Privacy policy

This Privacy Policy (“Policy”) is issued by New Horizon Code PTY LTD (ABN 61 634 659 804), the owner and operator of the Diversity Sync’d platform (the “Platform”). This Policy outlines our legal obligations and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By accessing or using our Platform, you confirm that you have read, understood, and agree to the terms of this Policy.

[fs-toc-h2]1. Scope and Application

This Policy applies to all personal and sensitive information processed by Diversity Sync’d in connection with your organisation’s use of the Platform.

‍

Diversity Sync’d is a business-to-business service provider. We do not collect personal information from individuals directly or make decisions about how such data is used. Instead, our client organisations—such as support providers, care agencies, and coordinators—control the data submitted to the Platform and determine its lawful use.

In most cases, we act as a data processor on behalf of the subscribing organisation (“Client”), processing information strictly in accordance with their instructions and applicable agreements.

‍

This Policy outlines how we support our clients’ privacy obligations, including where they work with government agencies and regulated data under laws such as the Privacy Act 1988 (Cth), the NDIS Act, and where applicable, the Information Privacy Act 2009 (Qld).

‍

By accessing or using the Platform, you confirm that you are authorised to do so by your organisation and that your use is subject to this Policy and any applicable agreements in place with your organisation.

‍

[fs-toc-h2]2. Types of Data We Collect

We may collect the following categories of information, either directly from you or on behalf of your organisation:

‍

• Personal Information
  
  • Full name, contact details, and employment credentials
  • Account login and usage activity
  • Communication records, including messages and support queries
  Sensitive Information
  • Health, disability, and behavioural data of participants
  • Incident reports, safety documentation, and risk profiles
  • Data relevant to cultural, linguistic, or psychosocial context
  System & Diagnostic Data
  • IP address, browser/device information, session metadata
  • User interaction logs and audit trails
  • Error reports and usage analytics
  • Cookies and local storage data used for diagnostic, session management, or platform optimisation purposes

The collection of sensitive information is subject to your explicit consent or the lawful authority of your employer, who is responsible for obtaining it.

[fs-toc-h2]3. Organisational Control & Client Responsibility

Diversity Sync’d is a platform used by subscribing organisations (“Clients”) to manage participant support, case records, and workforce operations. In this context, Clients are typically the data controllers, responsible for determining the purpose and legal basis for data collection and processing. Diversity Sync’d acts solely as a data processor, providing the underlying infrastructure and services in accordance with the Client’s instructions.

‍

By inviting users and uploading data to the Platform, Clients:

• Acknowledge and accept full responsibility for the personal and sensitive information entered into the Platform by their users;
• Warrant that they have obtained all necessary consents, authorisations, or other lawful bases to collect, use, and share information with Diversity Sync’d;
• Are responsible for ensuring that all data submitted to the Platform is accurate, lawful, and complete;
• Must ensure that all users are appropriately trained, authorised, and understand their privacy obligations under relevant laws.

Diversity Sync’d does not independently verify or validate the legality of data entered into the Platform. We rely on Clients to uphold their legal, ethical, and contractual responsibilities, including obligations under the Privacy Act 1988 (Cth), the NDIS Act, and, where applicable, the Information Privacy Act 2009 (Qld) and associated child protection legislation.

‍

Clients who engage in services on behalf of government agencies remain fully responsible for ensuring their use of the Platform complies with any applicable privacy obligations and funding requirements.

‍

[fs-toc-h2]4. Use of Information

We may use your information for the following legitimate and lawful purposes:

• To provide, maintain, and improve the Platform and associated services
• To enable AI-assisted tools (e.g. DS AI) for summarising, reviewing, or augmenting support work
• To ensure platform security, monitor access, and enforce user permissions
• To support internal audits, legal compliance, and safeguarding obligations
• To contact you for administrative or service-related matters

We do not use your data for automated decision-making without human oversight.

[fs-toc-h2]5. AI Tools & DS AI

Diversity Sync’d includes proprietary artificial intelligence systems (“DS AI”) developed and operated internally to assist with platform functionality, including summarisation, data validation, and workflow optimisation. DS AI may analyse or generate outputs based on user-submitted content such as shift notes, incident reports, platform activity, and support tickets.

‍

DS AI features are optional and disabled by default. No data is analysed by our AI systems unless a Client with appropriate permissions has chosen to enable these tools.

‍

DS AI may also identify and flag potential risks or irregularities — including incomplete documentation, inconsistent data, or possible medication-related issues — to assist users in their professional duties. These flags are surfaced for attention and review only.

‍

Important Disclaimer: AI-generated content, including any medication-related warnings or alerts, is for informational support only and must not be relied upon as medical, clinical, pharmaceutical, legal, or professional advice. DS AI is not a diagnostic tool and does not make decisions on behalf of users. Outputs may be incomplete, inaccurate, or omitted entirely.

‍

All users remain solely responsible for reviewing and verifying any AI-generated content before taking action. Diversity Sync’d expressly disclaims all liability for decisions made, or not made, in reliance on AI-generated outputs without appropriate human oversight or clinical judgment.

‍

We do not permit the use of client data to train external AI models. Any training or performance improvement processes are conducted strictly within our secure infrastructure, and data remains under our control at all times.

‍

For more information on how AI is used within Diversity Sync’d, including system scope, safety limitations, and usage responsibilities, please refer to our AI Usage Statement: https://docs.diversitysync.com/en/articles/11639054-use-of-artificial-intelligence-ai

[fs-toc-h2]6. Legal Basis for Processing

We process your personal information on the basis of:

• Your consent (express or implied);
• The contractual relationship with your organisation;
• Our legitimate interest in securing and improving the Platform;
• Compliance with legal obligations applicable to regulated industries.

[fs-toc-h2]7. Disclosure of Information

We will not sell or rent your personal information. However, we may disclose data to the following categories of recipients:

• Authorised representatives within your organisation;
• Third-party service providers that support our infrastructure (e.g. Microsoft Azure, Intercom, Datadog);
• Legal or regulatory authorities, where required by law;
• Our related entities and contractors, subject to strict confidentiality obligations.

Each third-party provider is bound by contractual and technical safeguards that meet or exceed Australian privacy standards.

‍

Cross-Border Data Transfers

‍Some of our service providers may store or process data in jurisdictions outside of Australia. We only engage providers in countries with privacy protections substantially similar to those under Australian law, or where appropriate safeguards (such as contractual clauses) are in place. Core application data is hosted primarily in Australia.

[fs-toc-h2]8. Data Retention and Storage

All data is:

• Encrypted in transit and at rest;
• Stored on secure infrastructure within Australia or in jurisdictions with equivalent data protection laws;
• Retained only for as long as reasonably necessary or legally required.

We implement:

• Role-based access controls;
• Detailed access logs;
• Data loss prevention (DLP) measures;
• Regular penetration testing and risk assessments.

Data Deletion

‍Where applicable, you may request that your personal data be deleted from our systems. We will honour such requests unless retention is required to comply with legal obligations or legitimate operational needs. Organisational Clients are responsible for ensuring deletion aligns with their own regulatory duties.

‍

8A. Data Breach Notification

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, Diversity Sync’d will promptly investigate the incident, take appropriate remediation steps, and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) where required by law.

[fs-toc-h2]9. Data Access and Correction Rights

Subject to verification of your identity, you may request:

• Access to your personal information;
• Correction of any inaccurate or incomplete data;
• A copy of your personal information in a portable format, where applicable.

To make such a request, contact legal@newhorizoncode.io. We will respond within the timeframes required by the Privacy Act.

‍

You may also request that we delete or restrict processing of your personal information where appropriate.

[fs-toc-h2]10. Your Obligations

You are responsible for:

• Ensuring that any personal information you submit is accurate, lawful, and authorised for use;
• Maintaining the confidentiality of your account credentials;
• Immediately reporting any suspected unauthorised access to your data.

You must not use the Platform to upload or process any information that you are not lawfully permitted to handle.

[fs-toc-h2]11. Limitation of Liability

To the fullest extent permitted by law:

• We exclude all implied warranties regarding the accuracy, security, or fitness of the Platform for any particular purpose;
• We shall not be liable for any indirect, incidental, or consequential damages, including loss of data, revenue, or reputation, arising out of or in connection with the use of the Platform;
• Your organisation assumes all risk related to the use of the Platform in a professional or regulated capacity.

Nothing in this Policy limits your rights under the Australian Consumer Law where such rights cannot be excluded.

[fs-toc-h2]12. Updates to This Policy

We may revise this Policy at our discretion. Updates will be posted on the Platform and will take effect upon publication. Your continued use of the Platform constitutes acceptance of the revised Policy.

Where required by law, we will notify users of material changes and, where applicable, seek renewed consent.

[fs-toc-h2]13. Contact & Complaints

If you have a concern or complaint regarding your privacy, please contact our Privacy Officer. We will investigate all complaints and respond within a reasonable timeframe.

‍

Privacy Officer
New Horizon Code PTY LTD
Suite 121, Level 14
167 Eagle Street, Brisbane QLD 4000
Email: legal@newhorizoncode.io

‍

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

[fs-toc-h2]14. Jurisdiction

This Policy is governed by the laws of Queensland, Australia. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Queensland.

[fs-toc-h2]15. Children’s Privacy

Diversity Sync’d does not knowingly collect personal information directly from individuals under the age of 18. All child-related data processed through the Platform is provided by authorised representatives of client organisations in accordance with relevant legal obligations. Clients are responsible for ensuring lawful handling of such information.