Privacy Policy

}
  • Policy owner: General Counsel (Legal)
  • Policy applies to: The Catholic Archdiocese of Melbourne (the Archdiocese). It does not apply to our Parishes, Corpus Christi College, Catholic Theological College, Catholic Social Services Victoria, the Tribunal of the Catholic Church Victoria and Tasmania or the Catholic Development Fund.
  • Approval authority: Executive Director Stewardship
  • Approval date: 02 June 2025
  • Next policy review date: April 2027
  • Related legislation, policies, procedures and guidelines:
    • Privacy Act 1988 (Cth)
    • the Australian Privacy Principles
    • Health Records Act 2001 (Vic)
    • Clergy Records Management Policy (to be finalised)
  • Version control: Version 1.0 published in 2018 has been replaced with Version 2.0 to reflect changes to the Privacy Act and Privacy principles.

On this page:

Disclaimer

This document is not a term of any contract, including any contract of employment. This document may be varied by the Archdiocese of Melbourne from time to time. Other Dioceses may reproduce this publication for bona fide purposes free of charge without seeking permission of the Archdiocese of Melbourne. Other Dioceses seeking to adopt this document are advised to consult with a canon lawyer and their diocesan Bishop to ensure that the document operates consistently with canon law and relevant local decrees and/or arrangements.

The Archdiocese of Melbourne has had the benefit of its own advisers in the preparation of this document. However, the Archdiocese of Melbourne does not accept responsibility for reliance upon this document outside of the Archdiocese of Melbourne or gives any warranties or makes any representation concerning the accuracy, completeness, lawfulness or up-to-date nature of the information provided and any person adopting all or part of this document does so at their own risk.

Introduction

The Catholic Archdiocese of Melbourne (the Archdiocese) is committed to safeguarding the privacy and confidentiality of personal information entrusted to us. In line with our Catholic values of respect for human dignity and the common good, we adhere to the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and the Victorian Health Records Act 2001 (Vic) (where applicable to us) (Health Records Act) to ensure that all personal information we collect, use, disclose, and store is handled with the utmost care and integrity.

As stewards of the trust placed in us, we recognise the importance of privacy as a reflection of the respect we owe to every individual, as echoed in the Gospel of Matthew: “Do to others whatever you would have them do to you” (Matthew 7:12). This Privacy Policy outlines our commitment to protecting personal information in a manner consistent with these principles and in full compliance with applicable laws.

What is personal information?

Personal information is any information or opinion about an identified individual or an individual who is reasonably identifiable, whether true or not or and whether recorded in some form or not.

Sensitive information is a subset of personal information which is given additional protection by the Privacy Act, and includes information about religious affiliation or beliefs, ethnic origin, criminal record and sexuality. Health information is also sensitive information and its handling in Victoria is also regulated by the Health Records Act.

Who is the ‘Archdiocese’?

In the context of this Framework, Catholic Archdiocese of Melbourne (the Archdiocese) refers solely to the operational governance and management structure that supports the day-to-day administration of the Archdiocese (sometimes referred to as the Chancery or specific locations such as Cardinal Knox Centre, St Patrick’s Centre, the Catholic Bookstore).

This Framework does not apply to our parishes which may have their own privacy policies. However, it does apply to our handling of parishioners’ personal information, including for the purpose of us providing administrative and other services to our parishes.

What personal information does the Archdiocese collect?

The types of personal information the Archdiocese collects and holds about you depends on the dealings you have with us and our parishes. This generally includes your full name and contact details (street address, email address and phone number) and sacramental details (where applicable), and may also include, depending on the dealings you have with us or a parish:

  • donors: date of birth, information pertaining to your relationship with the Catholic Church, and financial information (such as donation history and credit card details, for instance, when you provide such details directly to the Archdiocese or on a collection envelope at your parish or an online donation form);
  • parishioners: any information the parish collects about you, such as information relating to your involvement with the parish (and this may include sensitive information);
  • people to be married in the Church: date of birth, sex, gender, and marital status;
  • online bookshop customers: billing details;
  • employees, contractors and consultants of the Archdiocese or parishes: emergency contact information, date of birth, gender, nationality, marital status, bank account details, tax file number, superannuation details, work eligibility status, medical information (including COVID vaccination status), Working with Children Check card, National Criminal History check details, resume, complaints information, education, identification documents (such as driver licence, passport, proof of age card) and Australian Catholic Ministry Register number (for clergy). Records relating to clergy may be subject to additional governance requirements under Canon law and diocesan policies (such as the Clergy Records Management Policy).
  • Archdiocese and parish volunteers: emergency contact information, date of birth, gender, nationality, marital status, medical information (including COVID vaccination status), Working with Children Check card, National Criminal History check details, resume, complaints information and education, and identification documents (such as driver’s licence, passport, and proof of age card);
  • job applicants and applicants for priesthood: employment history and qualifications, academic records, references, personal alternative contact details, results of psychometric testing, medical records (for applicants for priesthood) and criminal history record;
  • event attendees: dietary information; photographs, videos and news stories in respect of your attendance at Catholic Church related events and activities;
  • complainants: date of birth and information relevant to the complaint (for example, health information, employment information and education); and
  • petitioners: information relating to your petition.

    How does the Archdiocese collect personal information?

    The Archdiocese collects personal information:

    • from you (or your parent or guardian);
    • from our parishes; and
    • from third parties

    Collection from you (or your parent or guardian)

    The Archdiocese collects personal information directly from you through application forms and registration forms completed by you or by your guardian/responsible person; from face-to-face meetings, interviews and telephone calls; via forms on our website; and by other methods (such as by post or email).

    In the case of children and vulnerable persons, personal information will ordinarily be collected from their parents or guardians, unless direct collection is required or authorised by law.

    In respect of employees, we may also collect your personal information indirectly through the conduct of our business and your employment, including (in accordance with our policies in place from time-to-time) but is not limited to, collection via CCTV footage, mobile phone records, emails, files and cache files.

    Collection from our parishes

    The Archdiocese provides administrative and other services to our parishes and collects personal information from our parishes to provide these services (see the section of this policy entitled ‘Why does the Archdiocese collect, hold and use personal information?’). Any personal information you provide to a parish may be collected by us.

    Collection from third parties

    In addition to collecting personal information from you and from our parishes, sometimes the Archdiocese collects personal information from third parties. These third parties differ depending on the dealings you have with us, and may include third parties who interact with us on your behalf, referees (in respect of job applicants), complainants, investigators, health professionals, the National Redress Scheme, and third parties that provide working with children and criminal history checks. We may also collect personal information from public sources.

    Collection of information via our website

    When you visit our website, we may use ‘cookies’ or other similar tracking technologies that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, mobile phone or other device. You can disable cookies through your internet browser, but if you do, our website may not work as intended for you.

    Whilst we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit, search engine referrals, and the internet protocol (IP) address assigned to your computer.

    Our web pages may contain electronic images, known as web beacons. These electronic images enable us to count users who have visited certain pages on our website. Web beacons are not used by us to access your personal information, but are simply a tool we use to analyse which web pages are viewed in aggregate.

    Consequences of not providing personal information

    In some circumstances you will be able to provide information requested by us anonymously or under a pseudonym. However, in many circumstances we will need to verify your identity, for example, to administer sacraments or to provide you with goods or services.

    If you do not provide us with your personal information, or the information you provide is incomplete or inaccurate, we may be unable to provide you or a person nominated by you with the information, goods or services that you or they are seeking.

    Why does the Archdiocese collect, hold and use personal information?

    The Archdiocese collects, uses and holds personal information for various purposes, depending on the nature of our dealings with you, including:

    • to administer the sacraments and to provide spiritual and pastoral care;
    • to provide you with information about Catholic Church related activities, workshops, lectures, seminars, retreats, events, issues and initiatives;
    • to consider and determine a petition;
    • to provide services or goods to you or a person nominated by you;
    • to provide administrative and other services to our parishes. This encompasses a range of services that assist our parishes to operate, for example payroll, HR, financial advice, supporting thanksgiving programs, and administering sacraments;
    • to seek, receive and administer offerings and donations from you;
    • to enable the Archdiocese to provide or receive goods and services;
    • to comply with our legal obligations (including our obligations under Canon Law);
    • to respond to queries, complaints or claims, including managing claims or litigation initiated by you or others, safeguarding and child protection, and the administration of redress schemes;
    • to assess employment and/or volunteer applications;
    • to oversee and assist with the care of the physical and mental wellbeing of clergy from post-ordination to post-retirement; and
    • to manage our volunteers, employees, clergy and contractors, including our business planning, verifying compliance with our policies and procedures, managing complaints and insurance claims, ensuring the safety of parishioners, and protecting our and our parishes’ business and legal rights.

    Marketing and updates to you from the Archdiocese

    With your consent where required, we may send you emails or other communications, such as newsletters, about the Archdiocese and our activities (including information about marketing, promotions, fundraising and research), along with communications about Catholic-Church-related activities, workshops, lectures, seminars, retreats, events, issues and initiatives, from time-to-time.

    You are free to “unsubscribe” from any publication or marketing, promotional or fundraising communication that you receive from the Archdiocese at any time. All marketing emails sent include an unsubscribe link in the footer of the email, or you can contact our Privacy Officer to do so (details at the end of this policy).

    Does the Archdiocese disclose personal information to anyone?

    The Archdiocese may disclose your personal information in a number of circumstances, for instance:

    • where you have consented to us doing so;
    • to other Catholic Church entities in Australia and overseas where we consider this to be reasonably necessary (for example, where necessary for us or the other Catholic Church entity to administer a sacrament, investigate a matter, or hold an event); and
    • to third parties for the management of claims or litigation initiated by you or others, safeguarding and child protection and for the administration of redress schemes, including:
      • Pathways Response Victoria Ltd ABN 35 654 682 461;
      • Melbourne Archdiocese Catholic Schools Ltd ABN 18 643 442 371;
      • CatholicCare Victoria Limited ABN 51 857 084 361;
      • Australian Catholic Redress Limited ABN 59 629 494 873; and
      • Carelink (as a department of the Archdiocese); and
      • legal practitioners administering the Melbourne Response.

    Personal information may also be shared within the Archdiocese for this purpose;

    • to service providers, consultants, advisers or other third parties (in Australia or overseas) where that party has been contracted to provide administrative, event management, fundraising or other services to the Archdiocese; and
    • where required or authorised by law (including Canon Law).

    Cross-border disclosure

    Some of the recipients listed in the section above (‘Does the Archdiocese disclose personal information to anyone?’) may be located outside Australia. As at the date of this policy, the Archdiocese is likely to disclose personal information to recipients located in Italy, Canada, the United States of America, New Zealand, the United Kingdom, and any other country in which the Catholic Church exists.

    Management and security of personal information

    The Archdiocese takes all reasonable precautions to safeguard your personal information from loss, misuse and interference, as well as unauthorised access, modification or disclosure. These steps include restricted access to the Archdiocese offices and other areas where personal information is stored, and ensuring that personal information stored by us in electronic form are appropriately access controlled.

    The Archdiocese stores your personal information in hardcopy and/or electronically on servers managed by our trusted service providers.

    Personal information will be retained by the Archdiocese while it can use or disclose that information for a legitimate purpose under the APPs. When it can no longer use or disclose the personal information for such a purpose, the Archdiocese will take reasonable steps to destroy or de-identify that personal information, where it is lawful for us to do so.

      Correction of personal information

      If you believe the personal information we hold about you is inaccurate, incomplete or out of date, please contact our Privacy Officer (details at the end of this policy). There may be circumstances where we are not required to amend your personal information, including where an exemption from the APPs applies.

      Access to personal information

      If you wish to request access to the personal information we hold about you, please contact our Privacy Officer (details at the end of this policy). In processing your request, we will comply with our obligations under the relevant privacy laws, noting that we may need to verify your identity before we allow you to access your personal information, and are not required to give you access in prescribed circumstances (including where an exemption from the APPs applies).

      Data breaches

      If you believe that a data breach has occurred in relation to your personal information, please contact our Privacy Officer (details at the end of this policy) providing any known details and circumstances.

      Changes to this Privacy Policy

      The Archdiocese may, from time to time, update or change this privacy policy to ensure that it reflects the acts and practices of the Archdiocese as well as any changes in the law. Any such changes will take effect from the time that they are posted on this page. The date of this policy is listed above.

      How to contact us (including how to make a privacy complaint)

      If you have any questions or concerns about this policy, if you wish to lodge a request to access or correct your personal information, or if you have a privacy complaint, please contact the Archdiocese Privacy Officer at:

      The Archdiocese will investigate your complaint and respond to you as quickly as possible. For further information about making a privacy complaint or the progress or outcome of any investigation, please contact the Privacy Officer using the details above.

      For more information about privacy, or if you are not satisfied with how we have handled your complaint, you may contact the Office of the Australian Information Commissioner at:

      At the heart of who we are is not all the buildings but the person of Jesus Christ, who enters into our lives and who we then share with others.

      Archbishop Peter A Comensoli