Skip to main content
  • 21-23 Aristoc Rd, Glen Waverley VIC 3150
  • Staffing · Software · Training
Ozler Care

Privacy Policy

Effective 1 May 2026 · Supersedes prior version of 1 March 2026 · Version 2.0

1. Introduction and Scope

This Privacy Policy ("Policy") describes how Ozler Tech Pty Ltd (ABN Pending), trading as Ozler Care Solutions ("Ozler," "we," "our," or "us"), collects, holds, uses, discloses, and otherwise handles personal information in connection with its products and services, including Skill2Care, OzlerShield, OzlerReady, OzlerSIRS, OzlerPolicy, OzlerPass, and any related platforms, applications, or websites (collectively, the "Services").

This Policy applies to all individuals whose personal information we process, including:

  • Care workers, support workers, and allied health professionals ("Workers");
  • Owners, directors, managers, and administrators of aged care and NDIS providers ("Provider Personnel");
  • Participants, residents, and consumers receiving care ("Care Recipients");
  • Visitors, event attendees, and sales enquiries ("Prospects");
  • Employees, contractors, and agents of Ozler ("Our Staff").

We are bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with state and territory health records legislation, the My Health Records Act 2012 (Cth), the NDIS Act 2013 (Cth), the Aged Care Act 1997 (Cth), and the Aged Care Quality and Safety Commission Act 2018 (Cth).

2. Definitions

"Personal Information" has the meaning given in section 6 of the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable.

"Sensitive Information" has the meaning given in section 6 of the Privacy Act and includes health information, biometric information, criminal record information, and racial or ethnic origin. We treat Worker Screening Check outcomes and incident reports involving Care Recipients as Sensitive Information.

"Health Information" has the meaning given in section 6 of the Privacy Act and includes information about an individual's health, disability, or health service provision. Progress notes and SIRS incident reports containing health details are Health Information.

3. Information We Collect

3.1 Worker Information

Through Skill2Care, OzlerShield, and OzlerPass, we collect and process the following categories of Worker information:

  • Identity information: full name, date of birth, photograph, and unique identifiers;
  • Contact information: email address, phone number, and residential address;
  • Employment information: employer name, role, work location, employment status, and employment history;
  • Credential and screening information: NDIS Worker Screening Check number, status, and expiry date; Working With Children Check; National Police Check results; professional registration numbers (AHPRA); First Aid certification details; visa status and work rights;
  • Training records: Skill2Care module enrolments, completion status, assessment results, digital certificates, RN-signed practical sign-offs, and continuing professional development history;
  • OzlerPass profile data: aggregated verified credential records, sharing history (which employers were granted access, when), and QR code generation logs;

3.2 Provider and Organisation Information

  • Business details: entity name, ABN/ACN, registration numbers, business address, and service categories;
  • Personnel details: name, role, email, phone number, and system access permissions;
  • Billing information: bank account or credit card details (processed by our PCI-DSS compliant payment processor; we do not store full payment card numbers);
  • Compliance data: policy documents uploaded to OzlerPolicy, audit evidence packs, gap analysis results, and registration pathway information;
  • Incident data: SIRS incident reports including incident descriptions, classification decisions, investigation records, corrective action plans, and timestamps.

3.3 Care Recipient Information

We minimise collection of Care Recipient personal information. The following may be incidentally collected: first name or initials (in incident reports and progress notes); health or disability information (in incident reports and investigation records); descriptions of incidents, behaviours, or events. We do not collect Care Recipient financial information, Medicare numbers, or full addresses.

3.4 Website and Technical Information

  • Device and browser information, IP address, and approximate geolocation;
  • Pages visited, features used, session duration, and click patterns;
  • Cookies and similar tracking technologies (see Section 12);
  • Information submitted through contact forms, demo booking requests, and live chat.

3.5 Information from Third Parties

We may receive information from:

  • Government screening databases: verification of Worker Screening Check status;
  • Registered Training Organisations (RTOs): confirmation of qualification completions;
  • Employers: Worker credential submissions and employment verification;
  • Referral partners: contact details of prospective Provider customers.

4. How We Collect Information

We collect personal information:

  • Directly from individuals: when Workers create OzlerPass profiles, when Provider Personnel register accounts, when individuals submit contact forms or attend demos;
  • From employers: when Provider Personnel upload Worker credential data into OzlerShield;
  • Through automated means: when individuals use the Services (usage analytics, application telemetry);
  • From third-party sources: government screening databases, RTOs, and referral partners.

Where it is reasonable and practicable to do so, we collect personal information directly from the individual to whom it relates.

5. Purposes of Collection, Use, and Disclosure

5.1 Primary Purposes

  • Providing the Services: processing credential verifications, generating expiry alerts, facilitating incident reporting, generating policy documents, delivering training modules, enabling credential sharing, and generating compliance assessments;
  • Account management: creating and managing user accounts, authenticating access, and processing billing;
  • Compliance support: generating audit evidence packs, gap analysis reports, and registration pathway guidance;
  • Communications: sending system notifications, expiry alerts, training reminders, and service-related announcements.

5.2 Secondary Purposes

  • Product improvement: analysing de-identified and aggregated usage data;
  • Security: detecting, preventing, and responding to security incidents;
  • Legal compliance: meeting obligations under the Privacy Act, NDIS Act, Aged Care Act, and other applicable legislation;
  • Marketing: with consent, sending information about new products and features.

5.3 AI and Automated Processing

Certain features of the Services use artificial intelligence and machine learning:

  • OzlerSIRS AI Triage: analyses structured incident data to suggest a classification (Priority 1, Priority 2, or non-reportable). The AI output is a recommendation only and is never applied without explicit human review and approval. We do not use Care Recipient personal information to train general-purpose AI models.
  • OzlerPolicy AI Update Engine: analyses regulatory text to identify affected policies and draft revisions. All drafts require human review before publication.
  • OzlerReady AI Gap Analysis: analyses a Provider's policy and evidence documentation against the Strengthened Quality Standards to identify compliance gaps. All assessments require human review by qualified compliance personnel.
  • OzlerShield AI Credential-Drift Detection: analyses workforce credential patterns to predict compliance risks and identify expiry clusters. Risk indicators are based on Customer-entered data and require independent verification.

You have the right to request human review of any automated decision that materially affects you.

6. Disclosure of Personal Information

6.1 Categories of Recipients

We may disclose personal information to:

  • Employers and Provider Personnel: Worker credential status, training completions, and compliance data are disclosed to the employing Provider through OzlerShield. Workers control sharing of OzlerPass profiles.
  • Approved Quality Auditors: where a Provider uses OzlerReady to generate an evidence pack, the Provider chooses to share that pack with their auditor.
  • Sub-processors and service providers: hosting (Microsoft Azure, Australia East region), email delivery, payment processing, analytics, and customer support. All sub-processors are bound by Data Processing Agreements.
  • Registered Training Organisations: where a Worker enrols in an RTO-delivered module through Skill2Care, the RTO receives the Worker's name, contact details, and enrolment information necessary to deliver the accredited training.
  • Professional advisors: lawyers, accountants, auditors, and insurers, to the extent necessary.
  • Law enforcement and regulators: where required or authorised by law, including the NDIS Quality and Safeguards Commission, the Aged Care Quality and Safety Commission, state worker screening units, the OAIC, or law enforcement.

6.2 No Sale of Personal Information

We do not sell, rent, lease, or trade personal information to any third party. This is an absolute commitment without exception.

6.3 Cross-Border Disclosure

All primary data storage occurs within Australia (Azure Australia East). We do not transfer personal information outside Australia except where a sub-processor operates support infrastructure in other jurisdictions (with contractual protections equivalent to the APPs), where required by Australian law, or where the individual has consented after being informed that APP 8.1 will not apply.

7. Data Retention

We retain personal information only for as long as necessary. Our specific retention periods are:

Data CategoryRetention Period
Worker credential recordsDuration of active use plus 7 years after last activity
SIRS incident reports7 years from the date of the incident, or longer if required by law or ongoing investigation
Training records (Skill2Care)Duration of active use plus 7 years, consistent with RTO record-keeping requirements under the Standards for RTOs 2015
Policy documents (OzlerPolicy)Duration of active subscription plus 30 days for data export
Billing and payment records7 years as required by the Income Tax Assessment Act 1997 (Cth)
Website analytics and cookies26 months from collection
Contact form submissions2 years from submission, or until the enquiry is resolved, whichever is later
Legacy data (retired Services)Data created under retired Services is retained per the policy in effect at time of creation; contact the Privacy Officer for destruction requests

Upon expiry of the applicable retention period, personal information is securely destroyed or irreversibly de-identified in accordance with our Data Destruction Policy.

8. Your Rights

8.1 Access

You may request access to personal information we hold about you (APP 12). We will respond within 30 days.

8.2 Correction

You may request correction of inaccurate, out of date, incomplete, or misleading personal information (APP 13). We will respond within 30 days.

8.3 Deletion

You may request deletion of your personal information. We will comply unless retention is required by law or for an ongoing proceeding.

8.4 Portability

Workers may export their OzlerPass profile data in JSON or CSV format at any time. Providers may export all data through the self-service export function.

8.5 Withdrawal of Consent

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect prior lawful processing. Use the unsubscribe link or contact privacy@ozlercare.com.au.

8.6 Complaints

Complaints may be lodged with our Privacy Officer at privacy@ozlercare.com.au. We will acknowledge within 5 business days and respond substantively within 30 days. If unsatisfied, you may escalate to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.

9. Data Security

We implement technical and organisational measures to protect personal information, including: all data hosted on Microsoft Azure (Australia East); AES-256 encryption at rest; TLS 1.2+ in transit; role-based access control with MFA; web application firewall; regular penetration testing; employee background checks and confidentiality agreements; 24/7 security monitoring. For detailed security measures, refer to our Security Policy.

10. Notifiable Data Breaches

In the event of an Eligible Data Breach (Part IIIC, Privacy Act), we will assess within 30 days, notify the OAIC and affected individuals as required, provide breach description and recommended steps, notify affected Providers within 24 hours to enable their own notifications, and take steps to contain the breach and mitigate harm.

11. Provider Responsibilities

Where a Provider uses the Services, the Provider is responsible for:

  • Providing appropriate privacy notices to Workers and Care Recipients before uploading their information;
  • Obtaining any necessary consents required by the Privacy Act 1988 (Cth) and any applicable State or Territory privacy law from Workers and care recipients;
  • Ensuring the accuracy and currency of information uploaded;
  • Configuring data retention settings in accordance with their regulatory obligations;
  • Responding to access and correction requests from Workers and Care Recipients;
  • Complying with the APPs and any applicable health records legislation.

12. Cookies and Tracking Technologies

Our website uses:

  • Strictly necessary cookies: required for functionality, authentication, and security. Cannot be disabled.
  • Analytics cookies: privacy-focused analytics. No personal information transmitted to third parties.
  • Preference cookies: to remember your settings.

We do not use third-party advertising cookies, cross-site tracking, behavioural advertising, or profiling for marketing purposes.

13. Children's Privacy

The Services are not directed at individuals under 18. We do not knowingly collect personal information from children. Where a Care Recipient is a child, we rely on the Provider and the child's parent or guardian.

14. Changes to This Policy

We may update this Policy from time to time. We will publish the updated Policy with a revised effective date, notify registered users by email at least 14 days before material changes take effect, and seek fresh consent where a change materially expands purposes.

15. Contact

For all privacy-related enquiries, requests, or complaints:

Privacy Officer: privacy@ozlercare.com.au
Postal: Privacy Officer, Ozler Care Solutions, Melbourne VIC, Australia
Phone: 1300 OZ CARE

For complaints to the regulator:

OAIC: www.oaic.gov.au | 1300 363 992
NDIS Commission: www.ndiscommission.gov.au | 1800 035 544