CatholicCare Archdiocese of Melbourne (ABN 42 795 179 778) (CatholicCare) is a division of the Roman Catholic Trusts Corporation of the Archdiocese of Melbourne. It is committed to complying with its obligations under the Privacy Act 1998 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs).
CatholicCare is committed to respecting your privacy and protecting your rights with respect to your personal information.
From time to time CatholicCare may review and update this Privacy Statement, including to take into account new laws, regulations, practices and technology. All personal information held by CatholicCare will be governed by our most recent statement.
This statement explains how CatholicCare manages and secures your personal information. It also describes the kinds of personal information that CatholicCare holds and for what purposes, and how that information is collected, held, used and disclosed.
You may request a copy of the statement by contacting the Privacy Officer.
2. What personal information do we collect?
‘Personal Information’ is information or an opinion, whether true or not, and whether recorded in material form or not, about an identified individual or an individual who is reasonably identifiable. CatholicCare may collect and hold the following types of personal information about you:
- identification information including your name, postal address, email address, date of birth, Medicare number, driver’s licence, Centrelink number, passport and contact details
- bank account details;
- credit card details;
- financial transactions relating to your CatholicCare accounts;
- tax file number; and
- marital status.
CatholicCare may also need to collect sensitive information about you. ‘Sensitive Information’ is personal information that is also an information or opinion about your race or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a trade union or political association, sexual orientation or practices, criminal records or health information.
CatholicCare will only collect sensitive information about you if:
- you consent to the collection of the information and the information is directly related to CatholicCare’s functions; or
- the information relates:
- to the activities of CatholicCare; and
- solely to the members of CatholicCare, or to individuals who have regular contact with CatholicCare in connection with its activities; or
- the collection is otherwise permitted under the Privacy Act.
3. When and why we collect Personal Information
We collect personal information about you so we can, among other things,
- provide you with services and products;
- meet our funding body requirements;
- tailor the services we deliver;
- meet our legal obligations; and
- plan for the future.
CatholicCare will, if it is reasonable and practical to do so, collect personal information directly from you. CatholicCare may collect your information when you:
- give CatholicCare information over the telephone;
- give CatholicCare information via the CatholicCare website;
- interact with CatholicCare electronically or in person; and
- complete CatholicCare forms.
On occasion CatholicCare may collect personal information about you from other sources where it is necessary to do so. Examples of other sources that CatholicCare may collect personal information from include, but are not limited to:
- your relatives;
- the Department of Social Services or other government agencies;
- CatholicCare’s service providers;
- information that is publicly available on the electoral roll.
If you do not provide CatholicCare with your personal information, it may not be able to:
- provide you with the product or service you want; and
- verify your identity.
If CatholicCare inadvertently collects personal information about you that it did not ask for, CatholicCare will check whether it could have collected that information itself. If CatholicCare could have collected the information, CatholicCare will handle it in the same way it handles other information it collects from you.
- CatholicCare could not have collected the personal information; and
- the information is not contained in a Commonwealth record,
CatholicCare will destroy the information or de-identify the information provided it is lawful and reasonable to do so.
4. Information collected via the CatholicCare website
CatholicCare will not collect personal information about you when you use its website except when you knowingly provide it, or as otherwise described below.
‘Cookies’ are small text files that are transferred to a user’s computer hard drive by a website for the purpose of storing information about a user’s identity, browser type or website visiting patterns.
‘Google Analytics’ – CatholicCare also uses Google analytics to collect information about how people use its website. Google Analytics does this by using cookies to understand the types of websites you visit and the way you interact with those websites.
5. Storing personal information
CatholicCare holds your personal information in different ways, including paper and electronic form. CatholicCare treats all personal information as confidential. It will take reasonable steps to ensure personal information is protected from misuse, interference and loss and unauthorised access, modification and disclosure.
Some of the ways CatholicCare does this are:
- confidentiality requirements for employees;
- contractual obligations with our service providers including CatholicCare Victoria Tasmania (CCVT) and its service providers who provide database services to CatholicCare;
- secure document storage facilities;
- security measures for access to systems;
- only giving access to personal information to a person who is verified to be able to access that information;
- security obligations on third party information technology service providers;
- control of access to buildings; and
- electronic security systems, such as firewalls and data encryption, user identifiers, passwords
- or other access codes, antivirus, antispyware, backup and recovery of systems.
If CatholicCare no longer needs your personal information for any purpose, it will take reasonable steps to destroy or permanently de-identify the information, unless:
- the information is contained in a Commonwealth record; or
- CatholicCare is required by law, or a court/tribunal order, to retain the information.
6. How we use your personal information
CatholicCare uses and discloses your personal information to provide products and services to you which include:
- assessing your account applications;
- establishing and administering your accounts;
- verifying your identity;
- for customer relations purposes, including managing CatholicCare’s relationship with you;
- in person, remote/online and information based services;
- to comply with CatholicCare’s obligations to the Department of Social Services and other government departments (Victorian and Federal);
- to comply with any applicable laws, regulations or codes of practice;
- to comply with any payment systems requirements;
- for information technology systems development and testing where CatholicCare’s internal computer system is upgraded; for CatholicCare’s internal operations, including record keeping, risk management, auditing, training, file reviews and account analysis;
- to investigate, resolve and prevent complaints;
- to make arrangements with other organisations to provide services in relation to CatholicCare’s products and services (for example, CatholicCare may arrange for mailing houses to distribute account statements);
- to conduct fraud assessments;
- for reporting and data analytics purposes, including for regulatory, management, statistical or research purposes; and
- for any other purpose for which you have given your consent.
7. Use and disclosure of information
CatholicCare may disclose personal information about you to third parties. Examples of third parties that CatholicCare may disclose your personal information to include, but are not limited to:
- CatholicCare’s service providers including CatholicCare Victoria Tasmania ACN 150 113 947 (CCVT) and providers of information technology services to CCVT;
- CatholicCare’s agents, contractors and external advisors (for example, CatholicCare lawyers, auditors, information technology service providers, and Catholic Development Fund);
- any person acting on your behalf, including your legal and financial advisers;
- Government and other regulatory bodies (including the Department of Social Services), law enforcement bodies and courts as required or authorised by law; external dispute resolution bodies; and
- financial institutions.
We will not use or disclose the personal information we collect for a particular purpose for any other purpose without your consent, unless we are permitted to by law. We will not disclose your information to a third party, whether in Australia or overseas, without your consent.
For most of our services we use a common client management software and database to process and store your personal information. This software and database is licensed by CatholicCare Victoria Tasmania (ABN 150 113 947) (CCVT) and hosted and maintained by its contracted service providers.
8. Quality of personal information
CatholicCare will take all reasonable steps to ensure that any personal information it collects, uses or discloses is accurate, complete, up-to-date and relevant to CatholicCare’s functions or activities.
If you believe that your personal information is not accurate, complete or up to date, you should contact the Privacy Officer in accordance with paragraph 12 of this statement.
9. Access to personal information
You can access your personal information unless an exception in the Privacy Act applies.
You can request access to your personal information at any time by contacting the Privacy Officer in accordance with paragraph 12 of this statement.
Depending on the nature of the request, CatholicCare may charge you a small fee for granting you access.
CatholicCare will respond to a request for access within a reasonable time (usually 30 days), and give access in the manner requested by you, if it is reasonable and practicable to do so.
Sometimes, it may not be possible for CatholicCare to give you access. If CatholicCare refuses to give you access, it will:
- take reasonable steps to give you access in a manner that meets CatholicCare’s needs as well as yours;
- provide you with written reasons for the refusal provided if it is reasonable to do so; and
- provide you with the mechanisms available to complain about the refusal.
10. Correcting personal information
If you think that any personal information CatholicCare holds about you is incorrect, inaccurate, out- of-date, incomplete, irrelevant or misleading, you may request CatholicCare to correct the information by contacting the Privacy Officer in accordance with paragraph 12 of this statement.
CatholicCare will take all reasonable steps to correct that information to ensure that, having regard to the purposes for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If CatholicCare corrects personal information that has been disclosed to another entity and you ask CatholicCare to tell the other entity about the correction, CatholicCare will take all reasonable steps to tell the other entity about the correction, unless it is impractical or unlawful to do so.
If CatholicCare refuses to correct the personal information, then it will provide you with:
- written reasons for the refusal provided it is reasonable to do so; and
- the mechanism available to complain about the refusal.
CatholicCare must respond to a correction request within a reasonable time (usually 30 days).
You have the option to remain anonymous, or to use a pseudonym when dealing with CatholicCare where it is lawful and practical to do so.
12. Complaints or queries
- have any issues about the way CatholicCare handles your personal information after reading this policy;
- become aware of a potential breach of privacy; or
- wish to make a privacy complaint,
contact the CatholicCare Privacy Officer at:
- CatholicCare Privacy Officer
- Email: firstname.lastname@example.org
- Telephone: (03) 9287 5555
- Post: PO Box 196, East Melbourne, Vic 8002
- Visit: 383 Albert Street, East Melbourne, Vic 3002
If CatholicCare’s Privacy Officer is unable to resolve the matter, it will be escalated (internally or externally) as appropriate to facilitate resolution.
If you are not happy with the outcome of CatholicCare’s Privacy Officer’s investigation, then you can raise your concern with the Office of the Australian Information Commissioner (OAIC):