OneForce Care is a product of Wondertree Studios Pty Ltd (ACN 699 886 498, ABN 82 699 886 498), a company registered in New South Wales with its registered office at Level 10, 387 George Street, Sydney NSW 2000, Australia. In this policy, “OneForce Care”, “we”, “us” and “our” refer to Wondertree Studios Pty Ltd.
This policy explains how we collect, hold, use and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to our marketing website and to the OneForce Care web and mobile platform (together, the “Service”). It works alongside our Terms of Service, Security, Data residency and Cookie Policy.
By using the Service, you acknowledge the handling of information described in this policy.
1. Who this policy covers
We deal with personal information about three broad groups of people:
- Website visitors and enquirers. People who browse our site, request a demo, or send us an enquiry.
- Provider staff. Employees and contractors of a Provider (defined below) who log in to the platform.
- Participants and Workers. The individuals whose records a Provider manages in the platform.
This policy does not describe a Provider’s own privacy practices for information it collects or uses outside the Service; that is set out in the Provider’s own privacy policy. Our website and platform may contain links to external resources, such as NDIS Commission or OAIC guidance; we are not responsible for the privacy practices of sites we link to, and this policy does not apply to them.
2. Definitions
- “Service” means, together, the Website and the Platform.
- “Website” means our public marketing website.
- “Platform” means the OneForce Care web application and the OneForce Care Worker mobile app.
- “Provider” means the disability, aged-care or NDIS support organisation that holds a subscription to the Service.
- “Worker” means a support worker, coordinator or other staff member of a Provider whose employment, compliance or rostering record is held in the platform.
- “Participant” means an NDIS participant or other care recipient whose record is held in the platform by a Provider.
- “Provider Data” means the information a Provider, its staff or its Workers enter, upload or generate in the platform about Workers and Participants, including the Worker Data and Participant Data described in section 4.
- “Account Data” means information we collect directly about a Provider’s business and about the individuals who access the Service, for our own purposes as described in section 3.
- “Sensitive information” has the meaning given in the Privacy Act, and includes health information.
- “OAIC” means the Office of the Australian Information Commissioner.
3. Our role, and the Provider’s role
The Service is built for Providers to run their own operations. Because of that, two different privacy relationships exist side by side.
The Provider is responsible for Provider Data. As the organisation that collects information about its Participants and Workers (directly, or through referrals and enrolment processes) and decides what to record, the Provider is responsible for having a lawful basis to collect that information and for obtaining any consents needed, including for sensitive information. We process Provider Data only on the Provider’s instructions, as its engaged service provider, to deliver the Service. We do not use Provider Data for our own independent purposes, other than: keeping the Service secure and investigating misuse; providing support at the Provider’s request; meeting our legal obligations; and improving the Service using de-identified or aggregated data that does not identify any individual.
We are responsible for Account Data. We collect Account Data directly, for our own purposes, so we are the accountable APP entity for it in the ordinary way. Account Data includes information about a Provider’s business (organisation name, ABN, billing contact) and about individuals who use the Service directly (name, work email, login and security history).
If you are a Participant or Worker and want to know how your information is handled, your first point of contact is the Provider whose platform record you are in, since they control that record and your relationship is with them, not with us. Section 23 explains how to reach us if that does not resolve your query.
Internal access for support and operations. OneForce Care operates a separate, platform-owner administration area used to manage Provider workspaces (for example, creating and updating Provider accounts, tracking onboarding, and assisting with account-level issues such as resetting a Provider owner’s multi-factor authentication). Access to this area is limited to authorised OneForce Care staff, is used only to operate, support and secure the Service, and is not a means for us to use Provider Data for any purpose the Provider has not instructed.
4. Information we collect
The kinds of personal information we hold depend on your relationship with us, ranging from a website enquiry to a detailed Worker or Participant record. The categories below cover the Service as a whole; no single person’s record will contain all of it.
4.1 Account and enquiry information
When you request a demo, contact us, or a Provider signs up, we collect names, work emails, phone numbers, organisation names, ABNs, job titles, and the content of any message sent to us. When a Provider account is created we also collect billing and subscription details. We collect limited technical information from anyone using our website or platform, such as IP address, browser and device type, and basic server logs, to operate and secure the Service. See our Cookie Policy for the specific browser storage the Website and Platform use.
4.2 Provider staff information
For people who log in to the platform, we hold name, email, phone, assigned role and permissions, multi-factor authentication status, and login and session history (device type, approximate location derived from IP address, and timestamps), recorded for account security and audit purposes.
4.3 Worker information
Providers use the platform to record information about their Workers, including:
- Identity and contact details: name, date of birth (where recorded), address, phone and email.
- Employment details: employment basis and category, role title, ABN (for contracted workers), agreed weekly hours, and default work location or transport arrangements.
- SCHADS Award classification and pay figures: award code, classification level, pay point, employment stream, and any hourly-rate override; recorded shift times, clock-in and clock-out data, and the payroll figures generated from them (hours, allowances and pay items) that a Provider uses to run its own payroll or push to its accounting system.
- Compliance and screening records: NDIS Worker Screening clearance identifier and status, Working with Children Check number, qualifications, and high-intensity support skills, used to track a Worker’s eligibility to deliver particular supports.
- Rostering and location data: shift assignments, and, where a Provider enables it, travel and location data recorded while a shift is in progress.
- Mobile app data: for Workers using the OneForce Care Worker app, a device push-notification token used to deliver shift and roster notifications.
4.4 Participant information (sensitive information)
Providers use the platform to record information about the Participants they support, including:
- Identity details: name, date of birth, gender, pronouns, preferred language, and, where volunteered, ethnicity and Aboriginal or Torres Strait Islander status.
- Government identifiers: NDIS number, and, where recorded, Medicare number and Centrelink reference number.
- Health-adjacent support information, which is sensitive information under APP 3.3: primary diagnosis, support needs and goals recorded in service agreements and support plans, and notes made by support workers in the course of delivering a shift.
- NDIS plan and funding details: plan management arrangement, funding categories and support items, and support coordinator contact details, where a Provider records them.
- Emergency and representative contacts: contact details for a guardian, nominee or emergency contact, where recorded.
- Signed documents: service agreements, consent forms and other documents generated and countersigned through our e-signature workflow (see section 13).
4.5 Incident reports
The platform includes an incident-reporting feature Providers use to log workplace and NDIS-reportable incidents. An incident report can include the date, time and location of the incident, a description of what happened, the Participants and Workers involved, witnesses, immediate actions taken, and, where applicable, whether the incident is reportable to the NDIS Commission and its reportable category and deadline. Incident reports can therefore contain sensitive information about a person’s health or about alleged conduct, and we treat them accordingly.
5. How we notify you of collection
Where practical, we tell you what we collect and why at or before the time of collection, for example through the fields on our sign-up and enquiry forms and links to this policy. Because a Provider directly manages its own onboarding, consent and enrolment processes for Participants and Workers, the Provider is best placed to give those individuals APP 5 collection notices at the point it collects their information; this policy is the collection notice for information we collect directly (Account Data and website enquiries).
Some fields on our sign-up, enquiry and platform forms are mandatory, marked as such at the point of entry. If you don’t provide that information, we, or the Provider, may not be able to respond to your enquiry, create or maintain your account, or provide the specific feature that field supports (for example, a Worker’s SCHADS classification is needed to calculate that Worker’s pay).
6. Where information comes from
We collect information:
- Directly from you, when you fill in a form, send an enquiry, or enter information as a Provider, Worker or Participant using the platform.
- From Workers, through self-service profile fields and the mobile app (for example, clock-in location and push token).
- From Providers, on behalf of Participants, where a Provider enters or uploads Participant information as part of managing that Participant’s supports.
- Automatically, through the ordinary operation of the Service (device, browser and usage information; login and audit events).
- From public registries, such as the Australian Business Register, when a Provider signs up and we verify the ABN it provides.
- From third parties a Provider engages, such as the outcome of an NDIS Worker Screening check that a Provider enters into a Worker’s record.
- From your device, through the local storage described in our Cookie Policy, such as your saved display theme and session.
7. Anonymity and pseudonymity
Where it is lawful and practicable, you can deal with us without identifying yourself, for example when browsing our public website or making a general enquiry. In most cases, however, it is not practicable for us to deal with you anonymously or under a pseudonym: the Service is an account-based platform used to manage real rostering, service-delivery, compliance and payroll records, so a Provider, Worker or Participant record must be tied to an identifiable person for the Service to work and for a Provider to meet its own NDIS obligations.
8. Why we collect, hold, use and disclose information
We collect, hold, use and disclose personal information to:
- provide, operate and support the platform and mobile app for Providers, including rostering, service delivery, claiming and payroll-figure generation;
- generate, send for signature, and store service agreements and consent documents;
- operate incident logging and the NDIS-reportable incident workflow;
- send transactional notifications, such as shift changes, reminders and security alerts;
- manage Provider accounts, billing and our customer relationship;
- respond to enquiries and provide demonstrations of the Service;
- keep the Service secure, detect misuse, and maintain audit logs;
- comply with our legal and regulatory obligations, including NDIS record-keeping requirements;
- respond to access, correction and other requests made under this policy.
We do not sell personal information, and we do not use Participant or Worker information for advertising or marketing, whether ours or anyone else’s.
Product improvement. We may analyse de-identified, aggregated usage information, for example, which features are used most, or how long an incident report takes to complete, to improve the Service. This aggregated information does not identify any individual, is not shared outside OneForce Care, and is not treated as personal information once de-identified.
9. Direct marketing
We may use the contact details of a website enquirer or a Provider’s billing or admin contact to tell them about OneForce Care features, updates or events, consistent with APP 7. Every marketing message includes a clear way to opt out, and we will stop within a reasonable time of you asking. We do not send direct marketing using Participant or Worker information, and we do not disclose personal information to any other organisation for their own direct marketing purposes.
10. Sensitive information
Some Provider Data is sensitive information, including health-adjacent support information and, in incident reports, information about alleged conduct. We only ever handle this information because a Provider has recorded it in the platform under its own lawful basis and consents (see section 3); we do not independently decide to collect it. Sensitive information is subject to the same access controls and encryption as the rest of Provider Data, and we apply the additional safeguards described in our Security page.
11. Government identifiers
Participant records can include government identifiers, namely NDIS numbers and, where recorded, Medicare and Centrelink reference numbers. Consistent with APP 9, we do not adopt an NDIS number, Medicare number or Centrelink reference number as our own identifier for an individual, and we do not use or disclose these identifiers except: to deliver the Service on the Provider’s instructions (for example, including an NDIS number on a claim or invoice); where the individual has consented; where required or authorised by law; or where reasonably necessary to prevent or investigate unlawful activity.
12. Children’s information
The Service is designed for use by adults, namely Provider staff and Workers. Some Participants supported through the platform may be children; where that is the case, the Provider is responsible for the lawful basis and parental or guardian consent for collecting that child’s information, in the same way it is responsible for any other Participant Data (see section 3). We do not knowingly collect personal information directly from children through our marketing website.
13. Who we disclose information to
We do not disclose personal information except as needed to run the Service, comply with the law, or as set out below. We choose subprocessors based on their security practices, contractual commitments to protect personal information, and, where relevant, whether they can host or process data in Australia. The subprocessors we use to deliver the Service are:
| Category | What they do | Data involved |
|---|---|---|
| Cloud database and authentication provider | Hosts the platform’s database and user authentication, in the Sydney (Australia) region. | Account Data and Provider Data (essentially all platform data, including sensitive information). |
| Cloud hosting and document storage provider | Runs the platform’s application hosting and stores signed documents and other uploaded files, in the Sydney, Australia (ap-southeast-2) region. | Application hosting for the platform; signed documents and other uploaded files. |
| Transactional email provider | Transactional email delivery: account invites, e-signature invitations and reminders, and security notifications (for example, password-change and MFA-removal alerts). | Recipient name and email address, and the content of the relevant notification. |
| Electronic-signature service | Electronic signature workflow for service agreements and consent forms. We self-host this service on infrastructure we operate, rather than using a hosted third-party service. | Signer name and email, and the content of the document being signed. |
| Address-lookup service | Address autocomplete when a Provider, Worker or Participant address is entered in the platform. | The characters typed while searching, and the address selected. |
| Mobile push-notification relay | Build, delivery and push-notification relay for the OneForce Care Worker mobile app. | Device push-notification tokens, and the content of push notifications (for example, shift reminders). |
| Xero | Accounting and payroll integration, used only where a Provider chooses to connect its own Xero organisation. | Invoice data (participant or recipient name, NDIS support item numbers and amounts) and timesheet data (Worker name, hours and pay items), sent to that Provider’s own Xero organisation. |
| Enquiry-tracking system | Sales enquiry tracking, for contact and demo-request submissions made through our marketing website only. | Name, work email, phone number, organisation and message content submitted through the form. |
A current list of our subprocessors is available to Providers on request via hello@oneforce.com.au.
We do not give any subprocessor rights to use personal information for its own purposes, and each is engaged only for the purpose described above. We may also disclose information:
- to our own professional advisers, such as our accountants, auditors and lawyers, bound by confidentiality obligations, where reasonably necessary for them to advise us;
- to a prospective or actual buyer and its advisers, if we are involved in a merger, acquisition or sale of some or all of our business or assets, subject to appropriate confidentiality protections, and with the incoming entity bound to handle information consistently with this policy;
- where required or authorised by law, such as in response to a lawful request from a regulator or law-enforcement body, or to establish or defend a legal claim; or
- with your consent.
14. Overseas disclosure
Where we can, we keep Provider Data onshore: our cloud hosting and database providers host the platform, the database and document storage in Australia, and our electronic-signature service runs on infrastructure we operate. Some subprocessors may process limited personal information outside Australia as part of delivering their service to us:
- Our transactional email provider may process email content and recipient details on infrastructure located outside Australia.
- Our address-lookup service processes address-search input on its own overseas infrastructure.
- Our mobile push-notification relay may process push tokens and notification content outside Australia.
- Xero hosts each Provider’s connected organisation on its own infrastructure, which may be located outside Australia depending on the region Xero uses for that organisation.
- Our enquiry-tracking system may store website enquiry data outside Australia.
For each of these, we only send the minimum information needed for the relevant function, and we take reasonable steps consistent with APP 8 to satisfy ourselves that the recipient handles personal information in a manner consistent with the APPs, including through the provider’s own terms and security practices. Full platform data (Provider Data at rest) is not routed through these overseas subprocessors; only the specific, limited data described above is. See our Data residency page for more detail on where data is stored, and section 23 if you would like more information about a particular disclosure before consenting to it.
15. Security
We apply layered technical and organisational safeguards to Provider Data, including strict data separation between Provider organisations enforced at multiple layers, encryption in transit (TLS/HTTPS) and at rest, support for multi-factor authentication (which a Provider can enforce for its own staff), role-based access control, and audit logging of significant actions and sign-in events. Access to production systems is limited to authorised personnel on a least-privilege basis, and we keep the software and infrastructure the Service runs on maintained and patched. Full detail is on our Security page. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work continuously to reduce risk and to respond quickly if something goes wrong (see section 19).
16. Quality of information
We rely on Providers, Workers and account holders to give us accurate, complete and up-to-date information, since a Provider is closest to its own Participants and Workers and best placed to keep those records current. Consistent with APP 10, we take reasonable steps within our control to support this: form validation on data entry, verifying a Provider’s ABN against the Australian Business Register at sign-up, and giving Providers and their staff the ability to correct records themselves at any time through the platform, rather than only through a request to us. If you believe information we hold is inaccurate, see section 18.
17. How long we keep information
We keep personal information only for as long as needed for the purposes in section 8, to meet our legal obligations, or for as long as a Provider instructs us to retain data on its behalf. Once information is no longer needed for any of those purposes, we securely delete or de-identify it.
- Provider Data (Worker and Participant records, incident reports, signed documents). NDIS providers are generally required to keep records for at least 7 years, so unless a Provider directs otherwise, we retain this data for at least that period from creation or from when the relevant support was delivered. Some records may need to be kept longer under other laws, such as certain records relating to children.
- Deletion on instruction. When a Provider offboards a Worker or Participant, or deletes a record, we remove it from live systems and it is then purged from backups within our standard backup cycle.
- Account Data. Kept for as long as the relevant account is active, plus a reasonable period afterwards for legal, accounting and dispute-resolution purposes.
- Website enquiries. Kept for as long as reasonably needed to respond to the enquiry and for a limited period afterwards for our own records, unless you ask us to delete it sooner.
18. Accessing and correcting your information
Under APPs 12 and 13, you can ask to access personal information we hold about you, and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading.
- If you are a website enquirer or a Provider’s own account holder, contact us using the details in section 23 and we will respond within a reasonable time, verifying your identity first.
- If you are a Participant or Worker, please contact the Provider whose platform you are recorded in first, since they control that record, know the context it was collected in, and are best placed to action a correction. If you are unable to resolve your request with the Provider, contact us and we will assist consistently with our obligations as the Provider’s service provider.
To make a request, email us at the address in section 23 describing what you would like to access or correct. We will not charge you for making a request or for us giving access, and we aim to respond within 30 days. We may decline a request in the limited circumstances the Privacy Act allows (for example, where it would unreasonably impact another person’s privacy, or where giving access would be unlawful), and we will explain our reasons if we do.
19. If a data breach occurs
We maintain processes to detect, assess and respond to data incidents affecting personal information. Where we assess that an “eligible data breach” under the Notifiable Data Breaches (NDB) scheme has occurred, that is, unauthorised access to, unauthorised disclosure of, or loss of personal information that is likely to result in serious harm, we will notify affected individuals and the OAIC as required by the Privacy Act, and take reasonable steps to contain and remediate the incident. Where the affected information is Provider Data, we will also notify the relevant Provider promptly so it can meet its own obligations, including any applicable NDIS Commission reporting.
We also maintain an internal incident register recording the nature of each suspected or confirmed incident, our assessment of it, and the steps taken in response, so we can demonstrate our compliance with the NDB scheme if asked by the OAIC.
20. Making a complaint
If you have a concern about how we have handled personal information, please contact us first (details below) so we can try to resolve it directly. Please give us enough detail to investigate, including what happened and when. We will acknowledge your complaint and aim to respond within 30 days.
If you are not satisfied with our response, or we haven’t responded within a reasonable time, you can complain to the Office of the Australian Information Commissioner. The OAIC generally expects you to have first given us a reasonable opportunity to respond.
- Website: oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
21. Changes to this policy
We may update this policy from time to time as our practices, products or the law change. The “last updated” date at the top of this page shows when it last changed. Where a change is material, we will take reasonable steps to bring it to the attention of active Providers, for example by email or an in-app notice.
22. Quick reference: Australian Privacy Principles
For ease of reference, this table shows where each Australian Privacy Principle is primarily addressed in this policy.
| APP | Subject | Where addressed |
|---|---|---|
| 1 | Open and transparent management of personal information | This policy as a whole; section 23 for how to contact us |
| 2 | Anonymity and pseudonymity | Section 7 |
| 3 | Collection of solicited personal information | Sections 4, 10, 11 |
| 4 | Dealing with unsolicited personal information | Section 6 (we do not seek unsolicited personal information; where we receive it, we assess and, if not needed, destroy or de-identify it) |
| 5 | Notification of collection | Section 5 |
| 6 | Use or disclosure | Sections 8, 13 |
| 7 | Direct marketing | Section 9 |
| 8 | Cross-border disclosure | Section 14; see also Data residency |
| 9 | Adoption, use or disclosure of government-related identifiers | Section 11 |
| 10 | Quality of personal information | Section 16 |
| 11 | Security of personal information | Section 15; see also Security |
| 12 | Access to personal information | Section 18 |
| 13 | Correction of personal information | Section 18 |
23. Contact us
Our us can be reached at hello@oneforce.com.au.
Wondertree Studios Pty Ltd ACN 699 886 498 / ABN 82 699 886 498 Level 10, 387 George Street, Sydney NSW 2000, Australia