Skip to main content
Back to home

Privacy Policy

How we look after your information

Myxa Pty Ltd (ABN 81 644 338 125) handles personal and sensitive information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). This policy explains what we collect, why, and your rights.

Last updated: 4 May 2026

1. Who we are

In this Privacy Policy, “we”, “us” and “our” mean Myxa Pty Ltd (ABN 81 644 338 125), a registered NDIS provider operating in Victoria, Australia. Myxa is bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the NDIS Code of Conduct, and the NDIS Practice Standards.

2. Personal information we collect

We collect personal information directly from you (for example, when you submit a referral form or contact us) and sometimes from a third party with your consent (for example, a support coordinator referring on your behalf). The kinds of personal information we may collect include:

  • Your name, contact details and address
  • Your date of birth, age, and gender or pronouns
  • Cultural background and language preferences
  • NDIS participant details, including NDIS number, plan dates, plan management, and support coordinator contact
  • Information about the services you have enquired about, and our communications with you
  • Technical information about your visit to this website (browser, operating system, device type) collected through standard server logs

3. Sensitive information

Sensitive information has stronger protections under the Australian Privacy Principles. For NDIS service intake we may collect sensitive information such as:

  • Disability and health information
  • Mental health and psychosocial information, including diagnoses
  • Behaviours of concern and behaviour support history
  • Medication, allied health reports, and clinical information
  • Court orders, restrictive practice authorisations, and forensic history (where relevant to a behaviour support referral)
  • Aboriginal or Torres Strait Islander status

We only collect, use and disclose sensitive information with your consent (or the consent of the participant’s authorised representative), or where the law allows or requires us to.

4. How we use personal information

We use the personal information you give us to:

  • Assess and respond to a referral or service enquiry
  • Provide NDIS supports and coordinate care
  • Match participants with appropriate housemates, homes, and support workers
  • Communicate with NDIS participants, families, support coordinators, plan managers, and allied-health practitioners
  • Meet our obligations under the NDIS Practice Standards (including record-keeping for the minimum period required by NDIS rules)
  • Address complaints, feedback, and incidents, including Reportable Incidents under the NDIS (Incident Management and Reportable Incidents) Rules 2018
  • Comply with legal and regulatory obligations

5. Disclosure of personal information

We may disclose personal information to:

  • Our staff, contractors, and clinical supervisors, on a need-to-know basis
  • The National Disability Insurance Agency (NDIA), the NDIS Quality and Safeguards Commission, and other regulators where required or authorised by law
  • Allied-health practitioners, plan managers, support coordinators, and other service providers in the participant’s circle of support, with consent
  • IT and infrastructure providers we use to operate this website and our communications (see “Overseas disclosure” below)
  • Law enforcement, emergency services, courts and tribunals, where the law allows or requires it, or where we reasonably believe there is a serious risk to the life, health or safety of a person
  • Anyone you have authorised us to share information with

6. Overseas disclosure

Some of the providers we use are located overseas. As at the date of this policy, the relevant providers and locations are:

  • Vercel Inc.(United States) — hosting of this website
  • Sanity.io(United States and the European Union) — content management for this website’s text and images
  • Resend(United States) — transactional email delivery for referral form submissions

Where we send personal information to these providers, we take reasonable steps to ensure they handle it consistently with the Australian Privacy Principles.

7. Cookies and analytics

We use cookies and similar technologies on this website. They fall into two categories:

  • Strictly necessarycookies that the site needs to operate — for example, your cookie-preference choice and the session cookies used by the embedded content-management studio when staff log in. These are always on; they do not need consent under Australian or EU rules.
  • Analytics & advertisingcookies that help us understand how visitors use the site and measure the effectiveness of our Google Ads campaigns. These are on by default. You can opt out at any time via the “Manage” option in the cookie banner that appears on your first visit, or by clicking the “Cookie preferences” link in the site footer.

The third-party services we use in the analytics & advertising category are:

  • Google Analytics 4— aggregated site-usage statistics (pages viewed, traffic sources, device types).
  • Google Ads— conversion measurement and remarketing audiences for our advertising campaigns.
  • Microsoft Clarity— anonymised heatmaps and session replays so we can see which pages work for visitors and where the experience breaks down. Form fields are masked so we never receive the contents of anything you type into a form.

We use Google’s Consent Mode v2: when you opt out, the services above receive a “denied” signal that blocks the use of cookies and personal identifiers. Our provider relationships with Google and Microsoft are governed by their respective data-processing terms.

8. Storage and security

We take reasonable steps to keep your personal information secure. This includes physical, electronic, and managerial safeguards. We hold personal information in line with NDIS record-keeping rules (a minimum of seven years from the end of the service relationship for participant records). We retain referral form submissions in our intake inbox for as long as needed to assess and respond to the referral, then archive them in line with our retention schedule.

No transmission over the internet is completely secure. While we take reasonable steps to protect your information in transit and at rest, we cannot guarantee absolute security.

9. Your rights under the Australian Privacy Principles

Access

You may request access to the personal information we hold about you. We will respond within a reasonable time. In some circumstances permitted by law, we may be unable to provide access (for example, where doing so would unreasonably affect the privacy of others). We will explain our reasons in writing.

Correction

If you believe the information we hold is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us and we will take reasonable steps to correct it.

Withdrawing consent

You may withdraw your consent to certain uses of your personal information at any time. Note that withdrawing consent may affect our ability to deliver services.

Anonymity and pseudonyms

Where it is lawful and practicable, you can deal with us anonymously or under a pseudonym. For NDIS service delivery this is generally not practicable.

10. Complaints and feedback

If something isn’t right we want to hear about it. You can raise a complaint with Myxa directly — or, for NDIS-related concerns, you can go straight to the regulator. Either way, your supports won’t be affected because you made a complaint (this is protected by the NDIS Code of Conduct).

Talking to Myxa first

Email info@myxa.com.au, call 1300 006 992, or speak with any Myxa staff member, House Supervisor, or coordinator. We acknowledge complaints within one business day and aim to respond in writing within 21 days. We can also arrange TIS National interpreting (131 450) at no cost to you.

Going directly to the regulator

You don’t need to come to Myxa first. You can contact:

Myxa also complies with the NDIS (Incident Management and Reportable Incidents) Rules 2018. Some incidents must be reported to the NDIS Commission within set timeframes regardless of whether a complaint is made.

11. Changes to this policy

We may update this Privacy Policy from time to time. The version shown at the top of the page is the current version. We encourage you to review it periodically.

12. Contact us

For questions about this Privacy Policy, or to exercise your rights, please contact:

Privacy Officer — Myxa Pty Ltd
Email: info@myxa.com.au
Phone: 1300 006 992
Address: Suite 13, 162 Whitehorse Road, Blackburn VIC 3130
ABN: 81 644 338 125

Need help?

Our team can answer questions or take it offline.

Contact us
Myxa