Keeping your information safe and secure
Purpose
To describe how the Diocese of North West Australia (DNWA) protects privacy in compliance with the Privacy Act 1988 and the Privacy Regulation 2013.
Introduction
This Privacy Policy covers how the Diocese and each Parish handles personal information. ‘Personal Information’ is information or an opinion about an identified individual or an individual who is reasonably identifiable.
The Diocese is committed to protecting each individual’s personal information in accordance with the Privacy Act 1988 (Commonwealth) and the Australian Privacy Principles and as described in this Policy.
The Diocese may from time to time review and update this policy to comply with all relevant legislation and to take account of changes in technology and changes to the Diocese’s operations and practices.
What kind of personal information does the Diocese collect, and how does it collect it?
The Diocese collects and holds personal information, including sensitive information about:
children and their parents and/or guardians for the purpose of their spiritual and pastoral care;
adults receiving spiritual and pastoral care;
job applicants, workers (officers, employees & volunteers) and contractors;
members of congregations who are undertaking work in the Diocese; and
fundraising.
Personal information you provide
The Diocese will generally collect personal information held about an individual through its office or by workers at one any of its churches. Information will usually be obtained in one of the following ways:
forms completed either by the person, or by a parent/guardian;
face to face meetings;
interviews; and
telephone calls, or via electronic means (e.g. email).
Personal information provided by other people
In some circumstances, the Diocese may be provided with personal information about an individual from a third party, e.g. a reference about an applicant for a job.
Exception in relation to employee records
This policy does not apply in relation to the treatment of an employee record, where the information is directly related to a current or former employment relationship between the Diocese and the employee. These records are specifically exempt from the application of the Commonwealth Privacy Act.
How will the Diocese use personal information?
The Diocese will use personal information you provide for:
the provision of Christian ministry to its community (the primary purpose); or
such other secondary purposes as are related to the primary purpose; or
any other purpose to which you have consented.
Adults
The Diocese’s primary purpose of collection is to enable it to provide spiritual and pastoral care to parishioners — whether they be adults, young people or children. Where the Diocese is collecting information of this kind, it will issue a notice about its privacy policy (refer to Appendix 1).
Children and their parents and/or guardians
The Diocese’s primary purpose of collection of information about children and their parents and/or guardians is to enable it to provide spiritual and pastoral care. Information may also need to be collected if the Diocese offers play groups or social/sporting programs. The purposes for which the Diocese uses personal information of children and their parents and/or guardians include:
keeping parents and/or guardians informed about matters relating to the child’s spiritual life;
day to day administration of its groups and programs (e.g. Sunday School; Youth group);
seeking donations for its activities; and
satisfying the Diocese’s legal obligations and enabling the discharge of its duty of care.
In some cases where the Diocese requests personal information about a child or parent and/or guardian and the information is not obtained, the child may not be able to be enrolled in the Diocesan program for which the information was requested. Where the Diocese is collecting information of this kind, it will issue a notice about its privacy policy (refer to Appendix 1).
Job applicants, paid workers, contractors, volunteers and members of congregations
The primary purpose of collection is to assess the suitability of the person or persons for a particular role in the Diocese and, if successful, employ or engage the person or persons concerned. The purposes for which the Diocese uses this information include:
administering the person’s employment or contract;
insurance requirements;
the Diocese’s legal and statute obligations, especially regarding the provision of a safe environment for all children and vulnerable people.
Fundraising
One specific purpose of collecting information is for raising funds now and into the future. This information is also used for accounting purposes, including complying with taxation requirements. Where the Diocese is collecting information of this kind, it will issue a notice about its privacy policy (refer to Appendix 1).
To whom might the Diocese disclose personal information?
Subject to the Privacy Act, the Diocese or one of its churches may disclose personal information held about an individual to:
Another Diocese (e.g. as a reference);
The Diocesan Office of the Anglican Diocese of North West Australia;
Government departments;
Medical practitioners;
People providing services to the Diocese;
Recipients of Diocese publications;
Parents and/or guardians;
Anyone you authorise the Diocese to disclose information to.
The Diocese will not send personal information about an individual outside Australia without:
obtaining the consent of the individual (in some cases this consent will be implied); and
otherwise complying with the National Privacy Principles.
How does the Diocese treat sensitive information?
In the Diocesan context, sensitive information could mean information relating to a person’s parentage, racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record.
Sensitive information will be used and disclosed only for the purposes for which it was provided, or for a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Protection of personal information
Diocese workers are required to respect the confidentiality of personal information and the privacy of individuals. The Diocese has in place steps to protect the personal information it holds from misuse, loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and restricted access rights to computerised records.
Should a data breach occur that the Diocese assesses as having potential to cause serious harm to an individual, then the Diocese recognises its obligation to report the breach including information affecting individual of the breach along with any action it recommends the individual takes.
Updating personal information
The Diocese endeavours to ensure that the personal information it holds is accurate, complete, and up to date. A person may seek to update their personal information held by the Diocese by contacting the Diocese at any time. The National Privacy principles require the Diocese not to store personal information longer than necessary.
You have the right to check what personal information the diocese holds about you
Under the Commonwealth Privacy Act, and with some exceptions, an individual has the right to obtain access to any personal information that the Diocese holds about them, and to advise the Diocese of any perceived inaccuracy. Children will generally have access to their personal information through their parents and/or guardians.
To make a request to access any information the Diocese holds about you or your child, please contact the Diocesan Privacy Officer. The Diocese may require you to verify your identity and specify what information you require. The Diocese may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested.
Consent and right of access to the personal information of children
The Diocese respects every parent and/or guardian’s right to make decisions concerning their children’s religious upbringing and care. Generally, the Diocese will refer any requests for consent and notices in relation to personal information of a child to the parent and/or guardian. The Diocese will treat consent given by a parent and/or guardian as consent given on behalf of the child, and notices to parents and/or guardians will act as notices given to the child.
Privacy complaints
Complaints or feedback to the Diocese in relation to its compliance with the Australian Privacy Principles and/or this policy should be directed to the Diocesan Privacy Officer. The Diocese will undertake to investigate and seek to resolve an individual’s complaint in a timely manner. If the individual is not satisfied with the outcome they may contact the Australian Privacy Commissioner.
Enquiries
If you would like further information about the way the Diocese manages the personal information it holds, please contact the diocese by:
mail: PO Box 2783, Geraldton, 6531;
email: registrar@anglicandnwa.org
phone: (08) 9921 7277
visiting the Diocesan Office at 101 Cathedral Ave, Geraldton
Changes to this policy
The Diocese may revise this Privacy Policy from time to time, with the Privacy Policy being hosted and updated on this page.