1 Purpose

The Synod of the Diocese of Adelaide of the Anglican Church of Australia Incorporated is bound by the Privacy Act 1988 and Amendments, which govern how we collect, use, disclose, store, secure and dispose of your Personal Information. It also communicates how individuals may raise complaints about possible breaches of Australian Privacy Principles that we are required to comply with, and how we deal with those complaints.

The Privacy Act No 119, 1988 as amended, is effective from 12 March 2014. A copy of the relevant legislation may be obtained from the website of The Office of the Australian Information Commissioner at www.oiac.gov.au .

This policy replaces the previous Privacy Policy, endorsed by Diocesan Council in June 2002.

 

2 Objectives

The objectives of this policy are to ensure:

  1. Proper consideration is given to personal information privacy by complying with the Australian Privacy Principles,
  2. The collection of personal information is handled by lawful and fair means and with the full awareness of affected individuals,
  3. That personal information is dealt with in accordance with the consent of the affected individual and only with their proper consent, and
  4. The integrity of personal information collected and used is maintained, by ensuring it is secured, accurate, up to date, complete and relevant.

 

3 Scope

This policy applies to the Synod of the Diocese of Adelaide of the Anglican Church of Australia Incorporated as defined.

4 Definitions

a. The Synod Of the Diocese Of Adelaide Of the Anglican Church Of Australia Incorporated (“The Diocese”) refers to

  • The administration office of the Synod of the Diocese of Adelaide of the Anglican Church of Australia Incorporated,
  • St Barnabas Theological College located at Hindmarsh,
  • Professional Standards office located at Maylands,
  • Archives Office located at 27 King William Rd North Adelaide,
  • North Road Cemetery located at Nailsworth,
  • Archbishops residence located at Palmer Place North Adelaide.

b. Australian Privacy Principles (APP) refers to the 13 principles stated in the Privacy Act Schedule 1.

c. Direct Marketing refers to marketing that relies substantially on the use of customer databases and lists that may or may not be consented to by affected customers.

d. Government Related Identifiers of an individual is defined in s 6(1) of the Privacy Act as an identifier that has been assigned by:

  • an agency,
  • a State or Territory authority,
  • an agent of an agency, or a State or Territory authority, acting in its capacity as agent, or
  • a contracted service provider for a Commonwealth contract, or a State contract, acting in its capacity as contracted service provider for that contract. The following are given as examples of government related identifiers:
  • Medicare numbers,
  • Centrelink Reference numbers,
  • driver licence numbers issued by State and Territory authorities, and
  • Australian passport numbers.

e. Permitted General Situation exists in relation to the collection, use or disclosure by an APP entity of personal information about an individual, or of a government related identifier of an individual, if, in relation to the items in the table at Attachment 1:

  • the item in column 1 of the table applies to the information or identifier; and
  • such conditions as are specified in the item in column 2 of the table are satisfied.

f. Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

It includes such details as names, addresses, email addresses, phone numbers, dates of birth, drivers licence details etc.

g. Privacy Act refers to Privacy Act 1988, No 119, as amended.

h. Sensitive Information is defined in the Privacy Act to mean information or an opinion about an individual’s:

  • racial or ethnic origin;
  • political opinions;
  • membership of a political association;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • membership of a professional or trade association;
  • membership of a trade union;
  • sexual preferences or practices;
  • criminal record; or
  • health information and genetic information

i. Solicited Personal Information is personal information collected by an APP entity for inclusion in a record or in a generally available publication.

 

5 Policy Principles

5.1 Consideration of Personal Information Privacy

a. We will ensure that personal information will be dealt with openly and in a transparent way that complies with the Australian Privacy Principles.

b. The policy will be available on the Diocese website, and will include details about how we deal with inquiries or complaints on privacy matters.

c. Individuals will be able to exercise anonymity and pseudonymity when dealing with the Diocese.

5.2 Collecting Personal Information

a. Personal information (other than sensitive information) will only be solicited and collected for the primary purpose of providing our services to individuals, and where that information is reasonably necessary, or directly related to, those services.

b. We will solicit and collect personal information only by lawful and fair means. Personal information about an individual will be collected from the individual unless either the individual has consented to someone else providing that information, or we are required or authorised by Australian law to collect that information.

c. Personal information received that has not been solicited will be destroyed, unless it could have collected, used for the primary purpose, and consented to by the individual.

d. We will not collect sensitive information about an individual unless the individual consents to the collection of the information, and the information is reasonably necessary for providing our services to individuals. However, we reserve the right to collect sensitive information to the extent that it relates to our activities and only to those members of our organisation who have regular contact with our activities.

e. When collecting personal information, we will notify the affected individual of our contact details, and the fact and reason why we have collected that information. Where the collection has been a requirement or authorisation under Australian law, then we will advise the affected individual of that fact.

5.3 Dealing with Personal Information

a. Where we have collected personal information for a primary purpose, we will not use or disclose that information for another purpose:

i. without the consent of the individual concerned,

ii. unless it is required or authorised by or under an Australian law,

iii. unless a permitted general situation exists, or

iv. unless we reasonably believe the use or disclosure of that information is necessary for enforcement related activities by an enforcement body. In this case, we will record that use and disclosure. 

b. Where we collect personal information from other related entities, we will deal with that information as if it was collected for a primary purpose.

c. We will not disclose or use personal information for any direct marketing, unless that information is not sensitive information and:

i. The individual would reasonably expect us to use it for direct marketing, and

ii. The individual is easily able to request non receipt of direct marketing communications, and

iii. The individual has not made such a request.

d. We will only use or disclose sensitive information about an individual for direct marketing purposes if the individual has consented to its use or disclosure for that purpose.

e. We will only disclose personal information to an overseas recipient where we have taken reasonable steps to ensure they do not breach Australian Privacy Principles.

f. We will generally not adopt, use or disclose a government related identifier of an individual unless it is a requirement under Australian Privacy Principles.

5.4 Integrity of Personal Information

a. We will take reasonable steps to make sure that personal information that we collect, use or disclose is accurate, complete and up-to-date.

b. We will take reasonable steps to protect personal information held from misuse, interference, loss, unauthorised access, modification or disclosure.

c. Where personal information is held that is no longer needed, we will take reasonable steps to destroy the information.

d. We will provide access to an individual’s personal information on request by that individual, and within reasonable period, subject to certain exceptions outlined in Australian Privacy Principle 12.

e. We will take reasonable steps to correct personal information that either we are satisfied is inaccurate, out-of-date, incomplete, irrelevant or misleading; or if requested by an affected individual, and notify relevant 3rd parties of the changes in a timely manner.

 

6 Responsibilities

6.1 Diocesan Council

Diocesan Council is responsible for

a. Ensuring appropriate practices, procedures and systems relating to the Diocese functions or activities are in place to ensure:

i. compliance with the Australian Privacy Principles, and

ii. an ability to deal with inquiries or complaints from individuals about the Diocese compliance with the Australian Privacy Principles.

b. Communicating this policy to the Registrar,

c. Reviewing this policy every 2 years, and

d. Approving this policy.

6.2 The Registrar

The Registrar is responsible for

a. Reporting to Diocesan Council of individuals’ complaints concerning compliance issues and

their resolution,

b. Reporting to Diocesan Council of any other privacy matters that have been raised,

c. Reviewing this policy every 2 years and submitting to Diocesan Council for their adoption,

d. Advising Diocesan Council of any material changes in Privacy law and their impact on the Diocese,

e. Advising affected Parishes of Privacy compliance matters as appropriate,

f. Managing appropriate practices, procedures and systems of the Diocese that ensure compliance with the Australian Privacy Principles.

7 Policy review

The Privacy policy will be reviewed every 2 years as part of a program of continuous improvement.

 

8 Further Information

Anglican Diocese of Adelaide Registrar 8305 9356

Australian Government Office of the Australian Information Commissioner website

 

9 Relevant Legislation

The Privacy Act No 119, 1988 as amended.