Privacy Policy

Introduction

The Catholic Archdiocese of Melbourne (the Archdiocese) comprises parishes, schools, tertiary institutions, health, aged, disability and social services providers and a wide variety of people, cultures and ministries all directed to proclaiming the good news of Jesus Christ.

The Archdiocese is committed to protecting the personal information it collects.

The Archdiocese complies with the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles (APPs) in the Act as well as the Victorian Health Records Act 2001. This Privacy Policy is designed to tell you about the Archdiocese’s practices in relation to the collection, use, disclosure and storage of personal information.

Application of this policy

This policy applies to those agencies and departments of the Archdiocese and its auspiced bodies which do not have their own privacy policy.

The policy applies where personal information is collected, used, disclosed, or otherwise handled by the Archdiocese.

The policy does not apply to records or information held or collected on behalf of or relating to existing and former employees of the Archdiocese.

This policy is not a term of any contract, including any contract of employment. This policy may be varied by the Archdiocese from time to time.

What is personal information?

Personal information is any information, including an opinion, about you or that identifies you or from which your identity can reasonably be determined, whether true or not or and whether recorded in some form or not.

Sensitive information is a subset of personal information which is given additional protection by the Privacy Act and includes information about religious affiliation or beliefs, ethnic origin, criminal record and sexuality. Health information is also sensitive information and its handling in Victoria is also regulated by the Health Records Act.

What personal information does the Archdiocese collect?

The Archdiocese collects and holds personal information that includes (but is not limited to);

  • Your name, address, telephone number, facsimile number, email address and other contact details
  • Date of birth, gender, marital status and occupation
  • Financial information, such as donation history and credit card details, for instance, when you provide such details directly to the Archdiocese or on a collection envelope at your Parish or an online donation form
  • Identification documents, including driver license, passport, Working with Children Check card or proof of age card, your affiliation with and belief in the Catholic Church and your sacramental records, and photographs, videos and news stories in respect of Catholic Church related events and activities.
  • Your affiliation with and belief in the Catholic Church and your sacramental records, and photographs, videos and news stories in respect of Catholic Church related events and
    activities.

Why does the Archdiocese collect personal information?

The Archdiocese collects and holds personal information for various reasons (which we generally
notify to you at the time of collection), including the following primary purposes:

  • to administer the sacraments and to provide spiritual and pastoral care,
  • to place your contact details on mailing lists and in computer databases in order to provide you with information about Catholic Church related activities, workshops, lectures,
    seminars, retreats, events, issues and initiatives,
  • to provide services or goods to you or a person nominated by you,
  • to seek, receive and administer offerings and donations from you,
  • to enable the Archdiocese to provide services,
  • to assess your employment and volunteer application, and to manage our volunteers.

Consequences of not providing personal information

If you do not provide us with your personal information or the information you provide is incomplete or inaccurate, we may be unable to provide you or a person nominated by you with the information, services or goods you or they are seeking.

How does the Archdiocese collect personal information?

The Archdiocese’s usual practice is to collect personal information directly from application forms and registration forms completed by you or your guardian/responsible person, from face to face meetings, interviews, telephone calls, via our web site or by some other method (such as by post or
email).

In the case of children, personal information will ordinarily be collected from their parents or guardians, unless specific and/or unusual circumstances require that the collection be made directly from the child.

In addition to collecting personal information from you, sometimes the Archdiocese collects personal information from a third party if it is unreasonable or impracticable to collect the information from you directly, for example, where the information is provided to the Archdiocese from parishes (for instance, personal information provided when supporting a parish thanksgiving/stewardship program).

In some circumstances you will be able to provide the information requested anonymously or under a pseudonym. However we will need to identify you in many circumstances for example to administer sacraments or to provide you with services or goods.

Your Consent

The Archdiocese requires you to consent to any collection, use or disclosure of your personal information by the Archdiocese either explicitly in writing or orally or implied by conduct. Normally your consent will be implied by conduct.

How will the Archdiocese use the personal information you provide?

In general terms, the Archdiocese uses and discloses the personal information you provide for the specific purpose or purposes for which it was collected and for secondary related purposes for which you reasonably expect the Archdiocese to use or disclose your personal information.

Communications to you from the Archdiocese

With your consent we will send you emails or other communications, such as a newsletter, about the Archdiocese and our activities (including information about marketing, promotional, and research purposes), along with communications about Catholic-Church-related activities, workshops, lectures, seminars, retreats, events, issues and initiatives from time-to-time.

Please be aware that you are free to “unsubscribe” to any publication or marketing or promotional communication that you receive from the Archdiocese at any time. All newsletters sent include an unsubscribe link the footer of the email.

Does the Archdiocese disclose personal information to anyone?

The Archdiocese may disclose your personal information in a number of circumstances, for instance:

  • where you have consented to us doing so (by way of example, in providing us with your contact details, you may have consented to the Archdiocese providing those details to
    another group, such as your parish),
  • where required or authorised by law (for instance, in response to a subpoena or other court order), or
  • to consultants, advisers or other third parties (in Australia or overseas) where that party has been contracted to provide administrative or other services to the Archdiocese (and on the basis that that third party agrees to abide by this Privacy Policy).

Cross-border disclosure

Personal information will only be disclosed by the Archdiocese to recipients outside Australia with your express consent (on being informed that we will not be taking reasonable steps to ensure the overseas recipient will handle your information in the same way the Archdiocese is required to) or we reasonably believe that:

  • the information will be subject to protections which are substantially similar to those
    afforded by the APPs; and
  • there are mechanisms available to you to enforce such protections.

Where the Archdiocese does disclose personal information to recipients outside Australia, the recipients are likely to be located in countries including Italy, Canada, United States of America, New Zealand and the United Kingdom.

Management and security of personal information

The Archdiocese takes all reasonable precautions to safeguard your personal information from loss, misuse, interference, unauthorised access, modification or unlawful disclosure. These steps include restricted access to the Archdiocese offices and other areas where personal information is stored, and in computer files that can be accessed only by authorised individuals using login names and passwords.

All agencies and departments are required to do the same.

The Archdiocese stores your personal information in servers located in Australia.

Personal information will be retained by the Archdiocese while it can use or disclose that
information for a legitimate purpose under the APPs. When it can no longer use or disclose the personal information for such a purpose, the Archdiocese will take reasonable steps to destroy or de-identify that personal information, where it is lawful for it to do so.

Correction of Personal Information

The Archdiocese will take reasonable steps to update or correct, any personal information we hold about you to ensure it is accurate, complete, up-to-date, relevant and not misleading if we are satisfied this is required or if you request us to do so. Please let us know when any of your details change so that we can ensure your personal information is kept up to date. The Archdiocese will take reasonable steps to ensure the information is accurate as well as responding to correction requests.

If you wish to change or modify your personal information, you should make a request in writing to the Privacy Officer. Your written request should set out the changes that you wish to be made. You may request that the amended information be forwarded to other related organisations. Your written request should name the organisation to which you want the
information forwarded. We will need to verify your identity before we make the changes. If we do not agree that some or all of the changes you have requested are required, we will let you know of our reasons for this in writing and how to complain if your are not satisfied with the decision.

Access to personal information

You may request access to personal information that the Archdiocese holds about you (using the Archdiocese’s contact details below).

The Archdiocese will respond to all requests for access within a reasonable period and usually within 30 days. the Archdiocese may need to verify your identity before providing you with access or correcting your personal information.

The Archdiocese will generally provide access unless an exception in the Privacy Act or the Health Records Act applies. If the Archdiocese refuses your request, we will let you know our reasons for this in writing and how to complain if you are not satisfied with the decision.

Notifiable Data Breaches

The Archdiocese of Melbourne adheres to The Australian Privacy Amendment (Notifiable Data Breaches, NDB) Act 2017.

If you believe that a data breach has occurred in relation to your personal details please contact the Archdiocesan Privacy officer providing details and circumstances of the data breach.

The advised breach will be investigated immediately and you will be informed of remedial action to be undertaken. If the breach constitutes a Notifiable Data Breach under The Australian Privacy Amendment Act 2017, the Office of The Australian Information Commissioner (OAIC) will be informed as soon as practicable of the breach and provided with the full circumstances and remedial action undertaken by the Archdiocese.

Questions or complaints

If you have any questions or concerns about this Privacy Policy, you wish to lodge a request to access or correct your personal information, or if you have a privacy complaint, please contact the Archdiocese Privacy Officer at:

Email: privacyofficer@cam.org.au
Telephone: +61 3 9926 5677
Post: PO Box 146, East Melbourne Vic 8002 Australia

If you make a complaint, the Archdiocese will review and investigate it internally and will endeavour to resolve your issue efficiently.

If you are still not satisfied with the response you can make contact with the Office of the Australian Information Commissioner (OAIC) on 1300 363 992 to inquire about your privacy rights, or visit www.oaic.gov.au for more information about how to lodge a complaint. The OAIC has the power to investigate the matter and make a determination.

Changes to this Privacy Policy

The Archdiocese may, from time to time, update or change this privacy policy to ensure that it reflects the acts and practices of the Archdiocese as well as any changes in the law. Any changes will take effect from the time that they are posted online.

Please check periodically, and especially before you provide any personal information.

More Information

For more information about privacy, you may contact the Office of the Australian Information

Commissioner at:
Email: enquiries@oaic.gov.au
Telephone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001 Australia
www.oaic.gov.au