Privacy Policy
PRIVACY POLICY, CATHOLIC PARISHES OF CESSNOCK AND KURRI KURRI.
1. PURPOSE AND DEFINITIONS.
1.1 The purpose of this Privacy Policy (“Policy”) is to set out how the Catholic Parishes of Cessnock and Kurri Kurri (“Parish”, “we”, “us”, ‘it”, “our”) handles information given by or on behalf of you (“you”, “an individual”, “them”, “your”, “yourself”). The objective is to be open and transparent to you about how we manage your Personal Information and respect your privacy. The Parish is a locally self-governing member of the Catholic (or “universal”) Church founded by Jesus Christ and draws its life and mission to spread the Good News of Salvation from Him, under the leadership and direction of the appointed successors of St. Peter. Our functions and activities are directed to being this means of salvation and sanctification for the world.
1.2 The purpose of this Policy is to give you information about:
· The Personal Information including Sensitive Information that the Parish collects;
· How we handle and distribute that information;
· How we protect the privacy of your information;
· How you may access and correct your Personal Information;
· How you may make a complaint about our handling of that information; and
· How we dispose of your information.
1.3 This Policy sets out how we comply with our obligations under the Privacy Act 1988 (Cth.) (the “Act”) as amended, and the Australian Privacy Principles (“APP”) promulgated under that Privacy Act. We are bound by the 13 Australian Privacy Principles which regulate how we may collect, store, use and dispose of Personal Information and how you may access and correct information held about yourself.
1.4 By providing us with your Personal Information you consent to us collecting, storing, using and disposing of your Personal Information according to this Policy.
1.5 “Personal Information” is defined in the Act as: “Information or an opinion about an identified individual, or an individual who is reasonably identifiable :
(a) Whether the information or opinion is true or not; and
(b) Whether the information or opinion is recorded in a material form or not.”.
1.6 “Sensitive Information” is defined in the Act as:
(a) “ Information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual orientation or practices; or
(ix) criminal record;
that is also Personal Information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates.”
1.7 The Parish respects and upholds your right to keep your personal information private and to ensure that it is accurate. We are required by the Act to take such steps as are reasonable in the circumstances to put in place practices, procedures and systems relating to our functions and activities to ensure our compliance with the APP’s and to facilitate your enquiries or complaints about our compliance with the Australian Privacy Principles.
1.8 Our upholding and protection of your privacy under the Privacy Act and APP’s does not mean that these statute sources are the only sources of our obligations to keep your records private. We respect your privacy under the common law (judge-made law--as contrasted to statute law), and also protection under canon law (Church law--such as Canon 220 “No one is permitted to harm illegitimately the good reputation which a person possesses nor to injure the right of any person to protect his or her own privacy”).
2. SCOPE OF THE POLICY AND OUR FUNCTIONS AND ACTIVITIES.
2.1 This Policy applies to the Parish. “Parish” includes our agencies and organisations which are part of that Juridical person (legal entity). Specific to their integral role in the Parish’s mission and the life of the Church, our agencies with particular responsibilities have APP policy documents which set out privacy principles in agreement with this Policy, but which are more clearly expressed relevant to their particular pastoral functions and activities.
2.2 This Policy applies to:
· All workers and employees involved in Parish activities and functions (but not employee records themselves which are subject to the separate coverage and protections in employment contracts);
· Parishioners (whether or not contributing financially);
· Students in Parish schools and their parents or guardians;
· Students involved in Special Religious Education (“SRE”, “Catechism”, “Scripture”) programmes and their parents or guardians;
· Volunteers, contractors and prospective employees of the Parish;
· Enquirers concerning the Catholic faith including those in the Rite of Christian Initiation of Adults (“RCIA”) programme;
· Members of the general public; and
· Any other parties to whom the Privacy Act applies.
2.3 This Policy and the provisions of the Act do not apply to records or information held by us or collected on behalf of or relating to existing or former employees of the Parish.
2.4 This Policy applies where Personal Information is collected and/or used by the Parish.
2.5 The Parish is a not-for-profit entity and undertakes charitable works.
2.6 In carrying out its life and mission as Church, the Parish undertakes the principal activities and functions of:
· Conducting public worship of God;
· Educating and forming people of all ages in the Christian faith in schools or otherwise;
· Preparing people of all ages for and administering the sacraments and rites of Baptism, Reconciliation, Eucharist in the Mass, Confirmation, Marriage, Holy Orders, Consecrated Life, Anointing of the Sick and Funerals;
· Providing Christian welfare and support to individuals, families and groups;
· Ministering to the faithful and providing pastoral care including but not limited to visiting the sick, nursing homes, hospitals, the poor and needy, and the incarcerated;
· Providing formation in Christian virtue;
· Fundraising for these and allied purposes;
· Assessing employment applications and tenders of prospective employees and contractors for these and allied purposes; and
· Other activities related to these activities and functions.
3. SHORT VERSION OF THE DIOCESAN PRIVACY POLICY.
3.1 If you do not want to view the whole Privacy Policy and just want to see our “Collection Notice” then simply click “Collection Notice” in this section. The “Collection Notice” gives you a short summary of:
· The kind of Personal Information we collect, and how we hold, use, disclose, store and dispose of that information including any overseas handling; and
· How you may contact us and what we will do if you want to complain about or correct any Personal Information or a possible breach of our Privacy Policy.
3.2 Here is the “Collection Notice” [button] short version of our Privacy Policy.
4. POLICY CONTEXT.
4.1 The Privacy Act 1988 and this Policy only apply to the collection of Personal Information by us for records whether created or maintained electronically, from our website, database applications, email, or in writing containing Personal or Sensitive Information. A record may be created by or about you as a result of you providing information directly or indirectly such as through interviews or discussions where the information you give is made into a record.
4.2 The Parish will ensure that:
· It meets its legal and ethical duties for the protection of your privacy;
· You are given information about your rights to privacy;
· You are given privacy when you are being interviewed or discussing matters of a personal or sensitive nature; and
· All our personnel understand what is required in meeting these obligations.
5. PURPOSE OF COLLECTING PERSONAL INFORMATION.
5.1 The Parish as part of the universal, i.e. Catholic Church has as its goal the salvation of souls through a personal relationship with the living God. We collect Personal Information for the purposes connected with our mission which was given by Christ Himself. The collection of your Personal Information comes from our principal activities and functions. We collect Personal Information for those purposes including:
· Conducting public worship of God;
· Educating and forming people of all ages in the Christian faith in schools or other contexts;
· Preparing people of all ages for and administering the sacraments and rites of Baptism, Reconciliation, Eucharist in the Mass, Confirmation, Marriage, Holy Orders, Consecrated Life, Anointing of the Sick and Funerals;
· Providing Christian welfare and support to individuals, families and groups;
· Ministering to the faithful and providing pastoral care including but not limited to visiting the sick, nursing homes, hospitals, the poor and needy, and the incarcerated;
· Providing formation in Christian virtue;
· Fundraising for these and allied purposes including but not limited to public subscriptions, school and church building, soliciting bequests, scholarships, endowments and diocesan and parish finance canvass collections;
· When you visit us on the internet and on-line information and services for these and allied purposes;
· To enable us to provide on-line subscription services and referrals to those who have chosen those services
· Co-operation with governments, legal compliance including but not limited to Work Health and Safety (WHS) and Marriage Act 1961 (Cth.) and assisting in law-enforcement;
· Canon law processes;
· Managing our clergy, employees, contractors and volunteers;
· To handle and assess complaints about our conduct;
· Assessing employment applications and tenders of prospective employees and contractors for these and allied purposes; and
· Other purposes related to these activities and functions including but not limited to promotions, newsletters, magazines, bulletins and publications.
5.2 We only collect Personal Information that is reasonably necessary for, or directly related to, one or more of our functions or activities set out in our Privacy Policy and under paragraph 2.6 in particular. Your Personal Information and that of your children if relevant will be used by us for the primary purpose for which it was provided and for other secondary purposes directly related to that primary purpose. Those purposes are usually easily determined by reference to our functions and activities.
5.3 If we conduct on-line collaboration, social media, market research or “church life” or similar surveys, we obtain Personal Information from you. We may also ask for your opinions about our services or workers. We will treat these opinions as Personal Information in accordance with the APP’s if they contain personally identifiable information.
6. HOW WE COLLECT INFORMATION.
6.1 We collect information from you or your authorised representative.
6.2 Sometimes the information we collect about you may already be public information.
6.3 Sometimes the information we collect about you may have come from third parties or be in other documents including but not limited to telephone directories, your internet profile (whether official or incidental), tender documents and curriculum vitaes.
6.4 We collect personal information in various ways such as but not limited to:
· From you in person;
· You providing personal information about yourself and/or your child to us, a parish, a school, or Diocesan welfare agency;
· You providing us with your personal information and documentation relating to possible employment by the Parish;
· You filling out forms, applications and answering questionnaires and giving them to us;
· Your and our exchange of correspondence e.g. letters, facsimiles and e-mails;
· Your and our exchange in telephone conversations;
· You answering questions from us and us recording your answers for yourself or children e.g. enrolment in our schools, joining a parish financial canvass, joining as a parishioner, or fundraising, or you or your child joining a sacramental programme;
· You visiting our web site or those of our parishes or agencies;
· You asking to be placed onto one of our mailing lists;
· You signing up for a programme, course or event;
· You volunteering to perform a ministry function or Church activity;
· You or your authorised representative informing us that you are sick and in hospital, prison, or a nursing home or a seafarer on-ship and need pastoral care, visits or sacraments there or anointing of the sick; and
· You participate in Church events which may be on private land but are public events such as public worship, funerals, meetings and activities such as fetes and you are photographed or videoed there and these are published e.g. photos of first Holy Communion children and families on a parish web site, fundraising activity or youth event such as World Youth Day reported in the Diocesan magazine “Aurora”, a Diocesan web cast of a public lecture you may be attending.
6.5 The Parish may also need to collect Personal Information from other people or organisations. This may be diverse such as but not limited to interstate or other denominational baptismal records, births, deaths and marriage records, funeral information, or previous employers. This information is collected with the person’s consent, except in circumstances allowed by legislation or the common law. Sometimes this may happen without your direct involvement, collected from a third party or publicly available source where it is unreasonable or impracticable to collect the information directly from you.
6.6Some examples of the people or organisations from which we may collect Personal Information about individuals are:
· Non-Government Organisation (NGO’s);
· Publicly available sources of information such as telephone directories and newspapers;
· An individual’s representative such as parent, current spouse, carer, attorney under power of attorney, legal guardian, manager, executor of an estate;
· Employers;
· Government agencies and departments including law enforcement and Courts; and
· Referring agencies/organisations such as St. Vincent de Paul Society, prisoner welfare.
7. PERSONAL INFORMATION THAT WE COLLECT AND HOLD.
7.1 In undertaking our functions and activities we collect Personal Information. The Personal Information that we hold will depend on the nature of the function, activity and ministry. It may include (but is not limited to):
· A person’s name, contact details, residence, date of birth, e-mail address, occupation, and family background;
· Sacramental records;
· Information relating to an application for employment, contract or engagement;
· Any health information required by law;
· Any personal information about you or your children that will enable the Parish to satisfy its duty of care to other individuals with whom you or your child may come into contact in the course of your or your child’s involvement with the Parish;
· Information relating to pastoral care needs;
· Information relating to a child’s enrolment in a Diocesan school;
· Financial records; and
· Any other information about you or your children that may be relevant to the contact that you or your children have with the Parish.
7.2 The Parish will only collect Personal Information to the extent relevant to the relationship it has with each person.
8. YOUR CONSENT.
8.1 We will endeavour to collect your Personal Information directly from you. That is usually done face to face or via our website or some other method such as telephone, facsimile, email or post. Where direct consent is not possible, your consent will be sought prior to collecting your Personal Information from a third party. If your consent cannot be obtained, we will have regard to the requirements and exemptions under the Act before making such a collection.
8.2 In the case of children, Personal Information will ordinarily be collected from their parents or legal guardians, unless specific and/or unusual circumstances require that the collection be made directly from the relevant child.
8.3 For prospective employees, contractors and others engaged by the Parish in paid or voluntary capacities, we may collect Personal Information by speaking with referees or others who have previously engaged you or received your services. We may contact other employers, customers or recipients of your services who have not been nominated as referees. Should this be the case, applicants, contract tenderers and those seeking engagements whether paid or as volunteers will be advised prior to such contact being made.
8.4 In some limited circumstances, contractors who have confidentiality agreements in place with the Parish may have access to your personal information for example lawyers, superannuation providers or computer service providers.
9. CONSEQUENCES OF NOT PROVIDING INFORMATION.
9.1 Information you give us is voluntary. You may or may not give it to us as an exercise of your free choice.
9.2 If, however, we do not have some information, we may not be able to offer particular services or perform particular functions or activities or you may not be able to make the most of our services.
9.3 Some of the functions and activities we undertake require us to have particular information. Particular information may be required under Civil (State or Commonwealth, statute or common law) or Church (canon) law or both. For example, but not limited to these circumstances:
· The Marriage Act 1961 (Cth.) and Births, Deaths and Marriages Registration Act, 1995 (NSW) require particular family information and declarations;
· Canon law requires particular information and individual status (“free to marry”) for a valid Church wedding;
· The Child Protection (Working With Children) Act, 2012 (NSW), our duty of care and the Parish’s own Integrity in Ministry Policy require particular information, conduct and disclosures for initial and ongoing child protection monitoring and checks;
· The Work Health and Safety Act, 2011 (NSW) and our duty of care require particular information, conduct and disclosures; and
· Public health such as immunisation and the prevention and reduction of communicable diseases.
9.3 If an individual however chooses not to disclose particular relevant information, then we may be unable to or will not provide the function, activity, excursion, sacrament or service required nor offer to nor employ or engage or discontinue the employment or engagement of an individual whether in a paid or voluntary capacity.
9.4 If an individual does not provide particular relevant information, we may not be able properly to investigate or resolve an inquiry, correction request or complaint under this Privacy Policy.
9.5 If an individual does not provide particular relevant information, we may be prevented from or not be able properly or quickly to discharge our duty of care in personal, safety or health emergencies.
10. SENSITIVE INFORMATION THAT WE COLLECT AND HOLD.
10.1 Under the Privacy Act and the APP’s, Sensitive Information is a more detailed or private part of your Personal Information.
10.2 The Privacy Act places restrictions on collecting Sensitive Information about people. Sensitive Information is a subset of Personal Information that is generally given a higher level of privacy protection. Sensitive Information is set out in Part 1.6 of this Privacy Policy and is defined under the Act. It may include information about your or your children’s health, disability, allergies, disability, racial or ethnic origin, criminal convictions, personnel files, employment or contracting histories, membership of a professional association and tax file numbers.
10.3 It is our policy only to collect sensitive information where it is reasonably necessary for our activities and either:
· You or your authorised representative have consented; or
· We are required to or authorised by or under law (including applicable privacy legislation and common law) to do so.
10.4 We may collect amongst other things:
· Information about your membership of professional associations and registrations e.g. as a doctor, psychologist, nurse, solicitor, teacher, or accountant;
· Information about dietary requirements, diabetes, being celiac, or allergies for provision of safety and first aid, receipt of the Blessed Sacrament in Holy Communion and food preparation for canteens, function centres, halls, conferences and events management, training and seminars;
· Information about mobility needs for access to Churches, schools, function centres, halls, conferences and events management, training and seminars;
· Information about medical conditions such as heart conditions, diabetes, or autism for first aid, evacuation and emergency and WHS planning and special education programmes or sacramental preparation;
· Photographs of you or your children such as for emergency identification in safety notices in first aid or sick rooms or food preparation areas;
· Copies of medical reports and psychiatric reports and obtain professional opinions concerning their contents from their authors or other professionals or peers such as if you apply to be a seminarian;
· Information as to your identification as Aboriginal or Torres Strait Islander such as for special ministries or targeted education or social services;
· Bank account and Tax File Number information e.g. for school or Church building fund fees and contributions; and
· Information with regard to criminal convictions such as for public and child safety and ethical and financial integrity.
10.5 Sometimes in performance of our statutory and common law duties, or by your own action or that of third parties your or your children’s Sensitive Information may be made or become known directly or inferentially to a class of people or the public generally. Examples include but are not limited to:
· You are a public officer of your professional association or are involved in public activities of your professional association and these are publicly reported;
· Dietary details are given to catering and kitchen staff to prepare safe food or your food is clearly labelled or made available separately to others’ food at a function or from a canteen;
· You or your children receive a low gluten Host in public worship at Holy Communion from a different ciborium or pyx clearly labelled for safety reasons;
· Children are told of your child’s asthma or epilepsy symptoms so if your child has difficulties others may be aware and quickly notify a teacher or responsible adult for your child’s safety;
· As a result of mobility difficulties, a special fire drill or evacuation procedure is undertaken for your or your child’s added safety.
Wherever possible, we will seek your consent first to disclosure, however our statutory and common law duty of care may require us to tell others e.g. paramedics, emergency workers, first aiders and those in a nearby relationship such as school principal or teacher of an individual’s Sensitive Information in order to protect and preserve life or prevent harm.
10.6 The Privacy Act and APP’s provide for exceptions to privacy where a “permitted general situation” (sec. 16A of the Act) or “permitted health situation” (sec 16B of the Act) exists in relation to our use or disclosure of the information.
11. STORAGE AND SECURITY OF INFORMATION.
11.1 We store Personal Information in both electronic computer systems including e-mail contact lists and paper records. In limited circumstances, Personal Information may be stored in particular forms such as photographs, computer discs and hard storage media and on microfiche.
11.2 Sacramental records may be stored in electronic computer systems. Under the Canon Law Code of 1983, Canon 535.1 prescribes the keeping of paper-based parish sacramental registers in each parish. These are usually in bound book volumes called registers. They are updated with additional Personal Information with the conferral of successive sacraments and certificates for the reception of particular sacraments are issued based upon the records contained in these registers. The same Canon law 535.4 and 535.5 also prescribes the regular inspection of the integrity of these records by the bishop of the Parish or his delegate in the bishop’s regular official parish visitations as well as for their protected and preserved storage.
11.3 Under the Canon Law Code of 1983, Canon 491, the Parish maintains archives of its records and these may include Personal Information.
11.4 The Parish’s storage and preservation intact of Personal Information and records generally is afforded high priority and is required under Canon law as well as the APP’s under which this Policy is written.
11.5 In the last 2000 years, the Church’s record in the safety and preservation of records has contributed greatly to the collective knowledge of Christianity, Church history and cultures of the world for internationally renowned scholars, archivists, genealogists, social scientists and historians.
11.6 The Parish takes reasonable steps to protect and secure Personal Information from unauthorised access, loss, misuse, disclosure or alteration. All of our parishes, schools and agencies are required to do the same. We restrict access to offices and other areas where Personal Information is stored.
11.7 For paper-based records, these are stored in drawers, cabinets and rooms generally not available to the public to view and are in locked premises accessible only by clergy or authorised personnel such as school principals, directors and designated personnel in our parishes and agencies. Depending on the importance of the paper records, they may also be in locked drawers or cabinets, strong rooms or safes and these and the premises they are in may also be otherwise secured by bars, alarms, video surveillance, security services and where reasonable additional fire protection to that required by the usual State enactments and Local Council fire regulations and the Building Code of Australia. Paper files may also be archived in boxes and stored either on-site or off-site in secure facilities.
11.8 For electronic and computer-based records, these may be accessed only by clergy or authorised personnel such as school principals, directors and designated personnel in our parishes and agencies. Only authorised individuals may access the computer files using login names and secret passwords. Computer access and use is electronically invigilated. Computer and other electronic records equipment is generally kept in areas not accessible to the public and is in locked and otherwise secured premises including bars, alarms, video surveillance, security services and where reasonable additional fire protection to that required by the usual State enactments and Local Council fire regulations and the Building Code of Australia.
11.9 The only people who are allowed to handle or have access to your Personal Information are the clergy and authorised personnel of the Parish, its parishes, schools and agencies where they need your Personal Information in order to perform our functions and activities relevant to their tasks. All our personnel whether clergy, employed, contracting or volunteers who have authorised access to Personal Information are bound by this Privacy Policy and the Code of Conduct of the Parish and our agencies (as applicable to the area of function and activity) not to abuse or misuse Personal Information and protect your and your children’s privacy.
11.10 Those individuals and contractors who perform services on our behalf where they may handle Personal Information are also bound by agreements that include privacy clauses and/or their upholding of these Privacy Principles.
11.11 If we no longer require an individual’s Personal Information, we will take reasonable steps to destroy it in a secure manner or remove identifying features from it. This is subject to any legal obligation such as the Archives Act 1983 (Cth.).
11.12 The Parish will store or use Personal Information for such a period of time as the Parish deems necessary and/or as canon and/or civil law requires. It may also be published in certain circumstances. This storage or use of Personal Information may be for as long as an individual’s life or longer including as examples but not limited to:
· from Baptism on your day of birth to Funeral Mass after your death or under or to facilitate our and your or your authorised representatives’ compliance with the Births, Deaths and Marriages Registration Act, 1995 (NSW);
· for prayers of the faithful (general intercessions) for you if you are sick;
· for years after your death in anniversary Masses at the request of yourself or relatives for the eternal repose of your soul;
· in commemorative booklets and parish histories during your lifetime or after;
· for compliance with taxation and financial laws such as the Taxation Administration Act 1953 or Income Tax Assessment Act 1997 (Cth.); and
· our compliance with the Archives Act 1983 (Cth.).
11.13 We take all reasonable precautions to safeguard your Personal Information from loss, misuse, interference, unauthorised access, modification or unlawful disclosure. Criminal activity still happens. You should note that the transmission of information over the internet, of which our website forms part, is not completely secure or error-free. In particular, e-mails and other information sent to or from our website or those of our agencies may not be secure and you should take special care about what information you send to us via e-mail or other means of electronic transfer.
12. WEBSITE AND CLICKSTREAM DATA.
12.1 By using this website, or otherwise receiving notice of this Policy, you are taken to agree to be bound, like us, to this Privacy Policy.
12.2 When you browse our website we or our computer service provider on our behalf logs de-identified information using computer technology commonly called “cookies” for statistical information about your visits to our parish websites including www.vineyardscatholicparishes.net, cessnock.vineyardscatholicparishes.net and kurrikurri.vineyardscatholicparishes.net and those of our associated parish, diocesan and agency websites such as uah.vineyardscatholicparishes.net, www.mn.catholic.org.au and www.mn.catholic.edu.au and for improving your experience browsing our website.
12.3 Cookies are small pieces of information exchanged between your web browser and a website server. When you visit our website, we may collect your server address, domain name (e.g. .com, .gov, .org, ,net, .au, .co, .uk), operating system, browser type, pages accessed, documents downloaded, previous visits, referring website, and visit date and time. We will only use any Personal Information collected via this website and cookies in accordance with this Policy.
12.4 It is our policy to collect cookie information in de-identified form. In the event of an investigation, court order, subpoena, summons for information or similar from a law enforcement agency, we or our service provider on our behalf may be required to provide the log details including the identity and browsing history of web users browsing or using our website.
12.5 From time to time we may use cookies on our website to help us carry out online surveys. Where we use an external survey provider, that provider may also use cookies on its website.
12.6 You may set your browser to disable cookies, but some parts of our website may not function properly if cookies are disabled e.g. we may be unable to identify your computer operating system.
12.7 If you make a payment by credit card or similar method online, we will collect information such as your email address, name and credit card details to enable us to process your payment and give you a receipt/tax invoice.
12.8 Whenever you submit Personal Information to us, you consent to:
(a) the collection, use, disclosure, and storage of that information in accordance with this Privacy Policy;
(b) your Personal Information being used to improve the site ; and
(c) the receipt of emails and other communications about the Parish and our activities (including information about marketing, promotional and research purposes), along with communications about Catholic Church-related activities, functions, matters and initiatives from time to time.
12.9 If you provide Personal Information to us through our website, you agree that we may combine that information with other actively collected information unless we specify otherwise at the point of collection. We will take reasonable measures to prevent Personal Information from being combined with passively collected information, unless you consent otherwise.
12.10 You are free to un-subscribe to any information or publication that you receive from us at any time by giving us sufficient detail of your request. Our contact details for this Policy are at the bottom of this Policy.
13. ANONYMITY, PSEUDONYMITY AND WHEN WE WILL NOT NEED TO COLLECT PERSONAL INFORMATION.
13.1 Depending upon the nature of your relationship with the Parish, you may not need to identify yourself to us personally.
13.2 Individuals generally have a right to using a pseudonym or being anonymous when dealing with us unless:
· We are required or authorised by or under an Australian law or a court or tribunal order to deal with individuals who have identified themselves;
· To do so may be a criminal act or further a criminal act or activity or enable or conceal such an act;
· It is not practicable to deal with individuals who have not identified themselves; or
· The individual is receiving a service, funds or sacrament from us which necessitates an assurance that the service, sacrament or monies are being directed to an identified individual.
14. USE OF INFORMATION.
14.1 We only use Personal Information for the purpose for which it was collected or a purpose directly related to that purpose unless one of the following applies:
· You consent to us using, or would reasonably expect us to use, the information for a different purpose;
· We are required or authorised by law to use the information; or
· We reasonably believe that the use or disclosure of the information is necessary for or in response to legal and or criminal prevention or enforcement activities.
14.2 In carrying out our functions and activities, we are required or authorised to collect, use or disclose Personal Information by or under a variety of laws whether common law, statute or canon (Church) law.
15. DISCLOSURE OF PERSONAL INFORMATION.
15.1 We only disclose Personal Information for the purpose for which it was collected, or for a purpose directly related to that purpose.
15.2 We may disclose Personal Information for another purpose if one of the following applies:
· You have consented;
· You would reasonably expect us to disclose that Personal Information;
· We are required or authorised by law to do so; or
· We reasonably believe that the use or disclosure is necessary for law enforcement activities.
15.3 The individuals or bodies to which we ordinarily disclose Personal Information collected by us depends on the circumstances and services we are providing whether sacramental, employment, welfare, education or Catholic Development Fund, but includes and is not limited to:
· Lawyers, accountants, bankers, psychiatrists, psychologists, hospitals, medical practitioners and health care workers;
· Law enforcement agencies such as NSW and Australian Federal Police;
· Government agencies such as the Australian Taxation Office and Australian Securities and Investments Commission;
· Australian Securities Exchange;
· Courts, Commissions or Tribunals;
· Foreign government financial or legal regulators;
· The public, if the Personal Information is required to be published in a register, which may be searched by the public e.g. Notice of Intended Marriage and Registry of Births, Deaths and Marriages;
· Other Parishs or agencies of the Church in Australia or overseas e.g. interstate, international or out-of-Parish baptism and wedding permissions, certificates for these where you or your children move to other parishes or countries and wish to receive additional sacraments or prove receipt of existing sacraments e.g. “Freedom to Marry”, Vatican for Papal Blessings and certificates or Vatican Curia for legal process e.g. annulment of marriage;
· Other churches or ecclesial bodies in Australia or overseas e.g. for proof of receipt of initiation sacraments if you are converting to or being received into the Catholic Church; or
· Other institutions internationally or interstate such as schools, universities, colleges, seminaries, hospitals or health care providers.
15.4 In some limited circumstances and providing security and confidentiality agreements are in place, contractors to the Parish may have access to your Personal Information such as for provision of computing services and document safe storage.
16. CROSS-BORDER OVERSEAS STORAGE, DISCLOSURE OR USE OF PERSONAL INFORMATION.
16.1 We will not disclose Personal Information to recipients outside Australia unless we reasonably believe that:
· The information will remain subject to principles of fair handling of the information which are substantially similar to the Australian Privacy Principles;
· There are mechanisms that you can access to take action to enforce such principles; and
· The information will not be collected, held, used or disclosed by the recipient of the information in a manner inconsistent with this Privacy Policy.
16.2 In carrying out our functions and activities, Personal Information may be disclosed to recipients likely but not limited to in countries such as Vatican City State, Italy, United Kingdom, United States or Canada.
17. ACCURACY OF INFORMATION.
17.1 The Parish seeks to maintain the quality of its information holdings by taking reasonable administrative and technical steps to make sure that the information collected, used and disclosed is accurate, complete and up-to-date. Our policy is to take reasonable steps to:
· Make sure that the Personal Information that we collect, use and disclose is accurate, complete and up-to-date and (in the case of use and disclosure) relevant; and
· Protect the Personal Information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure.
17.2 You can help us keep your information up-to-date by letting us know of any changes to your Personal Information such as residential, postal and e-mail addresses and telephone number.
17.3 You may contact our Privacy Officer (whose contact details are at the end of this Policy) or the parish priest or manager of one of our agencies if you would like access to or correction of the Personal Information we hold about you or your children. We may ask you to verify your identity before processing any access or correction requests to ensure that the Personal Information we hold is properly protected.
18. ACCESSING YOUR PERSONAL INFORMATION.
18.1 The Privacy Act allows you to request access to records containing your or your children’s Personal Information.
18.2 To access your Personal Information, you must make a written request containing sufficient details to identify you and the nature of the request to your parish priest, school principal or manager of the relevant agency. If you are unsure of the person to contact or their address, please contact our Privacy Officer [and here insert position title and email address]. Other contact details are contained at the bottom of this Policy.
18.3 We will give you access to your Personal Information after you request access from us. There are exceptions under the Privacy Act and APP’s, any one of which is sufficient, where we are not required to give you access to the Personal Information to the extent that:
· In our reasonable belief giving access would pose a serious threat to the life, health or safety of an individual or to public health or safety;
· Giving access would have an unreasonable impact on the privacy of other individuals;
· The request for access is frivolous or vexatious;
· The information relates to existing or anticipated legal proceedings between you and us and would not be accessible by the process of legal discovery in those proceedings;
· Giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
· Giving access would be unlawful;
· Giving access would be in breach of an authorisation or direction or order of an Australian law, court or tribunal;
· Both of these apply:
(a) We have reason to suspect that unlawful activity or misconduct of a serious nature that relates to our functions or activities has been or is going to be engaged in; and
(b) Our giving of access would be likely to prejudice the taking of appropriate action in relation to the matter;
· Giving access would be likely to prejudice one or more enforcement-related activities conducted by or on behalf of an enforcement body; or
· Giving access would reveal evaluative information generated by us or on our behalf in connection with a commercially sensitive decision-making process.
18.4 Exceptions under the above are generally rare, however examples where we may not be allowed to or determine that we will not give access to information include but are not limited to situations where:
· An Apprehended Violence or other Restraining Order is in force protecting a person and our giving out information may compromise the safety of that person or place us in contempt of court;
· Giving out information may compromise the anonymity rights of a natural parent of an adopted child and a procedure under the Adoption Act, 2000 (NSW) has not been followed;
· We reasonably suspect that financial, taxation, banking fraud or money laundering may be behind the request and giving the information may facilitate the activity; or
· You seek evaluative information created by us or our consultants on a competitive basis concerning your tender for a building project.
18.5 We will respond to your request for access to personal information within a reasonable period of time after receiving the request. We aim to reply to all requests as soon as we reasonably can having regard to the nature of the request, the record formats, locations and our resources. Most requests are able to be processed within days or sooner if in electronic storage and our aim is to answer all requests within 30 days. There are some situations including but not limited to situations of staff or priestly leave where longer time is required e.g. you request information held by a school and it is the 6 week school summer holiday period, or a small parish office is staffed once or twice a week only by volunteers who are on Christmas holidays and only the priest can sign and seal the document requested.
18.6 We will endeavour to give you access to the information in the manner you have requested it (e.g. an electronic request may be replied to with an electronic copy of the document requested).
18.7 There is no fee or charge for seeking access to Personal Information (no application fee).
18.8 We may charge a reasonable fee for the processing of an application for information or the giving of a certificate based upon the information sought. We will try and estimate the fees in advance and advise you. Those fees may cover retrieval of documents from safe storage and staff, archivist’s or consultant’s time in complying with a request. This will be the case with particularly detailed requests or requests entailing large administrative work such as verifying your application, locating, retrieving, reviewing and copying any material requested.
18.9 Access may be given to information through a mutually agreed intermediary.
18.10 If we refuse to give access to information according to the exceptions set out in paragraph 17.3 of this Policy, then we must give you written notice of the reasons except to the extent that, having regard to the grounds for refusal, it is unreasonable to do so. Additionally in the notice, we must advise you of the mechanisms to complain about the refusal and any other matter prescribed by regulations under the Privacy Act.
19. CORRECTING YOUR PERSONAL INFORMATION.
19.1 The Privacy Act allows you to request correction or amendment to records containing your or your children’s Personal Information.
19.2 If we hold your or your childrens’ Personal Information, we must if satisfied, having regard to the purpose for which the information is held, that it is inaccurate, out of date, incomplete, irrelevant or misleading, ourselves take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
19.3 If we hold your or your childrens’ Personal Information, we must, if you ask us to do so, take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
19.4 We will respond to your request for correction or amendment Personal Information within a reasonable period of time after receiving the request. We aim to reply to all requests as soon as we reasonably can having regard to the nature of the request, the record formats, locations and our resources. Most requests are able to be processed within days or sooner if in electronic storage and our aim is to answer all requests within 30 days.
19.5 If we have corrected your Personal Information that we have previously disclosed to another APP entity and you have requested us to notify the other APP entity of the correction then we must take such steps (if any) as are reasonable in the circumstances to give that notification to the other APP entity unless it is impracticable or unlawful to do so.
19.6 We may refuse to correct your Personal Information, but we must give you a written notice setting out the reasons for the refusal except to the extent that, having regard to the grounds for refusal, it is unreasonable to do so. Additionally in the notice, we must advise you of the mechanisms to complain about the refusal and any other matter prescribed by regulations under the Privacy Act.
19.7 Without limiting the reasons for which we may refuse to amend or correct Personal Information held by us, there are reasons for which we may ordinarily refuse requests to "amend or correct" Personal Information held by us, particularly in sacramental registers. This is often where your situation may have altered, but an historical fact remains, and there are also legal reasons of truth in record-keeping for example:
· You have a falling-out with your lifelong friend who was the Godparent of your child in baptism and you ask us to remove the fact of them having been a Godparent from the sacramental register;
· You divorce your spouse and you want us to remove the fact of the original marriage or expunge the ex-spouse’s name from the sacramental register; or
· You want a natural parent inserted in your Baptismal Certificate instead of your legally adoptive parent, or to inspect sacramental records to find this out without proceeding under the Adoption Act, 2000 (NSW).
19.8 In addition, if we refuse to correct Personal Information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to associate the statement with your Personal Information in such a way that will make it apparent to users of the information. (This is like a disclaimer or cross-reference as to reliability at your request.)
20. QUESTIONS OR COMPLAINTS ABOUT A BREACH OF AUSTRALIAN PRIVACY PRINCIPLES.
20.1 If you have a question about this Policy or Australian Privacy Principles (APP’s) and your personal situation, then sometimes a simple telephone call or email to our Privacy Officer in the Contact section at the bottom of this Policy will clarify or resolve your query before it becomes a matter of complaint or possible breach of the APP’s.
20.2 We will be efficient and fair when investigating and responding to any privacy complaints. Efficiency includes acting in a timely manner and allowing sufficient time for additional information, enquiries or responses. Fairness includes consulting relevant people and considering relevant facts and circumstances from both sides and not acting in a capricious or arbitrary way.
20.3 Any privacy complaints we receive must be in writing (such as e-mail, facsimile or letter) and include e.g. the date, time and circumstances of the matter that you are complaining about, how you believe that your privacy has been interfered with and how you would like your complaint resolved.
20.4 Your complaint will be investigated initially by the Privacy Officer and will be escalated as required. We will seek information and respond to all complaints in writing and within a reasonable time period appropriate to the specific complaint.
20.5 Our response will set out:
· Whether in the Privacy Officer’s view there has been a breach of this Privacy Policy or any applicable privacy legislation; and
· What action, if any, we will take to rectify the situation.
20.6 Any person may also complain to the Australian Information Commissioner who may investigate our actions. The Commonwealth Ombudsman may also investigate complaints about our actions. However, the Commonwealth Ombudsman and the Australian Information Commissioner will consult to avoid the same matter being investigated twice. The Australian Information Commissioner’s contact details are at the bottom of this Policy.
21. CONTACT FOR THIS POLICY.
21.1 If you have any queries about this Policy, or wish to make a complaint about the manner in which the Parish has handled your Personal Information, please contact the Parish Secretary at:
E-mail: vineyards@mn.catholic.org.au
Telephone: +61 2 4990 1551
Facsimile: +61 2 4991 7490
Post: Parish Secretary,
Catholic Parishes of Cessnock and Kurri Kurri,
P.O. Box 12,
Cessnock NSW 2325.
21.2 If the complaint is not resolved to your satisfaction, you may then wish to make a complaint to the Office of the Australian Information Commissioner who is responsible for enforcement of the Privacy Act. The Privacy Commissioner may be contacted at:
Office of the Australian Information Commissioner (OAIC)
E-mail: enquiries@oaic.gov.au
Telephone: + 61 1300 363 992
Facsimile: +61 2 9284 9666
Post: Privacy Commissioner,
G.P.O. Box 5218,
Sydney N.S.W., 1042.
___