THE EPARCHY OF Ss. PETER AND PAUL OF MELBOURNE FOR UKRAINIAN CATHOLICS IN AUSTRALIA, NEW ZEALAND AND OCEANIA
PRIVACY, DATA COLLECTION & INTERNET POLICIES
31st August 2017
1. Philosophy and Approach to Privacy
*To develop practices that are safe, and respect privacy and confidentiality of Ukrainian Catholic Clergy, staff, volunteers, parishioners and others in relation to electronic media.
*To ensure they are in line with and consistent with the values and beliefs and laws of the Ukrainian Catholic Church as well as Australian legislative requirements.
2. Rationale and Policy Considerations
The Ukrainian Catholic Church in Australian has three main data bases:
- The Ukrainian Catholic Eparchy Address Database
- The Church and Life Newspaper data base
- The Ivan Prasko Memorial Museum and Library data base
Australian Ukrainians reside in all states of Australia as well as New Zealand and Oceania. The majority is of the Catholic faith and belongs to parishes which form the Ukrainian Catholic Eparchy in Australia, New Zealand & Oceania.
The Ukrainian communities are composed of a large proportion of elderly people, many of whom are now in their late 80’s and 90’s and are either in nursing homes, hospitals or may find it difficult to attend church on a regular basis.
There is an expectation that these will be visited by Ukrainian clergy or at least be given access to a liturgical service in their own language and information about current and historical events.
The Ukrainian Catholic Church in Australia is also attended by people of various ages including families with small children who may be baptised, chrismated and make their Holy Communion in a Ukrainian Catholic Church.
Others will marry and yet others will be given the last rites and buried through the Ukrainian Catholic Church. This may include public information about forthcoming marriages and deaths that have occurred.
People associated with the Ukrainian Catholic Church, donate to the Church, write articles and assist in cataloguing church artifacts and books. This may form part of one of the above data bases.
To undertake such work in modern times the Eparchy has gathered limited information about its clergy, staff, volunteers and parishioners. It is considered to be a ‘cradle to grave’ approach.
The Ukrainian Catholic Church in Australia, New Zealand and Oceania recognizes and respects every person’s right to privacy, dignity and confidentiality, and this is reflected in our values as well as our legal requirements under the Privacy Act 1988. However, this will not always apply if it is impracticable for the Church to provide pastoral care to an individual.
In relation to the Privacy Act 1988, the Ukrainian Catholic Church will endeavour to always comply with the 13 Australian Privacy Principles (APPs) outlined in the Act in all facets of operations.
3. What Types of Personal Information Will Be Collected
Personal information is defined by the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Examples of personal information might include an individual’s name, address, phone number, email address, family details or any other information from which an individual could reasonably be identified.
Examples of personal information which we regularly collect include an individual’s:
- contact details including telephone & Email
- date of birth
- baptism and chrismation register
- Holy Communion
- marriage register
- death register
We also have photos, generally of groups of children or adults and records in written and recorded form of events such as Holy Communion and other important dates on the Christian Catholic Calendar such as Easter and Christmas.
In more recent times filming occurs of liturgical services in the North Melbourne Cathedral, and which includes views of attendees.4.
We will generally only collect the personal information we need to provide information, such as sending out copies of the Church and Life newspaper to subscribers, visiting sick and dying, house blessings and informative letters.
We use fair and lawful ways to collect it.
We endeavor to ensure we have consent to collect sensitive information such as photos of children doing their Holy Communion or filming of liturgical services.
Where reasonably practicable, we will attempt to collect personal information directly from individuals, however, in some cases this may be impracticable, or the information may be held by a third party. A common example of this situation in our Church is: events that have occurred in the Eparchy and have been written about by a third individual in Church and LifeNewspaper or the parish bulletin.
Articles in Church and Life are generally interviews with consenting individuals, acknowledged articles from external sources and photographs.
While an individual may choose not to provide personal information to us, failure to do so may hamper the provision of information or pastoral care.
Other than ‘Ask the Priest’ on the ‘Catholic Ukes.org’ site and entry to the Football Tipping Competition, there is no transmission by users of personal/general information.
5. Use and Disclosure
We will usually only use or disclose personal information:
- for the primary purpose for which it was collected;
- for related purpose which the individual would reasonably expect; or
- with consent.
Some examples of situations where we may use an individual’s personal information include:
- Working With Children Checks
- Marriage Bans and Death and Funeral Notices
- Next of kin for clergy in case of emergencies
- Subscriptions for Church & Life
- Determining amounts payable by an individual for advertising in the monthly newspaper
- Parish Newsletters
We may also use or disclose non sensitive personal information for a secondary purpose (such as marketing or fundraising) if:
- the individual has consented, or
- where it is impracticable to seek consent before this use (assuming consent has not already been denied). In such cases, the individual is given the opportunity to opt out of further communications.
Situations where we may use or disclose information without an individual’s consent include:
- where we are investigating or reporting on suspected unlawful activity.
- where the use or disclosure is required by law.
- where we reasonably believe that the use is necessary for law enforcement, public revenue protection, prevention and remedying of serious improper conduct or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body.
If we use or disclose information without consent we will make a written note of such disclosure.
6. Data Quality
We will take reasonable steps to ensure that the personal information we hold is accurate and current. This may involve us contacting you from time to time to verify your personal information. If you believe any information that we hold about you is incorrect, incomplete or out of date, please contact us.
7. Data Security
We will implement measures to protect personal information from misuse, loss, unauthorised access, changes or disclosure.
We will destroy or permanently de-identify personal information when we no longer need it or have been asked to remove it.
8. Security measures used to protect your data
We work to protect the security of your information. Only registered users have access to the data bases through two administrators. Request for individual information can be isolated from the rest of the stored data base.
We also have WEB-site protection, firewall & intrusion detection systems and real time surveillance server hardened environment; daily software updates and security patches.
‘Ask the Priest’ comments are moderated.
We will be open about how we manage personal information. If asked, we will provide information on our approach to privacy and ensure that this information is easily accessible on the Eparchy WEB site.
Notice of liturgical filming will be available at entrances to church buildings with contact information for issues or complaints.
Parents of children preparing for Holy Communion are asked to sign consent forms regarding photographs and recording.
10. Accessing and Correcting Personal Information
Usually, when asked, we will give an individual access to their personal information, unless there is a reason why we cannot do so.
We may deny a request for access if we reasonably believe:
- It would pose a serious or imminent threat to the life or health of any person.
- The privacy of others would be unreasonably affected.
- The request is frivolous or vexatious.
- The information relates to existing legal proceedings with the person who is the subject of the information and would not be accessible through discovery.
- Providing access would prejudice negotiations with the person who is the subject of the information by revealing our intentions regarding those negotiations.
- Providing access would be unlawful or denying access is required or authorised by law.
- Providing access would be likely to prejudice an investigation of unlawful activity or law enforcement, public revenue protection, prevention and remedying of seriously improper conduct, or preparation or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body.
- An enforcement body performing a lawful security function requests denial of access to protect national security.
- Where evaluative information generated by us in making a commercially sensitive decision would be revealed by providing access. In this situation we may provide an explanation for the commercially sensitive decision instead.
If we refuse access, we will explain why.
An individual may request access to their personal information by contacting us using the details contained at the end of this document.
When requesting access or correction of personal information we will require an individual to verify their identity by reference to their personal information. In some circumstances it may be necessary for an individual to visit one of our locations to properly verify their identity before access to personal information can be granted.
Generally we will not charge a fee to grant access to an individual’s personal information, however in the case of requests for old or particularly voluminous information it may be necessary for us to charge a reasonable fee, commensurate with the work required to comply with the request. However, there will be no fee charged in relation to the making of the request for access itself.
In addition to requesting access to personal information an individual may request that we correct any personal information held about them. Once the individual’s identity has been verified we will take reasonable steps to correct their personal information.
11. Transborder Data Flows
We do not and will not provide an individual’s personal information to any overseas entity unless required by law.
12. Sensitive Information
Generally, we will only collect sensitive information with an individual’s consent, except where:
- The collection is required or authorised by law or to establish, exercise or defend a legal or equitable claim, or;
- It is necessary to prevent or lessen a serious or imminent threat to the life or health of the person who is the subject of the information.
Each donation is secured, and credit card details are not stored at any time. The only information collected and retained is the amount of donation, transactions date and contact details as completed on the donation form
A copy of the donation is retained for tax and audit purposes in a secure location.
COMPLAINTS POLICY AND PROCEDURE
If an individual wishes to make a complaint about our collection, use or disclosure of any personal information, or about any potential breach of an APP, they may contact the Parish Administrator or the Administrator of the Eparchy.
When making a complaint an individual should include as many details as possible, including the nature of the personal information concerned, how it is believed to have been misused, which APP is believed to have been breached (if relevant), the details of any of our employees or representatives involved and any other information which may be relevant. Additional information may be requested to enable them to properly investigate the complaint and take such reparatory action as necessary.
Once a complaint is received the Administrator of the Parish or if it is about the Eparchy, the Eparchy administrator will investigate the circumstances of the complaint and determine whether a misuse of personal information has occurred and if so how it may be rectified and whether/what action should be taken in relation to any of our employees or representatives involved. We will endeavor to keep the individual informed regarding the process of their complaint and any action taken.
Should an individual not be satisfied with the handling of their complaint then it may be referred to the Eparchy Bishop and/or the Church will generally agree to the complaint being referred to mediation and/or arbitration. Should the matter remain unresolved then an individual is entitled to refer their matter to the Office of the Australian Information Commissioner.
Problems or questions
For more information about privacy issues in Australia and protecting your privacy, visit the Office of the Australian Information Commissioner’s web site; http://www.oaic.gov.au.
Persons requiring further information about privacy at the Ukrainian Catholic Church should contact:
Phone: (03) 9320 2560
Persons wishing to make a complaint can do so by email or written letter to:
Address: 35 Canning Street, North Melbourne VIC 3051