days and respond substantively within thirty (30) days.
If you are not satisfied with our response, you can complain to the OAIC:
For complaints specifically about how we handle health information, you may also contact your state health complaints body:
For complaints about NDIS-related conduct, you can also contact the NDIS Quality and Safeguards Commission at ndiscommission.gov.au or 1800 035 544.
We do not disclose your identified personal information to recipients outside Australia. De-identified content processed by AI services may be processed on servers outside Australia; this content does not contain personal identifiers and cannot reasonably be used to identify you.
We collect your NDIS number because it is necessary to prepare your submission. We do not adopt government identifiers (such as your NDIS number, Medicare number, or tax file number) as our own identifiers for you. We use government identifiers only for the purpose for which they were issued.
We may update this policy from time to time. When we make material changes, we will publish the updated policy at section34.com.au/privacy.html with an updated version number and effective date. We may also notify existing clients of material changes by email.
Section 34 Co
Email: hello@section34.com.au
Website: section34.com.au
| Version | 2.0 |
| Effective date | [VERIFY — pending compliance specialist review, est. June 2026] |
| Approved by | Section 34 Co |
| Next review date | 12 months from effective date |
| Supersedes | Version 1.0 published 29 April 2026 |