Diocesan Privacy Policy

1 Purpose

The Synod of the Diocese of Adelaide of the Anglican Church of Australia Incorporated is bound by the Privacy Act 1988 and Amendments, which govern how we collect, use, disclose, store, secure and dispose of your Personal Information. It also communicates how individuals may raise complaints about possible breaches of Australian Privacy Principles that we are required to comply with, and how we deal with those complaints.The Synod of the Diocese of Adelaide of the Anglican Church of Australia Incorporated (the Synod) respects the privacy of individuals.  The Synod is committed to the collection, use, disclosure and management of Personal Information in accordance with the requirements of the  Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2 Scope

In addition to supporting Anglican ministry within the Anglican Diocese of  Adelaide (including by undertaking safer ministry checks), the Synod provides a range of services including education (St Barnabas College), financial services (Anglican Funds South Australia) and cemetery services (North Road Cemetery).  This policy applies to all areas of the Synod and to all its activities.  [1]All employees, officeholders, volunteers, consultants, contractors and agents of the Synod are required to comply with this Policy when collecting Personal Information on the Synod’s behalf and when dealing with Personal Information in the Synod’s possession.  Failure to do so may constitute grounds for disciplinary action. 

[1] This Policy does not apply to Anglican parishes, congregations or other worshipping communities located within the Anglican Diocese of Adelaide.  The Synod encourages the governing bodies of all Anglican entities in the Diocese to adopt a policy that protects the privacy of personal information collected or held by them.

4 Definitions

a. Australian Privacy Principles (APP) are as contained in the Privacy Act. 

b. Health Information is Personal Information about 

1. a person’s physical or mental health or of a disability of that person
2. a person’s expressed wishes about the future provision of health services
3. a health service provided or to be provided to a person
4. other personal information collected to provide a person with a health service.
5. An individual’s expressed wishes about future provision of health services

c. Personal Information is as defined in the Privacy Act andmeans information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not’.  The types of Personal Information that the Synod may collect or hold includes the following:

1. Name
2. Contact details, including email address residential/business address, telephone number
3. Emergency contact details
4. Health Information
5. Date of birth
6. Gender
7. Religious affiliation
8. Employment history
9. Criminal history
10. Banking and credit card details
11. Tax file number
12. Records of donations and transactions
13. Academic record
14. IT access logs
15. Metadata from use of online services and facilities

d. Privacy Act means the Privacy Act 1988 (Cth).

e. Privacy Statement means a notification to an individual that the Synod collects Personal Information that contains 

1. The contact details of the area of the Synod responsible for the collection of the individual’s Personal Information
2. The purpose for which the Personal Information is being collected
3. Any third parties to which the Synod may disclose the individual’s Personal Information
4. Any consequences for the individual if the required Personal Information is not provided 
5. Details of the Synod’s complaint handling process
6. Details of how to obtain a copy of the Synod’s Privacy Policy

f. Sensitive Information is defined in the Privacy Act and includes

1. Information or an opinion about an individual’s:

• racial or ethnic origin;
• political opinions;
• membership of a political association;
• religious beliefs or affiliations;
• philosophical beliefs;
• membership of a professional or trade association;
• membership of a trade union;
• sexual orientation or practices;
• criminal record; 

2. Health Information

5 Policy Principles

1. Why we collect personal information

The Synod collects, holds, uses and discloses Personal Information in the course of carrying out functions and activities of the Anglican Diocese of Adelaide.  These functions and activities include: 

• providing administrative, secretarial and business support services to the Synod and parishes within the Diocese
• maintaining registers of Diocesan and parish office bearers
• assessing the suitability of candidates for ordination 
• licensing clergy and lay people for ministry
• administering professional standards
• ensuring compliance with Safer Ministry requirements of the Diocese
• providing pastoral care
• administering bequests and gifts
• leasing/ licensing of property owned by the Synod 
• assessing suitable candidates for employment opportunities
• communicating with members of the Anglican community in the Diocese
• incorporation of required information in the Synod’s annual reports
• for the issue of investment products by Anglican Funds South Australia
• enrolment of students at St Barnabas College and for the proper administration of the College
• communicating with the public, stakeholders and the media including through websites and social media
• enabling compliance with legislative requirements and contractual obligations with governments and their agencies

2. Collecting personal information

a. The Synod will not collect Personal Information unless the information is directly related to or reasonably necessary for the performance of one or more of the Synod’s activities. 

b. The Synod will not collect Sensitive Information unless

1. It has the individual’s consent to do so; or
2. It is required or authorised by Australian law or a court order; or
3. Pursuant to an exemption under the Privacy Act.

c. The Synod will collect Personal Information by lawful and fair means, and where possible directly from the individual.  The Synod regularly collects Personal Information in the following ways

1. Forms, including on-line forms
2. Correspondence
3. Interviews
4. As part of enrolment, registration processes and subscription to Diocesan information services 
5. Direct contact, for example arising in the course of administrative activities or the provision of services
6. From third parties with which the Synod collaborates
7. Monitoring and logging of metadata from individuals’ use of IT services provided by Synod and on-line facilities provided by the Synod 

d. When the Synod collects Personal Information from an individual, it will provide a Privacy Statement to the individual either at the time of collection or if that is not possible, as soon as reasonably practicable afterwards. 

e. If the Synod receives Personal information that has not been solicited, and has no lawful basis for retaining the information, the Synod will destroy that information. 

f. The Synod will give individuals the option of not identifying themselves, or of using a pseudonym except where

1. The Synod is required or authorised by Australian law to require an individual’s identify, or
2. It is impracticable for the Synod to do so.

g. Other than the purposes specifically identified in this Policy, the Synod will only use or disclose Personal Information for purposes that the individual would reasonably expect the Synod to use or disclose that information for, being a secondary purpose that is directly related to the Synod’s primary purpose of collection.   

h. The Synod will not use Personal Information for the purpose of direct marketing unless the Synod has obtained the individual’s consent to do so.

i. The Synod may disclose Personal Information to third parties as follows:

1. External service providers, to the extent necessary to enable the external service provider to provide the contracted services to the Synod.
2. Government departments and agencies to satisfy reporting requirements
3. To General Synod and other Anglican entities at which an individual represents the Synod 
4. To the Professional Standards body of another religious organisation.

j. Some third parties to whom the Synod discloses Personal Information may be located overseas.  If the Synod discloses Personal Information to an overseas recipient, it will: 

1. Obtain the consent of the individual to do so; or
2. Ensure the overseas recipient is subject to a law that has the effect of protecting the Personal Information in a substantially similar way to the Australian Privacy Principles; or
3. Include a term in its contract with the overseas recipient that requires the overseas recipient to deal with the Personal Information in a manner that is consistent with the Australian Privacy Principles.

3. Integrity of personal information

The Synod will take reasonable steps to 

1. Ensure that Personal Information that it collects, uses or discloses is accurate, complete and up-to-date.
2. protect the Personal Information held by it from misuse, interference, loss, unauthorised access, modification or disclosure.
3. to destroy or de-identify Personal Information if it is no longer necessary for the Synod to retain the Personal Information

4. Access to and correction of personal information

1. The Synod will provide access to an individual’s Personal Information on receipt of a request by that individual within a reasonable period, unless the Synod has a lawful reason for refusal.
2. The Synod encourages individuals who have regular dealings with it, to keep the Synod informed of any changes to their Personal Information.  The Synod will take timely steps to update and correct an individual’s Personal Information when requested to do so by the individual.

5. Breaches and complaints

1. Any Synod employee or officeholder who becomes aware of an actual or suspected loss or unauthorised use, access, modification, disclosure or other misuse of Personal Information is to notify the Privacy Officer immediately and is to follow the Data Breach Procedures adopted for that purpose. 
2. If an individual believes that their Personal Information has been dealt with in a manner that is inconsistent with this Policy or with the Australian Privacy Principles, the individual can make a complaint by contacting the Diocesan Privacy Officer, 18 King William Road, North Adelaide SA 5006 email:  privacy@adelaideanglicans.com
3. Complaints will be processed in a reasonable time, and individuals will be advised in writing of any action the Synod has taken to address the complaint. 

6.1 Diocesan Council

Diocesan Council is responsible for

a. Strategic oversight of the implementation of this Policy to ensure

1. compliance with the Australian Privacy Principles, and 
2. an ability to deal with inquiries or complaints from individuals about the Diocese compliance with the Australian Privacy Principles.

b. Communicating this policy to the Secretary of Synod,

c. Reviewing this policy every 2 years, and 

d. Approving this policy.

6.2 The Secretary of Synod

The Secretary of Synod is responsible for

1. Implementing appropriate practices, procedures and systems that ensure compliance with the Australian Privacy Principles.
2. Reporting to Diocesan Council on the implementation of appropriate practices, procedures and systems that ensure the Synod’s compliance with the Australian Privacy Principles.
3. Ensuring that individuals’ complaints concerning compliance issues are handled effectively,
4. Reporting to Diocesan Council of any other privacy matters that have been raised,
5. Reviewing this policy every 2 years and submitting it to Diocesan Council for adoption,
6. Keeping Diocesan Council informed of any material changes in Privacy law and their impact on the Synod’s operations,

5 Policy Review

This Privacy Policy is subject to biennial review.

6 Further Information

Anglican Diocese of Adelaide Privacy Officer 8305 9350

Australian Government Office of the Australian Information Commissioner website

7 Relevant Legislation

The Privacy Act No 119, 1988 (Cth).