In response to the command to ‘Love your neighbour as yourself’ (Matt 22:39) God’s people are called to treat people in a sensitive, respectful and loving manner. In our modern world a similar approach is required when we deal with the personal information people entrust to our care.
The purpose of this policy is to ensure and to protect the privacy of the individuals who have provided personal and sensitive information to the Lutheran Church of Australia (the Church).
The Policy and related procedures apply to:
▪ All ministries and activities of the Church
▪ All pastors, lay workers, employees, members, volunteers and visitors.
The objectives of this policy are to ensure that all pastors, lay workers, employees, members and volunteers:
▪ Set a good example of Christian living by treating all personal and sensitive information with care
▪ Treat all personal and sensitive information in accordance with the Privacy Act (Cth) 1988 and the Privacy Act (NZ) 2020
The Church encourages strict standards of privacy and takes all reasonable measures to ensure that personal and sensitive information is used and cared for in an appropriate, respectful manner and in accordance with the Australian Privacy Principles and the New Zealand Privacy Principles.
Types of personal information
The types of personal information collected, used and disclosed by the Church include:
▪ Names, occupation, contact and address details
▪ Date of birth and gender
▪ Information on identification documents eg passport, driver’s licence, working with children type check, Tax File Number
▪ Bank account details
▪ Details of superannuation and insurance arrangements
▪ Educational qualifications and courses
▪ Employment and volunteer details, history and entitlements
▪ Visa or work permit status
▪ Personal information about a spouse or dependants
▪ Details of any products, services, information or assistance obtained from the Church or enquiries about products and services, together with any additional
information necessary to deliver that product or those services, information or assistance or to respond to enquiries
▪ Other information provided to the Church
▪ Commentary or opinion
▪ Photographs or videos (images) where a person’s identity is clear or can reasonably be worked out from an image
Types of sensitive information
In order to provide specific products, services, information or assistance or for other purposes, it may be necessary in some circumstances for the Church to collect sensitive information. Examples of the types of personal information, which is also sensitive information, that may be collected include:
▪ Professional memberships
▪ Racial or ethnic origin
▪ Religious beliefs or affiliations including worship details
▪ Criminal history
▪ Health information
Dealing with personal information
The Church collects, holds and uses personal information that is reasonably required for the following purposes:
▪ To further the ministry and mission of the Church
▪ To provide products, services and information or assistance
▪ To respond to requests or queries
▪ To maintain contact with people
▪ To keep people informed of the Church’s services, developments, information and opportunities
▪ To notify people of events
▪ To provide and manage access to protected areas of any church website or social media platform
▪ To update the Church’s records and keep contact details up to date
▪ To process or respond to any complaint
▪ To carry out actions relating to the calling of pastors and lay workers
▪ To carry out actions relating to the engagement of employees and volunteers
▪ To manage conflicts of interest
▪ To conduct surveys
▪ To permit interaction with the Church’s websites and social media platforms
▪ To meet any regulatory or compliance obligations
If the Church is not provided with the personal information it has requested, it may not be able to provide the products, services, information or assistance the Church has been asked to provide and the experience of the Church’s websites or social media platforms may be not be as enjoyable or useful.
An individual may deal with the Church anonymously however the Church will only be able to provide very limited services, information and assistance.
The Church collects personal information only from the relevant individual unless it is unreasonable or impracticable to do so. It may be necessary for the Church to collect and sometimes archive personal information directly or indirectly through interactions with a church website, use of social media platforms or church email accounts, engagement in surveys or otherwise from time to time.
The Church may also collect personal information from other parties including credit reporting agencies, law enforcement agencies, social media platforms, other websites, government entities, previous employers and other organisations and bodies within the Church such as Districts, Boards, Councils and separately incorporated entities.
Another party may provide personal information about an individual to the Church if the other party has the relevant individual’s authority or permission. The Church should advise the relevant individual that personal information has been provided to the Church. It should also provide a copy of the personal information to the individual together with a copy of this policy.
If personal information is sensitive information, the Church will always require the express consent of the relevant individual before dealing with it unless the Church reasonably believes this personal information is:
• Necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
• Necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct
• Reasonably necessary to assist in the location of a person who has been reported as missing
• Reasonably necessary to establish, exercise or defend a legal or equitable claim
• Reasonably necessary for the purposes of a confidential alternative dispute resolution process
As appropriate, the Church will ask an individual who is providing personal information to sign a declaration providing express consent to the Church dealing with the personal information in the way prescribed by this policy. At the time of asking an individual to sign such a declaration, the Church will clearly state the purposes for which the information is being collected.
In accordance with all of the above, the Church may disclose personal information to:
• Third party service providers, including web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service
providers, electronic network administrators, debt collectors, and research and marketing agencies and consultants • Professional advisors and experts such as accountants, solicitors and business advisors contracted as part of an engagement
• Government or regulatory bodies In accordance with all of the above, any part of the Church may also combine or share any information collected with information collected by any other congregation, agency or ministry of the Church.
As appropriate, the Church will ask an external recipient of personal information to sign a declaration to confirm they understand that personal information provided by the Church must only be dealt with in the way prescribed under this policy due to the relevant individuals’ rights to privacy.
The Church will only use or disclose personal information in accordance with all of the above. However the Church may share de-identified information for research or promotional purposes.
Cookies and IP addresses
When a person accesses some church websites the Church may use software embedded in its website and the Church may place small data files (or cookies) on that person’s device to collect their personal information or information about which pages they view and how they reach them, what they do when they visit a page, the length of time they remain on the page, and how the Church performs in providing content to them. This enables the Church or its third party hosting service provider to recognise their device and greet them each time they visit without requiring them to register.
It may also enable the Church to keep track of products, services or information they view so that, if they consent, the Church can send information about those products or services.
The Church uses this information to research users’ habits in order to improve its products and services. Browsers can be set so that the device does not accept cookies.
The Church may gather IP addresses (the electronic addresses of devices connected to the internet) to analyse trends, administer the website, track users’ movements and gather broad demographic information. This information does not identify a person.
Social media platforms
People may wish to participate in the various blogs, forums and social media platforms hosted by the Church. One of the aims of these social media platforms is to facilitate and allow content to be shared. However the Church cannot be held responsible if any person shares personal information on these platforms which is subsequently used, misused or otherwise appropriated by another user.
The websites and social media platforms of the Church may contain links to other websites and platforms operated by third parties over which the Church has no control. The Church makes no representations or warranties in relation to the privacy practices of any third parties and is not responsible for the privacy policies or content of any third party websites. Third parties are responsible for providing information about their privacy practices.
Disclosure of personal information to overseas recipients
Some parts of the Church use data hosting facilities and third party service providers to assist with its functions and activities. As a result personal information may be transferred to, stored at, processed or backed up at a destination outside Australia. These destinations outside Australia and New Zealand include, but are not limited to Singapore, the Philippines, the USA and the UK.
The Church holds both information in electronic and paper forms. The Church takes reasonable steps to ensure that personal information is securely stored and protected from misuse and loss from unauthorised access, modification or disclosure.
The Church’s websites and social media platforms are linked to the internet, which is inherently insecure. The Church cannot guarantee that the information supplied will be safely transmitted over the internet without interception. Accordingly any information transmitted to the Church online is at a person’s own risk.
Accessing and updating personal information
A person may contact the Church at any time to request access to any personal information the Church holds about them. The Church will endeavour to provide a suitable means of accessing information they are entitled to access. In some circumstances, the Church may charge a fee to cover any reasonable administrative costs. The Church will generally not charge a fee for simply making a request or for making any corrections to personal information.
In some circumstances, the Church may not be able to grant access to the personal information. For example the Church may not be able to grant access if this would interfere with the privacy of others, would result in a breach of confidentiality, is contrary to natural justice or is prohibited by law. If this is the case the person requesting the information will be advised. If a person believes that the information the Church holds is incorrect, incomplete or inaccurate, they may request the Church to amend it. The Church will consider the request and will amend the information as appropriate. If the
Church does not agree with the request, the Church will advise them of this decision and will add this information and material to their personal information.
Notifiable data breaches The Church must report breaches of privacy to the relevant individual and to the Australian Information Commissioner or the New Zealand Privacy Commissioner, in accordance with requirements under the Privacy Act (Cth) or the Privacy Act (NZ) respectively, as applicable. Examples of breaches of privacy, which need to be reported, may include the hacking of a database containing personal information and the mistaken provision of personal information to the wrong person.
The Church has an obligation to appoint a Privacy Officer.
A person wishing to complain about a breach of their privacy may send their complaint to:
Victor Harbor Lutheran Church
21a Adelaide Road
by phone: 08 8552 5380
by email: firstname.lastname@example.org
or to LCA:
The Privacy Officer
197 Archer St
Or by phone 1800 644 628 (Australia)
Or by email to email@example.com
All complaints will be handled in accordance with the Church’s Complaints Handling Policy and Procedure. If a person is dissatisfied with the response of the Church they may refer their complaint to the Office of the Australian Information Commissioner.
▪ General Church Board is responsible for implementing this policy and related procedures across the Church.
▪ District Church Councils and Boards are responsible for implementing this policy and related procedures within their respective Districts.
▪ Congregation/Parish Councils are responsible for implementing this policy and related procedures within their congregations/parishes.
visit the LCA Policies webpage.
24 February 2021