Privacy Policy

Sahajilo ("we", "us", "our") is committed to protecting the privacy of all individuals whose information we handle. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our website (sahajilo.com) or engage our services.

We take our obligations seriously under applicable data protection laws, including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) as they apply to our clients and the participants whose data we process on their behalf.

By accessing our website or using our services, you agree to the collection and use of information in accordance with this policy.

We may collect the following types of personal information:

Contact and identity information: Name, email address, phone number, job title, and organisation name when you submit an enquiry, book a consultation, or enter into a service agreement with us.

Service-related information: Staff details, payroll data, participant information, NDIS plan details, and other data you share with us as part of delivering outsourced administrative services.

Website usage data: IP address, browser type, pages visited, and referral URLs collected automatically via cookies and analytics tools.

Communications: Emails, phone call notes, and other correspondence you send to us.

We use your personal information to:

- Provide and manage the outsourced services you have engaged us for
- Respond to enquiries and communications
- Send service-related notifications and updates
- Comply with our legal and regulatory obligations under the NDIS Practice Standards and the Privacy Act
- Improve our website and service offerings
- Process invoices and manage our business operations

We will not use your information for unsolicited direct marketing without your consent. You may opt out of any marketing communications at any time.

We do not sell, trade, or rent your personal information to third parties. We may disclose your information to:

Service providers: Trusted third-party providers who assist us in operating our business (e.g. cloud hosting, payroll software platforms, accounting tools), subject to confidentiality obligations.

Legal and regulatory bodies: Where required by law, including the NDIS Quality and Safeguards Commission, the Office of the Australian Information Commissioner (OAIC), or law enforcement agencies.

Professional advisors: Lawyers, accountants, or auditors where necessary to protect our legal interests.

All third-party providers used by Sahajilo operate under data processing agreements and are prohibited from using your data for any purpose other than delivering services to us.

Client data is stored on secure cloud infrastructure with strong access controls. We implement technical and organisational security measures including:

- Encryption of data in transit (TLS) and at rest
- Role-based access controls limiting staff access to data on a need-to-know basis
- Regular security reviews and vulnerability assessments
- Incident response procedures

While we take all reasonable steps to protect your information, no method of transmission over the internet is 100% secure. If you believe your information has been compromised, please contact us immediately.

Our website uses cookies and similar tracking technologies to improve your experience. We use analytics tools (such as Google Analytics) to understand how visitors interact with our site. This data is aggregated and does not personally identify you.

You may disable cookies in your browser settings, but this may affect the functionality of certain parts of the website.

You have the right to request access to the personal information we hold about you, and to request corrections if that information is inaccurate, incomplete, or out of date.

To make an access or correction request, please contact us using the details below. We will respond within 30 days. We may require you to verify your identity before releasing information.

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting obligations.

NDIS-related records are retained for a minimum of 7 years in accordance with NDIS Practice Standards and applicable state/territory legislation. Upon termination of a service agreement, we will return or securely destroy client data in accordance with our offboarding procedures and any agreed data handling terms.

If you believe we have mishandled your personal information, please contact us in the first instance so we can attempt to resolve the matter. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes acceptance of the revised policy.

For any privacy-related enquiries, access requests, or complaints, please contact:

Sahajilo
Email: info@sahajilo.com
Website: sahajilo.com