Privacy

1. Why this policy exists

At Caritas Australia, we are compliant with the Privacy Act in our collection and use of personal and sensitive information. In-country offices and Caritas Australia program partners are supported in applying this policy as a best practice guide when collecting, storing and using personal and sensitive information. Wherever there is a conflict between this policy and the laws of another country, the local law will prevail.

2. This policy applies to

This policy applies to all personnel, partners and supporters of Caritas Australia. This policy and the provisions under the Privacy Act 1988 do not apply to records or information collected prior to 21 December 2001.

The Privacy Act Principles apply only to information about individuals and only to information that falls into the category of personal, sensitive, confidential or health related. Information about entities is excluded.

3. Definitions used in this policy

Below is a partial list of definitions (see Appendix 1 for a full list).

When we use …	we mean ...
personal information	Any information about a person that identifies that person or from which that person’s identity can reasonably be determined. It includes verbal, written and photographic information. It does not include anonymous information, aggregated information or de-identified information. (This is the same meaning as defined in the Privacy Act 1988).
sensitive information	A subset of personal information and has stricter requirements for collection, storage, use and disclosure. It includes information about a person’s race, ethnic origin, religion, criminal record, sexuality, health, or union activity. (This is the same meaning as defined in the Privacy Act 1988).
health information	Information on physical and mental health, disability, health preferences, use of health services etc. (This is the same meaning as defined in the Privacy Act 1988).
confidential information	Information shared with only a few people for a specific purpose, and may include tax file numbers, surveillance information, credit history, spent convictions etc.
personnel	Any person doing paid or unpaid work for or on behalf of Caritas including Australian based employees, in-country employees, Board of Directors, Diocesan Directors, volunteers, contractors, subcontractors and consultants.
supporter	An individual, trust or organisation that provides a financial donation or in-kind support or goods to Caritas Australia.
program partners	Individuals or organisations that Caritas Australia works with, accompanies and supports to deliver humanitarian and development programs or activities.
activities and functions	The activities required for Caritas Australia to function, including but not restricted to recruitment, safeguarding checks, payroll processing, communications, fundraising and program delivery.

4. Guiding Principles

4.1 Integrity and respect
We are guided by the core values of integrity and respect when collecting, storing and using information.

4.2 Individual rights
We respect the rights of individuals to keep their personal information private and to ensure that it is accurate.

4.3 Compliance
Caritas Australia is bound by the Australian Privacy Act 1988. We will also comply with the privacy laws in other countries where we operate.

4.4 Best practice
Best practice informs our policies, procedures and processes. We apply best practice standards wherever we are operating, regardless of local laws. We seek to continually improve and welcome feedback.

5. Policy Commitments

All Caritas Australia personnel working within Australia must follow this policy. For Caritas Australia personnel and partners in our in-country locations, this policy is considered best practice guidance. Caritas Australia will work with partners to build their capacity to manage and store information in accordance with this policy.

This policy applies to any individual from whom personal, sensitive or health information has been collected by Caritas Australia and its partners.

5.1 Why we collect information

5.1.1 We commit to only collecting information that is required for our activities and to always collect information fairly and transparently. This means that you will know what we collect, how we will use the information, and as far as practicable, will obtain information directly from you with your consent.

5.1.2 Personal information will only be collected if required by law, or where reasonably necessary to enable Caritas Australia to conduct activities or functions and for secondary purposes for which it would be reasonable to use or disclose personal information.

5.1.3 Other purposes for which Caritas Australia may use personal information include:

Advocacy purposes when making a submission to Government
Developing or evaluating activities, services and programs
Engaging third parties to develop or evaluate activities, services and programs
Management of business including communications and social media strategy
Complying with legal obligations
Other purposes that may arise from time to time

5.1.4 We will always endeavour to obtain personal information directly from you. Where this is not possible, then where practicable, consent will be sought prior to collecting information from a third party.

5.1.5 We will from time to time collect information from program partners concerning program participants. This information is collected for evaluation and reporting purposes and will be provided to Caritas Australia in aggregated form. Where information is collected that could identify an individual participant, the person will be advised of the purpose for which it will be used and will have opportunity to grant or deny the request. The information will be destroyed at the request of the individual.

5.1.6 For prospective employees, personal information may be sought by speaking with referees, including previous employers who may not have been nominated as referees.

5.1.7 We may collect personal information of personnel for the purpose of engagement and administration of the engagement contract. This includes information such as name, address, date of birth, qualifications and professional development history, employment history, performance information including complaint records and records of investigations, background checks, contact details, tax file details, salary information, banking and superannuation details, leave details, work emails and sensitive information such as health information in circumstances of an ill or injured worker (See Appendix B for more information).

This information can only be used within the scope of the employment relationship for the purposes for which it was collected.

5.1.8 We will also collect information from our partners including names and addresses so that we are able to conduct background checks (such as counter-terror finance checks).

5.1.9 We collect personal information of our supporters such as names, addresses and phone numbers, email addresses, bank account or credit card details and details of supporter preferences. This information allows us to manage supporter lists, send newsletters to supporters, and provide supporting evidence when seeking grants and other government funding.

We may use personal information to send promotional or marketing material from time-to-time. Any such material will clearly indicate to the receiver how they may opt out of receiving such material in the future.

5.1.10 Our website uses cookies and other digital identifiers that provide information on how the site is used and user analytics. Users can clear or disable cookies or digital identifiers from their device by changing security settings on their web browser. However, doing this may impact the functionality of the website.

5.1.11 Personal information will be used for the purpose for which it was collected or for a related secondary purpose.

5.2 How we collect information

When we collect personal information, we make it clear:

That the personal information is for Caritas Australia
That we provide contact details for referring any question or concern
How contact details were obtained
If the information came from a third party, we will tell you from where we received the information
The purpose of collecting the information and if there is any consequence for it not being provided
Any person or entity to whom the information will be provided
How the personal information can be corrected
That any complaint can be directed to the Privacy Focal Point

5.3 How we store information

5.3.1 We are committed to securely storing personal information.

5.3.2 Personal information is stored in a variety of forms including physical and electronic form. It may take the form of written documents such as employment forms, reports, records, visual data, receipts and financial records.

5.3.3 Restrictions are placed on relevant documents to limit who has access to personal information. These restrictions include physical security such as locked cabinets and electronic security measures such as passwords.

5.3.4 We take the security of personal and sensitive information seriously. We protect information from misuse, interference, loss, unauthorised access, modification and disclosure. Information is categorised in accordance with the Caritas Australia Data Standards, which prescribe that personal and sensitive information has the highest standards of data security.

5.3.5 Security measures include but are not limited to:

Physical access to our buildings is restricted
All personal and sensitive information is securely stored at all times
Virus scanning tools are frequently used
Databases are protected by secure user ID and passwords
All supporter credit card details are encrypted
Only authorised people will have access to personal information
Email protocols are used (such as BCC so recipients can’t see email addresses of other recipients)
Confidentiality and privacy clauses are included in all contracts
All cloud-based storage meets privacy requirements
Third party providers are required to have security measures in place

5.4 How we use information

5.4.1 We do not use or disclose personal information that we have collected for any reason other than the primary purpose for which it was collected, unless:

You have provided consent for us to use it for another purpose
The purpose is closely related to the primary purpose, or
We are legally required or permitted to use the information

5.4.2 We ask for consent from a supporter before publishing any information about their donation.

5.5 Accessing, altering or deleting the information we collect

5.5.1 You may be able to obtain a copy of personal information that we hold about you. To make a request to access this information please contact us in writing using the Privacy Focal Point (confidential@caritas.org.au).

5.5.2 There are circumstances under Australian privacy laws where access to the personal information cannot be granted. For example, when it would unreasonably affect someone else’s privacy, or pose a serious threat to another person’s life, health or safety.

5.5.3 If you notice any errors in your personal information, we will take all reasonable steps to correct it.

5.5.4 If you request access to information you may need to provide of identity before information is disclosed.

5.5.5 If we cannot give you access to personal information, we will tell you the reason why.

5.5.6 You can also request to access the personal information we hold about you, update or remove the information we have collected, or let us know of your preferences for how we communicate with you by contacting our Supporter Services team: on questions@caritas.org.au or calling 1800 024 413.

If you have questions about this policy, suggestions how to improve or concerns about your data, please contact the Privacy Focal Point confidential@caritas.org.au

5.6 Breaches of privacy

In the event of there being a data breach, we follow our Data Breach Procedure that ensures we meet all requirements under the Privacy Act for notifying the breach and managing the breach promptly.

5.7 Who can I contact?

5.7.1 We have a designated Privacy Focal Point to whom questions or complaints may be directed.

5.7.2 This role also ensures that any breaches of data are managed and reported in accordance with the Privacy Act.

6. Roles and Responsibilities

At Caritas Australia, we recognise that a culture of protecting privacy starts with strong leadership.

6.1 The Board of Directors is responsible for:

Ultimate accountability for our organisational policies
Guiding the governance and culture of Caritas Australia through strategic leadership
Demonstrating a commitment to a culture of protecting privacy and leading by example
Approving this policy and holding the Leadership Team accountable to how effectively this policy is implemented
Investigating very serious complaints and providing a response

6.2 Leadership Team members are responsible for:

Demonstrating a commitment to a culture of protecting privacy and leading by example
Ensuring our procedures, practices, plans and operations align with this policy
Reporting to the Board via the CEO on policy matters
Ensuring their team are aware of this policy and understand their responsibilities
Monitoring and responding to any complaint that is assigned to them to investigate

6.3 The Chief Executive Officer is responsible for:

Ensuring this policy is upheld
Demonstrating a commitment to a culture of protecting privacy and leading by example
Informing the Board of any concerns relating to complaints that may present risk to Caritas Australia or its personnel
Giving progress reports to the Board
Ensuring all senior employees are accountable to this policy

6.4 Managers are responsible for:

Demonstrating a commitment to a culture of protecting privacy and leading by example
Communicating this policy and related procedures to personnel

6.5 Personnel (including you) are responsible for:

Understanding and following this policy and related procedures
Ensuring that your actions are in line with this policy, and that your work reflects the Guiding Principles and Policy Commitments above
Not encouraging others (directly or indirectly) to breach this policy
Reporting any breach to your manager. However, if it is a sensitive complaint, you must report it to confidential@caritas.org.au (the Complaints Focal Point) or Stopline whistleblower service

We have a shared responsibility to ensure a culture of protecting privacy is at the forefront of all decisions and interactions of our work.

7. Related Documents

This policy supports Caritas Australia’s compliance with the following:

7.1 Legislation:

Privacy Act 1988 (Cth)
Australian Privacy Principles, schedule 1 to the Privacy Act 1988 (Cth)
Health Records and Information Privacy Act 2002 (NSW)
Data Provisions Requirements 2010 (Cth)
Freedom of Information Act 1982
State and Territory Privacy Laws and Principles; State based Health Privacy Laws

7.2 Standards:

7.3 Caritas Australia governance documents:

Data Breach Procedure
Speaking Up Policy

8. Appendix List

Appendix 1 - Collection of your personal information
Appendix 2 - Collection of employee personal data

9. Information about this policy

How this policy has changed over time

Can be accessed by	Anyone via website
Can be shared with	Internally and externally (including with other organisations)
Distributed to	Any person doing paid or unpaid work for, or on behalf of, Caritas Australia including Australian-based employees, in-country employees, Board of Directors, Diocesan Directors, volunteers
Document Owner	Document Owner - Privacy Focal Point
Approved by	Approved by - Board of Directors
Commencement Date	Commencement Date - 01 Oct 2020
Next Review Date	Next Review Date - 01 Oct 2023
Document number	Document number - CT-PR-POL-v1.1

How this policy has changed over time

Version	Approval Date	Summary of changes
v1.0	22 Sep 2020	Combined the ACBC Privacy Policy and, the Caritas Australia Finance Privacy Policy. Includes specific aspects relevant to Finance and Fundraising. Appendix 2 includes new content.
v1.1	18 Nov 2020	Put in new format
v2.0	24 May 2022	Information on how to request deletion of your personal information. Disclosure of Global Gifts portal and the details it collects

Appendix 1: Collection of your personal information

Key points

Your privacy is important to us. We want to be transparent with you about how we capture, store and use information.
If you wish to be removed from our mailing list, please contact our Supporter Services team: questions@caritas.org.au or call 1800 024 413
If you have questions about this policy, suggestions how to improve or concerns about your data, please contact the Privacy Focal Point confidential@caritas.org.au

What personal information we collect

As part of our regular interactions with our supporters, volunteers, contractors and job applicants, we may need to collect personal information (including sensitive information).

The personal information we collect will vary. Some examples of the information we may collect include:

Names and email addresses of people who subscribe to our emails
Contact details, date of birth, gender and bank account details of our supporters
Records of a supporter’s donation history and emails to us
Employer details if a supporter donates via workplace giving
History of employment and reference checks for potential employees and volunteers

Please note in order to process your gifts on our Global Gifts online portal it is a requirement that you provide details including your name, address, a contact phone number and credit card details. You will be unable to use the Global Gifts online portal if you do not provide these details. Please call 1800 024 413 (toll-free) or email questions@caritas.org.au if you wish to use Global Gifts without providing this information.

People who receive a Global Gift

When you choose to send a card to someone we need to collect their email address to deliver it. We will only use the address for this specific purpose and will not email the gift recipient any other materials nor store it for future use.

Why we need to collect personal information

You do not have to provide us with your personal information. However, if you do not provide us with your personal information, it may be difficult for us to contact you and complete the request or transaction initiated by you.

For example, without your contact information, we may not be able to give you a receipt for tax purposes, offer you employment, or provide you with more information about our work.

If you are making a whistleblower or sensitive complaint, you may be able to make that complaint anonymously. To do this, you’ll need to contact Stopline whistleblower services.

How we collect personal information

We may collect personal information you provide to us directly. For example,

in person
via your parish
over the phone
by email
via our website or social media platforms
by completing a petition (online or hard copy)

We may also occasionally collect your personal information indirectly from publicly available sources and third parties.

If we collect personal information about you other than directly from you, we will take such steps as are reasonable in the circumstances to notify you that we have collected your personal information.

During your communications with us, please do not provide us with other people’s personal information. If you do provide us with information about another individual, you must:

Tell that individual that you will be providing their information to us
Tell them that we will handle their information in line with this privacy policy
Confirm that you have that individual's consent to provide their information to us.

How we use personal information

We use the personal information you provide to us for the purpose for which it was provided to us, for other related purposes or as permitted or required by law. Such purposes include:

Processing donations and transactions, including issuing receipts
Communicating with you via mail, email or phone
Responding to your questions, comments or other requests
Undertaking marketing activities
Analysing our effectiveness
Any other purpose identified at the time of collecting your information

How you can opt-out of direct marketing

When we send you marketing materials (whether by post, email or telephone), we aim to provide you with an opportunity to opt-out (unsubscribe) to future communications.

By electing not to opt-out, we will assume we have your implied consent to receive similar communications in the future.

If you wish to opt-out, please email questions@caritas.org.au or call our Supporter Services team on 1800 024 413 or via post 24-32 O'Riordan St, Alexandria NSW 2015.

When we can disclose personal information

We will only disclose your personal information for the purposes for which it was initially collected, for other directly related purposes or purposes to which you otherwise consent.

Strict confidentiality agreements are in place with our service providers and external agencies who may process data on our behalf. We use third parties who provide services on our behalf, such as mail, database, telephone, IT, audit, professional advice, payment processing and research services. Before disclosing your personal information to an overseas-based third party, we will take all reasonable steps to ensure that the recipient will not breach the Australian Privacy Principles

From time to time we may provide your contact details to other like-minded charitable organisations or data collectives to contact you with information that may be of interest to you. We will endeavour to provide you with an opportunity to opt out of receiving such communications.

If you do not wish to have your contact information shared with other like-minded organisations, please contact us by mail at Supporter Services, 24-32 O'Riordan St, Alexandria NSW 2015, by phone at 1800 024 413, or by email at questions@caritas.org.au.

Other than as stated above, we will we not share your personal information. However, it is possible, though unlikely, that we might be forced to disclose personal information in response to legal processes or when we believe in good faith that the law requires it, for example, in response to a court order, subpoena or a law enforcement agency's request.

How we protect data security

Our employees and volunteers receive have signed a Code of Conduct and received training about how to handle personal information.

We comply with industry standards to ensure your personal information is protected from misuse, loss, interference and unauthorised access, modification or disclosure. For example, whenever we ask for your financial details online, we use security-encrypted response forms.

Unfortunately, despite all these measures, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Caritas Australia cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

If you do not wish to make your donation online, please contact us to receive a paper form.

How our website uses cookies and other technologies

The www.caritas.org.au website and our social media platforms may use cookies and tracking technologies.

The www.globalgifts.org.au website may use cookies and tracking technologies. The Global Gifts e-commerce plug in, vendr-{storeId}, is used to keep your current selections of products, shipping & payment method and the current order ID for 1 year.

A temporary cookie is used on the Global Gifts website that lasts for 5 minutes and holds a reference to your last finalised order. This is to allow for the displaying of your last order on the order confirmation page.

You have the ability to accept or decline cookies by modifying the settings in your browser. You can also visit www.aboutads.info/choices to opt out of the collection and use of information for ad targeting.

How to access or update your information

We take reasonable steps to ensure that the personal information that we hold is accurate, complete and up-to-date. However, we rely on you to advise us of any changes to your personal information is up-to-date.

We will, on request, provide you with access to the personal information we hold about you. If we cannot give you access to this information (for example, if we are not permitted by law), we will tell you the reason why.

To request access to your personal information or, to update or correct your personal information, please contact us questions@caritas.org.au.

How to make a complaint

If you wish to make a complaint about a breach of this privacy policy or the privacy principles of the Privacy Act 1988, you can contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint as well as any supporting evidence and/or information.

We will refer your complaint to our Privacy Focal Point who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information from you. We will notify you in writing of the outcome of the investigation.

For more information on our complaints process at Caritas Australia, please see our Speaking Up Policy.

If you are not satisfied with our decision, you can contact us to discuss your concerns. If your complaint is about the way we handle your personal information, you may also contact the Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.

How we revise our policies

We may revise our Privacy Policy from time to time. Please review this Privacy Policy periodically for changes (the final section “How this policy changes over time” outlines the specific changes). If we make substantial changes to this Privacy Policy, we will notify you by email or by putting a notice on our website.

Contact us

If you have any questions or concerns about our Privacy Policy or its implementation, please contact us at:

Call Supporter Services 1800 024 413 during business hours (9 am – 5 pm AEST)
Privacy Focal Point confidential@caritas.org.au
Stopline whistleblower service (for anonymous complaints)
Unsubscribe by sending an email to questions@caritas.org.au
Caritas Australia, 24-32 O’Riordan Street, Alexandria, NSW 2015

Appendix 2: Collection of personal information for employees

At Caritas Australia, we comply with privacy laws when handling personal or sensitive information. See our Privacy Policy for more details.

What personal information we collect
As part of our regular interactions with our employees, volunteers and Directors of the Board, we may need to collect personal information (including sensitive information).

Some of the types of information we may collect include:

Your contact details, including emergency contact details
Bank account, superannuation and tax details to process your pay
Background checks such as criminal history checks
Employment history, reference checks, your CV
Health information, such as for medical certificates if you use personal (sick) leave or do work-related travel
Professional development and performance information, including probationary reviews and performance reviews

Why we need to collect personal information
The primary purpose for collecting the information is to administer your employment, including processing your salary and entitlements, maintaining your employee record and providing access to IT services. We also collect personal information in order meet legislative requirements.

If you choose not to provide the requested personal information to us, then it may not be possible for us to process your entitlements and/or obligations in respect to your employment.
How we use your personal information

We use the personal information you provide to us for the outlined purpose, or a directly related purpose. It may be disclosed to organisations such as superannuation schemes, government departments or contracted service providers. It may be disclosed to relevant bodies when required and authorised to do so by law.

We may also disclose your personal information to third parties with your prior consent. We may also disclose your personal information in emergency situations, if it is reasonably necessary to lessen or prevent a serious threat to an individual’s life, or the public’s safety.

How we protect data security
Our employees and volunteers receive have signed a Code of Conduct and received training about how to handle personal information.

We comply with industry standards to ensure your personal information is protected from misuse, loss, interference and unauthorised access, modification or disclosure.

How to access or update your information
We take reasonable steps to ensure that the personal information that we hold is accurate, complete and up-to-date. However, we rely on you to advise us of any changes to your personal information is up-to-date.
You can request access to your personal information that we hold. If we cannot give you access to this information (for example, if we are not permitted by law, or if it breaches the confidentiality of another person), we will tell you the reason why.
To request access to your personal information or, to update or correct your personal information, please contact the Privacy Focal Point confidential@caritas.org.au

Contact us
If you have any questions or concerns about our Privacy Policy or its implementation, please contact the Privacy Focal Point confidential@caritas.org.au

Learn about the security measures we take around your personal information here.