Privacy Policy
Incorporating the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Privacy Amendment (Notifiable Data Breaches) Act 2017 amending the Privacy Act 1988
Part 1 – Personal Information Handling Practices explains our general information handling practices across Sydney Missionary & Bible College “SMBC” including The Bridge gap year program. We have included information about how we collect, use, disclose and store your personal information.
Part 2 – Files explains our personal information physical file handling practices.
Part 3 – Online explains our personal information handling practices when you visit our websites.
How to contact us
For further information please contact us as follows:
Part 1 – Our Personal Information Handling Practices
This privacy policy sets out how we comply with our obligations under the Privacy Act 1988 (Privacy Act) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Privacy Amendment (Notifiable Data Breaches) Act 2017. The policy is regularly reviewed to provide for new and revised legislation, changes in technology, and changes in systems and processes within SMBC driven by changes in the environment in which SMBC operates. SMBC is committed to ensuring personal information is managed in an open and transparent way in accordance with the Australian Privacy Principles. SMBC will take all reasonable steps in the circumstances to implement practices, procedures and systems relating to our activities that will ensure that we comply with the Australian Privacy Principles.
A copy of this policy is available on our website at http://www.smbc.edu.au or is available upon reasonable request in an alternative form.
A. Collecting Information
- SMBC collects personal information, including sensitive information about students before, during, and following the course of the student’s enrolment. The primary purpose for collecting this information is for enrolment assessment and schooling, and the provision of student activities and services to our current students and alumni.
- SMBC collects personal information from people, including students and alumni, participating in our conferences, fundraising events and other events. The primary purpose of collecting this information is to enable SMBC to enrol participants in a conference / event, and / or to raise funds.
- SMBC collects personal information from our customers during the course of their purchase of our goods and services. The primary purpose for collecting this information is for fulfilment of the purchase request, and /or provision of services, and for the purpose of providing employment and accommodation references to others.
- SMBC collects personal information from job applicants, employers and existing employees and volunteers in order to assess (and potentially) engage, administer, and manage the applicant, employee, contractor, or volunteer.
- Some of the information we collect is to satisfy SMBC’s legal obligations, particularly to enable the college to discharge its duty of care. In the event of a pandemic, SMBC may collect personal health information from all visitors to its campuses, in accordance with public health orders.
- Certain laws governing or relating to the operation of SMBC require that certain information is collected. These include public health laws.
- Information may be collected by way of telephone calls, email, letters, hard copy forms, advertising requests, online forms, third party booking facilities (such as Eventbrite), purchase orders, face to face meetings, and interviews.
Please also note:
- Health information about students is sensitive information within the terms of the Australian Privacy Principles under the Privacy Act 1988 (Privacy Act) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Privacy Amendment (Notifiable Data Breaches) Act 2017. We may ask potential or current students, and potential or current employees, to provide medical reports and/or dietary requirements about themselves from time to time.
- If you provide SMBC with the personal information of others, such as doctors or emergency contacts, we encourage you to inform them that you are disclosing information to SMBC and why, that they can access that information if they wish and that SMBC does not usually disclose the information to third parties.
- If we do not obtain the information referred to above we may not be able to enrol or continue with your enrolment or staff position.
SMBC generally collects the following kinds of personal information:
- Names
- Postal and email addresses and social media accounts
- Phone and fax numbers
- Date of birth
- Gender
- Marital status
- Education and training
- Details about next of kin
- Occupation and employment history
- Attendance and history of involvement in SMBC activities
- Financial details (bank and credit card numbers), donor history, accommodation history
- Photographic images, video clips and sound recordings.
B. Holding and Use of Information
- Information collected is stored in a variety of ways. Sensitive credit card or bank account information required for the completion of purchase transactions is not held by SMBC but passes directly through payment gateways to our bank (Westpac) to enable the purchase transaction to be processed. Other student, employee, and third party information is held in our electronic databases which are hosted on our secure servers, or if physical records are held within our locked cabinets and premises.
Please note:
- If you use the Eventbrite service to book into one of our events you are deemed to be familiar with and consent to the terms of Eventbrite’s Privacy Policy which is available at: https://www.eventbrite.com.au/privacypolicy/
- SMBC uses Xero accounting for aspects of its financial operations. If you are an employee (past or present) of, or provider of services (past or present) to, SMBC then then you are deemed to be familiar with and consent to the terms of Xero’s Privacy Policy which is available at: https://www.xero.com/au/about/terms/privacy/
- SMBC uses Salesforce for aspects of its relationship management. If you interact with SMBC as a student (past or present), conference attender (past or present), service provider (past or present), director (past or present), employee (past or present), volunteer (past or present), church or other Christian body or organisation, then you are deemed to be familiar with and consent to the terms of Salesforce’s Privacy Policy which is available at: https://www.salesforce.com/au/company/privacy/
- SMBC uses Raisely for aspects of its relationship management and fundraising operations. If you interact with SMBC as a student (past or present), donor, conference or event attender (past or present), service provider (past or present), director (past or present), employee (past or present), volunteer (past or present), church or other Christian body or organisation, then you are deemed to be familiar with and consent to the terms of Raisely’s Privacy Policy which is available at: https://raisely.com/privacy
- SMBC uses Stripe for aspects of its relationship management and fundraising operations. If you interact with SMBC as a student (past or present), donor, conference or event attender (past or present), service provider (past or present), director (past or present), employee (past or present), volunteer (past or present), church or other Christian body or organisation, then you are deemed to be familiar with and consent to the terms of Stripe’s Privacy Policy which is available at: https://stripe.com/au/privacy
- SMBC uses Titan for aspects of its relationship management. If you interact with SMBC as a student (past or present), service provider (past or present), or employee (past or present), or use an application or enquiry form via the SMBC or The Bridge websites, then you are deemed to be familiar with and consent to the terms of Titan’s Privacy Policy which is available at: https://titandxp.com/privacy
- SMBC uses Microsoft 365 for aspects of its relationship management and business operations. If you interact with SMBC as a student, employee, or service provider then you are then you are deemed to be familiar with and consent to the terms of Microsoft’s Privacy Policy which is available at: https://privacy.microsoft.com/en-gb/privacystatement
- SMBC uses Google Workspace for aspects of its relationship management and business operations. If you interact with SMBC as a student, employee, or service provider then you are then you are deemed to be familiar with and consent to the terms of Google’s Privacy Policy which is available at: https://edu.google.com/intl/ALL_au/why-google/privacy-security/
- SMBC uses Campaign Monitor to hold and facilitate our current mailing and marketing contact lists. If you interact with SMBC via an email for news, events, study, applications or enquiries then you are deemed to be familiar with and consent to the terms of Campaign Monitor’s Privacy Policy which is available at: https://meetmarigold.com/privacy-notices/#services-notice
- SMBC uses Clicksend for aspects of its relationship management. Clicksend will see mobile number and message content, and will see names when we use lists for group messaging within Clicksend itself. If you interact with SMBC as a student, employee or service provider then you are deemed to be familiar with and consent to the terms of Clicksend’s Privacy Policy which is available at: https://www.clicksend.com/au/legal/
- SMBC uses Zoom to facilitate online learning and interactions within our community. If you use this service, then you will be asked to give some personal information (name and email) to enable your use of Zoom. Students should be aware that your name and email address will be automatically passed to Zoom from Moodle, without asking you. The Moodle integration does this when you click “Join” in Moodle. If you are currently a student, employee or otherwise involved with SMBC and use this service, then you are deemed to be familiar with and consent to the terms of Zoom’s Privacy Policy which is available at: https://zoom.us/privacy
- SMBC uses Turnitin to check student assessments (including examination assessments) against other students’ assessments and other online sources to check for plagiarism. Students studying any unit with assessments will be required to submit work to Turnitin via the Moodle page for their unit. Turnitin gathers students’ name and email to facilitate the use of their product, as well as their assessment content to check for plagiarism. If you are a student studying at SMBC and submitting assessments you are deemed to be familiar with the terms of Turnitin’s Privacy Policy, which is available at: https://help.turnitin.com/Privacy_and_Security/Privacy_and_Security.htm#Privacy_Policy
- Student information is collected and retained for communication and reporting purposes, enrolment assessment and schooling for potential and current students, and the provision of student activities, services and care to our current students and alumni.
- On occasions, information such as academic achievement, student activities, photographs and other news is published (from time to time) in SMBC publications and social media forums, magazines, promotional and appeal material and on our web and intranet sites. If you do not agree to this, it is your responsibility to advise us.
- Information collected, including contact details will only be used by SMBC and not divulged to third parties except:
- when compulsory notification is required by the Australian College of Theology and compulsory notification by government departments; or
- when compulsory notification is required by law; or
- when the potential student, current student, or graduate student consents (or unless the student would reasonably expect that the information collected would be used in this way by SMBC).
- SMBC is unlikely to disclose personal information to overseas recipients, other than for student reference, medical and dietary guidance, and for potential employee or employee references.
- From time to time SMBC engages in fundraising activities. Information received from you may be used to make an appeal to you and market the organisation and its plans, events, and activities. We will not disclose your information to third parties unless required by law, or is a third party provider already listed above, or to resolve a problem with a financial institution in respect of a donor’s donation transaction. This may include anonymous donations where there is a need to trace transaction details in the unlikely event that SMBC needs to resolve a problem for the processing of that anonymous donation.
- From time to time, SMBC may obtain information from third parties about an individual, to be used as a reference for enrolment and/or accommodation assessment or to be used for an employment related purpose.
- From time to time, SMBC may provide information to a third party relating to an accommodation or employment reference including insurance.
- From time to time SMBC may provide information to a third party relating to working with children clearance checks required for the person to participate in College mission and other activities.
- From time to time SMBC may provide information to a third party, who SMBC is partnering with, for the person to participate in an activity and/or event.
- From time to time SMBC may provide information to a third party in respect of a financial transaction for the purchase of goods and services by you, to ensure the efficient resolution and processing of your transaction and provide you with the goods and services you have purchased as soon as possible.
- From time to time SMBC may provide information to a third party in respect of a financial transaction for the purchase of goods and services, where the account payable by you has not been settled and legal and/or collection services are initiated to recover the debt owing to SMBC.
- Student/staff/faculty photos may be used in a student handbook/directory/SMBC social media forum. If you do not agree to this, it is your responsibility to advise us.
Disclosure of information overseas
SMBC employs a cloud-based database and other data management systems, where personal and sensitive information is held in Japan and the United States of America. SMBC takes all reasonable steps to ensure that third parties comply with the Australian Privacy Principles or similar laws and that the privacy of individuals is protected.
Recording Online 'Meetings'
Zoom has a function for recording online meetings held on their platform. Meeting hosts are responsible for obtaining consent from those attending the meetings. Recordings will be stored on servers at SMBC and/or the host's computer.
If you don't want to be recorded, then it is your responsibility to inform the meeting host/lecturer for the meeting/lecture class well before the activity commences.
C. Access and Correction of Information
People may seek access to personal information collected about them by contacting the Chief Operating Officer on the above email address. Please note that basic contact information we hold for our students may be viewed and updated (in need) by accessing our student portal using your SMBC student number and password.
SMBC appreciates your right to accessing, updating and correction of your personal information collected by us, to ensure we are providing you with the information and services you require, other than if access to the personal information by SMBC is:
- reasonably believed by SMBC to pose a serious threat to the life, health or safety of any individual, or to public health or public safety: or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings between SMBC and the individual, and would not be accessible by the process of discovery in those proceedings; or
- giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- giving access would be unlawful; or
- denying access is required or authorised by or under an Australian law or a court/tribunal order; or
- both of the following apply:
- SMBC has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being, or may be engaged in;
- Giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
Dealing with requests for information: SMBC will:
- respond to the request for access to the personal information within a reasonable period after the request is made; and
- give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Other means of access: If SMBC refuses:
- to give access to the personal information because of an exception above; or
- to give access in the manner requested by the individual;
SMBC will take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of SMBC and the individual. Without limiting the subclause above, access may be given through the use of a mutually agreed intermediary.
Access charges
SMBC will not charge you for making a request for access to personal information. A reasonable charge may be made by SMBC for giving access to the personal information if they choose to do so.
Refusal to give access
If SMBC refuses to give access to the personal information by reason of one of the exceptions listed above, or to give access in the manner requested by the individual, SMBC will give the individual a written notice that sets out:
- the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations.
If SMBC refuses to give access to the personal information because of paragraph number 10 above, the reasons for the refusal may include an explanation for the commercially sensitive decision.
Part 2 – Files
Student Files
Purpose
The purpose of our student files (electronic and physical) is to store student related data and information, correspondence, working papers and other documents that relate to our functions to:
- provide advice and guidance to potential students;
- provide advice and guidance to existing students;
- manage application information, including references;
- store enrolment related information;
- management and administration of educational classes, tuition within and outside of our campuses.
- store academic record and graduation related information and correspondence required by educational accrediting bodies;
- provision of student services, including catering services, residential accommodation and accommodation history references;
- administration and management of financial items processed relevant to potential and existing students;
- emergency contact directions.
Collection
We collect personal information in our student files directly from individuals or their referees, or from publicly available sources such as websites, social media, or telephone directories.
Use and Disclosure
Personal information in student files is only used for the purpose of administering and managing the education and welfare of our students or potential students, and their networking as alumni and supporters of SMBC, or in exercising our statutory functions to relevant authorities.
The personal information on our files and databases is not disclosed to third parties without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those organisations or individuals, or the disclosure is otherwise required or authorised by law.
Data quality
SMBC maintains and updates personal information in our files as necessary or when we are advised by individuals that their personal information has changed. We will manually update your personal information when you advise us, if a self-service online option isn’t available.
Data security
In accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, SMBC has developed a Data Breach Response Plan. In the event of a data breach, the Data Breach Response team will act with all due diligence to ensure data security.
Files are stored in either password protected electronic media or in locked storage areas in paper form. When no longer required, personal information is files is destroyed / deleted in a secure manner.
The following staff members (and staff members fulfilling these roles in an acting capacity) have access to files on a need to know basis:
- SMBC Board Chair
- Principal
- Vice-Principal
- Chief Operating Officer
- Faculty and Student Care Staff
- Academic Registrars
- Director of Research
- The Bridge program staff
- Technology Team staff
- Library staff
- Records management administrators
Contact Lists
Purpose
We maintain contact lists and databases which include information about individuals, churches, organisations, and suppliers. We use these contact lists to distribute information about our activities and events, and to manage our relationships with these parties.
Collection
We collect personal information directly from individuals, churches, organisations, and suppliers or from publicly available sources such as websites, social media, or telephone directories.
Use and Disclosure
We only use personal information in contact lists for the purpose of managing our stakeholder relations.
Data quality
SMBC maintains and updates personal information in our files as necessary or when we are advised by individuals that their personal information has changed, and a self-service online updating option isn't available. We also regularly audit contact lists to check the currency of contact information. We will remove / modify contact information of individuals who advise us that they no longer wish to be contacted, or only wish to be contacted via a particular method of communication.
Data security
In accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, SMBC has developed a Data Breach Response Plan. In the event of a data breach, the Data Breach Response team will act with all due diligence to ensure data security.
Files are stored in either password protected electronic media or in locked storage areas in paper form. When no longer required, personal information is files is destroyed / deleted in a secure manner.
Routine access to contacts lists is limited to the database administrators who have responsibility for maintaining the contacts lists. Other staff members have access to the personal information in contacts on a need to know basis.
Administrative Files
Purpose
The purpose of personnel records is to maintain current employee information for business and employment related purposes, or where authorised or required by law. The personal information in these files relates to the employee and may include:
- Application(s) for employment including the employee’s resume(s), covering letter, statement(s) addressing the criteria, and referee reports;
- Notes from the selection committee during the selection process;
- The employee’s employment contract, and other records relating to their terms and conditions of employment;
- Details of financial and other personal interests supplied by some employees and their immediate family members e.g provided for loan applications;
- Proof of Australian citizenship;
- Certified copies of academic qualification(s);
- Records relating to the employee’s salary, benefits, and leave;
- Medical certificates or health or dietary related information supplied by an employee or their medical practitioner;
- Contact details;
- Taxation details;
- Superannuation details;
- Accommodation booking histories;
- Information relating to the employee’s training and professional development;
- History of involvement with SMBC activities;
- Photographic images, video clips and sound recordings.
The purpose of keeping records on candidates for employment (“Applicant files”) is to allow us to assess the suitability of candidates for future employment by SMBC.
Collection
SMBC generally collects personal information directly from employees and applicants, but may also collect personal information from intermediaries such as recruitment agents, online booking providers, personal providers, and via publicly available sources.
SMBC may also collect personal information about employees and applicants from third parties, where it is relevant to the selection process.
Use and Disclosure
Personal information in personnel files is only used for the purpose of maintaining current employee data and information for business and employment related purposes. We only use personal information in applicant files for the purpose of assessing and processing applications for employment. We don’t give personal information held in these files to other organisations or other third parties without consent, unless the individual would reasonably expect or has been told that information of that kind is usually passed on to organisations or individuals, or else this disclosure is otherwise required or authorised by law.
Data quality
SMBC maintains and updates personal information in our personnel and applicant files as necessary, or when we are advised by individuals that their personal information has changed.
Data security
In accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, SMBC has developed a Data Breach Response Plan. In the event of a data breach, the Data Breach Response team will act with all due diligence to ensure data security.
Files are stored in either password protected electronic media or in locked storage areas in paper form. When no longer required, personal information is files is destroyed / deleted in a secure manner.
Personnel files are stored in locked cabinets in paper form. Previous employee files are archived in boxes and stored in a locked storage area. Personal information relating to payroll is stored in a locked storage area, when not held electronically in our Xero accounting software. Refer to the terms of Xero’s Privacy Policy at: https://www.xero.com/au/about/terms/privacy/.
Applicant files are filed and stored on password protected electronic media, and the paper form locked in storage areas. These paper files are stored for seven years and then destroyed in a secure manner or deleted.
The following staff members have access to personnel and applicant files on a need to know basis:
- SMBC Board
- Principal
- Chief Operating Officer/Executive Assistant of the Chief Operating Officer
- Finance Officer
- Accounts Payable Officer
- Payroll Officer
- Library Staff
Part 3 – Online
Collection
It is our usual practice to collect information about all visitors to our online resources.
Sometimes we use third party platforms to deliver information e.g. library services; social media sites. These are sites hosted and managed by organisations other than ourselves. Before deciding if you want to contribute to any third party site you should read their privacy policy.
There are several methods we use to collect visitor behaviours on our online platforms. We use Google Analytics on our website(s). Information and data collected through Google Analytics is stored by Google on its servers. If you would like to opt out of the collection of information via Google Analytics, Google offers the Google Analytics Opt-out Browser Add-On. For those wishing to avoid tracking in general, you may consider enabling Tracking Protection in your browser, e.g. Firefox's Enhanced Tracking Protection (https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop), and/or using a browser add-on like uBlock Origin (https://ublockorigin.com/), which can block a broad range of unwanted content and tracking.
When you visit any of our online resources, our metric tools may collect the following information about your visit for statistical purposes:
- IP address
- The date, time and length of your visit to the site
- The pages, documents and media accessed during your visit
- The links on our site that you clicked on
- The type of browser used
We record this data to maintain our server and to improve the services we provide. We don’t use this information to personally identify anyone, except in the case of malicious use.
If you are creating a user account or making a purchase, donation or conference registration on our website, we will collect the following information:
- Name
- Email
- Hashed Password
- Any further contact details you provide, including address or phone
- Any further personal information you provide
Please note that full sensitive credit card or bank account information required for the completion of purchase transactions will not be stored with SMBC as outlined in Part 1.
Cookies
Most of our online platforms use sessions and cookies. The core functionality on these platforms will be largely unaffected if you disable cookies in your browser but you may be unable to access some advanced functions.
Use and Disclosure
We do not give personal information collected online to other organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those organisations or individuals, or the disclosure is otherwise required or authorised by law.
Data quality
SMBC will delete or correct any personal information that we hold about you on request.
If you are on one of our automated email lists, you may opt out of further contact from us by clicking the ‘unsubscribe’ link at the bottom of the email.
Data security
In accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, SMBC has developed a Data Breach Response Plan. In the event of a data breach, the Data Breach Response team will act with all due diligence to ensure data security.
There are inherent risks in transmitting information across the internet. We do provide HTTPS encrypted connections for our online platforms where you are asked to enter personal information.
We don’t have the ability to control the security of information collected and stored on third party platforms that you may access through our website, including payment gateways and social media sites. In relation to our own servers, we take all reasonable steps to manage data stored on our servers to ensure data security, including but not limited to:
- Physical security of onsite servers
- Server monitoring
- Secure storage of access passwords
- Security protocols to mitigate threat of brute-force attacks on access to servers.
- Hashing of user passwords
The SMBC website may contain links to third party websites. SMBC is not responsible for the privacy practices of these sites.
Effective 28th November 2023
back to Store