Skip to main content

Page loading completed.

Sign in or Create an account
Sign in or Create an account

1.    Purpose

The Roman Catholic Trust Corporation for the Diocese of Cairns (the “Diocese”) is committed to meeting its obligations under the Privacy Act 1988 (Cth) (“Privacy Act”) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), which includes the Australian Privacy Principles (“APPs”) and provisions in relation to the personal information of individuals. 

Personal information is defined as information or an opinion about an identified individual (or an individual who is reasonably identifiable) whether true or not or recorded in material form or not; and includes sensitive information and health information (as those terms are defined in the Privacy Act).

The Diocese, while conducting a diverse range of activities in order to fulfil its mission, may from time to time collect personal information to enable the Diocese to minister to the faithful and fulfil its canonical and civil law obligations under the Code of Canon Law and under State and Commonwealth civil laws. 

The purpose of this Privacy Policy is to record the Diocese’s approach to fulfilling its obligations under the Privacy Act in its Diocesan activities.

 

2.    Scope

This Diocesan-wide policy applies to all Diocesan parishes, divisions, departments and/or any other discrete activities established under the authority of the Bishop of Cairns (“Division(s)”).

Consistent with this policy, there are separate division-specific privacy policies for Diocesan operating divisions, such as Catholic Education, Centacare FNQ and Catholic Early Learning and Care.

 

3.    Policy Statement

The Diocese respects the rights of individuals to keep their personal information private and ensure that it is accurate.  The Diocese is committed to protecting personal information and establishing practices and procedures that ensure compliance with privacy laws and minimise the risk of unlawful interference with the privacy of an individual that may lead to regulatory action and penalties.

In conducting Diocesan activities, the Diocese is bound to comply with the APPs in the collection, storage, access, use, disclosure, integrity and correction of personal information.  Diocesan Divisions may be driven by separate, division-specific objectives, delegations and/or ministry requirements and thus the collection, purpose and flows of information may differ across the Diocese.

For that reason, each Diocesan Division that collects personal information may have a separate collection notice, management procedures and personal information handling practices, so compliance requirements are met, in each unique operating environment.

 

4.    Collection

4.1.    Types of information collected

The Diocese typically collects and holds personal information that includes without limitations: 

  • names, address, telephone number, email address and other contact details;
  • date of birth, gender, marital status and occupation; 
  • financial information, such as donation history and credit card details, for instance through a collection envelope at the parish or an online donation form; 
  • identification documents, including driver license, passport, BlueCard, proof of age card, and Nationally Coordinated Criminal Health Check; 
  • affiliations with and belief in the Catholic Church; 
  • photographs, videos and news stories in respect of Catholic Church activities; and 
  • information about persons attending events, conferences and retreats, for example individual’s dietary requirements, special needs and disabled access requirements. 

4.2.    Method of collection 

Personal information will generally be collected directly through the use of Diocesan forms, over the internet, via email, or through a telephone conversation. In particular, the Diocese may collect personal information from application forms, registration forms and from third parties who assist us with carrying out our functions and activities. 

There may, however, be some instances where personal information will be collected indirectly because it is unreasonable or impractical to collect personal information directly. The Diocese will usually notify about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected. 

Except as otherwise permitted by law, the Diocese only collects sensitive information with consent to the collection and if the information is reasonably necessary for the performance of our activities. 

4.3.    Purpose of collection 

The personal information that the Diocese collects and holds, depends on the party’s interaction with the Diocese. Generally, the Diocese collects, uses and holds personal information if it is reasonably necessary for or directly related to the performance of the Diocese’s functions and activities and for the purpose of:

  • fulfilling the mission and directions of the Diocese; 
  • communicating about the services we offer; 
  • providing services or products; 
  • considering and processing various application and registration forms; 
  • administrating processes under the Code of Canon Law;
  • providing information about services and products of affiliated Catholic Church organisations; 
  • seeking donations; 
  • facilitating internal business operations; 
  • providing information about upcoming events, functions and fundraising activities; 
  • for marketing or promotional purposes; 
  • distributing de-identified aggregated statistical information for reporting purposes; 
  • complying with legal or regulatory requirements; 
  • dealing with complaints or enquiries; 
  • dealing with requests in connection with the National Redress Scheme; and 
  • responding to complaints and claims under the National Response Protocol process. 

4.4.    Failure to provide information 

If the personal information provided to the Diocese is incomplete or inaccurate, the Diocese may be unable to provide the affected parties with the services or products they are seeking. 

4.5.    Internet users 

Through access to the Diocese website, the Diocese may collect additional personal information in the form of IP address and domain name. The Diocese website uses cookies. The main purpose of cookies is to identify users and to prepare customised web pages for them. Cookies do not identify users personally, but they may link back to a database record about the users. We use cookies to monitor usage of our website and to create a personal record of when users visit our website and what pages they view so that we may serve more effectively. 

The Diocese website may contain links to other websites. The Diocese is not responsible for the privacy practices of linked websites and linked websites are not subject to our privacy policies and procedures. 

4.6.    Use and disclosure

Generally, the Diocese only uses or discloses personal information for the purposes for which it was collected. We may disclose personal information to: 
a)    Diocesan parishes, schools and divisions to facilitate internal business processes; and 
b)    third party service providers, who assist the Diocese in operating our organisation. 

4.7.    Cross-border disclosure

Personal information will not be disclosed by the Diocese to recipients outside Australia unless we reasonably believe that: 
a)    the information will remain subject to principles for fair handling of the information which are substantially similar to Australian privacy principles; 
b)    there are mechanisms to take action to enforce such principles; and 
c)    the information will not be collected, held, used or disclosed by the recipients of the information in a manner inconsistent with the Diocese’s privacy policy. 

In some circumstances, the law may require us to use or disclose personal information for other purposes. Except as otherwise permitted by law, we only disclose sensitive information with consent, for the purposes for which it was collected, and to the parties described above. 

4.8.    Security 

The Diocese stores personal information in different ways, including in paper and in electronic form. The security of personal information is important to the Diocese and the Diocese takes all reasonable measures to ensure that personal information is stored safely to protect it from misuse, loss, interference, unauthorised access, modification or disclosure, including electronic and physical security measures.

4.9.    Access and correction

Personal information can be released by the Diocese following a written request. The Diocese will respond to the request within a reasonable period. We may charge an interested party a reasonable fee for providing access to their personal information. 

The Diocese may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will provide a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons). 

If, upon receiving access to personal information or at any other time, the party believes that the personal information we hold about them is inaccurate, incomplete or out of date, the party needs to notify the Diocese immediately. The Diocese will take reasonable steps to correct the information so that it is accurate, complete and up to date. 

If the Diocese refuses to correct personal information, the Diocese will provide a written notice that sets out the reasons for their refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to make a complaint. 

4.10.    Notifiable data breach

If a data breach has occurred in relation to personal details, the party aware of the breach must contact the Bishop’s House reception providing details and circumstances of the data breach. 

The advised breach will be investigated immediately and the party will be informed of remedial action to be undertaken. If the breach constitutes a Notifiable Data Breach under the Privacy Act, the Office of the Australian Information Commissioner (OAIC) will be informed as soon as practicable of the breach and provided with the full circumstances and remedial action undertaken by the Diocese. 

 

5.    Enquiries

For further information relating to the Diocese’s privacy obligations please contact the Bishop’s House reception on ph: (07) 4046-5100, or email: reception@cairns.catholic.org.au.  

Please refer to the Diocese of Cairns website on www.cairns.catholic.org.au for information and links to Diocesan divisions and activities. For more information about privacy in general, you can visit the OAIC’s website at www.oaic.gov.au.

 

6.    Approval

              
Most Rev. James Foley                        
Diocese of Cairns                            
1 November 2021