Skip to main content


Privacy Policy

Who we are

We are Dja Dja Wurrung Clans Aboriginal Corporation ABN 52 459 162 679 (DJAARA) and its’ group of companies including:

  • The Trustee for Djandak Fixed Trust trading as Djandak ABN (31 631 296 457) a registered Charity;
  • The Trustee for Dumawul Fixed Trust trading as Dumawul ABN ( 20 134 381 398) a registered Charity and
  • Dja Dja Wurrung Enterprises Pty Ltd trading as Djakitj ABN (to be inserted).

The DJAARA Group (DJAARA Group), the members of which are listed at the end of this policy.
References to ‘us’, ‘we’ or ‘our’ include DJAARA and, where the context requires, other DJAARA subsidiaries (collectively DJAARA Group Companies).

The purpose of this privacy policy

This privacy policy explains why we may collect your personal information and what we do with it, along with your rights to access and correct your personal information, and make a privacy complaint.

We are bound by laws governing how we collect and use your personal information including the Privacy Act 1988 (Cth) and other State and Territory laws such as the Health Records Act 2001 (Vic), Health Records (Privacy and Access) Act 1997 (ACT), the Health Records and Information Privacy Act 2002 (NSW), and the Health Information Privacy Code 1994 in New Zealand (Privacy Laws).

We aim to be as transparent as possible in this privacy policy about what we do with your personal information. Consequently, we review this privacy policy annually and update it. The most up-to-date version of our privacy policy can always be found here.

Personal information and sensitive information

In this privacy policy you will see the terms ‘personal information’ and ‘sensitive information’ used. These terms have the following definitions:

  • ‘personal information’ means information that identifies you or can be used to identify you, or from which you are reasonably identifiable.
  • ‘sensitive information’ is a sub-set of personal information and includes information about your health, health services provided to you and your claims. Sensitive information is more protected under Privacy Laws than are other forms of personal information.

In this privacy policy, and unless otherwise stated, all references to ‘personal information’ include ‘sensitive information’.

Who this policy applies to

This privacy policy applies to:

  • All current and past members of DJAARA whose personal information we have collected;
  • All individuals whose personal information is collected in relation to the products and services offered by DJAARA Group Companies and
  • All individuals whose personal information is collected by us in the course of our functions and activities, such as service providers, contractors and prospective employees.

The types of personal information we may collect

The types of personal information we may collect depends on our relationship with you, and may include:

  • identifying information such as name, date of birth and employment details;
  • identification information for identity verification, such as your driver’s licence and DJAARA membership information
  • contact information such as home address, home and mobile phone numbers and email address, and in some cases your work contact details;
  • government-issued identifiers including Drivers Licence ID and Medicare numbers;
  • financial information, such as bank account and credit card details;
  • sensitive information, including:
    • lifestyle, diet, exercise and health related information that you may input or provide to us by using our Services and
    • other sensitive information.
  • information about your activities, including sporting and other lifestyle interests;
  • information about involvement in other programs you participate in or memberships you may have;
    your IP and/or IMEI information to detect unauthorised access to your membership and identify potential fraud and criminal behaviour; and
  • information about your usage of our website and apps for the purposes of analytics (including when you use our website and apps and what you do, and the information you input, while using them), and subject to your marketing preferences – to target marketing to you (based upon your demographic information and use of our app and website). To gain this information we will use cookies, if the privacy settings you have chosen on your device allow it to accept our cookies. You can, if you wish, access the content on our website without accepting cookies, but will find navigation and returning to our website easier if you accept cookies.

We often need information which identifies you

You generally have the right not to identify yourself when dealing with us and to use a pseudonym, where it is lawful and practicable for us to allow it. However, in many instances we will need your identity details. For example, we will need your name and date of birth, if you want to receive services or engage with our personnel.

If you do not provide or authorise the provision of personal information we request, we may be unable to provide you with some or all of our products and services or the products and services of our partners. If you ask us, we will tell you what personal information we must have in order to provide you with a particular product or service, and what requested personal information is optional for that product or service.

How we collect your personal information

We will only collect personal information about you by lawful and fair means.
We may collect personal information from you at various times, including:

  • when you open and start to complete – or complete – an application form or other type of form in
  • relation to our products and services;
  • when you contact us in person, by phone, mail, email or online;
  • when you visit premises from which we operate; and
  • when you visit our website or subscribe to or use one of services.

We may also collect information about you from other sources, such as:

  • an employer, educational institution, government agency or adviser who has dealt with you (or their authorised representatives);
  • DJAARA Group Companies who have provided you with services;
  • a service provider engaged by us – or a third party who partners with us – to assist us in providing goods or services or administering our business (such as mailhouses, printing, and IT service providers and platforms, or marketing, planning and product or service development)
  • publicly available sources or networking services (including for the purpose of contacting you to offer our products and services, and you can let us know your preferences in relation to such contact, or to confirm information provided by you – such as publicly available job history (eg via LinkedIn), or to verify identity and prevent fraud).

We also obtain information from other sources where:

  • we provide products and services on behalf of or in conjunction with others, including business partners
  • we need information from third parties relating to a product or service we provide to you, or relating to a health insurance claim
  • we need information to prevent or minimise the risk of fraud
  • you have consented to third parties sharing it with us, such as people you have authorised to deal with your policy.

Where we engage with you multiple times over a short period in relation to the same matter, we may not provide you with a separate notice about privacy each time we engage with you.

How we hold your personal information

We aim to store your information securely and have a range of security controls in place (including physical, technical and procedural safeguards) designed to protect your personal information.

Our employees and contractors are obligated to maintain privacy standards while engaged with us. We take reasonable steps to make sure that the personal information about you – that we collect, use and disclose – is accurate, complete, up to date and relevant.

When and how we dispose of your personal information

We seek to keep your personal information for only as long as it is required in order to provide you with products and services or to legitimately comply with our business and legal obligations and requirements. When it is no longer needed for these purposes, we may destroy or permanently de-identify this personal information. Consequently, if you request access to your old personal information, we may not be able to provide you with your records where they have been destroyed or de-identified.

How you can access your personal information

You can ask us for access to the information we hold about you at any time. We will endeavour to respond in a reasonable time, being within 30 days and as soon as is reasonably possible.

We will generally not charge a fee for accessing your personal information. We will only charge a fee to access information in exceptional circumstances, and where your request is particularly onerous. We will let you know in advance of levying any fee to confirm that you still wish to proceed with your request.

When you contact us to seek access to your personal information, we will need to be reasonably satisfied it is you, and not an unauthorised person.

We may require you to substantiate your identity to protect you from fraud and privacy breaches perpetrated by third parties pretending to be you.

We may also use a third party and secure service to confirm your identity (such as two factor authentication), and your IMEI or IP address in some circumstances, to reduce the risk to you of identity theft and reduce fraud risk to us.

We may not always give you access to certain information you have requested, such as where:

  • we no longer hold or use the information and have destroyed or de-identified it;
  • providing access would be unlawful;
  • we are required or authorised by law to deny access;
    providing access would unreasonably impact on the privacy of others; or
  • we cannot be satisfied that you are who you say you are (we cannot adequately identify you).

It would assist us to ensure we properly understand your request, and allow us to respond more promptly, if requests are made in writing and include as much detail as possible.

Why we collect and use your personal information – generally Collecting your personal information

We collect your personal information to enable DJAARA Group Companies and our third party suppliers and partners to provide you with products and services, including member engagement, partner offerings and information on other products and services (collectively Products). We may also be required by law to collect some personal information. Where you provide personal information to the DJAARA Group Companies as a service provider, contractor or prospective employee, we collect your personal information to enable us to fulfil the purpose and related purposes for which you provided the information.

Using your personal information

We may use your personal information for these purposes, including to:

  • manage our relationship with you;
  • identify and communicate with you;
  • provide you with requested information, products or services;
  • process and audit payments and claims;
  • analyse, investigate, pursue and prevent suspected fraudulent activities;
  • manage and develop Products;
  • assess your suitability for and contact you about Products that we believe may be of benefit to you;
  • partner or work with third parties to improve our Services;
  • manage and develop our business and operational processes and systems;
  • where permitted under law, conduct marketing – including targeted electronic marketing (such as emails, or advertisements on websites and social media platforms that you access);
  • obtain feedback, and engage in analytic and research activities (inclusive of a wide range of analytics and customer behavioural research projects);
  • manage and resolve any legal, clinical or commercial complaints or issues;
  • perform other functions and activities relating to our business;
  • comply with our legal obligations or enforce our legal rights; and
  • as otherwise required or authorised by law, including the Privacy Laws.

We may use your personal information for training, coaching and development purposes unless you ask us not to.

De-identifying your information

Where both possible and in our view – appropriate, where using your personal information, we will seek to de-identify it, so that your identity is not readily ascertainable from the de-identified information or from triangulating your de-identified information with other sources of information.

Disclosing and sharing your personal information

In pursuing the purposes for which we may collect and use your personal information, we may disclose your personal information to persons or organisations in Australia including:

  • DJAARA Group Companies for the purpose of:
    • assisting you to support self-determination;
    • offering ancillary services at our discretion
    • verifying you as a DJAARA Member to provide you with services offered by DJAARA group of companies to DJAARA; and
    • ensuring that our records for you between DJAARA and DJAARA group of companies are consistent, and accurate;
  • our agents and service providers;
  • our professional advisors;
  • health service providers;
  • potential or actual buyers of our assets or business, including only some assets or parts of our business;
  • payment system operators and financial institutions;
  • your agents and advisors or other persons authorised by, or responsible for, you;
  • government agencies;
  • third parties and other members of the DJAARA Group with whom DJAARA partners or works with – to improve your opportunities or improve your wellbeing;
  • other third parties who assist us in the detection and investigation of fraud;
  • other parties to whom we are authorised or required by law to disclose information.

If your personal information is hacked or inadvertently disclosed

If we become aware that we have inappropriately used or disclosed your personal information, or that the security of your personal information has been compromised (a data breach), and we are unable to rectify the data breach without any potential adverse effect on your privacy, we may contact you to inform you, and to work with you to minimise or mitigate the consequences of the data breach. Pursuant to the Notifiable Data Breaches scheme (under Part IIIC of the Privacy Act 1988), we may be required to notify you of a data breach as soon as we practicably can if we consider you are reasonably likely to be at risk of serious harm (including financially or to your mental or physical wellbeing). Where reasonably practicable we will give you details of the data breach and, where possible, steps you could take to lower the risk of harm to you. We may make a public notification for a data breach affecting a large number of customers, before we contact you directly or in place of direct contact.

Direct marketing

From time to time, where permitted under law, we may collect and use your personal information so that we can promote and market products to you and keep you informed of special offers from DJAARA Group Companies and third parties.

We may contact you in relation to these promotions and offers by direct mail, SMS and MMS messages, targeted marketing on social media platforms, in app and push notification, by phone and email.

You can opt out of marketing by contacting us. However, if you opt out of marketing you will still receive service related communications from us. If you opt out of marketing, please be aware that your details may still be shared with our marketing partners and/or mailhouses for the purposes of ensuring that they do not market to you. For example, we may partner with a provider to market our products to their customers using their customer lists, but will provide a list of our ‘opted out’ customers to wash against their customer list securely, so as to ensure that customers who have opted out of our marketing, do not receive marketing. If you have signed up to receive marketing from us or from our marketing partners and/or mailhouses via different email addresses, you may still receive marketing at any email addresses for which you have not opted out, as the above process will only identify where opted out email addresses are identical. Therefore, please tell us all email addresses you wish to opt out of receiving marketing to – in order to stop receiving marketing from us or on our behalf to those email addresses.

To opt out of marketing or change your communications preferences please contact us as set out below.


How we communicate with you

To keep you informed quicker, where you provide us with an email address, we send most service-related communications to you by email.

You can otherwise choose how we communicate with you by contacting us as follows:



03 5444 2888

Monday to Friday 9:00am to 5:00pm
13-15 Forest Street, BENDIGO VIC 3550

Relationship breakdowns

If you or your partner are divorced or separated, we require that this be recorded to prevent privacy breaches. Please inform us promptly if this occurs so that we can take steps to enforce these processes.
If your child receives services from us or is engaged by your Partner we may not be able to confirm this with you.

How we manage your personal information when you engage with the DJAARA group of companies

This section of our Privacy Policy applies services provided by a member of DJAARA group of companies.
DJAARA group of companies may provide such services across DJAARA Timbers, Djakitj, Member engagement.

In addition to the general purposes of use and disclosure set out in this privacy policy (except where specifically qualified or disclaimed below), DJAARA group of companies may collect and use your personal information to provide these services to you including to:

  • manage their relationship with you and contact you for follow up purposes;
  • manage, review, develop and improve their health-related services and their business and operational processes and systems;
  • resolve any legal and/or commercial complaints or issues;
    provide information about the services to the funders of those services (for example DJAARA may fund some services); and
  • perform any of their other disclosed functions or activities.

DJAARA group of companies may collect your personal information from another DJAARA Group Company, from you or from a person authorised by or responsible for you.

In order to perform the above functions, companies in DJAARA group of companies may disclose your personal information to each other and to third parties such as their agents, service providers and professional advisors, health service providers, persons authorised by or responsible for you, and to other parties to whom they are authorised or required by law to disclose information including government agencies, and these parties may collect that information.

DJAARA Group Companies may also use and disclose your personal information to each other:

  • to assess from what other services you may benefit and to facilitate the provision of such services;
  • so we may have an integrated view of our members and provide you a better and personalised service; and
  • to contact you (including by telephone call, text message or email) in relation to our health-related services and/or wellbeing services only.

Correcting your personal information

To enable us to provide the best services to you, it is important the information we hold about you is up to date. Please contact us when your details change. If you believe any information we hold about you is inaccurate, incomplete or out of date, please let us know. We will take reasonable steps to amend any personal information about you which is inaccurate or out of date.

You can get in touch with us at DJAARA to request the above any time you wish to do so.

In some circumstances, we may refuse to correct your personal information. Where this happens, we will provide you with reasons for this decision (except to the extent that it would be unreasonable to do so), seek alternatives and take any further legally required steps.

Contact us if you have concerns about our collection, use or disclosure of your personal information.

If you have any concerns or queries about the manner in which your personal information has been handled, please contact our Privacy Officer whose contact details are provided below.

If you wish to make a formal complaint, please provide your complaint in writing to our Privacy Officer, and detail information relevant to your complaint. Please note that we will receive and action your request faster if you email it to us using the details below.

Generally, we will contact you to acknowledge receipt of your complaint and let you know who is managing your query within 5 business days of receiving it. We will attend promptly to your complaint and will aim to respond to your concerns or otherwise keep you informed of our progress within 30 days.
If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner and can find more information on the Commission’s website

Members of the DJAARA group of companies Group

For the purposes of the definition of “DJAARA group of companies Group” used in this Privacy Policy, the members of the DJAARA group of companies Group are:

  • Dja Dja Wurrung Clans Aboriginal Corporation ABN 52 459 162 679 (DJAARA)
  • The Trustee for Djandak Fixed Trust trading as Djandak ABN (31 631 296 457) a registered Charity and a corporate member of the Dja Dja Wurrung Corporation (DJAARA) group of companies.
  • The Trustee for Dumawul Fixed Trust trading as Dumawul ABN ( 20 134 381 398) a registered Charity and a corporate member of the Dja Dja Wurrung Corporation (DJAARA) group of companies.
  • Dja Dja Wurrung Enterprises Pty Ltd trading as Djakitj ABN (to be inserted) and a corporate member of the Dja Dja Wurrung Corporation (DJAARA) group of companies.

Legal Compliance Information


  1. By visiting and using the DJAARA website (‘Site’), including any linked pages or information owned by DJAARA group of companies, you agree to be bound by and abide by the following terms and conditions.
  2. Any disputes arising from, in relation to or in connection with the information contained on this Site are to be governed by the law of the State of Victoria.
  3. By visiting and using the Site you unconditionally submit to the jurisdiction of the Courts of that State.
  4. The materials on this Site have been prepared for general information purposes only. The information on this Site, or on any other website accessed via this Site or otherwise, may not necessarily be accurate, complete or current.
  5. No person should act or fail to act on the basis of these materials. To the maximum extent permitted by law, DJAARA Group of companies and its’ Directors and Officers, employees and agents disclaim any liability (including liability for negligence) to any person arising out of:a) any action or failure to act by any person in accessing, downloading, uploading, using or relying on or dealing in any way with any materials from the Site or from any other website on the Internet;
    b) any errors or omissions on the Site or on any other website on the Internet (including but not limited to errors or omissions arising as a result of the negligence of DJAARA group of companies or its’ Directors and Officers, employees and agents); or any delay or interruption in access to or use of the Site or any other website on the Internet (including but not limited to delay or interruption arising as a result of the negligence of DJAARA group of companies or its’ Directors and Officers, employees and agents).
  6. You accept all risks and responsibility for losses, damages, costs and other consequences resulting directly or indirectly from using the Site or any other website on the Internet and in relation to any information or material available from those sites. DJAARA group of companies reserves the right, in its absolute discretion, to delete, alter or move any message or other posted material on the Site. DJAARA group of companies is under no obligation to update any information on the Site, or to correct any inaccuracy on the Site that may become apparent at a later time.
  7. These Rules and Policies may change from time to time.
  8. Where DJAARA group of companies advertises on behalf of a provider or appears by reference of logo or otherwise in an advertisement of any provider, to the fullest extent allowed by law, such advertising or reference is not to be construed as:
    a) an endorsement by DJAARA group of companies;
    b) an acknowledgment or representation as to fitness for purpose by DJAARA group of companies; or
    c) a recommendation or warranty of, for, or in relation to the product or service of the provider by DJAARA group of companies;Accordingly, DJAARA group of companies, to the fullest extent allowed by law, neither takes nor assumes any responsibility for the product or service provided. Visitors should rely on their own inquiries and seek any assurance or warranties directly from the provider of the service or product.


  9. The information provided in the Site, and its design, text, graphics and software, are (unless otherwise stated) copyright of DJAARA.
  10. You are granted a revocable license to download the materials contained in this Site for your personal use, including for the purpose for transacting with DJAARA group of companies. You must not otherwise modify, copy, reproduce, republish, frame, upload, post, transmit, distribute or provide a link to the contents of the Site in any way, except as expressly provided for on the Site, or with the written authorisation of DJAARA group of companies.

    Links and framing

  11. DJAARA group of companies does not warrant the accuracy of any hypertext links provided on the Site, nor the suitability or accuracy of any content located at those links. Links and frames connecting the Site with other websites are for convenience only and do not mean that DJAARA group of companies is associated with, endorses or approves those other websites, their content, or the people who run or contribute to them. Use or reliance on the content of those websites is at the user’s own risk.


  12. DJAARA group of companies does not represent or warrant that any files displayed or obtained from or through this Site, or and other website linked to it, are free from computer viruses or other defects. Any such files are provided, and may only be accessed or used, on the basis that the user assumes all responsibility for any loss, damage or consequence resulting directly or indirectly from the use of those files. DJAARA group of companies’ liability for such an event is limited to the resupply of those files.

    Warning regarding policy terms and availability

  13. All policies are subject to change and are available at our Forest Street Site.

DJAARA Social Media Pages General House Rules

DJAARA has a number of social media accounts, which currently includes Facebook, Twitter and YouTube (collectively, the ‘Pages’).

All content on DJAARA’s Pages is subject to the individual terms of use as prescribed by each social media channel. These include:

We encourage you to express your opinions and have open discussions, but we do ask that you act respectfully and responsibly.

We do not agree with or endorse, nor are we responsible for any comments, information, opinions, images or other content posted by individual users of our Pages. Such information does not necessarily reflect DJAARA’s point of view, but rather that of the individuals who use our Pages. DJAARA does not accept any responsibility or liability (either direct or indirect) for any loss or damage arising in connection with the use of (or reliance on) any information, links or other content posted on our Pages by individuals.

DJAARA may remove content when it contains:

  1. offensive, abusive, obscene, profane, hateful or racist content
  2. content that is threatening, defamatory or contains a personal attack
  3. solicitations and advertisements by other organisations or endorsements of other products, services or organisations
  4. multiple or repetitive posts by a single or multiple users (often called SPAM)
  5. content that violates intellectual property rights of another party (e.g. copyright)
  6. content that violates any law or regulation
  7. false, inaccurate or misleading comments
  8. content that personally identifies a person or group of people
  9. content that discloses any personal or financial information (e.g. membership number or member contact details or anything connected to a policy or claim by a member as this information is private and confidential information)
  10. anything else DJAARA considers inappropriate
    We’ll review all content posted (including links) and remove if we think they’re inappropriate.
    We want to share our health and wellbeing information with as many people as possible and our policy is to accept the majority of comments posted. However, repeated violations of our House Rules may cause the user to be blocked from one or more of our Pages.
    While we want to be as helpful as we can, questions or issues related to specific DJAARA products or services, claims or customer service issues should not be submitted via DJAARA’s Page(s).

Instead, please contact us directly as listed below



03 5444 2888

Monday to Friday 9:00am to 5:00pm
13-15 Forest Street, BENDIGO VIC 3550

We’re happy for you to share and comment on our content provided that you don’t alter it and that you cite us as the source. The design of our Page(s) and content that we post is the copyright of DJAARA and our rights are reserved.

Whilst social media is 24/7, currently we’re not able to monitor our Page(s) around the clock. Because we may not be aware of inappropriate content straight away, we encourage users to ignore inappropriate or negative comments and respond politely. We also hope that you’ll tell us about any concerns via the email address below.

Please note that the information provided is general information only and not a substitute for professional health advice, diagnosis or treatment. DJAARA does not guarantee the accuracy of any of the information, representations or advice displayed. To the extent permitted by law, DJAARA accepts no responsibility for any loss, injury or inconvenience sustained by readers of this site as a result of or in connection with the information contained on this site (whether by way of negligence or otherwise).


If your web browser is set up to accept cookies, a cookie will be stored on your hard drive when you visit DJAARA group of companies websites.

Cookies allow DJAARA group of companies to collect information about your computer, which may include your IP address (a number assigned to your computer when you register with an Internet Service Provider), type of browser, operating system, domain name, and the details of any website which has referred you to this website. DJAARA uses cookies to track and collect information about whether you have been invited to  message in a session on DJAARA Message Us already. Cookies will also allow DJAARA to recognise your computer while you are on DJAARA Message Us.

If you would rather not have this information stored on your computer, you can configure your browser so it does not accept cookies. However, if you disable cookies you will not be able to access DJAARA Message Us.

Need special assistance?

Below are some of the resources available to you if you need a little extra help accessing our services or any other information you need.

  • Language services – if you have difficulty understanding English, a government translating service is available at
  • Hearing or speech impaired – The National Relay Service provides a phone solution for people who have a hearing or speech impediment. You can find them at
  • Vision impaired – Vision Australia provide a range of services for people with impaired vision. You can find them at
Refund and cancellation policy for our eCommerce