General Policy Statement
The Australian Privacy Principles are part of the Privacy Act 1988 and came into effect on 12 March 2014 to protect the privacy of individuals. You can find out more about these principles by calling the Office of the Privacy Commissioner on 1300 36 39 92 or through their website at www.oaic.gov.au
CatholicCare respects and upholds your right to privacy protection under the Australian Privacy Principles in regulating how we collect, use, disclose and hold your personal information. We will only collect personal information by lawful and fair means. Only authorised staff have access to your personal information and your information remains confidential and is only used for appropriate purposes in accordance with this policy.
1. Why we collect your Personal Information
Your personal information, including any health information, is only collected as is reasonably necessary for a CatholicCare service, function or activity and to enable CatholicCare to deliver services to the community and carry out its work through fundraising. If we are not provided with the personal information that we request, we may not be able to meet your request or provide services to you.
CatholicCare is very grateful to the people who provide financial support to allow us to continue our important work. When you give us personal information such as your name and address, we record it on our database and may use it to contact you in the future.
We may use your personal information to send you information about our programs, special events and fundraising programs. Each time we send you this type of communication we will provide you with a simple way to 'opt out' of receiving communications in the future.
You can also let us know if you do not wish to receive any further communications, by contacting CatholicCare.
CatholicCare will not collect sensitive information about your health, racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record unless you have expressly consented to give us this information and it is reasonably necessary for the work of CatholicCare. We will always collect such information in a non-intrusive, lawful and fair manner.
2. Permitted Health Situation Exemption
The information handling requirements imposed by the Australian Privacy Principles Part 3 and 6 do not apply when a 'permitted health situation' exists. CatholicCare applies this exemption under the permitted Health Situation of:
the collection of health information to provide a health service.
the collection of health information for certain research and compiling or analysing statistics.
3. How we collect your personal information
Generally, personal information held by CatholicCare is collected directly from individuals, or through their appointed representatives or agents, either:
We may also collect your personal information in other ways, for example through the purchase of commercial lists and from publicly available sources such as the telephone directory. When we use this information for direct marketing, we will advise you of the source of the information if you ask us for it.
We may also keep records of our interactions with you including by telephone, email and online.
You may be photographed when you attend CatholicCare events. We will seek to obtain your consent prior to using an image of you on our website or for other CatholicCare functions wherever practical. Where we are unable to contact you to obtain your consent, we will not include your name or any other personal information with the photograph.
4. Anonymity & Pseudonymity
Wherever legal and practical, you have the opportunity to deal with CatholicCare anonymously or through use of a pseudonym.
Examples where it may be possible to do so include when:
However, in many instances, dealing with us anonymously or via a pseudonym may prevent or limit us in providing / delivering the particular program or service or completing transactions (e.g. providing you with a receipt for your donation) or providing you with any material regarding our work, upcoming events and opportunities.
5. The kinds of personal information we collect & hold
CatholicCare only collects personal information necessary for providing individuals access to our programs, services and products and for our related internal functions.
The kinds of information we collect and hold about you include:
Where required or permitted by legislation or contract, CatholicCare may also collect information for:
We may collect other personal information, as applicable to a program, service, or function.
The collection, use, and handling of all personal information will always comply with applicable privacy legislation and will take into account pertinent ethical considerations to the extent possible under the circumstances.
6. Modifying your information
How to access, correct or update your personal information
You are entitled to access the personal information about you held by us. If you would like to access the information that we hold about you, you can contact CatholicCare and we will endeavour to give you access to that information within a reasonable time. All requests to access personal information must be provided in writing. CatholicCare requires proof of identity before granting access to any personal information. Individuals who have engaged with us via the use of a pseudonym are also required to establish to our satisfaction that they are the ‘owner’ of the pseudonym to whom the personal information relates.
If it is not practical for you to visit our office, we will arrange to check your identification before we provide the information to you.
If you believe that the information that we hold about you is incorrect or not up-to-date, and you want to correct information we hold about you, you can write to CatholicCare. We will
If we do not provide you with access to your personal information, we will provide you with reasons for denying access.
7. Disclosing your personal information
CatholicCare will not provide your personal information to any other individuals or organisations without your prior consent, except where the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunalorder or for related purposes (or in the case of sensitive information, directly related purposes) for which you would reasonably expect us to disclose your information e.g.
Where CatholicCare is a contracted service provider to a government entity under a government contract, it may provide your personal information to that government entity.
CatholicCare is very thankful to people who are willing to share their personal stories of their experience with CatholicCare with others through media stories and in our newsletters. We will only use your personal information for publicity purposes or as stories in newsletters with your express written permission.
Where you provide your email address to us we will only use it for the purpose provided, unless you have consented to us using it for additional purposes. We will not pass it on to any other person or organisation unless we have disclosed this to you.
CatholicCare will not use or disclose personal information for Direct Marketing purposes unless:
At any time, an individual may ‘opt-out’ of receiving Direct Marketing communications by:
8. Overseas recipients
Transfer of information overseas would normally only occur for data processing purposes, for example third party payment facilitators may process their data off-shore. CatholicCare will not transfer your personal information overseas unless we reasonably believe the recipient is subject to a law that has the effect of protecting the information in a way that is substantially similar to the Australian Privacy Principles and there are mechanisms in place for you to take enforcement action under the law, or if we have taken reasonable steps in our arrangements with the recipient to ensure compliance with the Australian Privacy Principles.
CatholicCare will sometimes use third party service providers to conduct surveys and facilitate information collection and event registration. Some of these service providers conduct all or part of their business outside of Australia and so your personal information may be transferred overseas as a result.
9. How we keep your personal information secure
If you provide us with information via a form on our website, it is stored securely in our databases and only accessed by staff authorised by CatholicCare. CatholicCare uses a range of hardware and software security measures to protect your information and ensure that only authorised personnel are granted access.
Personal information related to clients receiving support services from CatholicCare is held in unique client files that are secured in our client management information system (CMIS). Access to the CMIS is restricted to CatholicCare staff who have a legitimate need to access the system to undertake their role. Access to an individual client file is restricted to staff who have a legitimate need to access that file. System administration staff have access to the system solely for the purpose of system administration. The CMIS is hosted by CatholicCare in a secure Data Centre and has formal password protected access controls and permissions, based on the user’s specific role.
All CatholicCare staff are strictly bound by CatholicCare’s confidentiality requirements.
10. Visiting our website
CatholicCare also uses social media buttons and/or plugins on its websites that allow you to connect with your social network in various ways. For these to work, social media websites including Facebook and Twitter, will set cookies through our website which may be used to enhance your profile on their website or contribute to the data they hold for various purposes outlined in their respective privacy policies. CatholicCare encourages you to read the privacy policies of these websites.
CatholicCare websites may contain links to other sites of interest. CatholicCare does not control, and is not responsible for, the content or privacy practices of those websites. Please check the privacy policies of third party website operators before you provide your personal information to them. CatholicCare will not be liable for any actions of third parties, including third party website operators.
11. Our website security
Forwarding credit or debit card numbers or other sensitive information via email or facsimile is not safe. We recommend that you do not send information to us in either format.
CatholicCare websites are secured using SSL technology to encrypt data between your browser and the website. If you are entering any payment or credit/debit card information on the internet, you should confirm that the page is secured (padlock symbol in your browser) before entering any information. We make every effort possible to make your donations and transactions within our website as secure and safe as possible for you.
You should be aware that there are inherent risks associated with the transmission of information via the Internet. If you are submitting personal details, credit/debit card numbers or other information over the Internet, please be aware that, while all reasonable efforts are made to secure information transmitted to this website, there is a possibility that information you submit could be observed by a third party while in transit. By using this website you acknowledge that you do not hold CatholicCare liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur.
From time to time CatholicCare may need to contact clients and donors directly to update or confirm their personal or credit/debit card details.
If we contact you to update your personal details, or to rectify a problem with a credit card donation or payment, we will provide you with sufficient information from our existing data base (including where appropriate the last four digits of your credit card) for you to be comfortable that the caller is our representative.
Any contact you receive requesting any combination of a full credit/debit card number, an expiry date and CVV number, should be considered a hoax and you should disregard it and report the contact to www.scamwatch.gov.au or contact the CatholicCare Fundraising Team at firstname.lastname@example.org or the CatholicCare Finance Team at email@example.com for further information
12 The Spam Act 2003
The Spam Act prohibits the sending of unsolicited emails, SMS and MMS messages for commercial purposes from or within Australia or to people in Australia and bans the supply and use of software designed to harvest email addresses. While charities do have some exemptions from this Act, CatholicCare will be guided by the Australian eMarketing Code of Practice. We will always provide you with an opt-out mechanism as part of all electronic communications.
13. Changes to our Privacy & Data Collection Policy
14. Complaints about privacy practices
CatholicCare responds to complaints by investigating the issue, deciding on any action that are required and responding to the individual within twenty (20) business days of lodgement (or sooner if practicable). Further information is contained within the CatholicCare Feedback and Complaints Procedure.
15. For Further Information
CatholicCare Privacy Officer
Mary Potter Wing
2c West Street, Lewisham NSW 2049
Phone: 13 18 19
Last Updated January 2019