Privacy Policy

Mindful Bloom Support Services

This Privacy Policy explains how I collect, hold, use and disclose personal information, and how you can access or correct your information or make a privacy complaint.

In this Privacy Policy, “I”, “me”, “my” and “Mindful Bloom” refers to Mindful Bloom (ABN 46 038 351 771) trading as Mindful Bloom Support Services. “You” refers to any individual (or representative/organisation) whose personal information I collect.

I take privacy seriously and aim to handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What is “personal information”?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded or not.

Some personal information is also “sensitive information”, such as health information or disability-related information. Sensitive information receives higher protections under the Privacy Act.

2. What information I collect

The information I collect depends on how you interact with me (for example, via my website, enquiry forms, referrals, or when supports are delivered).

(a) Participants and prospective participants (NDIS supports)

If you enquire about supports or engage me to deliver supports, I may collect information such as:

  • your name, address, email, phone number and preferred contact method

  • NDIS number, plan dates, funding management type (plan-managed/self-managed), plan manager details

  • information relevant to providing supports safely and appropriately (for example, goals, support needs, preferences, risks, communication needs, and emergency contact details)

  • appointment details, service delivery records and progress notes relevant to supports delivered

  • billing/invoicing information (for example, invoices, service dates and times, and support item codes)

(b) Referrers, nominees and other contacts

If you are a nominee, guardian, family member, support coordinator, allied health professional, plan manager, or other service provider, I may collect:

  • your name, role/organisation, and contact details

  • referral information relevant to understanding whether my supports are suitable and safe

  • records of communications with you (where relevant and appropriate)

(c) Website visitors and enquiries

If you submit an enquiry through my website or contact me, I may collect:

  • your name and contact details

  • the information you choose to provide in your message

  • basic website analytics information (see section 5)

(d) Payments

If you pay for services (for example, if self-managed), I may collect payment-related details necessary to process payment. I do not intentionally store full credit card details unless processed via a secure third-party payment provider (where applicable).

Withholding information

You can choose not to provide requested information. However, this may mean I cannot respond fully to an enquiry or provide supports safely or appropriately.

3. How I collect personal information

I usually collect personal information directly from you, including:

  • via website forms, email, phone calls, online meetings, and in-person communication

  • during onboarding, service agreement and schedule of supports set-up

  • during support delivery (for example, session notes relevant to supports delivered)

In some situations, I may also collect personal information from others, for example:

  • your nominee/guardian (with authority)

  • your plan manager

  • a referrer such as a support coordinator or provider

  • where required or authorised by law, or where necessary to prevent or lessen a serious threat to life, health or safety

Where reasonable and practicable, I will collect information directly from you.

4. Why I collect personal information

I collect personal information to:

  • respond to enquiries and assess suitability of my supports

  • deliver supports and services you request

  • communicate with you (and, with consent/authority, your nominee or relevant supports)

  • schedule sessions and manage cancellations

  • complete service agreements and schedules of supports

  • manage invoicing, payments and records

  • improve service quality and maintain appropriate business records

  • comply with legal and regulatory obligations (including NDIS-related obligations where relevant)

  • respond to complaints, incidents, insurance matters, subpoenas or lawful requests

5. Website, cookies and online interactions

You can visit https://www.mindfulbloom.org/ without identifying yourself.

My website may use cookies and analytics tools to understand how visitors use the site (for example, device type, browser type, IP address, pages viewed, and referring links). This information is generally collected in a way that does not identify you personally.

You can control cookies through your browser settings. Disabling cookies may affect some website functionality.

My website may contain links to third-party websites. I am not responsible for the privacy practices of those sites.

Anonymity and pseudonyms

Where lawful and practicable, you may interact with me anonymously or using a pseudonym (for example, a general enquiry). For ongoing service delivery, it is usually not practicable to remain anonymous.

6. How I hold and protect personal information

I store information in secure electronic systems and, where necessary, in paper form. Paper records may be converted to electronic form and then securely stored or destroyed.

I take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. This may include:

  • secure devices/accounts, passwords and access controls

  • reputable cloud storage and business software

  • secure handling of records and communications

  • physical security for any paper records

No method of transmission or storage is completely secure. If you are emailing sensitive information, please contact me first if you would prefer a safer method.

7. How I use and disclose personal information

I only use and disclose personal information for the purposes described in this Privacy Policy, or as otherwise permitted by law.

I may disclose information to:

  • plan managers (for plan-managed participants) for invoicing and payment

  • service providers I use to operate my business, such as IT, cloud storage, email services, booking systems, website hosting, and professional advisers (for example, accountants, insurers, legal advisers)

  • your nominee/guardian where they have authority and it is appropriate

  • other providers only with your consent, or where required/authorised by law

  • government agencies or regulators where required by law

I do not sell personal information.

Sensitive information

Where I collect sensitive information (such as health or disability-related information), I will only use or disclose it as needed to provide supports safely, with your consent where required, or where otherwise permitted by law.

8. Direct marketing

I may send you information about my services if you:

  • have asked for information, made an enquiry, or engaged my services; or

  • have opted in to receive updates.

You can opt out at any time by using an unsubscribe option (where available) or by contacting me.

I do not use sensitive information for direct marketing.

9. Overseas disclosures

Some of the systems and service providers I use (such as email, website hosting, cloud storage, or form/booking tools) may store information on servers located outside Australia.

Unless an exception applies under the APPs, I will only disclose personal information overseas where I have taken reasonable steps to ensure the recipient handles the information in a way that is consistent with the Australian Privacy Principles.

10. Data breaches

I take reasonable steps to reduce the risk of data breaches.

If a data breach occurs that is likely to result in serious harm, I will comply with the Notifiable Data Breaches (NDB) scheme, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

11. Access and correction

You may request access to the personal information I hold about you and request corrections if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.

To request access or correction, contact me using the details in section 13.

In some circumstances I may refuse access or correction as permitted under the APPs. If I refuse, I will explain why (and, for correction requests, I will take reasonable steps to associate a statement with the information if appropriate).

12. Complaints

If you have concerns about how I have handled your personal information, please contact me first. I will acknowledge your complaint and aim to respond promptly.

I generally aim to respond within 30 days. If the complaint is complex and will take longer, I will let you know.

If you are not satisfied with my response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

13. How to contact me about privacy

If you have questions, want access to your information, or wish to make a privacy complaint, contact:

Email: info@mindfulbloom.org
Address: PO Box 388, Bega NSW 2550

Alternative communication methods

National Relay Service (NRS) (hearing/speech impairments):

  • 13 36 77 (Voice and TTY)

  • 1800 555 677 (Voice and TTY to 1800 numbers)

Translating and Interpreting Service (TIS National):

  • 13 14 50


Last updated: 18 February 2026