PRIVACY POLICY OF THE CATHOLIC DIOCESE OF BROKEN BAY AND ITS PARISHES
The Catholic Diocese of Broken Bay and its parishes are committed to protecting your personal information.
Please read this Privacy Policy carefully as it outlines how we collect, handle and use personal information received.
We advise that this Policy does not cover the handling of personal information by our Catholic schools, the Catholic Schools Office (CSO) or CatholicCare, Diocese of Broken Bay. For information relating to the handling of personal information by our schools and by CatholicCare, please visit their respective websites.
We may revise this Policy from time to time by publishing a revised version on our website taking effect from the time it is published.
CATHOLIC DIOCESE OF BROKEN BAY
PRIVACY POLICY
The Catholic Diocese of Broken Bay and its Parishes (We, Our or Us) are committed to protecting
the privacy of personal information it collects from individuals (You or Your) in accordance with the
Privacy Act 1988 (Cth) (Act) and the associated Australian Privacy Principles (APPs).
This Privacy Policy (Policy) describes the principles we follow concerning the collection, use,
disclosure and storage of personal information.
This Policy does not apply to the Catholic Schools Broken Bay or CatholicCare (agencies); each
agency has a privacy policy available on request or from their website.
1. WHAT IS PERSONAL INFORMATION
1.1. Personal Information is defined as any information or an opinion about you or an
individual from which your identity can be reasonably determined.
1.2. Sensitive Information is a subset of personal information and is given a higher level of
protection than other types of personal information. Sensitive information includes, but is
not limited to, information concerning details of your race or religious affiliation and
beliefs, your health and your political beliefs.
2. WHAT PERSONAL INFORMATION WE COLLECT FROM YOU
The personal information we collect includes the following:
• name, address, telephone number and other contact details;
• date of birth, gender, marital status, religion and occupation;
• financial information, such as donation history and credit card details;
• identification documents;
• photographs, videos and news stories in respect of Church-related events and activities;
• dietary requirements, special needs and mobility access requirements;
• website metadata (e.g. domain names server addresses); and
• information needed when an individual is an employee (or prospective employee),
volunteer or clergy.
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
3.1. Personal Information you provide
We collect your personal information by way of our standard forms, over the internet, via
email, or through our workers, volunteers, and clergy conversations with you, and when
you otherwise provide us information.
3.2. Personal Information provided by other people (third parties)
On occasion, in circumstances where it is impracticable or unreasonable to collect the
personal information from you directly or when you would reasonably expect your personal
information to be collected from another source, we will collect your personal information
from third-party sources, such as other parishes, other dioceses, church agencies or
service providers, and individuals, (e.g. an employment referee).
Unless an exception applies under the APPs, we will only collect sensitive information
about you if you or your guardian consents to the collection of the information.
2
3.3. You do not need to provide Personal Information that we may request
You can choose to deal with us anonymously or by using a pseudonym. However, the
circumstances may need us to identify you, for example, administering the sacraments,
inducting you into ministries or other volunteer roles. In these types of instances, your
ability to fully participate may be limited if you cannot be identified or do not allow us to
collect certain personal information.
4. PURPOSE OF PERSONAL INFORMATION COLLECTED
We will use the personal information collected to fulfil our mission including:
• Administering the sacraments and providing pastoral care;
• Responding to your welfare and support needs;
• Supporting fundraising activities;
• Informing you, parishioners and the public about matters related to the Diocese, parishes,
and agencies through correspondence, newsletters, magazines and other media;
• Assessing suitability for volunteer roles;
• Employment screening to assess employment applications;
• Complying with legislative and regulatory requirements and legal responsibilities;
• Responding to complaints; and
• Dealing with requests for information and personal direct response in connection with
applications under the National Redress Scheme.
You may opt out of receiving communications from us at any time by contacting us at the
address the communications have been received from or by contacting the Privacy Officer.
5. HOW WE MAY DISCLOSE YOUR PERSONAL INFORMATION
We may disclose your personal information when it could be reasonably expected in a church
environment.
We may disclose personal information:
• To the Diocesan Chancery, parishes and agencies;
• To other Catholic Church dioceses, parishes and agencies;
• To service providers, consultants, advisers, workers and volunteers;
• Where required by or authorised by Australian law; and
• Where we have a financial transaction with you.
If disclosure involves sensitive information, it will only be disclosed where you authorise it to be
disclosed. For example, public prayers naming an individual will only be with the consent of
that individual (or their guardian).
Some third-party providers we use, for example, for cloud storage of electronic data, may be
located outside of Australia. We are committed to safeguarding personal information held by
us and will comply with all applicable laws relating to the cross-border data disclosure.
6. HOW WE KEEP YOUR PERSONAL INFORMATION SECURE
We take reasonable precautions to safeguard your personal information from loss, misuse,
interference, unauthorised access, modification or unlawful disclosure.
Where your personal information is held in paper form, it will be held in locked cupboards or
other secure locations. If the information is held in electronic form, the media will be password
protected with restricted access to the records.
3
Where we no longer need your personal information for the purposes for which it was collected,
we will take reasonable steps to destroy or de-identify the information unless it would be
unlawful for us to do so.
7. CAN YOU ACCESS AND CORRECT THE PERSONAL INFORMATION HELD
7.1. Access
You may access personal information we hold about you.
We may ask you to verify your identity before disclosing any personal information. In
determining if we can give you access to information held, we will rely on APP 12 – Access
to Personal Information. Note that in some instances, under APP 12 we might not be able
to give you access to some information.
We may request you to meet the reasonable costs of disclosing the information to you.
7.2. Correction
When disclosing your information, we will take reasonable steps to ensure that personal
information we hold is correct. If you inform us of more correct information, we will
attempt to update our records. In instances where updating your existing information is
not possible or would conflict with the purpose of collecting the original information, we
will give you a notice in writing that explains the reasons.
If you wish to have your personal information removed from our records, we will take
reasonable steps to comply with your request, unless we need to keep your information for
specific business or legal reasons
Any request to access, correct or remove personal information is to be sent in writing to
the Diocesan Financial Administrator for the Chancery or the Parish Priest for the
respective Parish.
8. WHAT IS OUR APPROACH TO PERSONAL INFORMATION OF CHILDREN
We assess whether a child (a person under 18 years) has the capacity to make their own
privacy decisions on a case by case basis. Where we cannot assess the child’s capacity to
make a decision, we will request the consent of a parent or guardian prior to collecting, using
or giving access to personal information. In giving access to information held in relation to a
child, consideration will be given to the child’s consent on a case by case basis and the
safeguarding of the child.
For collection or use of photographs or videos, the consent of the child’s parent or guardian is
always required where a child is actively participating in an event or in some circumstances
where a child is attending an event. For further clarification of where a photo or video maybe
used, please contact the Privacy Officer.
9. HOW TO MAKE A COMPLAINT
Contact details for the Privacy Officer are as follows:
Privacy Officer
Catholic Diocese of Broken Bay
PO Box 340
PENNANT HILLS NSW 1715 or Email: privacyofficer@bbcatholic.org.au
Once we become aware of any ongoing concerns or problems raised by you, we will work to
address those concerns. We will endeavour to respond to you within 30 calendar days.
Should we require further information, we will contact you. There is no fee associated with
lodging a complaint.
If you are not satisfied with the response, you can contact the Office of the Australian
Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make
a determination.
4
REFERENCE
Privacy Act 1988 (Cth)
Privacy Regulation 2013 (Cth)
Australian Privacy Principles
RELATED FORMS
There are no Forms related to this policy.
RELATED POLICIES
Code of Conduct Policy
Guidelines - Privacy Policy
POLICY REVIEW
Review of this policy will be undertaken every three years by the Privacy Officer in consultation with
the In-House Legal Counsel and approved by the Diocesan Financial Administrator.
REVISION/ MODIFICATION HISTORY
Date Version Current Title Summary of
Changes
Approval Date Commencement
Date
Feb 2018 1. Privacy policy
(external/website)
New – for
websites
incorporating
Notifiable Data
Breach Scheme
requirements
Feb 2018 Feb 2018
11/05/18 2. Privacy policy
(external/website)
Updated May 2018 May 2018
16/08/18 3. Privacy policy
(external/website)
Review Aug 2018 Aug 2018
11/02/21 4. Privacy Policy New – Replaces
both Privacy
Policy (External)
and Privacy
Policy (Internal)
Feb 2021 Feb 2021
APPROVED DATE/REVISION SCHEDULE
Approved by: Emma McDonald, Diocesan Financial Administrator
Date: 11 February 2021
To be Revised: 11 February 2024The Privacy Act 1988 (Cth) and the Australian Privacy Principles also apply to us in relation to how we collect, handle and use your personal information.