Visit our COVID-19 information hub

Read More

Supplier Statement

Baptcare Privacy Policy - Supplier Statement


Baptcare is a not-for-profit organisation that supports children, families, people with a disability, financially disadvantaged people, asylum seekers and older people.

Baptcare values the inherent dignity and equality of all people, regardless of their circumstances. Consistent with this value, Baptcare ​respects and endorses individuals’ rights to privacy and is committed to protecting the privacy and confidentiality of their information.

Baptcare is bound to comply with the Privacy Act 1988 (Cth). The Privacy Act is the primary privacy law applicable to Baptcare. We are committed to complying with the Privacy Act’s Australian Privacy Principles (APPs) whenever we collect and handle personal information (including sensitive and health information).

We are also bound to comply with the following laws:

  • Health Records Act 2001 (Vic): This Act and its Health Privacy Principles (HPPs) apply to Baptcare whenever we collect and handle health information in Victoria.
  • Privacy and Data Protection Act 2014 (Vic): This Act and its Information Privacy Principles (IPPs) apply to Baptcare when we provide statutory services on behalf of the Victorian Government.
  • Personal Information Protection Act 2004 (Tas): This Act and its Personal Information Protection Principles (PIPPs) apply to Baptcare when we provide services pursuant to an agreement with the Tasmanian Government.

Additionally, as a member of relevant industry groups, Baptcare is party to a number of policies and codes that include privacy provisions.

Baptcare follows documented processes that comply with the requirements of current Department of Health and Family Services Accreditation Standards, and other relevant regulatory requirements, and embrace the Australian Privacy Principles and Victorian Health Privacy Principles, as well as complying with those of the Australian Direct Marketing Association (ADMA) and the Fundraising Institute of Australia (FIA).

Open and Transparent

As part of our commitment to the open and transparent management of personal information belonging to our clients and residents, this Policy explains our expectations of suppliers in the handling of personal information.

Supplier Responsibilities

If you are a supplier of goods or services to Baptcare and personal information is shared with you to support the supply of those goods or services, Baptcare requires you to maintain the privacy and confidentiality of that information and take all necessary steps to protect it as set out in the Privacy Act 1988.

Some examples of situations where we may share our residents/clients’ personal information with you are as follows:

  • Software providers. where appropriate confidentiality agreements are in place – when required to assist with software development or issue resolution
  • De-identified client/resident information is used for training and development purposes and provided to third parties regarding clinical and risk indicators
  • To ambulance/hospital staff in an emergency
  • To advise a client’s doctor of an incident or a health concern
  • Referrals on behalf of our clients/residents to a doctor, counsellor, allied health service or other community service
  • As permitted under the Privacy Act, in an emergency, we will release personal, health and sensitive information to others if reasonably necessary to facilitate the immediate care and safety of our clients or residents or that of other individuals.

It is your responsibility as a supplier to inform Baptcare immediately you become aware of a breach of private information. Please see here for the Data Breach notification Information Sheet: Supplier Information Sheet

Anonymity and Pseudonymity

Baptcare provides individuals with the option of not identifying themselves – or of using a pseudonym – where it is practicable to do so.  For example, access to the Baptcare website does not require individuals to identify themselves.

Collection of Personal Information

Baptcare only collects personal information where it is reasonably necessary for the provision of health and care related services (community, family and residential), accommodation (retirement, affordable housing and asylum seeker) and for the purpose of fundraising.

For example, this may include:

  • For billing residents/clients, including the collection of fees
  • For payment of suppliers and reimbursement of employees for business related expenses
  • For corresponding with employees, residents/clients and suppliers
  • To facilitate donations and other forms of financial support from supporters and the public
  • As directed by government bodies relating to funding agreements
  • Where required by legislation

Types of Personal Information Collected

Baptcare’s collection of personal information may include:

  • Personal contact details (name, address, phone number, email address and date of birth) and personal contact details of our residents/clients and their family members
  • Credit card details (number, name on card, expiry date and type of card )
  • Baptcare donor numbers
  • Information required to provide the level of care or service that residents/clients require and to determine the level of funding a resident/client is entitled to receive. This may include next of kin, power of attorney information, medical records and financial information
  • Nationality, cultural background and languages spoken
  • Health information, including nursing, medical, pharmacological, psychiatric and psycho-social diagnoses and histories of both residents/clients, and if appropriate, family members
  • Other types of sensitive information (religious and political beliefs, criminal record, etc) will not be collected unless residents/clients have consented or collection is regarded as necessary for their wellbeing or safety or required by law

Further specific examples of personal information collected:


  • Email address
  • Bank account details


  • Medicare number
  • DVA number
  • Private health insurance provider and policy number
  • Pension status/pension number
  • Assets value
  • A brief history of life experiences, family, interests, likes and dislikes etc to assist staff to engage with the client.

Use of cookies:

Cookies are pieces of information that our website transfers to a computer's hard disk for record keeping purposes. Most web browsers are set to accept cookies. We use cookies to make our clients’ experience of our website and services as convenient as possible. While cookies do not personally identify a user, they do identify the user’s browser.
Cookies are used to estimate the number of customers and determine overall traffic patterns through our website. If clients do not wish to receive any cookies, they can set their browser to refuse cookies.

Collection and Notification of Personal Information

Baptcare will endeavour to collect residents/clients’ personal information directly (unless it is unreasonable or impracticable to do so), including in person, by phone, through our website, and through written correspondence (e.g. via emails or letters).

Other avenues of collection, including via third parties:

  • Information can be collected from family members as part of the assessment process
  • Information may be provided by power of attorney or supportive attorney or other legal representative if the client is not able to provide this personally
  • ACAS (Aged Care Assessment Service) review potential aged care clients and list their details on a secure industry website which may be filtered by providers to identify potential new clients
  • Baptcare Pastoral Care collects information about residents’ cultural and social background to ensure the provision of individualised care
  • The Fundraising and Marketing Department may collect information to facilitate financial support of our programs by the public.

Baptcare may also receive information about our residents/clients from referrers.  Where Baptcare is engaged by the Department of Human Services to provide statutory services on its behalf (Victoria only), any personal and health information collected is held in secure databases provided by the Department of Human Services.  The Department of Human Services also requires Baptcare to comply with the Privacy and Data Protection Act 2014 (Vic) so as to ensure that the department and Baptcare are bound by the same legislative framework.

Use or Disclosure of Personal Information

Baptcare will only use or disclose non-sensitive personal information for the primary purpose for which it was collected, or for a secondary purpose where our residents/clients have either consented or would reasonably expect their information to be used and where the secondary purpose is related to the primary purpose.
If there is any doubt about this expectation, Baptcare will seek consent for the use of the information. Confidentiality agreements will be entered into between Baptcare and third parties where personal information is used or disclosed.

Particular examples of where we use or disclose personal information are:

  • To charge resident/client fees per relevant agreements
  • To determine the appropriate fee/bond for clients
  • To send required correspondence, including monthly policies
  • To collect fees billed
  • To remit funds to suppliers

Disclosure of Personal Information to Overseas Recipients?

We may, in certain circumstances, transfer personal information to organisations outside Australia who are not subject to Australian privacy laws, for the purpose of those organisations providing a service to Baptcare. In such circumstances, we will seek to bind the organisation contractually to comply with Australian privacy laws and take all reasonable steps to ensure that this is observed.

Use of data for direct marketing purposes

Baptcare sometimes collects personal information in order to provide our residents/clients with information and direct marketing materials in respect of our charitable objectives.  This information may be disclosed to other organisations outside Australia to produce printed material and electronic communications. Occasionally, we allow like-minded organisations to contact our residents/clients with information that may be of interest to them, including some organisations outside Australia. In these circumstances, Baptcare requires you to maintain the privacy and confidentiality of our residents/clients’ information and take all necessary steps to protect the information as set out in the Privacy Act 1988.​​

Get in touch


Let us help you, get in touch.

Get in touch