Privacy Policy

Purpose

This policy sets out Baptist Insurance Services (BIS) privacy obligations and expectations when we collect, use and disclose personal information belonging to our constituents, Members and other people with whom we come in contact or otherwise support, as well as information relating to our staff, suppliers and job applicants.

Scope

This policy applies to all staff members, third party suppliers (contractors), visitors to BIS sites and other individuals and organisations who manage – personal information and carry out activities on behalf of BIS. This policy also applies to activities undertaken by Baptist Mutual, a provider of risk protection services which is managed by BIS.

We are a ministry of Australian Baptist Ministries and operates as a “delegated body” of the National Council. It commenced in 1984, initially in Victoria and then progressively to all other states and territories. It is now a national scheme organising protection on property and other assets in excess of $5 billion and on behalf of over 1350 constituents.

Mission: The enabling of Baptist ministries in Australia by developing, educating and providing a comprehensive range of insurance and risk management programs.

Vision: To protect the Baptist Church in Australia and its constituents by arranging a program of comprehensive insurance policies in the most cost-effective manner.

We are committed to protecting the privacy and confidentiality of our constituents’, and members’ information, as well as information we hold relating to our staff, suppliers and job applicants.

We will manage all personal and health information in a way that recognises and respects the right to privacy by adhering to the privacy principles of relevant Commonwealth and State legislation.

BIS has privacy obligations which are governed by legislation. The Privacy Act 1998 (Cth) is the primary privacy law applicable to BIS

We are committed to complying with the Privacy Act’s Australian Privacy Principles (APPs) whenever we collect, use, retain or disclose personal information. The APP are principles-based law, which gives flexibility to tailor information handling practices and the diverse needs of individuals. There are 13 Australian Privacy Principles, which govern standards, rights and obligations – Refer Appendix A

We will take reasonable steps to protect the personal and health information that we hold or disclose from misuse, interference and from unauthorised access, modification or disclosure.

Anonymity and Pseudonymity

BIS provides individuals with the option of not identifying themselves – or of using a pseudonym – where it is practicable to do so. For example, access to the BIS website does not require individuals to identify themselves.

Collection and Notification of the collection of Personal Information

We only collect personal information where it is reasonably necessary for the provision of risk protection services (including claims handling) and risk management services and for the purposes of product and service marketing, fundraising, conducting research, job applications and employment of staff. For example, this may include:

• For billing constituents/Members, including the collection of contributions
• For payment of suppliers and reimbursement of employees for business related expenses
• For corresponding with employees, constituents/Members and suppliers
• To facilitate donations and other forms of financial support from supporters and the public
• Where required by legislation.

Types of Personal Information Collected

Our collection of personal information may include:

• Your personal contact details (name, address, phone number, email address and date of birth) and personal contact details of your family, carers and representatives
• Your credit card details (number, name on card, expiry date and type of card)
• Nationality, cultural background and languages spoken
• Health information, including nursing, medical, pharmacological, psychiatric and psycho-social diagnoses and histories of both you, and if appropriate, family members
• Other types of sensitive information (religious and political beliefs, criminal record, etc) will not be collected unless you have consented, or collection is regarded as necessary for your wellbeing or safety or required by law
• Cookies which are used to estimate the number of customers and determine overall traffic patterns through our website.

Information required for employment and management of volunteers as supported and prescribed by legislation Further specific examples of personal information collected: Constituents/Members /employees/suppliers

• Bank account details
• Assets value Job applicants:
• Eligibility to work in Australia
• Qualification and registration
• A brief history of work experiences
• Vaccination status
• National Police Check
• Working with Children Check / Work with Vulnerable People
• References

We will endeavour to collect your personal information directly from you (unless it is unreasonable or impracticable to do so), including in person, by phone, through our website, and through written correspondence (e.g. via emails or letters).

Where BIS collects information over the phone, recording devices may be used for quality, training and record keeping purposes. If you do not wish to have your calls recorded, you can request the staff member to disable the call recording function.

Use of cookies:

Cookies are pieces of information that our website transfers to your computer’s hard disk for record keeping purposes.

Authentication cookies are necessary for the operation of the website. They enable you to navigate around the website and use all the features. Most web browsers are set to accept cookies.

Session cookies are temporary cookies that are used to remember you during the course of your visit and expire when you close the web browser. Persistent cookies are used to remember your preferences within the website and remain on your desktop or mobile device even after you close your web browser.

We may use both first party and third-party cookies on our website where first party cookies are issued from a BIS domain and third party cookies belong to other parties and are managed by them such as service providers.

BIS uses cookies to make your experience of our website and services as convenient as possible. While cookies do not personally identify you, they do identify your browser. If you do not wish to receive any cookies, you can set your browser to refuse cookies. However, this may mean you will not be able to take full advantage of our website experience.

Other avenues of collection, including via third parties:

• Information may be provided by power of attorney or supportive attorney or another legal representative if you are not able to provide this personal
• The Fundraising and Marketing Department may collect information to facilitate financial support of our programs by the public or to facilitate communication with prospective constituents or Members
• BIS may also receive information about you from referrers. Generally, you will need to give consent to the organisation collecting your information for them to disclose the information to us. The exception is where BIS is authorised by law to collect your information.

Use or Disclosure

BIS will only use or disclose non-sensitive personal information for the primary purpose for which it was collected, or for a secondary purpose where the individual has either consented or would reasonably expect their information to be used and where the secondary purpose is related to the primary purpose.

If there is any doubt about this expectation, BIS will seek consent from the individual for the use of their information.

Quality

BIS will take all reasonable steps to ensure that the personal information that is collected is accurate, up-to-date and complete. Individuals are encouraged to assist us in this process by informing BIS of any changes to their personal information, such as address, email or phone number.

Storage and security

BIS takes all reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. This includes the following:

• Access to BIS premises is restricted
• Access to BIS data, including personal information, is restricted to authorised employees and suppliers (contractors) on a ‘need to know’ basis
• BIS uses secure bins to dispose of hard copy documents that may contain personal information
• BIS archives documents in a secure facility
• Any documents containing personal information are securely disposed of following the expiry of their retention date.

Sharing

BIS may share personal information with third parties in the conduct of business.

If you are a supplier of goods or services to BIS and personal information is shared with you to support the supply of those goods or services, BIS requires you to maintain the privacy and confidentiality of that information and take all necessary steps to protect it as set out in the Privacy Act 1988. It is your responsibility as a supplier to inform BIS immediately you become aware of a breach of personal information. 

Further specific examples of personal information shared with third parties:

• Software providers where appropriate commercial agreements are in place – when required to assist with software development or issue resolution
• De-identified constituent/Member information is used for training and development purposes.
• To ambulance/hospital staff in an emergency
• Where a constituent/Member has consented to being referred to another service and BIS transmits this referral information on their behalf to the agreed service, such as referral to another service provider related to the services we provide you
• As permitted under the Privacy Act, in an emergency, we will release personal, health and sensitive information about a constituent/Member if reasonably necessary to facilitate their immediate care and safety or that of other individuals
• Where required by external agencies under Commonwealth or State legislation

Where practicable, we will ensure that these other parties are aware of privacy obligations.

Privacy Officer

BIS appoints a Privacy Officer to oversee compliance with this Policy. The Privacy Officer shall be the Company Secretary or another senior position or their delegate within BIS as determined from time to time. The role of the Privacy Officer is to:

• Oversee the operation of, and compliance with, this Policy;
• Advise on the implications of this Policy and its supporting procedures on our operations;
• Examine the effectiveness and appropriateness of our privacy management including our practices, procedures and systems to ensure that they remain effective and appropriate;
• Be aware of imminent changes to privacy legislation and related compliance requirements and make recommendations accordingly;
• Recommend changes to this Policy to the CEO and BIS Board as determined from time to time;
• Be the point of contact for all privacy queries, complaints or disputes for staff, customers, suppliers or other parties; and
• Coordinate our response in the event of a data breach or other significant event indicating non-compliance, including advising the CEO and Board on the recommended course of action as appropriate.

This policy is supported by the BIS Incident & Breach Policy which provides practical guidelines to staff and further information to constituents/Members and stakeholders about the application of our commitment to privacy compliance.

Compliance

We have an obligation to examine the effectiveness and appropriateness of our privacy management including our practices, procedures and systems to ensure that they remain effective and appropriate. We evaluate the effectiveness and appropriateness of our privacy management through:

• Monitor & Review
  Monitoring and reviewing our privacy processes regularly including an assessment of whether our practices, procedures and systems are adequate, current and are being followed

• Document Compliance
  Documenting compliance with our privacy obligations, including records relating to privacy process reviews, breaches and complaints
  

• Measure Performance
  Measuring our performance against the APP’s and our policies and procedures
  

• Create
  Welcoming and creating opportunities for our constituents, Members, volunteers, suppliers, and staff members to provide feedback on our privacy policy (and related procedures) and how you think we are performing

Compliants

The Privacy Officer is the point of contact for all privacy queries, complaints or disputes for staff, constituents/Members, suppliers or other parties. If you have a query about how your personal information is handled, or a complaint regarding potential privacy breaches, please use the following contact channels:

• Ph: 03 9880 6106
• Privacy email – [email protected]

Any breach of this document will result in investigation and possible disciplinary action.

This document is to be periodically reviewed and assessed for effectiveness in consultation with relevant stakeholders.

Document Approval