Privacy Policy
Understanding how we collect, use, and protect your personal information in compliance with Australian Privacy Principles and NDIS requirements.
This Privacy Policy ("Policy") is issued by New Horizon Code PTY LTD (ABN 61 634 659 804), the owner and operator of the Diversity Sync'd platform (the "Platform"). This Policy outlines our legal obligations and your rights under the Privacy Act 1988 (Cth) and the APPs.
By accessing or using our Platform, you confirm that you have read, understood, and agree to the terms of this Policy.
Definitions
"APP" means the Australian Privacy Principles, Schedule 1 of the Privacy Amendment (Enhanced Privacy Protection) Act 2012.
"Content" means any information uploaded, stored, processed, or generated through the Platform, including personal and sensitive data.
"DS AI" means the Platform's use of proprietary artificial intelligence systems developed and operated internally to assist with the Platform's functionality, including summarisation, data validation, and workflow optimisation. DS AI may analyse or generate outputs based on user-submitted content such as shift notes, incident reports, platform activity, and support tickets.
"Our/We" means New Horizon Code Pty Ltd as the owner of the Platform.
"Participant" means a current or prospective NDIS participant.
"Personal information" is defined in the Privacy Act to mean any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
"Privacy Act" means the Privacy Act 1988 (Cth), and for the purposes of this Privacy Policy includes guidance issued by the Office of the Australian Information Commissioner under the Privacy Act.
"Services" means the features and functionality made available through the Platform.
"User" means any individual accessing the Platform under your account, including support workers, coordinators, and administrators.
"You"/"Your" refers to you as the Client, an organisation with a valid subscription to the Platform.
1. Scope and Application
This Policy applies to all personal information and sensitive data collected within the Content in connection with your use of the Platform. It applies to all Users.
By continuing to access the Platform, you expressly consent to the handling of your Content in accordance with this Policy.
2. Types of Data We Collect
We may collect the following categories of information on the Platform as inputted by you or your Users:
Personal Information
- • Full name, contact details, and employment credentials
- • Account login and usage activity
- • Communication records, including messages and support queries
Sensitive Information
- • Health, disability, and behavioural data of Participants
- • Incident reports, safety documentation, and risk profiles
- • Data relevant to cultural, linguistic, or psychosocial context
The collection of sensitive information is subject to you obtaining the explicit consent of the Participant. Consent must be voluntary, informed, current and specific and given by an individual with capacity. The collection of sensitive information must be reasonably necessary for you to perform your functions or activities. You may collect sensitive information without consent if required or authorised by law under public health or child protection obligations or if there is a serious threat to life, health or safety and it is impractical to obtain consent.
System & Diagnostic Data
- • IP address, browser/device information, session metadata
- • User interaction logs and audit trails
- • Error reports and usage analytics
- • Cookies and local storage data used for diagnostic, session management, or platform optimisation purposes
3. Organisational Control and Client Responsibility
The Platform is used by you and other clients to manage Participant support, case records, and workforce operations. In most cases, you act as the data controller, and the Platform acts as a data processor on your behalf.
By inviting Users and uploading data to the Platform, you:
- • Acknowledge and accept full responsibility for the Personal Information and sensitive information entered into the Platform by your Users, including the use of DS AI;
- • Warrant that you have obtained all necessary consents to collect and upload onto the Platform;
- • Are responsible for the accuracy of all the Content submitted to the Platform (we do not independently verify the legitimacy of data submitted by Users);
- • Must ensure that all Users are authorised to handle such data and understand their privacy obligations and that the Content is compliant with privacy legislation and guidance from the Office of the Australian Information Commissioner;
- • Must immediately report any suspected unauthorised access to your data;
- • Warrant that you comply with the Terms of Service when uploading the Content; and
- • Warrant that you will maintain the confidentiality of your account credentials.
We process any Personal Information of Users or Participants on the basis of your representations and warranties that you have collected the Personal Information lawfully and in accordance with the Terms of Service. When we obtain Personal Information from third parties such as Users and Participants, we will assume, and you must ensure that you have made that third party aware that you will upload Content relating to them onto the Platform and of the purposes involved in the collection, use and disclosure of the relevant Personal Information.
We hold and process the Personal Information on the Platform in accordance with the Privacy Act 1988.
4. Purposes for which we collect, hold, use and disclose Personal Information
We collect, hold, use and disclose Personal Information for the purposes for which it was collected and related purposes. This includes providing the service of a secure cloud-based platform to provide our clients with the tools to manage workforce and store data of Participants, including Personal Information and sensitive information. We may use the Content on the Platform to test platform security and legal compliance, to improve the services we offer via the Platform, and to contact a User for administrative or service related matters.
5. AI Tools and DS AI
The Platform includes proprietary artificial intelligence systems ("DS AI") developed and operated internally to assist with platform functionality, including summarisation, data validation, and workflow optimisation. DS AI may analyse or generate outputs based on user-submitted content such as shift notes, incident reports, platform activity, and support tickets.
DS AI may also identify and flag potential risks or irregularities — including incomplete documentation, inconsistent data, or possible medication-related issues — to assist Users in their professional duties. These flags are surfaced for attention and review only.
AI-generated content, including any medication-related warnings or alerts, is for informational support only and must not be relied upon as medical, clinical, pharmaceutical, legal, or professional advice. DS AI is not a diagnostic tool and does not make decisions on behalf of Users. Outputs may be incomplete, inaccurate, or omitted entirely.
All Users remain solely responsible for reviewing and verifying any AI-generated content before taking action. We accept no liability for decisions made, or not made, in reliance on AI-generated outputs without appropriate human oversight or clinical judgment.
We do not permit the use of Content to train external AI models. Any training or performance improvement processes are conducted strictly within our secure infrastructure, and data relating to the Content remains under our control at all times.
In accordance with the Australian Privacy Principle APP 6, you must ensure that any Personal Information inputted into DS AI is only inputted for the primary purpose for which it is collected, unless the Participant has consented to a secondary use, or you can establish that the secondary use would be reasonably expected by the Participant.
In accordance with Australian Privacy Principle APP 3, you must not use DS AI to generate or infer sensitive information about a Participant without that person's consent.
For more information on how AI is used within the Platform, including system scope, safety limitations, and usage responsibilities, please refer to our AI Usage Statement: https://docs.diversitysync.com/en/articles/11639054-use-of-artificial-intelligence-ai
6. Disclosure of Information
Any Personal Information loaded on the Platform will not be sold, rented, or disclosed to any third party for commercial gain. Any sharing of personal information is strictly limited to the purposes outlined in this Privacy Policy and in accordance with the Privacy Act. However, we may disclose data to the following categories of recipients:
- • Users within your organisation;
- • Third-party service providers that support our infrastructure (e.g. Microsoft Azure, Intercom, Datadog);
- • Legal or regulatory authorities, where required by law;
- • Our related entities and contractors, subject to strict confidentiality obligations.
Each third-party provider is bound by contractual and technical safeguards that meet or exceed Australian privacy standards.
7. Cross-Border Data Transfers
Some of our service providers may store or process data in jurisdictions outside of Australia. We only engage providers in countries with privacy protections substantially similar to those under Australian law, or where appropriate safeguards (such as contractual clauses) are in place. Core application data is hosted primarily in Australia.
8. Data Retention and Storage
All data is:
- • Encrypted in transit and at rest;
- • Stored on secure infrastructure within Australia or in jurisdictions with equivalent data protection laws;
- • Retained only for as long as reasonably necessary or legally required, and we will destroy the Personal Information if it is no longer needed for the purpose it was used by or disclosed to us.
We implement:
- • Role-based access controls;
- • Detailed access logs;
- • Data loss prevention (DLP) measures;
- • Regular penetration testing and risk assessments.
9. Data Deletion
Where applicable, you may request that Personal Information relating to the Participants or your Users is deleted from our systems. We will take such steps as are necessary in the circumstances to destroy the information or to ensure the information is de-identified, in accordance with APP 11. You are responsible for ensuring deletion requests comply with privacy legislation and guidance.
10. Data Breach Notification
In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, we will promptly investigate the incident, take appropriate remediation steps, and notify affected individuals and the Office of the Australian Information Commissioner (OAIC).
11. Data Access and Correction Rights
Subject to verification of identity, your User or a Participant under the scope of your organisation, may request:
- • Access to the Personal Information;
- • Correction of any inaccurate, out of date, misleading or incomplete data;
- • A copy of the Personal Information in a portable format, where applicable.
To make such a request, contact legal@newhorizoncode.io. We will respond within a reasonable period.
12. Limitation of Liability
To the fullest extent permitted by law:
- • We accept no liability for any loss or damage suffered by you or a third party resulting from your breach of privacy obligations, including under the Privacy Act, when using the Platform;
- • We shall not be liable for any indirect, incidental, or consequential damages, including loss of data, revenue, or reputation, arising out of or in connection with the use of the Platform;
- • You assume all risk related to the use of the Platform.
Nothing in this Policy limits your rights under the Australian privacy legislation where such rights cannot be excluded.
13. Updates to This Policy
We may revise this Policy at our discretion. Updates will be posted on the Platform, our website, and will take effect upon publication. Your continued use of the Platform constitutes acceptance of the revised Policy.
Where required by law, we will notify Users of material changes and, where applicable, seek renewed consent.
14. Contact & Complaints
If you have a concern or complaint regarding your privacy, please contact our Privacy Officer. We will investigate all complaints and respond within 30 days or a reasonable time frame.
Privacy Officer
New Horizon Code PTY LTD
Suite 121, Level 14
167 Eagle Street, Brisbane QLD 4000
Email: legal@newhorizoncode.io
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
- • Website: www.oaic.gov.au
- • Phone: 1300 362 992
- • Email: enquiries@oaic.gov.au
15. Jurisdiction
This Policy is governed by the laws of Queensland, Australia. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Queensland.
16. Children's Privacy
We do not knowingly collect on the Platform Personal Information directly from individuals under the age of 18. All child-related data processed through the Platform is provided by Users in accordance with relevant legal obligations. Clients are responsible for ensuring lawful handling of such information.