TERMS OF USE

PRIVACY POLICY

BUNDOORA PRESBYTERIAN CHURCH PRIVACY POLICY APRIL 2013

This statement outlines the Bundoora Presbyterian Church (BPC) policy on how BPC and its associated ministries are to use and manage personal information provided to or collected by it.

 

BPC respects and values the personal information entrusted to it. BPC will comply with the National Privacy Principles (NPPs) in the Commonwealth Privacy Act (1991), hereafter referred to as the Act, in all its dealings with your personal information.

 

The primary purpose of collecting this information is to enable BPC to provide spiritual and pastoral care and in meeting its legal obligations, to provide care for children while they are under its supervision, and to discharge its duty of care. 

1. WHAT KIND OF PERSONAL INFORMATION DOES BPC COLLECT?  HOW IS IT COLLECTED?

Information collected by BPC about members of the Church and visitors to the various congregations is, almost without exception, voluntarily provided by the member or visitor. This information generally relates to contact information, relationships within a family group and association of individuals with various groups or events within the Church context – such as membership of a growth group or congregation.


1.1 Personal information you provide

BPC will generally collect personal information held about an individual in one of the following ways:


• forms, including Connect Cards, online forms, completed either by the person or by a parent/guardian;

• face to face meetings;

• interviews;

• telephone calls.


1.2 Personal information provided by other people

In some circumstances BPC may be provided with personal information about an individual from a third party, e.g. a reference about an applicant for a position.


Personal information collected from children may be disclosed to their parents or guardians. Parents or guardians may seek access to personal information collected about them and their son/daughter as specified in part 5.3 of this policy.


1.3 Exception in relation to employee records

This policy does not apply in relation to the treatment of an employee record, where the information is directly related to a current or former employment relationship between BPC and the employee. These records are specifically exempt from the application of the Act.

2. HOW WILL BPC USE THE INFORMATION THAT YOUR PROVIDE?

BPC will use personal information you provide for any of the following purposes:


• the provision of spiritual and pastoral care services to its community (the primary purpose);

• such other secondary purposes as are related to the primary purpose;

• any other purpose to which you have consented.


BPC will use health information for the primary purpose that you provide it for, and not for any other secondary purpose, unless one of the exceptions in the Act applies.


2.1 Children and their parents and/or guardians

BPC collects information about children and their parents and/or guardians to enable it to provide spiritual and pastoral care. Information may also need to be collected if BPC organizes other activities such as play groups, Sunday School, Get Some Fun (GSF) etc..


The purposes for which BPC uses personal information of children and their parents and/or guardians include:


• Communicating with parents and/or guardians about matters relating to their child's spiritual and pastoral care;

• Day to day administration;

• Satisfying BPC’ legal obligations and allowing BPC to discharge its duty of care.


In some cases where BPC requests personal information about a child or parent and/or guardian and the information is not obtained, the child may not be able to be enrolled in a BPC program for which the information was requested.


2.2 Adults

Information is used for purposes similar to those relating to children.


2.3 Job applicants, staff members, volunteers and contractors

The purpose of collecting information related to job applications, or information related to volunteers, contractors or members of staff is to assess the suitability of the person or persons for a particular role in BPC and, if successful, employ or engage the person or persons concerned.


The purposes for which BPC uses this information includes:


• Administering the person's employment or contract;

• Insurance requirements;

• BPC legal obligations.


2.4 Taxation

This information may also be used for accounting purposes, including complying with taxation requirements if required by law.

3. TO WHOM MIGHT BPC DISCLOSE PERSONAL INFORMATION?

Subject to the Act, BPC may disclose personal information held about an individual to:


• Government departments;

• Medical practitioners;

• Volunteers or staff who provide some form of service to members of BPC and need to know information for pastoral or duty of care reasons;

• People providing services to BPC;

• Recipients of BPC publications;

• Parents and/or guardians;

• Anyone you authorise BPC to disclose information to.


Information received from members of BPC or those who use its services may be used to seek financial or other forms of support from them. We will not disclose any personal information to third parties for fundraising purposes.

4. HOW DOES BPC TREAT SENSITIVE INFORMATION?

BPC will not collect sensitive information about you unless you consent, it has significant pastoral relevance or it is required by law. If sensitive information is collected, then it will be used and disclosed only for the purposes for which it was provided, or for a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is required by law.


BPC does not normally collect health information, but in the event that they do so, it will only be in accordance with its obligations under the Act.

5. MANAGEMENT AND SECURITY OF PERSONAL INFORMATION

BPC staff are required to respect the confidentiality of personal information and the privacy of individuals.

 

5.1 Updating personal information

BPC endeavours to ensure that the personal information it holds is accurate, complete, and up to date. Persons may seek, and are encouraged, to update their personal information held by BPC by primarily accessing their data stored on the BPC CCB site. You can view your information by  contacting the Church Office (office@bpc.org.au) and requesting access to that information..

 

BPC has procedures in place to ensure that it conducts reviews of the personal information that it holds to ensure that the personal information it has collected or proposes using or disclosing is actually complete and up to date.

 

BPC makes every effort not to store personal information longer than necessary. The time required to store information may change in relation to the type of information stored and any legal obligations through the Act.

 

5.2 Security of Personal Information

BPC has in place steps to protect the personal information it holds from misuse, loss, unauthorised access, modification or disclosure by use of various methods which as a minimum standard includes storing paper records in locked cabinets and pass-word protected access rights to computers which contain computerised records of personal information.

 

BPC will take reasonable steps to destroy or de-identify personal information if it does not need it for any purpose for which it may have been used or disclosed.

 

BPC holds some information (such as name and address details, group involvement and attendance records) about members of the church congregation on servers provided by Church Community Builder (CCB). 

 

CCB maintains personal information in a manner that complies with the Act and the National Policy Principles.

 

CCB uses servers that reside in the United States and the privacy of the information is subject to a Service Agreement between BPC and CCB as well as law relating to the US State and Federal Laws. The service agreement does not allow CCB to monitor, edit, use, distribute or disclose any of the data without BPC' express written permission or as may be required by law. The services provided by CCB ensure data is protected through encrypted links and secured services and is fully maintained and backed up. 

 

BPC Staff will not place medical information on a web-based server, although this information may be required to be stored in other forms.

 

Personal financial account information, such as bank account details, credit card details, or giving records may be required to be stored within web based servers located within financial institutions for the purposes of direct debit procedures or other financial transactions.

 

 

5.3 You have the right to check what personal information BPC holds about you

Under the Act, and with some exceptions, an individual has the right to obtain access to any personal information that BPC holds about them, and to advise BPC of any perceived inaccuracy. Children will have access to their personal information through their parents and/or guardians.

 

To make a request to access any information BPC holds about you or your child, please contact BPC Office (office@bpc.org.au) and request that we send you a 'Request for Personal Information Form’, which must be completed before BPC can give access to you to personal, sensitive or health information. BPC may require you to verify your identity and specify what information you require. 

 

There are exceptions as to when BPC may provide you with access to personal information. It will depend upon the circumstances surrounding your request as to whether BPC can disclose that personal information to you. As such, each request for access to personal information will be assessed on a case by case basis, either by the Senior Pastor/ Moderator, Pastor or, in some cases, the session of BPC (whichever is deemed to be the most appropriate by the Senior Pastor/ Moderator).

 

BPC will not charge you for applying to lodge a request for access.

 

If BPC denies you access to personal information, you will be given reasons for that denial.

 

5.4 Consent and right of access to the personal information of children

BPC respects every parent and/or guardian's right to make decisions concerning their children's spiritual upbringing and care. Generally, BPC will refer any requests for consent and notices in relation to personal information of a child to the parent and/or guardian. BPC will treat consent given by a parent and/or guardian as consent given on behalf of the child, and notices to parents and/or guardians will act as notices given to the child. 

 

5.5 You have the right to have information removed from BPC storage.

It is your right to have information removed from storage by Bundoora Presbyterian Church, subject to any legal requirements that may be placed on that information. If you wish to have information deleted a request should be submitted to session@bpc.org.au. There may be cases where removal of information will exclude participation by a person in an event due to the requirements of BPC in discharging its duty of care (see also 2.1).

6. IDENTIFIERS

BPC does not adopt Commonwealth identifiers, such as Medicare numbers, to identify an individual.

7. ANONYMITY

If you make arrangements with BPC, you have the option of not identifying yourself whenever it is lawful and practicable that you not have to do so. Please contact the Session Clerk or Senior Pastor to implement this (session@bpc.org.au).

8. ENQUIRIES

If you would like further information about the way BPC manages the personal information it holds, please contact the Church Office.

APPENDIX 1 - EMAIL

BPC makes use of email to communicate and adheres to the Spam Act 2003. The Spam Act has three steps of application; Consent, Identify and Unsubscribe.

Consent is given through the form of "Inferred Consent" from information taken from information slips and other transactions of personal information. In all transmissions made by email, BPC will clearly identify that the message is from BPC and will give a short explanation as to how to unsubscribe from the mailing list.


Please note that emails sent to BPC through the address <office@bpc.org.au> may be viewable by all staff. Emails sent to the personal addresses, normally denoted by a staff member’s name <firstname.surname@bpc.org.au>, or leadership groups (such as bom@bpc.org.au or session@bpc.org.au) are maintained by their respective owner, but they are subject to viewing by other staff members from time to time for administration purposes. All staff are aware the significance of your privacy.