Supplier Statement
On this page:
Baptcare is a not-for-profit organisation that supports older people, children, families, people with a disability, financially disadvantaged people and asylum seekers in Victoria, Tasmania and South Australia.
Our Mission and Vision are lived through our WE CARE Values: for our residents, customers, partners and supporters; including:
- Ethics: being genuine with our residents, customers, partners and supporters, leading with integrity and fulfilling Baptcare’s purpose in harmony with community expectations.
- Accountability: fulfilling our commitments to residents, customers, partners and supporters and accepting our responsibilities to continually improve; and
- Respect: understanding and embracing our residents, customer’s individuality, standing up for their equality and protecting their dignity.
This statement also applies to Baptcare Affordable Housing, a registered housing provider which provides social and affordable housing for those in need.
Baptcare is committed to protecting the privacy and confidentiality of our residents’ and customers’ information, as well as information relating to our staff, volunteers, job applicants and suppliers.
We will manage all customer, staff, volunteer, job applicant and supplier personal and health information in a way that recognises and respects the right to privacy by adhering to the privacy principles of relevant Commonwealth and State legislation.
Baptcare has privacy obligations which are governed by legislation. The Privacy Act 1998 (Cth) is the primary privacy law applicable to Baptcare.
We are committed to complying with the Privacy Act’s Australian Privacy Principles (APPs) whenever we collect, use, retain or disclose personal information. The APP are principles-based law, which gives flexibility to tailor information handling practices and the diverse needs of individuals.
Baptcare will take reasonable steps to protect the personal and health information that we hold or disclose from misuse, interference and from unauthorised access, modification or disclosure.
We are also required to comply with the following laws:
- National Disability Insurance Scheme Act 2013 (Cth): This Act applies to Baptcare when we provide services pursuant to an agreement with the National Disability Insurance Agency.
- Health Records Act 2001 and Health Records Regulations 2012 (Vic): This Act and its Health Privacy Principles (HPPs) apply to Baptcare whenever we collect, use, retain or disclose health information in Victoria.
- Disability Act 2006 (Vic), the Disability Services Act 2011 (Tas), the Disability Services Regulations 2015 (Tas), and the National Standards for Disability Services.
- Privacy and Data Protection Act 2014 (Vic): This Act and its Information Privacy Principles (IPPs) apply to Baptcare when we provide statutory services on behalf of the Victorian Government.
- Personal Information Protection Act 2004 (Tas): This Act and its Personal Information Protection Principles (PIPPs) apply to Baptcare when we provide services pursuant to an agreement with the Tasmanian Government.
- Children, Youth and Families Act 2005 (Vic) and the Children, Young Persons and Their Families Act 1997 (Tas): these Acts provide for the protection of children and young people in Victoria and Tasmania.
As a member of relevant industry groups, Baptcare will also be party from time to time to a number of policies and codes which include privacy provisions.
As a funded provider of health and human services for the Victorian Government, we are also required to support the Victorian Protective Data Security Framework, and commit to working towards aligning our privacy protections with this framework.
Open and Transparent
As part of our commitment to the open and transparent management of personal information belonging to our clients and residents, this Policy explains our expectations of suppliers in the handling of personal information.
Supplier Responsibilities
If you are a supplier of goods or services to Baptcare and personal information is shared with you to support the supply of those goods or services, Baptcare requires you to maintain the privacy and confidentiality of that information and take all necessary steps to protect it as set out in the Privacy Act 1988.
Some examples of situations where we may share our residents/clients’ personal information with you are as follows:
- Software providers. where appropriate confidentiality agreements are in place – when required to assist with software development or issue resolution
- De-identified client/resident information is used for training and development purposes and provided to third parties regarding clinical and risk indicators
- To ambulance/hospital staff in an emergency
- To advise a client’s doctor of an incident or a health concern
- Referrals on behalf of our clients/residents to a doctor, counsellor, allied health service or other community service
- As permitted under the Privacy Act, in an emergency, we will release personal, health and sensitive information to others if reasonably necessary to facilitate the immediate care and safety of our clients or residents or that of other individuals.
- Where required by external agencies under Commonwealth or State legislation
It is your responsibility as a supplier to inform Baptcare immediately you become aware of a breach of private information. Please see the downloads section at the bottom of this page for the Data Breach notification Information Sheet: Supplier Information Sheet.
Anonymity and Pseudonymity
Baptcare provides individuals with the option of not identifying themselves – or of using a pseudonym – where it is practicable to do so. For example, access to the Baptcare website does not require individuals to identify themselves.
Collection and Notification of the collection of Personal Information
Baptcare will only collect personal information where it is reasonably necessary for the provision of health and care related services (aged care, community, family, residential and people with a disability), accommodation (retirement, affordable housing and asylum seeker) and for the purposes of product and service marketing, fundraising, conducting research, job applications, employment of staff and volunteer management.
Refer to the ‘Baptcare Privacy Policy’ for additional information.
For example, this may include:
- For billing residents/customers, including the collection of fees
- For payment of suppliers and reimbursement of employees for business related expenses
- For corresponding with employees, residents/customers and suppliers
- To facilitate donations and other forms of financial support from supporters and the public
- As directed by government bodies relating to funding agreements
- To deliver the National Disability Insurance Scheme (NDIS)
- Where required by legislation
Types of Personal Information Collected
Baptcare’s collection of personal information may include:
- Personal contact details (name, address, phone number, email address and date of birth) and personal contact details of our residents’/customers’ family, carers and representatives
- Credit card details (number, name on card, expiry date and type of card)
- Baptcare donor numbers
- Information required to provide the level of care or service that residents/ customers require and to determine the level of funding a resident/customer is entitled to receive. This may include next of kin, power of attorney information, medical records and financial information
- Nationality, cultural background and languages spoken
- Health information, including nursing, medical, pharmacological, psychiatric and psycho-social diagnoses and histories of both residents/customers, and if appropriate, family members
- Other types of sensitive information (religious and political beliefs, criminal record, etc) will not be collected unless residents/customers have consented, or collection is regarded as necessary for your wellbeing or safety or required by law
- Cookies which are used to estimate the number of customers and determine overall traffic patterns through our website
Further specific examples of personal information collected:
Residents/customers/employees/suppliers:
- Email address
- Bank account details
Residents/customers:
- Medicare number
- DVA number
- Private health insurance provider and policy number
- Pension status/pension number
- Assets value
- A brief history of life experiences, family, interests, likes and dislikes etc to assist staff to engage with the customer
Baptcare will endeavour to collect residents/customers’ personal information directly (unless it is unreasonable or impracticable to do so), including in person, by phone, through our website, and through written correspondence (e.g. via emails or letters).
Use of cookies:
Cookies are pieces of information that our website transfers to a computer’s hard disk for record keeping purposes.
Authentication cookies are necessary for the operation of the website. They enable you to navigate around the website and use all the features. Most web browsers are set to accept cookies.
Session cookies are temporary cookies that are used to remember you during the course of your visit and expire when you close the web browser. Persistent cookies are used to remember your preferences within the website and remain on your desktop or mobile device even after you close your web browser.
Baptcare may use both first party and third party cookies on our website where first party cookies are issued from Baptcare domain and third party cookies belong to other parties and are managed by them such as service providers.
Baptcare uses cookies to make our residents’/customers’ experience of our website and services as convenient as possible. While cookies do not personally identify a user, they do identify the user’s browser.
If you do not wish to receive any cookies, you can set your browser to refuse cookies. However, this may mean you will not be able to take full advantage of our website experience.
Other avenues of collection, including via third parties:
- Information can be collected from family members as part of the assessment process
- Information may be provided by power of attorney or supportive attorney or other legal representative if the customer is not able to provide this personally
- ACAS (Aged Care Assessment Service) review potential aged care customers and list their details on a secure industry website which may be filtered by providers to identify potential new customers
- Baptcare Spiritual Care collects information about residents’ cultural and social background to ensure the provision of individualised care
- The Fundraising and Marketing Department may collect information to facilitate financial support of our programs by the public
Baptcare may also receive information about our residents/customers from referrers. Generally, they will need to give consent to the organisation collecting their information for them to disclose the information to us. The exception is where Baptcare is authorised by law to collect information or where we are providing statutory services in association with Child Protection.
Where Baptcare is engaged by state departments of Human Services to provide statutory services on its behalf, any personal and health information collected is held in secure databases provided by the Department, as well as held securely by Baptcare. DHHS also requires Baptcare to comply with the Privacy and Data Protection Act 2014 (Vic) so as to ensure that the department and Baptcare are bound by the same legislative framework.
As a funded provider of health and human services for the Victorian Government, we are also required to adhere to the Victorian Protective Data Security Framework, and commit to working towards aligning our privacy protections with this framework
Use or Disclosure of Personal Information
Baptcare will only use or disclose non-sensitive personal information for the primary purpose for which it was collected, or for a secondary purpose where the individual has either consented or would reasonably expect their information to be used and where the secondary purpose is related to the primary purpose.
If there is any doubt about this expectation, Baptcare will seek consent for the use of the information.
Quality
Baptcare will take all reasonable steps to ensure that the personal information that is collected is accurate, up-to-date and complete. Individuals are encouraged to assist us in this process by informing Baptcare of any changes to their personal information, such as address, email or phone number.
Storage and security
Baptcare takes all reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. This includes the following:
- Baptcare has documented security policies
- Access to Baptcare premises is restricted
- Access to Baptcare data, including personal information, is restricted to authorised employees and suppliers (contractors) on a ‘need to know’ basis
- Baptcare uses secure bins to dispose of hard copy documents that may contain personal information
- Baptcare archives documents in a secure facility
- Any documents containing personal information are securely disposed of following the expiry of their retention date
Where Baptcare is engaged by the National Disability Insurance Agency (NDIA) to provide statutory services on its behalf, any personal and protected information collected is held in secure databases provided by the NDIA.
Sharing
Baptcare may share personal information with third parties in the conduct of business.
As a supplier of goods or services to Baptcare and when personal information is shared with you to support the supply of those goods or services, Baptcare requires you to maintain the privacy and confidentiality of that information and take all necessary steps to protect it as set out in the Privacy Act 1988. It is your responsibility as a supplier to inform Baptcare immediately you become aware of a breach of personal information. Please see here for the Data Breach notification Information Sheet: Supplier Information Sheet.
Are we Likely to Disclose Personal Information to Overseas Recipients?
We may, in certain circumstances, transfer personal information to organisations outside Australia who are not subject to Australian privacy laws for the purpose of those organisations providing a service to Baptcare. In such circumstances, we will make sure that equivalent legal protections apply in the relevant country of the organisation – or we will otherwise bind the organisation contractually to comply with Australian privacy laws and take all reasonable steps to ensure that they do so.
Use of data for direct marketing purposes
Baptcare sometimes collects personal information about our residents/customers in order to provide them with information and direct marketing materials in respect of our charitable objectives. This information may be disclosed to other organisations outside Australia to produce printed material and electronic communications.
Occasionally, we allow like-minded organisations to contact our residents/customers with information that may be of interest to them, including some organisations outside Australia. In these circumstances, Baptcare requires you to maintain the privacy and confidentiality of our residents/clients’ information and take all necessary steps to protect the information as set out in the Privacy Act 1988.