Bethany Community Support Inc. (Bethany) is committed to protecting personal and sensitive information of individuals, children and families who access our services, donors and stakeholders, current and potential employees, Board Directors, volunteers, students and contractors. Information is managed in accordance with State and Commonwealth privacy laws. These laws govern how we collect, use, store and disclose personal and sensitive information.
If any of our services need to collect health information, our procedures are subject to the Health Records Act 2001 (Vic).
What and why we collect information from you
Bethany only collects, stores, uses and discloses personal information necessary to provide services to you or to comply with legislative, statistical, regulatory and reporting requirements.
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable. This may include:
- your name
- home address
- date of birth
- email address
- contact number
- emergency contact details
- notes recorded by your worker
- bank account details
- images and recordings
- other family members details including children, partners, carers, dependants and other authorised representatives
Sensitive information is a subset of personal information and it means information, or opinion, about your:
- racial or ethnic origin
- religious beliefs or affiliations
- philosophical beliefs
- membership of a trade union
- sexual preferences or practices
- criminal record
Health and wellbeing is information or an opinion about:
- the physical, mental or psychological health (at any time) of an individual
- drug and alcohol history
- a person’s wellbeing needs (at any time) – physical, mental, emotional and social health factors
- medical health identification numbers (i.e. Medicare)
- a disability (at any time) of an individual
- a health service provided, or to be provided to an individual
- an individuals expressed wishes about the future provision of health and wellbeing services to them
Bethany collects and uses personal information only for the primary purpose of collection, or for the purposes which are directly related to one or more of Bethany’s functions or activities. This may include:
- an enquiry about one of our services or to provide advice to you about available support
- referral to a Bethany service
- the provision of any Bethany service
- to communicate with you via phone, email or messaging services
- to respond to requests for information
- managing complaints and feedback
- employment and recruitment activities of prospective employees and the engagement of volunteers and contractors
- community development, and fundraising activities
- ensuring the care, educational needs, health or safety of an individual.
Bethany may collect sensitive information about you where you consent:
- to the collection of such information
- the collection is required or authorised by law
- the collection is necessary for research or the compilation or analysis of statistics relevant to government welfare or education services
- the information being collected relates to an individual’s racial or ethnic origin and the purpose for the collection is to provide government funded targeted welfare or educational services
- there is no reasonably practicable alternative to collecting the information for either purpose.
How Bethany collects your information
Bethany collects personal information from you via:
- when we meet with you face to face
- when you fill in a form
- when you apply for a position of employment
- in writing
- our websites or social media platforms
- referrals from other organisations to provide services to you
- where you have given us permission to collect information from someone else e.g. another support service.
Bethany collects this information to assess what assistance you require and whether we can provide that support or service.
Bethany staff will tell you they are collecting your information and ask your consent to do so. This is usually provided in writing, but can be provided verbally.
Where Bethany collects personal information about you from someone else, we will take reasonable steps to ensure that you are made aware of this, unless making you aware of the matters would pose a serious threat to the life or health of any individual.
You can choose not to provide information requested or choose to remain anonymous however, Bethany may not be able to provide some or all services to you because of our legal, regulatory or funding body requirements. Your Bethany staff member will be able to discuss this in more detail when you first access one of our services.
Collection of online information
Bethany will collect information from you via internet browsing, social networking services and when you provide information via our website.
Information collected from the Bethany website may include:
- date and time of visit
- pages viewed
- online forms you fill in
- information downloaded
- applications completed
- the searches you make
- information about the device used to visit our website and
- IP address
- your interactions with us.
Social networking services will handle your personal information for its own purposes and will have their own privacy policies. You access the privacy policies for these services on their websites.
How and why we may share your information
If you are working with more than one Bethany service, your information may be shared if it means providing you a better service.
We may disclose your personal information to external agencies, other organisations or individuals including:
- if we have your consent to do so
- if we are required or authorised by law such as in the case of suspected or actual child abuse/harm or other matters of a serious or criminal nature as outlined in relevant legislation
- if it will prevent or lessen a serious threat to the life, health, safety or welfare of an individual
- where there is reasonable belief a child or young person is at risk of harm
- responding to a court subpoena request or police warrant
- government departments or agencies who provide funding for Bethany services
- incidents which occur during service delivery and resulted in harm to you
- contractors, software and service providers who manage some of the services that we offer you. We take steps to ensure that they comply with privacy laws when they handle or store your information and they are authorised only to use the personal information in order to provide the services or to perform the functions required by Bethany
- where a software or service provider stores information overseas, we will ensure that they have privacy protections substantially similar to Australian privacy laws
- other regulatory bodies
- referees or former employers of applicants who have applied for Bethany positions
- professional advisors including auditors, accountants and lawyers
Bethany does not provide your information to any marketing body.
Information sharing under the Information Sharing Legislation
Bethany is an Information Sharing Entity (ISE) under both the Child Information and Family Violence Information Sharing Schemes and as a RAE (Risk Assessment Entity) under the Family Violence Information Sharing Scheme.
This means we may disclose personal information for the purpose of assessing or managing family violence risk to children and adults; or to manage and promote a child or a group of children’s wellbeing and safety. Under these current laws, information may be shared without consent in relation to:
- Child victim survivors
- Alleged perpetrators (for a family violence assessment purpose only); or Perpetrators (for a family violence assessment or protection purpose only)
- A child or a group of children whose wellbeing is at risk.
This will depend on the service you are accessing and you will be advised if this applies to you.
Reporting & Auditing
It is sometimes necessary to disclose non-identifying information (that is information that has had your personal information removed so you cannot be identified), for the purpose of:
- program evaluation
- quality auditing processes
- reporting statistical data to funding bodies
- internal reviews.
As per our funding and service agreements, Bethany is required to undertake internal audits and participate in external reviews conducted by authorised internal or independent auditors. Bethany takes steps to ensure auditors comply with privacy laws when they undertake their audits.
How we store your personal information
Information is stored in the form of hard copy files, electronic files and/or on an electronic database. Bethany will ensure any information stored digitally will comply with privacy laws. Bethany will ensure any information recorded and stored electronically complies with Australian privacy laws.
Bethany takes reasonable steps to protect the personal information we hold from misuse, loss and interference from unauthorised access, modification and disclosure.
These steps include reasonable, physical, technical and administrative security safeguards for electronic and hard copy of paper records as identified below:
- lockable filing cabinets in unsecure areas
- physically securing the areas in which the personal information is stored
- not storing personal information in public areas
- building security systems
- using password protection for accessing IT systems and regularly changing passwords
- establishing different access levels so that not all staff can view all information
- server security policies
- using electronic audit trails on databases
- installing virus protection and firewalls
- using an accredited document storage provider for archived files
- awareness of relevant policies and procedures
- Using trusted service and software providers that have privacy protections in place which meet Australian privacy laws
- Data is encrypted at rest and in transit where possible
- Vulnerability scans are conducted to help identify in vulnerabilities in our network or systems
- 2 factor authentication is required to be used by all staff when accessing our systems
- Internet and emails filters are used to prevent malicious content from entering Bethany systems
- All computer and mobile devices have content erased when they are decommissioned.
Government data collection systems
As part of Bethany’s agreements with funding bodies and in order to meet those requirements, Bethany may be required to record your information in a prescribed government database and/or report statistical information in a way that does not identify you.
Your Bethany worker can provide you more information if required.
Bethany will not ask individuals to provide a unique identifier that has been assigned by another organisation to obtain a service unless that is required by law or is directly related to the service.
Trans-border data flows
Much of the information Bethany holds about you is stored electronically in secure data bases and servers which are located within Australia. However, where our software or service providers are located or store data located outside of Australia, we will ensure these software providers have privacy protections in place which are substantially similar to Australian privacy laws.
Use of online platforms for video consultations
Bethany is able to provide counselling, support and therapy services via audio and video consultations using online applications via third party software providers.
These online tools allow you to see and talk to your Bethany worker via a mobile device, video camera, web cam, smart TV or computer screen, exactly as if you were talking to them in person.
Bethany will make every effort to ensure that the privacy and security settings on these platforms protect the confidentiality of your call. However, these online platforms are hosted externally to Bethany so we cannot guarantee the security of video calls.
Your Bethany worker will explain the conditions of use to you and this type of service will only be provided with your consent.
Use of other technologies
Bethany uses various technologies to monitor the safety of staff including the location of Bethany vehicles, CCTV, onsite and remote duress alarms.
If Bethany uses other online platforms or systems in order to deliver you a service, we will make sure that they have security measures in place to meet Australian privacy laws.
Bethany cannot ensure or warrant the security of any information sent to us or received online or via email. Bethany will take all reasonable steps to protect your information once it has been received.
Fundraising, donations and community development
Bethany uses two Customer Relationship Management (CRM) digital platforms called Swift Digital and Salesforce to help create and send newsletters, invitations, receipts, updates and communications,
When you consent to receiving news and updates from us or make a donation, Bethany will disclose your information to these digital platforms who may store your personal information overseas. Further information regarding Swift Digital and Salesforce’s privacy practices can be found on their websites.
For donations, we may also need to share your information with our banks for the purpose of processing donations.
You will be offered the opportunity to ‘opt out’ if you do not wish to receive this information. You can also contact Bethany on 03 5278 8122 if you prefer not to receive future communication from us.
Access and correction of personal information
Bethany takes care to ensure the information collected from you is accurate, up-to-date and complete. Where you do not believe your information is correct you can ask for corrections to be made. If you wish to access your personal information and/or to correct any errors, please contact the Privacy Officer (details below). You will be required to provide as much detail as you can in order to help us retrieve it. Proof of identity will be required as it is necessary to ensure that personal information is only provided to the correct individuals and the privacy of others is not undermined. You may be required to meet with us to access and view your information.
Bethany will take all reasonable steps to provide access to requested information within 30 days of the request. In general, access will be denied where:
- the request does not relate to the personal information of the person making the request
- providing access would pose a threat to the life or health of any individual
- providing the information would have an unreasonable impact on the privacy of other individuals
- the request for access is frivolous or vexatious
- the information relates to existing legal proceedings between the organisation and the individual
- providing access would prejudice an investigation of possible unlawful activity
- providing access would be unlawful or denying access is required or authorised by law
- Australian Security Intelligence Office, Australian Secret Intelligence Service or a law enforcement agency performing a law security function asks the organisation not to provide access to the information
- access discloses a commercially sensitive decision-making process or information.
Service users will not be charged a fee to access their personal information or for it to be corrected.
Retention and disposal of information
Bethany will take reasonable steps to maintain and dispose of information in accordance with the Public Records Act 1973 (Vic) and other relevant legislation. Information that is retained will be archived in a certified, offsite high security storage facility. When personal information is no longer required it is destroyed in a secure manner.
Resolving privacy concerns
If you are concerned with how Bethany has handled your personal information, first try to resolve the issue with the person you have been dealing with. If you are not satisfied, you can ask to speak to their supervisor.
Alternatively, you may lodge a complaint regarding a breach of privacy by contacting the Privacy Officer:
T: (03) 52788122 E: firstname.lastname@example.org