Karista Privacy Policy

1. Policy Introduction

Our policy is to respect and protect the privacy of all people connected with the National Disability Insurance Scheme (NDIS), including participants, providers, employees and contractors. In dealing with personal information, Karista Pty Ltd (ABN 92 614 763 076) (“Karista”, "we", "us" or “our”) abides by the obligations under the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) set out in the Privacy Act and the National Disability Insurance Scheme Act 2013 (Cth).

2. What is Personal Information and Sensitive Information

“Personal Information”

This is information about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is accurate or not and whether the information or opinion is recorded in a material form or not. Examples include an individual's name, address, contact number or email address.

“Sensitive Information”

This is a subset of personal information that is given a higher level of protection under the APP. It means information or opinion relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information, or biometric information.

Without your consent, we will not collect sensitive information. Sensitive information will only be collected if it is specifically required for operational purposes.

“Health information”

This is any personal information about your health or disability. It includes information or opinion about your illness, injury, or disability. Examples include notes on your symptoms or diagnosis, as well as information about a health service you've received or will receive.

3. Collection of Personal Information and Sensitive Information

Data we collect directly from you

Karista may collect and hold personal information or sensitive information of the following kinds (without limitation):

  • your name, address, phone number, post code, date of birth, email address;
  • your credit card or bank details;
  • information about goods or services ordered, acquired or supplied;
  • information you provide us from enquiries made to offer our services to you. Examples include gender, age, diagnosis, goals, services requested, preferences such as gender, language and cultural preferences to allow us to refer (or suggest) suitable service providers to you;
  • preferred start date for services and expected duration of service provision;
  • information you provide us through customer surveys, reviews, or to run competitions and/or offer additional benefits to you;
  • communications between Karista and you (or if you are not the care recipient, the care recipient);
  • whether you (or if you are not the care recipient, the care recipient) have applied for a government funding package, such as the National Disability Insurance Scheme or Home Care Package;
  • if you are contacting us on behalf of the care recipient, we will also collect some Personal Information about you, including your name, contact details and your relationship to the person being referred;
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, search queries and/or browsing behaviours; and
  • additional personal information or sensitive information that you provide to us, directly or indirectly, using our website, associated social media platforms and/or accounts from which you permit us to collect information.

Karista will take reasonable steps to ensure that the personal information or sensitive information we collect, use, or disclose is complete and up to date. Karista will collect personal information or sensitive information about an individual only from that individual, unless it is unreasonable or impractical to do so.

If you disclose the care recipient's personal information or sensitive information to us, in providing that personal information or sensitive information to us, you agree that:

  • you have drawn this Privacy Policy to the care recipient's attention;
  • the care recipient has agreed to you providing their personal information or sensitive information to us; and
  • that care recipient understands and agrees that we may use, disclose and manage their personal information or sensitive information as described in this Privacy Policy.

If you have agreed to receive information from Karista, your email address will be saved and used for personal email advertisements until you let us know that you wish to unsubscribe.

How we use Artificial Intelligence and Third Party Providers

We utilise a range of software systems and tools to support our services, which include artificial intelligence (AI) tools for tasks such as customer service chatbots and service provider recommendations, as well as for enhancing the user experience, personalisation, and analysing trends and patterns in aggregated data.

We may collect information about how you access, use and interact with the website. We do this through a range of tools, including Google Analytics, Google Salesforce, and Google Adwords, both onshore and offshore, to assist with administrative tasks. These providers are subject to data protection protocols.

Cookies

We use cookies on the website. A cookie is a small text file that the website may place on your device to store information. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website on future visits. We may also use session cookies (which are deleted when you end your browsing session) to help manage the display and presentation of information on the website. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the website.

4. Use and Disclosure of Personal information and Sensitive information

Karista may collect, hold, use and disclose personal information or sensitive information for the purposes of responding to enquiries from you and providing services to you or the care recipient whom you represent, to maintain Karista's relationship with you or the care recipient whom you represent, to comply with legal, regulatory, professional or contractual requirements, to interact with relevant third parties (including service providers), or where you have provided your consent for Karista to do so. Karista will only use or disclose your personal information or sensitive information for: the purpose for which it was collected; any related purpose for which it would reasonably be expected to be used or disclosed; a purpose required or permitted by law; or a purpose for which the individual has provided consent.

Examples of instances where Karista may disclose personal or sensitive information about individuals to third parties include disclosure to clients and prospective clients known to Karista, providers of services to Karista, government agencies, regulatory authorities, related bodies corporate of Karista, and professional advisers of Karista. Karista requires its service providers to keep personal and sensitive information confidential and not use it for any purpose other than performing those services.

5. Security of Personal information and Sensitive information

Karista takes reasonable measures to secure and protect personal information or sensitive information from misuse, interference, loss, unauthorised access, modification, or disclosure. However, Karista cannot guarantee the security of any information transmitted to or from us over the Internet.

Where personal or sensitive information is no longer required, subject to relevant laws and regulations, we will take reasonable steps to ensure it is de-identified or destroyed.

6. Access to, and Correcting Personal Information and Sensitive Information

You may access or seek correction of your personal information held by Karista by written request. Karista will respond to your request in accordance with its legal obligations under applicable privacy laws.

7. Overseas transfer

Some of Karista’s customer service and administrative functions may be performed overseas. These functions may involve our third-party suppliers hosting or accessing personal or sensitive information outside Australia. Personal or sensitive information may be transferred to countries whose privacy laws do not provide the same level of protection as Australia's privacy laws. Where personal information or sensitive information is disclosed outside of Australia, Karista will take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the APP.

8. Updates to this Privacy Policy

This Privacy Policy may be updated by Karista from time to time.

9. Intranet and Website

This Privacy Policy is amended from time to time. We will notify you of updates to this Privacy Policy by:

  • posting the updated policy on our website; or
  • updating the “Last Updated” date.

Your continued use of our services af changes to this Privacy Policy constitutes acceptance of the updated policy.

10. Concerns, Queries and Complaints

Karista welcomes any questions or feedback concerning this Privacy Policy.

If you have a complaint about how we have handled any privacy issue, including your request for access to or correction of your personal information, please contact us.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent adviser or contact the Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au) for guidance on alternative courses of action that may be available.

Search for support now

Last Updated: 23 October 2025