1.THE PRIVACY ACT
From 12 March 2014 the Privacy Act includes 13 Australian Privacy Principles (APPs) that outline how APP entities (i.e. The BUV) must handle, use and manage personal information.
Personal information is information or an opinion that identifies or could reasonably identify an individual. Some examples include name, address, telephone number, date of birth, gender, medical records, bank account details, and commentary or opinion about a person.
2. AUSTRALIAN PRIVACY PRINCIPLES – A SUMMARY
APP 1: Open and transparent management of personal information
APP 2: Anonymity and pseudonymity
Requires the BUV to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
APP 3: Collection of solicited personal information
Outlines when the BUV can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
APP 4: Dealing with unsolicited personal information
Outlines how the BUV must deal with unsolicited personal information.
APP 5: Notification of the collection of personal information
Outlines when and in what circumstances the BUV must notify an individual of certain matters relating to the collection of personal information.
APP 6: Use or disclosure of personal information
Outlines the circumstances in which the BUV may use or disclose personal information that it holds.
APP 7: Direct marketing
The BUV may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8: Cross-border disclosure of personal information
Outlines the steps the BUV must take to protect personal information before it is disclosed overseas.
APP 9: Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when the BUV may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
APP 10: Quality of personal information
The BUV must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. The BUV must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11: Security of personal information
The BUV must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. The BUV has obligations to destroy or de-identify personal information in certain circumstances.
APP 12: Access to personal information
Outlines the BUV’s obligations when an individual requests to be given access to personal information held about them by the BUV. This includes a requirement to provide access unless a specific exception applies.
APP 13: Correction of personal information
Outlines the BUV’s obligations in relation to correcting the personal information it holds about individuals.
For more information on the Australian Privacy Principles:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
1300 363 992
BUV PRIVACY COLLECTION NOTICE
The Baptist Union of Victoria ABN 67 934 884 236 is committed to protecting your privacy in accordance with the 13 Australian Privacy Principles (APPs) from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988.
This policy sets out how we will collect, use, store, disclose and de-identify your personal information.
a. The types of information we collect:
The types of personally identifiable and/or sensitive information we collect from you or from others about you may include, but is not limited to, the following:
- your full name, gender and contact details (address, telephone numbers, email, etc)
- personal credit card and/or bank account details
- Working With Children Check number & expiry date
- National Police Record number and date
- complaint details
- professional and practice information including qualifications and work history
- health/medical information
- religious information (including attendance, denominational details)
- identity of persons who have authority to collect your children from church activities
- records of visits to you, phone calls with you, and discussions around pastoral matters
- records of any communications that you have with us
- any idiosyncratic or personal information we obtain from you or others about you
b. Why we collect private information:
We do not use the information in any way other than in the furtherance of our objects and purposes.
We collect information about people so as to allow us to communicate with them, introduce them to our organisation, promote the Gospel to them, pray and provide other Christian services to them and inform them of the work we do.
We might also use your information for the following purposes:
- for the immediate reason for which you have provided it to us (for example, to enable us to process your request, payment, registration, etc.)
- to maintain contact with you about our work, to report to you about our work, or to encourage you to learn about what we do
- any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law)
c. How we collect information:
We may collect information from you either directly or from third parties. Information we collect from third parties may be by formal or informal means.
Where we collect information from third parties and it is not personal information that is contained in a Commonwealth record, we will take reasonable steps to destroy or de-identify the information as required by law.
We collect personal information about supporters, donors, volunteers, employees, contractors and visitors to our events. We collect your information in the following ways:
- face to face contact
- electronically including through our website
- via social media messages or conversation
- during phone calls
- voice or image recordings
- whilst delivering and administering services at our facilities or other facilities
- from forms and other correspondence (both in writing and electronically)
d. Disclosing your personal information:
We only use your personal and sensitive information for the reason we collect it as set out aboveand for the purposes for which it was collected, or as otherwise permitted by law.
We will not disclose the above information that we collect to affiliates or third parties without your consent.
We don’t rent, sell or exchange your information. The types of organisations to whom we normally disclose your personal information include those who help us administer our technology information systems and financial auditors.
We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations when handling your personal information.
e. Disclosing your personal information overseas:
Occasionally we may use overseas facilities or contractors to process or back-up information or to provide other services. As a result, we may disclose your personal information to our overseas facilities or contractors for these purposes.
Any disclosure of your personal information overseas does not change our commitment to safeguarding your privacy. We do not otherwise disclose or transfer your personal information overseas.
f. How we protect your personal information:
We take reasonable steps to ensure the security of personal and sensitive information we hold andto protect it against loss, misuse or unauthorised access, destruction, use, modification ordisclosure.
Our IT systems are password protected and comply with applicable security standards. Only authorised personnel are permitted to access these details.
It is our policy to:
- permanently de-identify personal information where reasonable and possible; and
- destroy personal information once there is no longer a legal or business need to retain it
It is your right to be dealt with anonymously, provided that is it lawful and practicable.
We will try to accommodate a request for anonymity wherever possible, however we note that in some circumstances, this may prevent us from practically and effectively communicating with you.
h. Third party websites:
Our website may contain links to third party websites, and third party websites may also have links to our website.
The operators of other websites may collect your personal information. We encourage you to read the privacy policies of any website you link to from our website.
When you visit our website a record of your visit is logged. The following data is supplied by your browser:
- Your IP address and/or domain name;
- Your operating system (type of browser and platform);
- The date, time and length of your visit to the website; and
- The resources you accessed and the documents you downloaded.
This information is used to compile statistical information about the use of our website. It is not used for any other purpose.
If you do not want ‘cookies’ to be used please adjust your browser settings to disable them.
j. Accessing, updating or changing your information:
You can access your information by asking us. Occasionally, we may need to refuse your request to access information, for example, where granting you access would infringe someone else’s privacy.
You can update or change your information with us by contacting firstname.lastname@example.org.
k. If you have concerns or a complaint:
BUV Privacy Officer
Phone: 03 9880 6100
Write: PO Box 377, Hawthorn VIC 3122
If you’re not satisfied with how we have handled your complaint you can also contact the Office of the Australian Information Commissioner (OAIC) on www.oaic.gov.au. The OAIC is a government body independent of us. It has the power to investigate complaints about possible interference with your privacy.
l. Contact Privacy Officer
BUV Privacy Officer
Phone: 03 9880 6100
Write: PO Box 377, Hawthorn VIC 3122
This Private Policy was last updated on 25 July 2017.