Please ensure Javascript is enabled for purposes of website accessibility
NDISFAQsFeesAvailabilityLocationsBlogs and ResourcesContact UsCall 1300 339 493
BlueRocket Therapy Logo
Careers

Privacy Policy

BlueRocket Therapy is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs in combination with NDIS practice standards govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

Where services are delivered in Victoria, the Health Records Act 2001 (Vic) also applies, and BlueRocket Therapy is committed to meeting the obligations of that Act alongside the Australian Privacy Principles.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/.

This policy applies to:

  • All clients, families, and caregivers engaging with BlueRocket Therapy services
  • All staff, contractors, students, and volunteers who handle personal or sensitive information
  • All service delivery settings (in-person, telehealth, community, home, or clinic-based)
  • All business operations that involve personal data collection, including websites, billing, and communications
  • Prospective clients, referrers, support coordinators, and other professional contacts who interact with BlueRocket Therapy through our website, marketing campaigns, online forms, quizzes, scorecards, events, or other lead-generation activities.

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect includes:

BlueRocket Therapy collects personal information only where it is necessary for safe, high-quality care. Information collected may include:

  • Name, date of birth, contact details, address
  • Gender, cultural background, language preferences
  • Medical history, swallowing or communication assessments, therapy plans, diagnoses
  • Parent/guardian names, emergency contacts
  • Medicare, NDIS details, invoices, service agreements
  • Emails, call logs, session and telehealth recordings (with consent)
  • Reports, investigations, safeguarding documentation.
  • Photos and videos of therapeutic interventions, collected with your explicit consent for clinical purposes including documenting therapeutic progress. Photos and videos collected for clinical purposes will not be used for staff training, quality improvement, or any other secondary purpose without your separate consent. Photos and videos are stored securely within your clinical file and are subject to the same retention periods as other clinical records.
  • Information you provide when completing online forms, quizzes, scorecards, downloadable resource requests, event registrations, or other marketing interactions — including your responses to questions, role or job title, organisation, and contact preferences.

This Personal Information is obtained in many ways, including interviews, correspondence, telephone, email, voice recording of sessions (where consent has been provided), our website at www.bluerockettherapy.com.au, cookies and similar tracking technologies, advertising platforms such as Meta and Google, lead-capture and marketing tools we use (including ScoreApp and ActiveCampaign), and from third parties such as support coordinators, parents, and guardians. We do not guarantee the privacy practices of authorised third parties whose websites are linked from ours.

We collect and use Personal Information to:

  • Understand your needs and goals
  • Deliver safe, evidence-informed clinical care
  • Develop therapy plans and coordinate multidisciplinary care
  • Meet regulatory obligations (NDIS, AHPRA, SPA)
  • Manage service agreements, billing, and reporting
  • Support quality improvement, auditing, and staff training
  • Respond to incidents, safeguarding concerns, or legal requirements
  • Communicate with families and stakeholders
  • Communicate to you other services we provide
  • Communicate to you general updates on our organisation
  • Send marketing communications, newsletters, educational resources, and information about our services to people who have submitted their details through our website, online quizzes, forms, or marketing campaigns — where they would reasonably expect to receive such communications, or have consented to receive them.
  • Conduct, measure, and improve our marketing and advertising activities, including audience targeting, retargeting, and performance measurement on platforms such as Meta and Google.

We may also use your Personal Information for secondary purposes closely related to the above primary purposes, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our marketing communications at any time by clicking the unsubscribe link included in every marketing email we send, or by emailing us at hello@bluerockettherapy.com.au.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained
  • For a secondary purpose that is directly related to the primary purpose
  • With your consent; or where required or authorised by law.

Where our online quizzes or forms include questions that may relate to a third party — for example, an NDIS participant supported by a support coordinator completing the quiz — we ask only for non-identifying information about that third party, and we do not collect sensitive information about identifiable third parties without appropriate consent.

Children and Parental Consent

Where a client is a child under the age of 18, consent for the collection, use, and disclosure of their personal information is provided by a parent, guardian, or other person with legal authority to act on their behalf. BlueRocket Therapy will take reasonable steps to ensure that the person providing consent has the authority to do so.

As a child matures and develops capacity to make decisions about their own information, we will seek to involve them in consent discussions alongside their parent or guardian, in a manner appropriate to their age, developmental level, and individual circumstances.

Where a parent or guardian and an NDIS plan nominee are different people, we will clarify with you at the time of intake whose consent is required for specific types of information sharing, and document this clearly in the client's file.

Cookies, Tracking, and Online Advertising

Our website and online forms use cookies, tracking pixels, and similar technologies — including the Meta Pixel, Google Analytics, and Google Ads tags — to understand how visitors interact with our content, measure the performance of our advertising and marketing campaigns, and deliver relevant content and ads to people who have shown interest in our services. These tools may collect information such as your IP address, device and browser type, pages viewed, and actions taken on our website. You can control cookies through your browser settings, and you can opt out of personalised advertising through the privacy controls available on platforms such as Meta and Google.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

We also use third-party platforms to deliver and manage clinical services, including our practice management system, telehealth platform, and cloud storage. These platforms may store or process your personal information on our behalf. We select these providers carefully and require them to handle your information in a manner consistent with the Australian Privacy Principles. A current list of our clinical technology providers is available on request.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances including the following:

  • Third parties where you consent to the use or disclosure (e.g. with support coordinators);
  • NDIS or other funding bodies;
  • Emergency services, if needed for safety reasons;
  • Where required or authorised by law;
  • The NDIS Quality and Safeguards Commission, where they request access to participant records as part of an audit, compliance activity, or investigation into a complaint or incident.
  • Persons or bodies with mandatory reporting authority, where we have a legal obligation to report under applicable child protection legislation in the state or territory where services are delivered. In these circumstances, disclosure will occur without your consent and, where appropriate, without prior notice to you.
  • Trusted third-party service providers who help us operate our business. This includes marketing automation and lead-capture tools that process information on our behalf under contractual obligations to handle it in line with Australian privacy laws. It also includes advertising and analytics platforms (such as Meta and Google) that receive limited information through cookies, pixels, and form submissions, and which use that information under their own terms and privacy policies to deliver, measure, and optimise advertising.

Limits of Confidentiality

While we are committed to protecting your privacy, confidentiality has limits. There are circumstances where BlueRocket Therapy is legally required to disclose information without your consent and, in some cases, without notifying you in advance. These include:

  • Where a staff member has a mandatory obligation to report a concern about the safety or welfare of a child under applicable child protection legislation in the state or territory where services are delivered.
  • Where there is a serious and imminent risk to the life, health, or safety of you or another person.
  • Where we are required to notify the NDIS Quality and Safeguards Commission of a reportable incident under our obligations as a registered NDIS provider.
  • Where disclosure is required by a court order or other lawful authority.

In all such circumstances, we will only disclose the minimum information necessary to meet our legal obligations.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

We generally store your information in Australia. Some of our third-party service providers — including marketing automation, lead-capture, advertising, and analytics platforms — store or process data on servers located overseas. Where we disclose Personal Information to overseas recipients, we take reasonable steps to ensure they handle it in a manner consistent with the Australian Privacy Principles, including through contractual protections and our selection of established providers with recognised privacy and security standards.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years after you stop receiving services from us. Where the client is a child, records will be retained until the child turns 25, or for 7 years from the date of last service, whichever is the later date.

Marketing and lead-generation data — such as information collected through online quizzes, forms, downloadable resource requests, or event registrations — is retained for as long as it is reasonably required to manage our communications with you, or until you unsubscribe or request deletion of your details, whichever comes first.

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing at hello@bluerockettherapy.com.au. We will respond to your request within 30 days.

BlueRocket Therapy will not charge any fee for your access request.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

The Use of AI tools

BlueRocket Therapy uses AI-assisted tools to support service delivery, including for the following uses within approved systems:

  • Session transcription and summarisation – AI may be used to transcribe therapy sessions and generate clinical notes, subject to your explicit consent.
  • Document templates – including, but not limited to, therapy goals, therapy plans, therapy summaries, and functional capacity assessments.
  • Writing and responding to emails
  • Supporting scheduling and appointment management
  • Brainstorming session ideas, therapy activities, and resource ideas

Our commitments to you:

  • AI tools never replace human clinical judgement.
  • AI tools must not be used for transcription or real-time session processing unless the client has provided informed consent. Clients must be clearly informed about how the AI tool works, including how their information will be collected, stored, and used. Consent must be documented in the client’s file.
  • Client consent is required prior to using any AI transcription services. Where applicable, clients should be asked to provide consent via the designated digital method. Alternatively, written or verbal consent may be obtained during a session using an approved form.
  • Once consent has been provided, the clinician must confirm verbally at the start of each session that the client remains comfortable with the use of AI transcription.
  • Clients may ask questions, decline the use of AI tools, or withdraw their consent at any time. A client’s decision regarding AI use will not affect their access to care or the quality of services provided.
  • If a client does not consent, or withdraws consent, AI transcription tools must not be used in their sessions.
  • Your data is not used to train external AI models.
  • AI does not replace clinical reasoning, professional judgement, or clinical autonomy. Our AI tools are intended to support clinicians with administrative tasks, research and planning — they are not intended to guide, replace, or substitute clinical decision-making.
  • AI systems can and do produce errors, including plausible-sounding but inaccurate information (commonly referred to as “hallucinations”). It is every team member’s responsibility to critically review all AI-generated content before use - checking that it is factually accurate, clinically appropriate, and suitable for the individual client.
  • Where AI transcription is used, the transcript is used solely to support the creation of a clinical case note and is not retained as a clinical record. Transcripts are deleted within 30 days of creation. The resulting case note, authored by the clinician, forms the clinical record. If you withdraw consent for AI transcription, no further transcription will occur. You may request deletion of previously created transcripts at any time by contacting us in writing at hello@bluerockettherapy.com.au. Deletion requests will be assessed against any legal or regulatory obligations that require us to retain clinical records for a minimum period.

Data Breach Notification

BlueRocket Therapy is subject to the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). In the event of an eligible data breach that is likely to result in serious harm to any individual, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as reasonably practicable, in accordance with the requirements of the scheme.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy, or about how we have handled your Personal Information, please contact us in the first instance at hello@bluerockettherapy.com.au. We take privacy concerns seriously and will respond to your complaint within a reasonable timeframe. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

Where are you based?

Please select your state so we can show you the services and availability relevant to your area.