This Policy applies to St Alfred’s Anglican Church, Blackburn North (referred to as “the Church”, “we”, “our”, “us”). The word “individual” refers to a parishioner, or any other person with whom we come into contact. This Policy outlines the Church’s obligation to manage and protect the personal information we hold about individuals.

The Church is bound by the Australian Privacy Principles (‘APPs’) contained in the Privacy Act 1988 (C’th) (‘Privacy Act’). ‘Personal information’ is information or an opinion relating to an individual, which can be used to identify that individual. Some personal information, which we collect, is ‘sensitive information’. Sensitive information may include information relating to a person’s racial or ethnic origin, criminal record and may also include health information about an individual.

1. How we collect personal information

We generally collect personal information directly from the individual. For example, an individual may deal with us on the phone, send us correspondence (by letter, fax or email) or contact us in person. Also, the Church will collect personal information from forms filled out by individuals, interviews, and from other people. Typically, the type of personal information we collect about the individual includes name, age, date of birth, occupation, mailing address, phone numbers, email address and other information that is relevant to the services we provide.

We may require that an individual give us their name as part of collecting their personal information. We will only do this where the purpose for the collection of the information requires the name of the person providing the information. If we do not specifically require an individual’s name as part of a collection then that individual has the right to give us their name, to remain anonymous, or to provide the information under a pseudonym.

In some circumstances the Church may be provided with personal information about an individual from somebody else, for example a referral from another person. Where this happens, the Church will take reasonable steps to ensure that the individual is or has been made aware of the matters set out in this Privacy Policy.

If the personal information we request is not provided, we may not be able to process an individual’s application to join the Church, or provide individuals with the benefit of our services, or meet an individual’s needs appropriately.

2. About whom do we collect personal information?

The type of information we may collect and hold includes (but is not limited to) personal information about:

  • parishioners; and
  • other people with whom we come into contact.
  • Donors of money where receipts are required for taxation purposes.
  • Staff members and employees.

3. Why does the Church collect personal information?

The Church collects personal information for the following purposes:

  • to provide personal ministry services to its parishioners, and to other persons seeking assistance;
  • to prepare the Church Directory (of parishioners);
  • to issue receipts for tax deductible donations;
  • to help us manage and enhance our services;
  • to fulfil our obligations as an employer.

4. How might we use and disclose personal information?

When we refer to “use” of personal information, we mean use within the Church, for the purposes outlined above. When we use the word “disclose”, we mean providing the information to persons outside the Church.

The Church may use and disclose personal information for the primary purposes for which it is collected, for reasonably expected secondary purposes, which are related to the primary purpose and in other circumstances authorised by the Privacy Act. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or where certain other limited circumstances apply (e.g. where required by law).

We use and disclose personal information for the following purposes:

  • to provide personal ministry services to our parishioners;
  • to provide personal ministry services to other persons who may seek our services;
  • to provide individuals with the Church Directory (if prior consent is obtained); to comply with our legal obligations; and
  • to help us manage and enhance our services.

We do not disclose personal information we collect to others for the purpose of allowing them to direct market their products and services. We do not use or disclose sensitive information for direct marketing purposes.

We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about you except for the specific purpose for which we supply it.

In relation to sensitive information held by us, wherever possible, the Church will attempt to de-identify the information. We also undertake to delete all personal information about an individual when it is no longer needed or relevant.

5. To whom might we disclose personal information?

We may disclose personal information to:

  • other parishioners;
  • consultants we engage; organisations involved in a transfer or sale of all or part of our assets or business (including accounts and trade receivables);
  • regulatory authorities, if required by law; and
  • anyone else to whom the individual authorises us to disclose it.

We also collect personal information from these organisations and individuals, and deal with that information in accordance with this Policy.

6. Sending information overseas:

We will not send personal information to recipients outside of Australia without:

  • obtaining the individual’s consent (in some cases this consent will be implied); or
  • otherwise complying with the APPs.

7. Social Media

St Alfred’s maintains a presence on some social media websites. Users of those websites are able to upload content, including personal information, to the portions of those websites associated with St Alfred’s. St Alfred’s will not request or require any person to upload personal information to social media websites. St Alfred’s will not record or collect any personal information uploaded to social media websites. Users of social media websites are strongly advised to familiarise themselves with the privacy policies of those websites before uploading any personal information to those websites.

8. Management of personal information

The APPs require us to take all reasonable steps to protect the security of personal information. The Church’s personnel are bound by a confidentiality agreement to respect the confidentiality of personal information and the privacy of individuals.

The Church takes reasonable steps to protect personal information held from misuse and loss and from unauthorised access, modification or disclosure, for example by use of physical security and restricted access to electronic records. All personal information contained in hard copy documents held by the Church are stored in locked cabinets. All personal information stored on the Church’s computer system is backed up weekly, and back-up copies are held in a secure location.

Where we no longer require the personal information for a permitted purpose under the APPs, we will take reasonable steps to destroy it.

9. Identifiers

We will not use identifiers assigned by the Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes.

10. How do we keep personal information accurate and up-to-date?

The Church takes reasonable steps to ensure that the personal information it holds is accurate, complete and up-to-date. It is the Church’s policy and practice to update the information it holds about individuals every 12 months, to ensure that the information is accurate. We encourage individuals to contact us in order to update any personal information we hold about them. Our contact details are set out below.

You have the ability to gain access to your personal information. Subject to the exceptions set out in the Privacy Act, individuals may gain access to the personal information which the Church holds about them by contacting the Church Privacy Officer. If we refuse to provide the information, we will provide reasons for the refusal and inform the individual of any exceptions relied upon under the Privacy Act. (See the notes at the end of this document.)

An individual’s request for access to his/her personal information will be dealt with by allowing the individual to look at his/her personal information at the offices of the Church. We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access. We will advise the likely cost in advance whenever practicable.

11. Updates to this Policy

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and the changing business environment.

12. Enquiries

If you have any questions about privacy-related issues please contact the St. Alfred’s Privacy Officer.

13. Notes