Privacy Policy

1. Introduction

Ngigto Pty Ltd trading as ET Care (ABN 35113033775) (“we”, “us”, or “our”) is committed to protecting the privacy of individuals who use our Platform. We understand that the information you share with us, particularly about your family’s aged care circumstances, is deeply personal.

This Privacy Policy explains how we collect, hold, use, and disclose your personal information in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”). It applies to all personal information collected through our website, platform, and the ET artificial intelligence assistant (collectively, the “Platform”).

We are an APP entity as defined by the Privacy Act and are bound by the APPs in respect of our handling of personal information.

This Privacy Policy should be read together with our Terms of Use and Transparency Policy, which are available on the Platform. By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices as described here, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide Directly

We may collect the following categories of personal information that you provide to us:

• Identity information: your name, email address, phone number, and date of birth.
• Account credentials: your username and password (stored in encrypted form).
• Family and care information: details about your family members, their care needs, living arrangements, and aged care preferences that you share with the Platform or the ET assistant.
• Financial information: general financial details relevant to aged care means testing (such as asset ranges, income ranges, and home ownership status). We do not collect bank account numbers, credit card details, or tax file numbers.
• Document uploads: any documents you upload for analysis by the Platform (for example, My Aged Care letters, ACAT/ACAS assessments, or fee schedules).
• Assessment responses: your answers to guided assessments and questionnaires within the Platform.
• Communication records: messages, feedback, enquiries, and correspondence you send to us through the Contact Us page on our website or other channels.

2.2 Sensitive Information

The Platform may collect sensitive information as defined under the Privacy Act, including health information about you or family members (such as medical conditions, care needs, and ACAT/RAS assessment outcomes) that you voluntarily provide when using the Platform.

We only collect sensitive information with your consent, and we take additional measures to protect this information as described in Section 8. We do not require you to provide sensitive information, and you can choose to use the Platform without disclosing health or medical details. However, the accuracy and relevance of the guidance we provide may be limited if certain information is not shared.

2.3 Information Collected Automatically

When you use the Platform, we may automatically collect:

• Device and technical information: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: pages visited, features used, time spent on the Platform, clickstream data, and interactions with the ET assistant.
• Cookies and similar technologies: we use cookies, local storage, and similar technologies as described in Section 9.
• Location data: general geographic location derived from your IP address (we do not collect precise GPS location).

2.4 Information from Third Parties

We may receive personal information about you from third parties, including:

• Analytics providers (such as Google Analytics).
• Partner organisations (such as aged care service providers), where you have consented to the sharing of your information.
• Public sources, where relevant to verifying information or improving our services.

3. How We Use Your Information

We collect and use your personal information for the following purposes:

We will not use your personal information for a purpose other than the purpose for which it was collected, unless you consent or an exception under the APPs applies (such as where the secondary purpose is directly related to the primary purpose and you would reasonably expect us to use the information for that secondary purpose).

4. How We Disclose Your Information

We may disclose your personal information to:

• Service providers: third-party companies that assist us in operating the Platform, including cloud hosting providers, AI infrastructure providers, analytics services, email delivery services, and customer support tools. These providers are contractually required to protect your information and use it only for the purposes we specify.
• Aged care partners: where you have consented to a referral (for example, to an aged care provider, financial adviser, or legal practitioner). We will identify any partner arrangements in our Transparency Policy. We will not share your personal information with partners for their own marketing purposes without your explicit consent.
• Professional advisers: our lawyers, accountants, and auditors where necessary.
• Law enforcement and regulators: where required or authorised by law, court order, or regulation.
• Business transfers: in connection with any merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We will not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Overseas Disclosure

Some of our service providers may be located outside Australia. In particular, our cloud infrastructure and AI processing services may involve the transfer of data to servers in the United States, the European Union, or other jurisdictions.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information, as required by APP 8. This may include selecting providers that are subject to binding privacy frameworks, or entering into contractual arrangements that require overseas recipients to handle personal information in accordance with the APPs.

We will update this section if the countries to which we disclose data change materially.

6. AI and Data Processing

6.1 How ET Uses Your Data

When you interact with the ET assistant, your inputs (questions, information about your circumstances, and uploaded documents) are processed to generate personalised responses. This involves:

• Sending your queries to our AI processing infrastructure to generate relevant responses.
• Retaining conversation history within your account to provide continuity and context in future interactions.
• Processing uploaded documents to extract relevant information (for example, identifying assessment outcomes, fee details, or care levels from My Aged Care correspondence).
• Aggregating and anonymising interaction data to improve the accuracy and relevance of ET’s responses over time.

6.2 AI Infrastructure and Model Training

We select AI infrastructure providers that offer appropriate data handling commitments, including commitments not to use your inputs to train their general AI models. Your conversations with ET and your uploaded documents are not used to train third-party AI models.

We encourage you to avoid sharing highly sensitive personal identifiers (such as tax file numbers, bank account details, or Medicare numbers) in your interactions with ET unless it is necessary for the guidance you are seeking.

6.3 Automated Decision-Making

ET may provide suggestions, recommendations, or guidance based on the information you share. These outputs are generated by automated processing, but they are informational only and do not constitute decisions that have legal or similarly significant effects on you. You are always free to disregard ET’s suggestions and seek independent professional advice.

For more information about our AI practices, please refer to our Transparency Policy.

6.4 Conversation and Document Deletion

Your conversations with ET are stored within your account so that you can refer back to previous interactions. You can delete your conversation history at any time through your account settings.

Uploaded documents are stored securely within your account and are not shared with other users. You can delete uploaded documents at any time through the Platform.

Deleting conversations or documents will permanently remove the stored records from our active systems. Residual copies may exist in encrypted backups for a limited period, as described in Section 11.

7. Your Rights

7.1 Access

You have the right to request access to the personal information we hold about you (APP 12). You can access much of your information directly through the Platform (including your profile, conversation history, and uploaded documents). If you require additional access, please contact us through the Contact Us page on our website. We will respond to access requests within 30 days. We may charge a reasonable fee for providing access if the request requires significant effort.

7.2 Correction

You have the right to request correction of any personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13). You can update your account information directly through the Platform. For other corrections, please contact us through the Contact Us page on our website. We will respond to correction requests within 30 days.

7.3 Erasure and Account Deletion

You may request deletion of your account and associated personal information through your account settings on the Platform, or by contacting us through the Contact Us page on our website. We will comply with such requests unless we are required or permitted by law to retain certain information (for example, for legal compliance or dispute resolution purposes). We will notify you of any information that we are unable to delete and our reasons for retaining it.

7.4 Withdrawal of Consent

Where we rely on your consent to process personal information (such as sensitive information or marketing communications), you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

7.5 Opt-Out of Marketing

You may opt out of receiving marketing communications from us at any time by using the unsubscribe link in our communications, adjusting your account preferences, or contacting us through the Contact Us page on our website. We will process your opt-out request within 5 business days in accordance with the Spam Act 2003 (Cth).

8. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, as required by APP 11. Our security measures include:

• Encryption of data in transit (TLS/SSL) and at rest.
• Access controls and authentication requirements for staff and contractors.
• Regular security assessments and vulnerability testing.
• Secure data storage with reputable cloud service providers.
• Staff training on privacy and data handling obligations.
• Incident response procedures aligned with the Notifiable Data Breaches scheme.

While we take these steps, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on the Platform. The types of cookies we use include:

You can manage or disable non-essential cookies through your browser settings. Disabling essential cookies may affect the functionality of the Platform. For more information on managing cookies, visit your browser’s help documentation.

10. Children’s Privacy

The Platform is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately through the Contact Us page on our website.

11. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to comply with our legal, accounting, and reporting obligations.

When determining retention periods, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the information, whether we can achieve those purposes through other means, and applicable legal requirements.

When we no longer need your personal information, we will take reasonable steps to destroy or permanently de-identify it, as required by APP 11.2. Residual copies in encrypted backups are overwritten in accordance with our standard backup retention schedule, which does not exceed 90 days.

12. Notifiable Data Breaches

In the event of an eligible data breach (as defined in Part IIIC of the Privacy Act), we will comply with the Notifiable Data Breaches scheme. This means we will:

• Conduct an assessment of the suspected breach within 30 days.
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable if the breach is likely to result in serious harm.
• Take reasonable steps to contain the breach and reduce any resulting harm.

13. Third-Party Links

The Platform may contain links to third-party websites (including government websites such as My Aged Care and Services Australia). This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party websites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, applicable law, or other factors. We will notify you of material changes by posting the updated policy on the Platform with a revised effective date and, where practicable, through a notice on the Platform.

We encourage you to review this policy periodically to stay informed about how we protect your personal information.

15. Complaints

If you believe we have breached the APPs or mishandled your personal information, you may lodge a complaint with us by contacting our Privacy Officer through the Contact Us page on our website. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact our Privacy Officer through the Contact Us page on our website.

Entity: Ngigto Pty Ltd trading as ET Care
ABN: 35113033775
Website: etcare.com.au

17. Australian Privacy Principles Reference

The table below summarises where each Australian Privacy Principle is addressed in this Policy.