CatholicCare Archdiocese of Melbourne (ABN 42 795 179 778)
(CatholicCare) is a division of the Roman Catholic Trusts Corporation of the
Archdiocese of Melbourne. It is committed to complying with its obligations
under the Privacy Act 1998 (Cth) (Privacy Act), including the Australian
Privacy Principles (APPs).
CatholicCare is committed to respecting your privacy and
protecting your rights with respect to your personal information.
From time to time CatholicCare may review and update this Privacy
Policy, including to take into account new laws, regulations, practices and
technology. All personal information
held by CatholicCare will be governed by our most recent policy.
This policy explains how CatholicCare manages and secures your personal information. It also describes the kinds of personal information that CatholicCare holds and for what purposes, and how that information is collected, held, used and disclosed.
You may request a copy of the policy by contacting the Privacy Officer.
What personal information do we collect?
‘Personal Information’ is information or an opinion, whether true or not, and whether recorded in material form or not, about an identified individual or an individual who is reasonably identifiable. CatholicCare may collect and hold the following types of personal information about you:
- identification information including your name, postal address, email address, date of birth, Medicare number, driver’s licence, Centrelink number, passport and contact details;
- bank account details;
- credit card details;
- financial transactions relating to your CatholicCare accounts;
- tax file number; and
- marital status.
CatholicCare may also need to collect sensitive information about you. ‘Sensitive Information’ is personal information that is also an information or opinion about your race or ethnic origin, political opinions religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a trade union or political association, sexual orientation or practices, criminal records or health information.
CatholicCare will only collect sensitive information about you if:
- you consent to the collection of the information and the information is directly related to CatholicCare’s functions; or
- the information relates:
- to the activities of CatholicCare; and
- solely to the members of CatholicCare, or to individuals who have regular contact with CatholicCare in connection with its activities; or
- the collection is otherwise permitted under the Privacy Act.
When and why we collect Personal Information
CatholicCare will, if it is reasonable and practical to do so, collect personal information directly from you. CatholicCare may collect your information when you:
- give CatholicCare information over the telephone;
- give CatholicCare information via the CatholicCare website;
- interact with CatholicCare electronically or in person; and
- complete application forms
On occasion CatholicCare may collect personal information about you from other sources where it is necessary to do so. Examples of other sources that CatholicCare may collect personal information from include, but are not limited to:
- your relatives;
- the Department of Social Services or other government agencies;
- CatholicCare’s service providers; and
- information that is publicly available on the electoral roll.
If you do not provide CatholicCare with your personal information, it may not be able to:
- provide you with the product or service you want; and
- verify your identity.
If CatholicCare inadvertently collects personal information about you that it did not ask for, CatholicCare will check whether it could have collected that information itself.
If CatholicCare could have collected the information, CatholicCare will handle it in the same way it handles other information it collects from you. If:
- CatholicCare could not have collected the personal information; and
- the information is not contained in a Commonwealth record,
CatholicCare will destroy the information or de-identify the information provided it is lawful and reasonable to do so.
Information collected via the CatholicCare website
CatholicCare will not collect personal information about you when you use its website except when you knowingly provide it, or as otherwise described below.
‘Cookies’ are small text files that are transferred to a user’s computer hard drive by a website for the purpose of storing information about a user’s identity, browser type or website visiting patterns.
‘Google Analytics’ – CatholicCare also used Google analytics to collect information about how people use its website. Google Analytics does this by using cookies to understand the types of websites you visit and the way you interact with those websites.
Storing personal information
CatholicCare holds your personal information in different ways, including paper and electronic form. CatholicCare treats all personal information as confidential. It will take reasonable steps to ensure personal information is protected from misuse, interference and loss and unauthorised access, modification and disclosure.
Some of the ways CatholicCare does this are:
- confidentiality requirements for employees;
- contractual obligations with our service providers including CatholicCare Victoria Tasmania (CCVT) and its service providers who provide database services to CatholicCare;
- secure document storage facilities;
- security measures for access to systems;
- only giving access to personal information to a person who is verified to be able to access that information;
- security obligations on third party information technology service providers;
- control of access to buildings; and
- electronic security systems, such as firewalls and data encryption, user identifiers, passwords or other access codes, antivirus, antispyware, backup and recovery of systems.
If CatholicCare no longer needs your personal information for any purpose, it will take reasonable steps to destroy or permanently de-identify the information, unless:
- the information is contained in a Commonwealth record; or
- CatholicCare is required by law, or a court/tribunal order, to retain the information.
How we use your personal information
CatholicCare uses and discloses your personal information to provide products and services to you which include:
- assessing your account applications;
- establishing and administering your accounts;
- verifying your identity;
- for customer relations purposes, including managing CatholicCare’s relationship with you;
- to provide you with services, including under the National Disability Insurance Scheme;
- to comply with CatholicCare’s obligations to the Department of Social Services and other government departments (Victorian and Federal);
- to comply with any applicable laws, regulations or codes of practice;
- to comply with any payment systems requirements;
- for information technology systems development and testing where CatholicCare’s internal computer system is upgraded;
- for CatholicCare’s internal operations, including record keeping, risk management, auditing, training, file reviews and account analysis;
- to investigate, resolve and prevent complaints;
- to make arrangements with other organisations to provide services in relation to CatholicCare’s products and services (for example, CatholicCare may arrange for mailing houses to distribute account statements);
- to conduct fraud assessments;
- for reporting and data analytics purposes, including for regulatory, management, statistical or research purposes; and
- for any other purpose for which you have given your consent.
Use and disclosure of information
Personal information CatholicCare holds about you that was collected for a particular purpose will not be disclosed for another purpose, unless:
- you have consented to the use or disclosure of the information for another purpose; or
- the access, use or disclosure is otherwise permitted under the Privacy Act (i.e. you would reasonably expect CatholicCare to use or disclose the information for another purpose or the use or disclosure of the information is required or authorised by law or a court/tribunal order).
CatholicCare may disclose personal information about you to third parties. Examples of third parties that CatholicCare may disclose your personal information to include, but are not limited to:
- CatholicCare’s service providers including CatholicCare Victoria Tasmania ACN 150 113 947 (CCVT) and providers of information technology services to CCVT;
- CatholicCare’s agents, contractors and external advisors (for example, CatholicCare lawyers, auditors, information technology service providers, and Catholic Development Fund);
- any person acting on your behalf, including your legal and financial advisers;
- Government and other regulatory bodies (including the Department of Social Services), law enforcement bodies and courts as required or authorised by law; external dispute resolution bodies;
- and financial institutions.
You acknowledge and agree that CatholicCare utilises a common database run by CCVT and its contracted service providers. This common database is shared between CatholicCare and CatholicCare Tasmania (ABN 79 984 899 862), Centacare Catholic Diocese of Ballarat (ABN 51 857 084 361) and CatholicCare Sandhurst (ABN 71 789 820 442) (Other Agencies). You consent to your personal information, including information about your race and ethnic background, religious affiliation and specific health information such as your date of birth and disabilities, being entered into this common database and understand that it may be accessible by the Other Agencies. The Other Agencies will not disclose your personal information to any third party who does not have access to the common database. The Other Agencies will not be able to access your case notes, session information, bookings or activities using this common database.
If you wish to opt out of your personal information being entered into this common database, please contact the Privacy Officer. However, if you opt out this may affect the services that CatholicCare can provide to you.
CatholicCare will not disclose your personal information to any overseas recipients. CatholicCare does engage third party information technology service providers to store your data, however we ensure that your data is stored within Australia.
Where your personal information is disclosed, CatholicCare will seek to ensure that information is either de-identified, or is used, held and disclosed consistently with the Privacy Act and any other applicable laws.
Quality of personal information
CatholicCare will take all reasonable steps to ensure that any personal information it collects uses or discloses is accurate, complete, up-to-date and relevant to CatholicCare’s functions or activities.
If you believe that your personal information is not accurate, complete or up to date, you should contact the Privacy Officer.
Access to personal information
You can access your personal information unless an exception in the Privacy Act applies.
You can request access to your personal information at any time by contacting the Privacy Officer.
Depending on the nature of the request, CatholicCare may charge you a small fee for granting you access.
CatholicCare will respond to a request for access within a reasonable time (usually 30 days), and give access in the manner requested by you, if it is reasonable and practicable to do so.
Sometimes, it may not be possible for CatholicCare to give you access. If CatholicCare refuses to give you access, it will:
take reasonable steps to give you access in a manner that meets CatholicCare’s needs as well as yours;
provide you with written reasons for the refusal provided it is reasonable to do so; and
provide you with the mechanisms available to complain about the refusal.
Correcting personal information
If you think that any personal information CatholicCare holds about you is incorrect, inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request CatholicCare to correct the information by contacting the Privacy Officer.
CatholicCare will take all reasonable steps to correct that information to ensure that, having regard to the purposes for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If CatholicCare corrects personal information that has been disclosed to another entity and you ask CatholicCare to tell the other entity about the correction, CatholicCare will take all reasonable steps to tell the other entity about the correction, unless it is impractical or unlawful to do so.
If CatholicCare refuses to correct the personal information, then it will provide you with:
- written reasons for the refusal provided it is reasonable to do so; and
- the mechanism available to complain about the refusal.
- CatholicCare must respond to a correction request within a reasonable time (usually 30 days).
You have the option to remain anonymous, or to use a pseudonym when dealing with CatholicCare where it is lawful and practical to do so.
Complaints or queries
- have any issues about the way CatholicCare handles your personal information after reading this policy;
- become aware of a potential breach of privacy; or
- wish to make a privacy complaint,
you are requested to contact the CatholicCare Privacy Officer at:
CatholicCare Privacy Officer
Telephone: (03) 9287 5555
Post: PO Box 196, East Melbourne, Vic 8002
Visit: 383 Albert Street, East Melbourne, Vic 3002
If CatholicCare’s Privacy Officer is unable to resolve the matter, it will be escalated (internally or externally) as appropriate to facilitate resolution.
If you are not happy with the outcome of CatholicCare’s Privacy Officer’s investigation, then you can raise your concern with the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
Telephone: 1300 363 992
Mail: GPO Box 5218, Sydney, NSW 2001