Churches of Christ in Queensland group of entities (we) manage personal information in an open and transparent manner. This policy sets out how we collect, hold, use and disclose personal information. We take the privacy of individuals seriously and are committed to complying with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Act).
What is personal information?
Personal information is any information or opinion which identifies an individual or can be used to identify an individual. It includes information that is generally available in the public domain such as name, address and telephone number. Sensitive information forms part of the definition of personal information, which may include, but is not limited to, racial and ethnic origin, political opinions, religious affiliations, criminal records, and health and genetic information about an individual.
What personal information do we collect?
The type, nature and quantity of personal information we collect depends on our legislative and operational requirements for the services we deliver. Generally, we only collect personal information that is reasonably necessary for enabling our services and functions as an organisation. With an individual’s consent or as permitted by law, the personal information we collect may include an individual’s name, age, contact details, medical records, guardianship information, relevant family history and relationship with us.
Why do we collect personal information?
We collect personal information to enable the delivery of our services. The specific purpose for which we collect personal information will largely depend on the type of relationship an individual has with us, for example, whether the individual is a care recipient, a potential job candidate or a contractor.
Examples of the reasons we are collecting personal information are as follows:
- assessing whether an individual is eligible to be admitted/enter into one of our services
- communicate with our potential clients/residents/care recipients and their government agency referrers, family members and external health or other service providers whose cooperation is required to deliver our service
- communicate with our existing clients/residents/care recipients, their families, carers, external health service providers, regulating government bodies and other service providers whose cooperation is required to deliver our service
- plan, provide and evaluate services to our clients/residents/care recipients
- manage and account for our services
- manage complaints, legal actions or claim against any of our services
- manage our employees, contractors and volunteers
- conduct industry surveys and research projects; and
- generally carry on our business
Only with the individual’s expressed consent, we collect personal information to:
- market our services
- compile funding applications
- Communicate with our members, sponsors, donors and other supporters and contacts for fundraising.
How we collect personal information
We collect personal information only by lawful and fair means. We collect personal information from the individual when the individual requests our services, meets with us, is engaged in one of our services communicates with us by letter, telephone, email or fax, gives us a business card, subscribes to our publications, registers for or attends our events, or submits information through our websites, blogs or other social media outlets.
When we are unable to collect personal information from the individual (for example, the individual is referred to our services), due to factors beyond our control, we collect information about an individual from:
- the government agency that refers the potential client/resident/care recipient to us
- the potential or current client/resident/care recipient’s families, carers, legal representatives, external health or other service providers whose cooperation is required to deliver our service
- third parties e.g. an individual’s employer or provider of an employment or other reference; and
- publicly available records.
In the circumstances where personal information is not collected directly from the individual, we will take reasonable steps either to notify or to ensure the individual is aware that we have collected their personal information and the circumstances of the collection.
General use and disclosure
We use and disclose personal information for the primary purpose for which it was collected. However, we are permitted to use and disclose personal information held by us for another purpose when:
- the individual has consented to the use or disclosure of the personal information
- the individual would reasonably expect us to use or disclose the personal information for another purpose and the purpose is related to the purpose for which the personal information was collected. In the case of sensitive information, the purpose is directly related to the purpose for which personal information was collected
- other purposes authorised by the Act and other legislations.
In general, we use and disclose personal information for the purposes set out under "why do we collect personal information". In all other situations, the use and disclosure of personal information may only occur with the individual’s written consent.
Use and disclosure for direct marketing (not applicable to Children, Youth and Families Services)
We will only use an individual’s personal information (other than sensitive information) to market our services, donations or sponsorship opportunities, or to send invitations to our events, where we give that individual an opportunity to request us not to use the information for such purposes. We will not use an individual’s personal information for such purposes if the individual requests us not to do so.
To whom do we disclose personal information?
Unless with an individual’s expressed consent or permitted by law, we only disclose personal information for the particular purpose it was collected for, or for a directly related reason for which the personal information was firstly collected.
Generally speaking, we disclose personal information to the following recipients to deliver our services:
- to other persons in connection with the provision of our services including our clients and their families, carers, legal representatives, external health and other services providers whose cooperation is required for the delivery of our services
- to our employees and officers
- to credit reporting and debt collection agencies
- to anyone else whom the individual authorises us to disclose the information
- to the referring government agency and other regulators
- as otherwise authorised by the Act and other legislations
Disclosure to overseas recipients
In some cases, the organisations to who we may disclose your personal information may be located outside Australia. For example, we may disclose your personal information to our mission outreach health clinic in Vanuatu; we may disclose your personal information to our service providers located in USA and the countries within the European Union. We will take all steps as are reasonable in the circumstances to ensure that overseas recipients do not breach the Australian Privacy Principles which apply upon such disclosures.
How do we keep personal information secure?
We take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. We store information in access controlled premises, and electronic information on secure servers. We require all persons authorised to access electronic information to use logins and passwords to access such information.
We require all our contractors and others to whom we disclose personal information or who may have access to personal information we collect, to keep such personal information private and to protect such personal information from misuse and loss and from unauthorised access, modification or disclosure.
Unless we are prevented from doing so by the law, we de-identify or destroy securely all personal information we hold when no longer reasonably required by us.
Integrity of personal information
We take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete, and that the personal information we use or disclose is, having regard to the purpose of such use or disclosure, accurate, up to date, complete and relevant.
To that end, we encourage you to contact us to update or correct any personal information we hold about you.
Accessing your personal information
You may request access to personal information we hold about you. The request must be made in writing (a letter, fax or email). The individual must send their request directly to us and specify the particular information the individual wishes to have access to.
On receiving the request, we may require you to verify your identity and to specify what information you require. We deal with all requests for access to personal information as required by the Act. We may charge a fee where we provide access and may refuse to provide access if the Act allows us to do so.
Upon our assessment to allow access to your personal information, we make available the requested records within a reasonable period of time; usually 30 days depending on the nature and volume of documents requested. The individual is welcome to take notes and make copies of it; however, the file remains our property.
Correction of personal information
We take reasonable steps to correct all personal information we hold to ensure that, having regard to the purposes for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
You may request corrections to personal information we hold about you. The request must be made in writing and sent directly to our Privacy Officer (details under the subheading "contact us"). On receiving the request, we may require you to verify your identity. We deal with all requests for correction to personal information as required by the Act. We may refuse to correct personal information if the Act allows us to do so.
If you are not satisfied with the outcome, then you may make a complaint to the Office of the Australian Information Commissioner (OAIC). For information about how to make such a complaint, please refer to the OAIC website.
To request access to or correction of personal information, to request not to receive marketing material or invitations from us, or to make a privacy complaint to us, please contact:
Churches of Christ in Queensland
41 Brookfield Road
Phone: +61 7 3363 1867
Fax: +61 7 3878 1268