In response to the command to ‘Love your neighbour as yourself’ (Matt 22:39) God’s people are called to treat people in a sensitive, respectful and loving manner. In our modern world a similar approach is required when we deal with the personal information people entrust to our care.
The purpose of this policy is to ensure and to protect the privacy of the personal and sensitive information which has been provided to the Lutheran Church of Australia (the Church).
The Policy and Procedures apply to:
- All ministries and activities of the Church
- All pastors, lay workers, employees, members, volunteers and visitors.
The objectives of this policy are to ensure that all pastors, lay workers, employees, members and volunteers:
- Set a good example of Christian living by treating all personal and sensitive information with care
- Treat all personal and sensitive information in accordance with the Privacy Act (Cth) 1988 and the Privacy Act(NZ) 1993
The Church encourages strict standards of privacy and takes all reasonable measures to ensure that personal and sensitive information is used and cared for in an appropriate, respectful manner and in accordance with the Australian Privacy Principles and the New Zealand Privacy Principles.
Personal information collected by the church
1. The types of personal information collected by the Church includes:
- Names, occupation, contact and address details
- Date of birth and gender
- Information on identification documents eg passport, drivers licence, Working with Children Check, Tax File Number
- Bank account details
- Details of superannuation and insurance arrangements
- Educational qualifications, courses, employment and volunteer details, history and entitlements
- Visa or work permit status
- Personal information about a spouse or dependants
- Details of any products, services, information or assistance obtained from the Church or enquiries about products and services, together with any additional information necessary to deliver that product or those services, information or
assistance or to respond to enquiries
- Other information provided to the Church; and
- Commentary or opinion
Sensitive information collected by the church
2. In order to provide specific products, services, information or assistance or for other purposes, it may be necessary in some circumstances for the Church to collect sensitive information. Examples of the types of sensitive information that may be
- Professional memberships
- Racial or ethnic origin
- Religious beliefs or affiliations including worship details
- Criminal history; and
- Health information
Exempt personal information
3. In very limited circumstances the Privacy Act allows the Church to deal with personal information other than in accordance with this policy. This is permitted where:
A] The personal information relates to the functions or activities of the Church and the information relates solely to a member of the Church or an individual in regular contact with the Church in connection with its functions and activities; or
B] The Church reasonably believes that the personal information is;
- Necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- Necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct
- Reasonably necessary to assist in the location of a person who has been reported as missing
- Reasonably necessary to establish, exercise or defend a legal or equitable claim; or
- Reasonably necessary for the purposes of a confidential alternative dispute resolution process
Why the church collects, holds, uses and discloses personal information
4. The Church collects, holds and uses personal information for a number of purposes including:
- The furtherance of the ministry and mission of the Church
- The provision of products , services and information or assistance
- To respond to requests or queries
- To maintain contact with people
- To keep people informed of the Church’s services, developments, information and opportunities
- To notify people of events
- To provide and manage access to protected areas of any LCA website or social media platform
- To update Church records and keep contact details up to date
- To process or respond to any complaint
- For purposes relating to the calling of pastors and lay workers
- For purposes relating to the engagement of employees and volunteers
- To manage conflicts of interest
- To conduct surveys
- To permit interaction with the Church’s websites and social media platforms
- To meet any regulatory or compliance obligations; and
- For any other related purpose
5. If the Church is not provided with the personal information it has requested, it may not be able to provide the products, services, information or assistance the Church has been asked to provide and the experience of the Church’s websites or social media platforms may be not be as enjoyable or useful.
6. The Church may disclose personal information to:
- Pastors, lay workers, employees, members and volunteers of the Church
- Third party service providers, including web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and research and marketing agencies and consultants
- Professional advisors and experts such as accountants, solicitors and business advisors contracted as part of an engagement
- Government or regulatory bodies
- Any organisation for any authorised purpose with express consent
7. Any part of the Church may combine or share any information collected with information collected by any other congregation, agency or ministry of the Church
8. The Church may send direct marketing communications about Church ministries, products and services which the Church considers may be of interest. These communications may be sent in various form, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act (Cth) 2003 and the Unsolicited Electronic Messages Act (NZ) 2007. At any time a person may opt out of receiving direct marketing communications from the Church by contacting the Church or by using the opt out facilities provided in the communications.
9. The Church does not disclose personal information to anyone otherwise than in accordance with this policy however the Church may share de-identified information for research or promotional purposes.
How the church collects personal information
10. Unless an exemption applies, the Church will only collect sensitive information with express consent and will only collect personal information with consent. Such consent may be implied.
11. The Church collects personal information personally unless it is unreasonable or impractical to do so. When collecting personal information, the Church may collect it directly or indirectly through interactions with an LCA website, use of social media platforms, engagement in surveys or otherwise from time to time.
12. The Church may also collect personal information from third parties including credit reporting agencies, law enforcement agencies, social media platforms, other websites, government entities, previous employers and other organisations and bodies within the Church such as Districts, Boards and Councils and separately incorporated entities.
13. A person may deal with the Church anonymously however the Church will only be able to provide very limited services, information and assistance.
Cookies and IP addresses
15. When a person accesses some LCA websites the Church may use software embedded in its website and the Church may place small data files (or cookies) on that person’s device to collect their personal information or information about which pages they view and how they reach them, what they do when they visit a page, the length of time they remain on the page, and how the Church performs in providing content to them. This enables the Church or its third party hosting service provider to recognise their device and greet them each time they visit without requiring them to register.
It may also enable the Church to keep track of products, services or information they view so that, if they consent, the Church can send information about those products or services.
The Church uses this information to research users’ habits in order to improve its products and services. Browsers can be set so that the device does not accept cookies.
16. The Church may gather IP addresses (the electronic addresses of devices connected to the internet) to analyse trends, administer the website, track users movement and gather broad demographic information. This information does not identify a person.
Social media platforms
17. People may wish to participate in the various blogs, forums and social media platforms hosted by the Church. One of the aims of these social media platforms is to facilitate and allow content to be shared. However the Church cannot be held responsible if any person shares personal information on these platforms which is subsequently used, misused or otherwise appropriated by another user.
18. The websites and social media platforms of the Church may contain links to other websites and platforms operated by third parties over which the Church has no control. The Church makes no representations or warranties in relation to the privacy practices of any third parties and is not responsible for the privacy policies or content of any third party websites. Third parties are responsible for providing information about their privacy practices.
Disclosure of personal information to overseas recipients
19 Some parts of the Church use data hosting facilities and third party service providers to assist with its functions and activities. As a result personal information may be transferred to, stored at, processed or backed up at a destination outside Australia. These destinations outside Australia and New Zealand include, but are not limited to Singapore, the Philippines, the USA and the UK.
20. The Church holds information in both electronic and paper forms. The Church takes reasonable steps to ensure that personal information is securely stored and protected from misuse and loss from unauthorised access, modification or disclosure.
21. The Church websites and social media platforms are linked to the internet and the internet is inherently insecure. The Church cannot guarantee that the information supplied will not be intercepted while being transmitted over the internet. Accordingly any information transmitted to the Church online is at a person’s own risk.
Accessing and updating personal information
22. A person may contact the Church at any time to request access to any personal information the Church holds about them. The Church will endeavour to provide a suitable means of accessing information they are entitled to access. In some circumstances, the Church may charge a fee to cover any reasonable administrative costs. The Church will generally not charge a fee for simply making a request or for making any corrections to personal information.
23. In some circumstances, the Church may not be able to grant access to the personal information. For example the Church may not be able to grant access if this would interfere with the privacy of others, would result in a breach of confidentiality, is contrary to natural justice or is prohibited by law. If this is the case the person requesting the information will be advised.
24. If a person believes that the information the Church holds is incorrect, incomplete or inaccurate, then they may request the Church to amend it. The Church will consider the request and will amend the information as appropriate. If the Church does not agree with the request, the Church will advise them of this decision and will add this information and material to their personal information.
25. A person wishing to complain about a breach of their privacy may send their complaint to:
The Privacy Officer The Privacy Officer
197 Archer St Level, Molesworth House
Or by phone 1800 644 628 (Australia)
Or by email to firstname.lastname@example.org
26. All complaints will be handled in accordance with the LCA Complaints Handling Policy.
27. If a person is dissatisfied with the response of the Church they may refer their complaint to the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commission.
- General Church Council (GCC) is responsible to ensure compliance with this policy across the LCA
- District Church Councils (DCC) are responsible to ensure implementation of this policy and related procedures within their respective Districts, to monitor compliance and report to GCC
- Congregation/Parish Councils are responsible for the implementation of this policy and related procedures, and report compliance to their respective District
visit the LCA Policies webpage.
31 July 2015