Privacy Policy

Effective from:
30 April 2026
Approved by:
Chief Executive Officer

At a glance

This policy outlines the information handling practices of Five Good Friends.

Scope

This policy applies to Members, Stakeholders, Helpers, Employees, Contractors, Associated Providers, and Directors.

Objective

The objective of this policy is to provide individuals a more complete understanding of the sort of information that Five Good Friends collects, holds and the way we handle that information.

Definitions

  • Personal Information – as defined by the Privacy Act 1988 is information or an opinion about an individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.
  • Sensitive Information – a subset of personal information as is defined as:
    • Information or opinion (that is also personal information) about an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices, or criminal record.
    • health information about an individual
    • genetic information
    • biometric information that is to be used for the purpose of automated biometric verification or biometric identification, and
    • biometric templates.

Policy Statement

Five Good Friends recognise the privilege you give us when you entrust us with your personal information.  We are committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. We use all reasonable efforts to protect the privacy of your personal information and to comply with the obligations imposed by the Privacy Act 1988 (Cth), the Australian Privacy Principles, state privacy and health records legislation, the Aged Care Act, the NDIS Act, the Aged Care Quality Standards, and the NDIS Practice Standards.

The type of information collected relates to the type of relationship you have with Five Good Friends (Member, Helper, Authorised Representative, Registered Supporter, Employee, Contractor, Associated Provider) and the primary purpose for which this information is required (provision of services, help in the home, service quality monitoring, training and improvement, technology, or engagement of other services).

When we collect, use, or disclose your personal information we will seek your consent, such as signing up to become a Member, registering to become a Helper, using our website, or when you speak Five Good Friends staff on the phone. The only times we may use or disclose your personal information without your consent is in an emergency, or when we are required to by law. If this happens, we will notify you unless we are prevented from doing so. We will never sell your personal information and when we send you marketing communications, we will include details of how to opt-out.

All our employees, Helpers and Associated Providers are bound by a Codes of Conduct to maintain the confidentiality of your personal information. We follow best practices to secure your personal information, such as requiring our employees to use a password manager along with a second factor of authentication. We use best practices to store your personal information, such as encrypting your data when it is transmitted and encrypting your data when it is stored at rest. We log access to our systems so we can verify that no unauthorised access has taken place. We store your personal information in controlled facilities located in Australia and the United States of America.

You can use our apps and website to access your personal information, and you can make a request to us to correct it. You can also make a request for us to erase your personal information and if allowed by law, we will honour your request.

You are encouraged to provide feedback about this policy or make a complaint if you become aware of a breach to this policy. We will notify you if we become aware of data breach that includes your personal information and what we have done to remediate it.

How we use and manage information

Collection

We collect personal information directly from you (or your nominated representative) when you sign up to become a Member, register to become a Helper, register to become an Associated Provider, or become an employee of Five Good Friends.  We also collect personal information about you when you use our apps, website, or speak with Five Good Friends staff on the phone.

With your consent we will sometimes collect personal information about you (including sensitive information such as health information and criminal records) from third parties such as nominated representatives, Registered Supporters, Members, Helpers, health professionals (e.g. allied health, GP), government agencies (e.g. My Aged Care, NDIS Quality and Safeguards Commission), law enforcement agencies (e.g. state police), product suppliers, and other service providers (e.g. tradespeople).

Typical examples of the types of personal information that we collect:

Role Information collected
If you are a Member
  • Full name and preferred name
  • Contact details (email, telephone)
  • Address
  • Date of birth
  • Government agency identifiers such as My Aged Care ID (only if you are being funded through the Commonwealth Government aged care funding)
  • Billing information such as bank account or credit card details
  • Sensitive information such as care plans, support plans, and other health or medical documents (only if you choose to provide this to us)
  • Other sensitive information you would like us to consider when matching you to Helpers (only if you choose to provide this to us)
  • Observations about you such as changes to your health from your Care Team, Helpers, nominated/authorised representatives and friends
  • Progress notes such as documenting changes to your care products and services and outcomes of conversations with your Care Team
If you are an Authorised Representative, Billing Recipient or Sharer
  • Full name and preferred name
  • Contact details (email, telephone)
  • Address (only if we are delivering care products to you on behalf of a Member or if you want hardcopy documents sent via the mail)
If you are a Helper
  • Full name and preferred name
  • Business name
  • Australian Business Number (ABN)
  • Contact details (email, telephone)
  • Address
  • Date of birth
  • Background checks such as National Police Check, NDIS Worker Screening Check, Working With Children Check, Blue Card (only if you are providing services which require these checks)
  • Right to work documentation (e.g. passport, birth certificate or Australian Citizenship paperwork)
  • Driver's licence and registration (only if you are providing driving and community access services)
  • Qualification checks such as proof of enrolment or proof of attainment (only if you are providing services that require these checks)
  • Bank account details
  • Immunisation information (history, any exemptions and other information), only if you disclose this information to us
  • Geolocation (only when using the FGF app)
If you are an Employee
  • Full name and preferred name
  • Contact details (email, telephone)
  • Address
  • Date of birth
  • Background checks such as National Police Check, NDIS Worker Screening Check, Working With Children Check, Blue Card (only if you are providing services which require these checks)
  • Right to work documentation (e.g. passport, birth certificate or Australian Citizenship paperwork)
  • Driver's licence (only if you are required to drive)
  • Qualification checks such as proof of enrolment or proof of attainment (only if you are providing services that require these checks)
  • Bank account details
  • Immunisation information (history, any exemptions and other information), only if you disclose this information to us
  • CV and reference checks
  • Geolocation (only when using Team Safe)
  • Medical information relevant to their role
  • Emergency contact
If you are a Registered Associated Provider or Approved Contractor
  • Business name
  • Australian Business Number (ABN)
  • Contact details (email, telephone)
  • Address
  • Background checks or registry equivalent (if you will be providing services to our Members)
  • Financial and compliance information such as relevant insurance policies held (if you will be providing services to our Members)
If you use our apps or website
  • IP Address
  • User Agent
  • Cookies
  • Pages/screens visited and the date and time they were visited
  • Referring website addresses
If you read our marketing emails
  • Date and time they were read

We will not collect any other personal information from you or about you, unless you consent to the collection of this personal information.

Use and disclosure

We use your personal information to:

  • Provide you with care management, products and services if you are a Member (or a nominated representative).
  • Allow you to provide care products and services to our Members if you are a Helper or Registered Associated Provider.
  • Assist you with your queries, feedback, complaints, or troubleshooting devices you have connected to us.
  • Comply with legal or regulatory obligations imposed on us.
  • To improve our products and services, conduct internal audits, training and improvement, compile internal performance reports, and monitor our marketing campaigns.

If you are receiving products or services we disclose your personal information to Helpers and Registered Associated Providers when you consent to receive products or services from them. We only disclose the personal information required to fulfil this product or service. All Helpers and Associated Providers are vetted, verified, and bound to respect the privacy of your personal information.

If you are a Member receiving services, these are typical examples of the types of personal information we disclose:

Who information is disclosed to Types of information disclosed
Helper (care services) Full name, address, contact details, Help Plan (including relevant medical history)
Health professional (health services) Full name, contact details, address, date of birth, Help Plan (including relevant medical history and medical documents), progress notes
Product supplier (products) Full name, contact details, address
Service provider (services) Full name, contact details, address
Authorised Representative / Registered Supporter Full name, address, contact details, Help Plan (including relevant medical history), schedule
Billing Recipient Financial statements and transactions
Sharers Full name, schedule

If you are a Helper providing services, these are typical examples of the types of personal information we disclose:

Member Full name, contact details, background checks, immunisation information for matching with Members
Authorised Representative / Registered Supporter Full name, contact details, background checks, immunisation information for matching with Members
Billing Recipient Full name as it pulls out onto the monthly statement and transaction history

Transcription of recordings

Five Good Friends may transcribe call recordings in order to:

  • Create structured care notes
  • Document conversations relevant to care delivery
  • Support service continuity
  • Assist with incident reporting or complaint investigation

Overseas disclosure

We will not disclose your personal information to people outside of Australia unless you provide consent. An example of when we could disclose your information to someone outside of Australia is if you have a family member who resides overseas and you would like them to be nominated as a Sharer or Authorised Representative. If consent is given for disclosure and the overseas recipient handles the information in breach of the Australian Privacy Principles, Five Good Friends will not be held accountable under the Privacy Act and the person who gave consent for the disclosure will not be able to seek redress under the Privacy Act.

Additional information - disclosure

If you are a Helper we disclose your personal information to Members, their nominated representatives and other Helpers matched to the same Member as you when you consent to be matched to a Member. We only disclose your full name, contact details, the types of background checks that you have, and immunisation history to meet matching criteria. This is so the Member and the other Helpers matched to the Member can liaise directly with you about the services you are providing. Members and other Helpers are bound to respect the privacy of your personal information.

We do not use or disclose your personal information for any other purposes unless you have consented to the use or disclosure; or we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to your life, health or safety, or a serious threat to public health or public safety; or the use or disclosure is otherwise required or authorised by law. We will notify you when this happens unless we are prevented from doing so.

We do not sell, rent, or lease your personal information. We may, from time to time, contact you on behalf of an external business partner about a particular offering that may be of interest to you. In those cases we never give your personal information to the business partner and we provide you with details on how to opt-out of future offerings.

Access and correction

In most cases you can gain access to your personal information held by us, including your health and medical information. You can use our apps or website to access some of your information or you can make a request to access all of your personal information (see Making a request).

We will take reasonable steps to amend or correct your personal information to keep it accurate and up-to-date. You can make a request to correct your personal information (see Making a request).

Erasure

Five Good Friends will destroy personal information when it meets its legislative requirements.  Where a complaint is made, legal proceedings are anticipated, or a regulatory investigation occurs, the personal information may be held under a litigation hold and will not be destroyed until formally authorised.

You can make a request to have the personal information that we hold about you erased from our systems.  However, if that information is required for legislative requirements, we may not be able to meet your request.

After we have erased your personal information from our systems it may still exist in backups until they are destroyed. If you request and are granted erasure, we will no longer be able to provide you with care management, products or services, or allow you to provide care products or services to our Members.

If we receive personal information that we have not solicited and we could not have obtained the information by lawful means, we will erase the information for you. We will take reasonable efforts to notify you if we do this.

Security and storage

We secure your personal information to ensure it is protected from loss, unauthorised access, modification, or disclosure.

Your personal information is encrypted via Transport Layer Security (TLS) when it is transmitted from our servers to your app or browser and when your data is transmitted between our systems.  Your personal information is stored in secure facilities operated by providers located in Australia and the United States of America, that maintain industry-recognised security certifications, including SOC 2 Type II, ISO security standards, and GDPR-aligned privacy protections.

Our employees and contractors are bound by a Code of Conduct to maintain the confidentiality of your personal information. Our employees follow best practices such as using a password manager with a second factor of authentication (when available) to gain access to the systems they are authorised to use. We can remotely revoke an employee’s access to our systems if their devices become lost, stolen, or compromised. All the contents of our employee’s devices are encrypted and their devices require a passcode to access.

Helpers and Associated Providers are bound by a Brokerage Agreement to maintain the confidentiality of your personal information. We can remotely revoke a Helper’s access to our systems if their device becomes lost, stolen, or compromised. Helpers configure their devices so they require a passcode to access. Associated Providers do not use our systems.

We log the last 30 days of access to our systems by user (or IP address) so we can verify that no unauthorised access has happened.

Access to recordings and transcripts is restricted to personnel who require access for legitimate purposes.  Access is logged and subject to audit.  Unauthorised access is a breach of the Five Good Friends Code of Conduct.

Apps, websites and cookies

We use cookies in our apps and websites to keep you logged in after you have logged in with your credentials. We also use cookies in our websites to monitor our marketing campaigns. Some of these cookies are ours and some of these cookies are installed by third party subprocessors. Our agreements with these subprocessors ensure this information is only used to carry out functions on our behalf and the confidentiality of your personal information is maintained.

Most browsers are pre-set to accept cookies to enable full use of websites that employ them. However, if you do not wish to receive any cookies on your browser you may configure your browser to reject them or receive a warning when cookies are being used. This will mean you will not be able to log into your account. You will still be able to access information-only pages.

Emails and tracking pixels

We use tracking pixels in our marketing emails to monitor our marketing campaigns. We do not use tracking pixels in any other emails.

Most email clients are pre-set to load images. However, if you do not wish to be tracked you may configure your email client to deny images or prompt you to load images at your discretion. This will mean you may not be able to see any images we send you. You will still be able to see text content.

Use of AI or automated transcription tools

Where automated transcription technologies are used in accordance with Five Good Friends Artificial Intelligence Policy:

  • They are approved by Five Good Friends technology governance.
  • Vendors meet security and privacy requirements.
  • Data will not be used to train external AI systems without appropriate approval.
  • Data will only be processed for Five Good Friends service purposes.

Making a request

You can make a request about the personal information we hold about you by completing our complaints and feedback form, or calling us on 1300 787 581.

If you are deaf or have a hearing or speech impairment, contact us through the National Relay Service:

If you do not speak English, or English if your second language, and you need assistance to communicate with us, call 131 450 then ask for 1300 787 581.

For security reasons, we will require you to provide proof of your identity and the legal authority to which you can request the information if you are not the person the information relates to (e.g. Enduring Power of Attorney, Guardianship Order, Letters of Administration).  This is necessary to ensure that personal information is provided only to the correct individual and that the privacy of others is not undermined.

We will take all reasonable steps to provide access or the information requested within 30 days of your request.  In situations where the request is complicated or requires access to a large volume of information, we will take all reasonable steps to provide access to the information requested within 45 days.

Further detail regarding how requests are handled is outlined in our Privacy Workflow.

Privacy feedback or complaints

You are encouraged to provide feedback about this policy or make a complaint if you know of a breach to this policy by completing our complaints and feedback form, or calling us on 1300 787 581. We will promptly investigate your feedback or complaint and notify you of the outcome.

If you are not satisfied with the response provided by us, you may refer your complaint directly to one of the agencies below:

Office of the Australian Information Commissioner
Mail Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Website https://www.oaic.gov.au/privacy/privacy-complaints
Phone 1300 363 992
Aged Care Quality and Safety Commission
Website https://www.agedcarequality.gov.au/making-complaint
Phone 1800 550 552
NDIS Quality and Safeguards Commission
Website https://www.ndiscommission.gov.au/about/complaints
Phone 1800 035 544

Changes to this policy

From time to time, it may be necessary for us to review our Privacy Policy and the information contained in this policy.  A current version of this Policy is always available on our website.

References and Related Documents

Five Good Friends

External

  • Privacy Act 1988 (Cth)
  • State privacy and health records legislation
  • Aged Care Act 2024 (Cth)
  • NDIS Act 2013 (Cth)
  • NDIS Practice Standards
  • Aged Care Quality Standards

TABLE OF CONTENTS

Close X Icon

Let’s get you the right support.
What do you need?

Support for myself
Arrow Right Icon  
Support for someone else
Arrow Right Icon