Privacy Policy

C3 Church Cherrybrook is committed to ensuring the privacy of all information it collects. C3 Church Cherrybrook is bound by the Commonwealth Privacy Act, 1988 and the 13 “Australian Privacy Principles” contained in Schedule 1 of the Commonwealth Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act, 1988. In keeping with this legislation, this Privacy Policy sets out C3 Church's practice in the collection, use and disclosure of personal information.

INFORMATION COLLECTED

C3 Church is required to gather and record certain personal and private information in the course of regular church activities. The information collected includes (but is not limited to);

• Personal and contact details, such as name, age, gender, address in Australia and overseas (as applicable), email address and telephone numbers;

• Employment history (as appropriate);

• Medical history;

• Educational background;

• Information necessary for working with children and child protection requirements;

• Records of financial giving/donations; and/or

• Credit card and bank details.

C3 Church will treat this information with the strictest of confidence and only relevant information is collected where necessary.

HOW INFORMATION IS COLLECTED

Where reasonably possible, C3 Church will only collect information from the individual to whom it relates. This will be collected in the following ways;

• From official church forms;

• Direct personal contact, telephone, email, letters, social media messages or other

forms of communication;

• Website enquiries;

• Conference or events enquiries and registration forms;

• Online donations and giving;

• Voice or image recordings, including the recording of church services or events;

• Voluntary submissions to receive electronic newsletters or advertising relating to

events; and/or

• Statistical information gathered through aggregated tracking to the C3 Church website (without identifying specific individuals).

If C3 Church receives any unsolicited personal information, which could have been solicited in the normal course of its activities, it may use this information in compliance with this Policy and applicable law. However, any unsolicited personal information that is received by C3 Church and would not otherwise have been collected in the course of normal church activities will be destroyed or de-identified as soon as practicable, provided it is lawful and reasonable to do so.

SENSITIVE INFORMATION

Some of the information collected by C3 Church is classified as sensitive information. This would include any information contained in confidential communications (such as emails) and any information on a person’s health; disabilities; financial background; racial or ethnic origin; religious beliefs; sexual preferences; professional and practice information; or criminal background. Sensitive information is only collected to satisfy legislative requirements or to meet special needs.

If C3 Church is required to collect health information in the course of church activities, it may be collected from the individual directly, or from a third party such as a medical provider (doctor, psychologist, counsellor, etc.). In this event, C3 Church will ensure that the specific purposes of the use and disclosure of the health related information are explained in advance and will obtain the individual’s consent prior to collecting any information of this kind.

USE OF INFORMATION COLLECTED

Personal information that is collected for a particular purpose will not be used for any other purpose. The only exceptions to this are if the individual consents to the use or disclosure of the information for another purpose, the individual would reasonably expect C3 Church to use or disclose the information for another purpose, or it is absolutely necessary for legal or compliance reasons.

C3 Church will not sell or disclose personal information to third parties except as provided in this Policy and where the disclosure is absolutely necessary and could be reasonably expected. C3 Church never shares newsletter mailing lists with any third parties, including advertisers, sponsors or partners.

Personal information will not be used for direct marketing, unless C3 Church collected the information from the individual and they would reasonably expect C3 Church to use or disclose the information for that purpose. In this case, an individual may request not to receive any direct marketing communications by contacting the relevant department of C3 Church or Reception (contact details below).

Some examples of the need to use personal information during the course of general Church activities would be;

• For the specific reason the information has been provided – such as for church events, registrations, donations, email subscription lists and website enquiries;

• New Member registration or Church Member updates;

• Providing Connect Group information;

• Youth or Kids Church rosters;

• “Vision Builders” updates and record keeping; and

• Pastoral department records and updating contact details as required.

Some examples of the need to disclose personal information during the course of Church activities would be;

• If C3 Church reasonably believes that such disclosure is necessary to lessen or prevent a serious and imminent threat to the life or health of the individual or any other person; or

• If C3 Church is authorised to disclose personal information to appropriate law enforcement agencies to assist in the prevention, detection, investigation, prosecution or punishment of criminal activities.

SECURITY OF INFORMATION COLLECTED

C3 Church is committed to maintaining a secure environment for all personal information collected, used or disclosed. C3 Church will take all reasonable precautions to protect data from loss, misuse, interference, unauthorised access or disclosure, alteration or destruction.

Personal information is not retained any longer than is necessary and will only be retained for the minimum period specified by legislation. Once C3 Church no longer needs the information for any purpose for which the information may be used or disclosed, it will take such steps as are reasonable in the circumstances to destroy or de-classify the information in a lawful and secure manner. C3 Church will also take all reasonable steps to correct any outdated personal information once it is made aware that the information is incorrect.

Access to either paper-based or computerised records will only be granted to C3 Church staff where there is a demonstrated need for this access in accordance with that staff member’s duties or responsibilities. No other staff or external organisations will be entitled to access this information. All IT systems are password protected and comply with standard security protocols.

Paper-based records containing personal information are filed in secure environments. Cabinets that hold personal information can be locked so as to prevent unauthorised access to the records. Furthermore, C3 Church stores personal information in secure containers such as filing cabinets, safes or compactuses as an added safeguard against unauthorised access. Personal information collected via C3 Church's website will be done by sufficiently secure means.

As noted above, C3 Church will provide access to information to a law enforcement agency or other government agency if required.

ANONYMITY

C3 Church respects the right of individuals to remain anonymous in their dealings with the church or staff members. C3 Church will accommodate a request for anonymity as long as it is practicable and legal to do so.

SPECIFIC WEBSITE USE AND INFORMATION

“Cookies”

C3 Church may place a text file called a "cookie" in the browser files of a user’s computer. The cookie itself does not contain personal information, although it will enable C3 Church to relate use of the church website to information that an individual has specifically and knowingly provided. The only personal information a cookie can contain is information that the individual has given. C3 Church uses cookies to track user traffic patterns to better track site usage and page click rates.

Links to other websites

The C3 Church website may contain links to other (third party) websites. This Policy does not apply to any third party websites that are linked to that of C3 Church.

ACCESS TO INFORMATION COLLECTED

C3 Church will only provide individuals with access to personal information held about them upon written request submitted to the Business Manager (contact details below). If the Business Manager denies a request for access, a reason will be provided and written notice of the decision will be given to the applicant within 28 days of the request. The notice will also contain information on how to lodge a complaint or seek further assistance from the Office of the Australian Information Commissioner (OAIC). This is an independent body that will investigate complaints against possible privacy breaches (contact details below).

Access may be denied if such access would be unlawful, frivolous or vexatious; infringe on the privacy of other individuals; pose a serious and imminent threat to the life or health of any individual; interfere with existing or anticipated legal proceedings; or other valid reasons for exclusion in line with relevant legislation.

Should an individual wish to change or delete any personal information that is held by C3 Church that is incorrect or outdated, they should contact the relevant Department of C3 Church or the Business Manager.

COMPLAINTS AND ENQUIRIES

Any questions or complaints about this Policy, or C3 Church’s collection, use, disclosure or management of private information generally, should be directed to the Business Manager. All queries or complaints will be dealt with in the strictest of confidence and with the utmost urgency.

Any person requesting a copy of this Policy should forward their initial enquiry to the Business Manager, stating the form in which they require a copy of the Policy. C3 Church will take all reasonable steps to provide a copy of the Policy in the form requested.

Complaints should be made in writing to the Business Manager, who will then investigate the issue. The Business Manager will respond to the complaint or query within 28 days of the written request being received. The response will also contain information on how to lodge a complaint or seek further assistance from the Office of the Australian Information Commissioner (OAIC).