PRIVACY POLICY
C3 Church Ballina
As at October 8, 2021
The Privacy Policy of C3 Church Ballina (C3 Church) outlines the commitment to providing a safe environment that upholds the thirteen Australian Privacy Principles (APP) outlined in the Privacy Act 1988.
SECTION 1: INFORMATION COLLECTED
(APP1, APP5)
C3 Church is required to gather and record certain personal and private information during regular church activities. The information collected includes (but is not limited to):
- Personal and contact details, such as name, age, gender, address in Australia and overseas (as applicable), email address and telephone numbers.
- Special needs, allergy information and other medical information where directly relevant for children’s ministry and church events.
- Employment / volunteer history (as appropriate).
- Information necessary for working with children and child protection requirements.
- Records of financial giving/donations; and/or
- Credit card and bank details.
- Medical history.
- Educational background.
C3 Church will treat this information with the strictest of confidence and only relevant information is collected where necessary.
SECTION 2: ANONYMITY
(APP2)
C3 Church respects the right of individuals to remain anonymous in their dealings with the church or staff members. C3 Church will accommodate a request for anonymity if it is practicable and legal to do so.
SECTION 3: HOW INFORMATION IS COLLECTED
(APP3, APP4, APP5)
Where reasonably possible, C3 Church will only collect information from the individual to whom it relates. This will be collected in the following ways:
- From official church forms.
- Direct personal contact, telephone, email, letters, social media messages or other forms of communication.
- Website enquiries.
- Conference or events enquiries and registration forms.
- Online donations and giving.
- Voice or image recordings, including the recording of church services or events.
- Voluntary submissions to receive electronic newsletters or advertising relating to
events; and/or
- Statistical information gathered through aggregated tracking to the C3 Church website (without identifying specific individuals).
If C3 Church receives any unsolicited personal information, which could have been solicited in the normal course of its activities, it may use this information in compliance with this Policy and applicable law. If personal information is collected for use without the awareness of that individual, C3 Church will take reasonable steps to notify the individual concerned. However, any unsolicited personal information that is received by C3 Church and would not otherwise have been collected in the course of normal church activities will be destroyed or de-identified as soon as practicable, provided it is lawful and reasonable to do so.
SECTION 4: SENSITIVE INFORMATION
(APP3)
Some of the information collected by C3 Church is classified as sensitive information. This would include any information contained in confidential communications (such as emails) and any information on a person’s health; disabilities; financial background; racial or ethnic origin; religious beliefs; sexual preferences; professional and practice information; or criminal background. Sensitive information is only collected to satisfy legislative requirements or to meet special needs.
If C3 Church is required to collect health information during church activities, it may be collected from the individual directly, or from a third party such as a medical provider. In this event, C3 Church will ensure that the specific purposes of the use and disclosure of the health-related information are explained in advance and will obtain the individual’s consent prior to storing any information of this kind.
SECTION 5: USE OF INFORMATION COLLECTED
(APP6, APP7, APP8, APP9, APP10)
Personal information that is collected for a particular purpose will not be used for any other purpose. The only exceptions to this are if the individual consents to the use or disclosure of the information for another purpose, the individual would reasonably expect C3 Church to use or disclose the information for another purpose, or it is absolutely necessary for legal or compliance reasons.
C3 Church will take reasonable steps to ensure the personal information collected, used or disclosed is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
C3 Church will not sell or disclose personal information to third parties except as provided in this Policy and where the disclosure is absolutely necessary and could be reasonably expected. C3 Church never shares newsletter mailing lists with any third parties, including advertisers, sponsors, or partners.
Personal information will not be used for direct marketing, unless C3 Church collected the information from the individual and they would reasonably expect C3 Church to use or disclose the information for that purpose. In this case, an individual may request not to receive any direct marketing communications by contacting the relevant department of C3 Church or Church Office (contact details below).
Some examples of the need to use personal information during general Church activities would be:
- For the specific reason the information has been provided – such as for church events, registrations, donations, email subscription lists and website enquiries.
- New Member registration or Church Member updates.
- Providing Small Group information.
- Youth or Kids Church rosters.
- “Vision Builders” updates and record keeping; and
- Pastoral department records and updating contact details as required.
Some examples of the need to disclose personal information during Church activities would be:
- If C3 Church reasonably believes that such disclosure is necessary to lessen or prevent a serious and imminent threat to the life or health of the individual or any other person; or
- If C3 Church is authorised to disclose personal information to appropriate law enforcement agencies to assist in the prevention, detection, investigation, prosecution, or punishment of criminal activities.
If C3 Australia is required to disclose personal information to an overseas recipient, the individual will be expressly informed and the individual’s consent will be sought. Some examples of the need to disclose personal information to an overseas recipient would be:
- Registration details for attendance at an international conference
- Participation in an overseas mission trip
- Involvement in an international or overseas ministry event
SECTION 6: SPECIFIC WEBSITE USE AND INFORMATION
(APP7)
C3 Church may place a text file called a “cookie” in the browser files of a user’s computer. The cookie itself does not contain personal information, although it will enable C3 Church to relate use of the church website to information that an individual has specifically and knowingly provided. The only personal information a cookie can contain is information that the individual has given. C3 Church uses cookies to track user traffic patterns to better track site usage and page click rates.
The C3 Church website may contain links to other (third party) websites. This Policy does not apply to any third-party websites that are linked to that of C3 Church.
SECTION 7: SECURITY OF INFORMATION COLLECTED
(APP11)
C3 Church is committed to maintaining a secure environment for all personal information collected, used, or disclosed. C3 Church will take all reasonable precautions to protect data from loss, misuse, interference, unauthorised access or disclosure, alteration, or destruction.
Personal information is not retained any longer than is necessary and will only be retained for the minimum period specified by legislation. Once C3 Church no longer needs the information for any purpose for which the information may be used or disclosed, it will take such steps as are reasonable in the circumstances to destroy or de-classify the information in a lawful and secure manner. C3 Church will also take all reasonable steps to correct any outdated personal information once it is made aware that the information is incorrect.
Access to either paper-based or computerised records will only be granted to C3 Church staff (paid or unpaid) where there is a demonstrated need for this access in accordance with that staff member’s duties or responsibilities. No other staff or external organisations will be entitled to access this information. All IT systems are password protected and comply with standard security protocols.
Paper-based records containing personal information are filed in secure environments, such as filing cabinets & safes, that can be locked to prevent unauthorised access to the records. Personal information collected via C3 Church’s website will be done by sufficiently secure means.
C3 Church uses a web hosting provider offering industry standard best practice security. Access to hardware is restricted to authorized individuals. Information is transmitted via secure means, and information stored is secured by encryption where possible.
As noted above, C3 Church will provide access to information to a law enforcement agency or other government agency if required.
SECTION 8: ACCESS TO INFORMATION COLLECTED
(APP12, APP13))
C3 Church will only provide individuals with access to personal information held about them upon written request submitted to the Business Manager (contact details below). If the Business Manager denies a request for access, a reason will be provided, and written notice of the decision will be given to the applicant within 28 days of the request. The notice will also contain information on how to lodge a complaint or seek further assistance from the Office of the Australian Information Commissioner (OAIC). This is an independent body that will investigate complaints against possible privacy breaches (contact details below).
Access may be denied if such access would be unlawful, frivolous or vexatious; infringe on the privacy of other individuals; pose a serious and imminent threat to the life or health of any individual; interfere with existing or anticipated legal proceedings; or other valid reasons for exclusion in line with relevant legislation.
Should an individual wish to change or delete any personal information that is held by C3 Church that is incorrect or outdated, they should contact the relevant Department of C3 Church or the Business Manager.
SECTION 9: COMPLAINTS AND ENQUIRIES
Any questions or complaints about this Policy, or C3 Church’s collection, use, disclosure, or management of private information generally, should be directed to the Business Manager. All queries or complaints will be dealt with in the strictest of confidence and with the utmost urgency.
Any person requesting a copy of this Policy should forward their initial enquiry to the Business Manager, stating the form in which they require a copy of the Policy. C3 Church will take all reasonable steps to provide a copy of the Policy in the form requested.
Complaints should be made in writing to the Business Manager, who will then investigate the issue. The Business Manager will respond to the complaint or query within 28 days of the written request being received. The response will also contain information on how to lodge a complaint or seek further assistance from the Office of the Australian Information Commissioner (OAIC).
SECTION 10: CONTACT DETAILS
C3 Church Ballina (Main Campus):
Telephone – (02) 6681 4144
Email – [email protected]
Post – PO Box 40, Ballina NSW 2478
Business Manager:
Telephone – (02) 6681 4144
Email – [email protected]
Post – PO Box 40, Ballina NSW 2478
The Office of the Australian Information Commissioner (OAIC):
Telephone: 1300 363 992 (General Enquiries)
Email: [email protected]
Post: GPO Box 5218 Sydney NSW 2001
Website – www.oaic.gov.au
This Policy has been approved by the Board of Directors of Rivercity Church Inc.
Date: Friday, October 8, 2021
ABN: 43 00 137 9890