top of page

Privacy Policy Statement

Privacy Policy Statement

This Privacy Policy applies to all aspects of First2Care business, and all client information, including Sensitive Information and Personal Information. Through First2Care’s website, apps, portals, documents and any other form of communication or agreement, there will be the collection of personal information that relates to clients and any individual who accesses these resources. Unless you notify us otherwise, we will assume that you have consented to the collection of any provided information in accordance with this Privacy Policy and its amendments. We take this responsibility very seriously and address our methods of collecting, using, protecting and storing your Personal Information in this Privacy Policy.

The policies and legislations used in the creation of this Privacy Policy include those outlined in the Privacy Act 1988 (Privacy Act), specifically the Australian Privacy Principles.

Click here to peruse the Terms and Conditions governing access to the First2Care System. We are committed to protecting your privacy as an individual accessing First2Care’s services or resources, and maintaining confidentiality of your Personal Information.

Defined Terms


Client: In this Privacy Policy, you are the Client. This could refer to you as an NDIS Participant, or as the NDIA appointed nominee, parent or legal or public guardian of a Participant, or somebody else who is appointed to assist a Participant with accessing First2Care’s services.

First2Care: First2Care is the trading name of Support Management Solutions Pty Ltd (ABN 24 601 046 155). First2Care is an NDIS Plan Management provider, committed to supporting Participants by delivering supports outlined in NDIS Plans, and taking the stress away from NDIS spending and funding, so you can do the things you love.

Participant: A Participant is a person living with a disability who meets the access requirements to have an individualised Plan with the NDIS which identifies and implements the reasonable and necessary services and supports they need to help them achieve their goals and aspirations.

Personal Information: Personal Information can include any information, images or opinions, whether true or not, about an individual whose identity can reasonably be ascertained.

Plan: The Plan is the written agreement between the NDIS and its Participants, which details the Participant’s needs, goals, and sets a budget for a fixed period of time.

Sensitive Information: Sensitive Information can include information or opinion regarding an individual’s ethnicity, political views, religious beliefs or affiliations, philosophical beliefs, members of a trade union, sexuality or criminal history.

Service Agreement: The Service Agreement is a contract between you and First2Care, in which you agree to a set of responsibilities expected from our service delivery. The Service Agreement also ensures mutual understanding of policies, procedures, rights and responsibilities.

Welcome Guide: The Welcome Guide is a collection of information which will help you understand the details of what to expect from First2Care, what First2Care expects from you, as well as helpful tips and advice on how to keep track of your funding. The Welcome Guide is for you to keep and refer to when you’re unsure of how to access resources, how to use the MyPlan app, or who to contact for different supports, services and advice.

What Personal Information do we collect?

When you visit First2Care’s website or apps, our web measurement tool and internet service providers record anonymous information for statistical purposes. This information includes:

  • The type of browser, computer or phone platform, and screen resolution you are using

  • Your traffic patterns on our website

  • The date and time of your visit to our website

  • The pages you accessed and documents downloaded within our website

  • The previous page you visited prior to accessing our website

  • The Internet address of the server accessing our site

  • Which activities you actioned whilst accessing the RCE


We collect other forms of Personal Information from you through a variety of methods, including when you interact with us via telephone, in person, or through electronic means.

We do not knowingly collect Personal Information from anyone younger than 13 years of age.

Please note that if you are under the age of 18, you are by law subject to a guardianship either in favour of your parents or in favour of some persons through legal means (under the QLD Guardianship and Administration Act 2000).

How we collect Personal Information?

By using our website, apps, documents and any services provided by us, you consent to us collecting Personal Information concerning you, and you specifically consent to us collecting Sensitive Information about you as defined under the Australian Privacy Principles as well as the Defined Terms section of this Privacy Policy.

You acknowledge that you may be required to provide certain Personal Information, which may be utilised and accessed by Managers/Nominees/Owners/Existing Staff in the course of their normal employment.

Our apps and services may require different access permissions on your device. These are required to guarantee certain functionality of our apps and services. For example, if you wish to create a profile picture from within an app or website, we may require access to either your camera or photo album. Another example is push notifications, in which we can use an interface to display a message directly on your device.

The access permissions on your device are dependent on the device’s operating system, such as Android or iOS, and the store where the app was downloaded such as Google Play Store or Apple App Store. You will generally receive information for which access permissions are required by our apps prior to installation. Depending on your device’s operating system, you may be able to access, restrict or review the access permissions of our apps at any time after installation.

We also record all telephone communications that occur through our client and provider support line at 1300 322 273. This is legal in our operating state of Queensland and is governed through the Invasion of Privacy Act 1971 All voice recordings are stored securely in controlled software storage, only accessible to relevant First2Care staff. 

How do we use Personal Information?


We use your Personal Information to contact you in regards to multiple aspects of our service delivery including updates and amendments to our documents and policies, to provide you with information about your NDIS funding and spending, as well as any other communications we provide to you.

We reserve the right to carry out personalised campaigns using the Personal Information that you have permitted for social networks to share with third parties. In this regard, we shall refer to the privacy policies of the social networks in question.

We gather, process and use Personal Information only with your consent, unless already permitted by legal statutes. If consent is given electronically within the context of our online offerings, we shall fulfill our legal obligation to give you proper notification of this.

Any telephone communications that are recorded are only used for a select few reasons, such as

 - If we believe fraudulent actions are being taken by a party relevant to you, and your conversation may be used as evidence for the NDIA.

 - If we need to augment our case notes to manage conflicts or record your preferences

 - To need to provide training to our staff and to ensure quality assurance across our company.

 - If you are unable to electronically sign a form or document, such as our service agreement or consent to share budgets form, you may give verbal consent over the phone.

Who do we disclose Personal Information to?


We always request confirmation from Participants/Nominee/Guardian in the circumstance where somebody is asking for their Personal Information, and we do not yet have consent to share with the said individual/organisation. If you, as our client, would like an individual other than yourself or your Nominee/Guardian to access your Personal Information, you can do so by providing this information as part of your Service Agreement, or by requesting and completing a permission form. Alternatively, you can call us on 1300 322 273 and provide details including verbal consent to share Personal Information.

We will not share your Personal Information to unauthorised third parties except for medical emergencies, or where required under the law. For example, a law enforcement agency may exercise a warrant to inspect our service providers’ logs. We may use Personal Information to conduct statistical and performance analyses or to prosecute against unauthorised access to our website. Despite this, Personal Information remains anonymous and confidential whenever possible. Access to Personal Information is provided to authorised staff for legitimate business purposes only. Information is treated in the strictest of confidence and is not disclosed unless for legitimate or legally permissible purposes.

How can you update Personal Information?


If you feel as though any Personal Information that First2Care holds about you is inaccurate, incomplete, misleading or no longer up to date, please advise us so we can update or amend your Personal Information. You can contact us with this information at or on 1300 322 273. We may need to verify your identity upon request of Personal Information.

How do we store Personal Information securely?


Electronic records are stored securely with backup and disaster recovery systems in place. The greatest level of care is taken for the protection of Personal Information.

All computers and programs have password protection and two-factor authentication. We use the First2Care MyPlan Platform solution and its associated websites for the capture and storage of specific information and records.

In compliance with state and Commonwealth legislation, we maintain the physical privacy of Personal Information. When information is no longer needed for the purposes for which it was obtained, we take reasonable steps to destroy or permanently de-identify it.



We retain the right to use technology that enables users who have already visited our online services and shown in our services to see targeted communications from us. This may include, by way of example: Google’s remarketing technology; conversion tracking service of Twitter; and Facebook SDK and any other social media services that we may select from time to time. These communications will be displayed using cookies.

Cookies are text files containing small amounts of information which is downloaded to your secondary memory such as your hard drive, SD card, or to your browser’s memory when you visit one of our sites. Cookies are useful because they help arrange the content and layout of our sites and allow us to recognise computers or other devices that have been to our sites before. Cookies do many different jobs, such as allowing our websites to remember your preference settings and helping us to enhance the usability and performance of our websites and your experience using them.

The types of cookie that may be used on our sites can be put into 1 of 4 categories: Strictly Necessary, Performance, Functionality and Profile, and Advertising.

Strictly Necessary: These cookies are essential, as they enable you to move around our sites and use their features, particularly in connection with information searches and order placement. Without these cookies, services you have asked for may not be able to be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

Performance: These cookies collect information about how you use our sites, for example which pages you go to most often and if you get any error messages from certain pages. These cookies collect only anonymous information that is used to improve how our sites work. These cookies are not used to target you with online advertising. Without these cookies we cannot learn how our sites are performing and make relevant improvements that could better your browsing experience. Examples of performance cookies that our sites use include Google Analytics.

Functionality and Profile: These cookies allow our sites to store information that you provide such as your site language preferences and to store technical information useful for your interactions with our sites.They also ensure that your experience using the sites and our marketing efforts are relevant to you. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track your browsing activity on other websites.

Without these cookies, a website cannot remember choices you have previously made or personalise your browsing experience. For example, we use a cookie to store your language preferences, which allows us to present you with product search results in the correct language, and we use a cookie to store your choice about the appearance of the cookie information banner when you subsequently visit the same site where you made your choice about the banner and any other of our sites with the same domain or the same top level domain.

Advertising: These cookies may be used to deliver marketing material that are more relevant to you and your interests. They may also be used to limit the times you see an advertisement as well as help to measure the effectiveness of the advertising campaign. Although these cookies may track your visits to other websites, they do not usually know who you are. Without these cookies, online advertisements you encounter will be less relevant to you and your interests.

You have the ability to accept or decline cookies. Most internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our websites and apps.

Third Party Websites


First2Care’s website, applications and documents may contain links to third party websites. First2Care does not endorse or recommend any of these third party websites or the goods and services provided on those websites. First2Care is not at all responsible for the condition, information, privacy or security practices on those websites and First2Care does not maintain control over those websites. First2Care makes no judgements or demonstration of the accuracy of any content included on those websites and is not responsible for any loss as a direct or indirect result of you using or accessing those websites.



First2Care may use your information to offer you products or services we believe may be of interest to you. You can notify us at any time if you no longer wish to receive marketing communications from us. Our contact details are set out in the How to Contact Us Section of this Privacy Policy. We do not sell Personal or Sensitive information to other organisations.



First2Care may on occasion contact individuals via their provided email address. These emails are sent to individuals who have subscribed via our online forms, or have used our services in most capacities. If you no longer wish to receive these emails, you may unsubscribe via the link on an email from us. We will collect and handle your personal information in accordance with the Privacy Act 1988 (Cth). Our internet service provider may monitor email traffic for system troubleshooting and maintenance purposes only.



This Privacy Policy may be amended or updated occasionally. At the time of publishing any amended version of this Privacy Policy in the future, individuals who have provided an email address to First2Care will receive notification via email of the existence and location of the amended Privacy Policy. By using our services, applications and website, you consent to the collection of any provided information in accordance with this Privacy Policy and its amendments. This Privacy Policy was last amended on 20th January 2021.

Feedback, Complaints and Disputes


If you wish to give us feedback, please contact the support team at or telephone on 1300 322 273..


If you wish to lodge a complaint, there are complaint forms accessible on the First2Care website at (with the option to lodge a complaint anonymously).

If you are not satisfied with the resolution of a complaint, please refer to the NDIS Quality and Safeguards Commission by telephone on 1800 035 544, or lodge a complaint via forms available from

We promise to treat you with courtesy and act respectfully in the conduction of our Plan Management services as per the NDIS Code of Conduct, which you can access at

Some support and service providers have been banned by the NDIS Quality and Safeguard Commission’s Compliance and Enforcement Policy. If you wish to access the register of banned providers, you may do so at

How to Contact Us

We are always here to support you with your Plan Management needs. If you need help with invoices or funding, please contact our Accounts Team. For support and enquiries, please contact our Support Team.

Support Team
1300 322 273

Accounts Team
1300 322 273

bottom of page