Privacy Policy

Last updated September 2023

Key Points

We collect information for a range of purposes as part of our operations. 

We meet all Australian privacy principles including how we get consent from people and how we collect and store data.

We protect all personal and sensitive information and comply with all requirements if there is a data breach.

1. Why this policy exists 

At Caritas Australia (CA), we are compliant with the Privacy Act in our collection and use of personal and sensitive information. In-country offices and CA program partners are supported in applying this policy as a best practice guide when collecting, storing and using personal and sensitive information. Wherever there is a conflict between this policy and the laws of another country, the local law will prevail.

2. This policy applies to

This policy applies to all personnel, partners and supporters of Caritas Australia. This policy and the provisions under the Privacy Act 1988 do not apply to records or information collected prior to 21 December 2001.

The Privacy Act Principles apply only to information about individuals and only to information that falls into the category of personal, sensitive, confidential or health related.

Information about entities is excluded.

3. Definitions used in this policy

Below is a partial list of definitions (see Appendix 1 for a full list).

When we use …	we mean ...
personal information	Any information about a person that identifies that person or from which that person’s identity can reasonably be determined. It includes verbal, written and photographic information. It does not include anonymous information, aggregated information or de-identified information. (This is the same meaning as defined in the Privacy Act 1988).
sensitive information	A subset of personal information and has stricter requirements for collection, storage, use and disclosure. It includes information about a person’s race, ethnic origin, religion, criminal record, sexuality, health, or union activity. (This is the same meaning as defined in the Privacy Act 1988).
health information	Information on physical and mental health, disability, health preferences, use of health services etc. (This is the same meaning as defined in the Privacy Act 1988).
confidential information	Information shared with only a few people for a specific purpose, and may include tax file numbers, surveillance information, credit history, spent convictions etc.
personnel	Any person doing paid or unpaid work for or on behalf of Caritas including Australian based employees, in-country employees, Board of Directors, Diocesan Directors, volunteers, contractors, subcontractors and consultants.
supporter	An individual, trust or organisation that provides a financial donation or in-kind support or goods to Caritas Australia.
program partners	Individuals or organisations that Caritas Australia works with, accompanies and supports to deliver humanitarian and development programs or activities.
activities and functions	The activities required for CA to function, including but not restricted to recruitment, safeguarding checks, payroll processing, communications, fundraising and program delivery.

4. Guiding Principles

4.1 Integrity and respect

We are guided by the core values of integrity and respect when collecting, storing and using information.

4.2 Individual rights

We respect the rights of individuals to keep their personal information private and to ensure that it is accurate.

4.3 Compliance

Caritas Australia is bound by the Australian Privacy Act 1988. We will also comply with the privacy laws in other countries where we operate.

4.4 Best practice

Best practice informs our policies, procedures and processes. We apply best practice standards wherever we are operating, regardless of local laws. We seek to continually improve and welcome feedback.

5. Policy Commitments

All CA personnel working within Australia must follow this policy. For CA personnel and partners in our in-country locations, this policy is considered best practice guidance. CA will work with partners to build their capacity to manage and store information in accordance with this policy.

This policy applies to any individual from whom personal, sensitive or health information has been collected by CA and its partners.

5.1 Why we collect information

5.1.1 We commit to only collecting information that is required for our activities and to always collect information fairly and transparently. This means that you will know what we collect, how we will use the information, and as far as practicable, will obtain information directly from you with your consent.

5.1.2 Personal information will only be collected if required by law, or where reasonably necessary to enable CA to conduct activities or functions and for secondary purposes for which it would be reasonable to use or disclose personal information.

5.1.3 Other purposes for which CA may use personal information include:

• • • Advocacy purposes when making a submission to Government
    • Developing or evaluating activities, services and programs
    • Engaging third parties to develop or evaluate activities, services and programs
    • Management of business including communications and social media strategy
    • Complying with legal obligations
    • Other purposes that may arise from time to time

5.1.4 We will always endeavour to obtain personal information directly from you. Where this is not possible, then where practicable, consent will be sought prior to collecting information from a third party.

5.1.5 We will from time to time collect information from program partners concerning program participants. This information is collected for evaluation and reporting purposes and will be provided to CA in aggregated form. Where information is collected that could identify an individual participant, the person will be advised of the purpose for which it will be used and will have opportunity to grant or deny the request. The information will be destroyed at the request of the individual.

5.1.6 For prospective employees, personal information may be sought by speaking with referees, including previous employers who may not have been nominated as referees.

5.1.7 We may collect personal information of personnel for the purpose of engagement and administration of the engagement contract. This includes information such as name, address, date of birth, qualifications and professional development history, employment history, performance information including complaint records and records of investigations, background checks, contact details, tax file details, salary information, banking and superannuation details, leave details, work emails and sensitive information such as health information in circumstances of an ill or injured worker (See Appendix B for more information).

This information can only be used within the scope of the employment relationship for the purposes for which it was collected.

5.1.8 We will also collect information from our partners including names and addresses so that we are able to conduct background checks (such as counter-terror finance checks).

5.1.9 We collect personal information of our supporters such as names, addresses and phone numbers, email addresses, bank account or credit card details and details of supporter preferences. This information allows us to manage supporter lists, send newsletters to supporters, and provide supporting evidence when seeking grants and other government funding.

We may use personal information to send promotional or marketing material from time-to-time. Any such material will clearly indicate to the receiver how they may opt out of receiving such material in the future.

5.1.10 Our website uses cookies and other digital identifiers that provide information on how the site is used and user analytics. Users can clear or disable cookies or digital identifiers from their device by changing security settings on their web browser. However, doing this may impact the functionality of the website.

5.1.11 Personal information will be used for the purpose for which it was collected or for a related secondary purpose.

5.2 How we collect information

When we collect personal information, we make it clear:

• • • That the personal information is for CA
    • That we provide contact details for referring any question or concern
    • How contact details were obtained
    • If the information came from a third party, we will tell you from where we received the information
    • The purpose of collecting the information and if there is any consequence for it not being provided
    • Any person or entity to whom the information will be provided
    • How the personal information can be corrected
    • That any complaint can be directed to the Privacy Focal Point at confidential@caritas.org.au.

5.3 How we store information

5.3.1 We are committed to securely storing personal information.

5.3.2 Personal information is stored in a variety of forms including physical and electronic form. It may take the form of written documents such as employment forms, reports, records, visual data, receipts and financial records.

5.3.3 Restrictions are placed on relevant documents to limit who has access to personal information. These restrictions include physical security such as locked cabinets and electronic security measures such as passwords.

5.3.4 We take the security of personal and sensitive information seriously. We protect information from misuse, interference, loss, unauthorised access, modification and disclosure. Information is categorised in accordance with the CA Data Standards, which prescribe that personal and sensitive information has the highest standards of data security.

5.3.5 Security measures include but are not limited to:

• • • Physical access to our buildings is restricted
    • All personal and sensitive information is securely stored at all times
    • Virus scanning tools are frequently used
    • Databases are protected by secure user ID and passwords
    • All supporter credit card details are encrypted
    • Only authorised people will have access to personal information
    • Email protocols are used (such as BCC so recipients can’t see email addresses of other recipients)
    • Confidentiality and privacy clauses are included in all contracts
    • All cloud-based storage meets privacy requirements
    • Third party providers are required to have security measures in place

5.4 How we use information

5.4.1 We do not use or disclose personal information that we have collected for any reason other than the primary purpose for which it was collected, unless:

• • • You have provided consent for us to use it for another purpose
    • The purpose is closely related to the primary purpose, or
    • We are legally required or permitted to use the information

5.4.2 We ask for consent from a supporter before publishing any information about their donation.

5.5 Accessing the information we collect

5.5.1 You may be able to obtain a copy of personal information that we hold about you. To make a request to access this information please contact us in writing using the Privacy Focal Point (insert email).

5.5.2 There are circumstances under Australian privacy laws where access to the personal information cannot be granted. For example, when it would unreasonably affect someone else’s privacy, or pose a serious threat to another person’s life, health or safety.

5.5.3 If you notice any errors in your personal information, we will take all reasonable steps to correct it.

5.5.4 If you request access to information you may need to provide proof of identity before information is disclosed.

5.5.5 If we cannot give you access to personal information, we will tell you the reason why.

5.5.6 You can also request to access the personal information we hold about you, update or remove the information we have collected, or let us know of your preferences for how we communicate with you by contacting our Supporter Services team: on questions@caritas.org.au or calling 1800 024 413.

If you have questions about this policy, suggestions how to improve or concerns about your data, please contact the Privacy Focal Point confidential@caritas.org.au

 

5.6 Breaches of privacy

In the event of there being a data breach, we follow our Data Breach Procedure that ensures we meet all requirements under the Privacy Act for notifying the breach and managing the breach promptly.

5.7 Who can I contact?

5.7.1 We have a designated Privacy Focal Point to whom questions or complaints may be directed who can be contacted at confidential@caritas.org.au.

5.7.2 This role also ensures that any breaches of data are managed and reported in accordance with the Privacy Act.

6. Roles and Responsibilities

At Caritas Australia, we recognise that a culture of protecting privacy starts with strong leadership. 

6.1The Board of Directors is responsible for: 

• • • Ultimate accountability for our organisational policies
    • Guiding the governance and culture of CA through strategic leadership
    • Demonstrating a commitment to a culture of protecting privacy and leading by example
    • Approving this policy and holding the Leadership Team accountable to how effectively this policy is implemented
    • Investigating very serious complaints and providing a response

6.2 Leadership Team members are responsible for: 

• • • Demonstrating a commitment to a culture of protecting privacy and leading by example
    • Ensuring our procedures, practices, plans and operations align with this policy
    • Reporting to the Board via the CEO on policy matters
    • Ensuring their team are aware of this policy and understand their responsibilities
    • Monitoring and responding to any complaint that is assigned to them to investigate

6.3 The Chief Executive Officer is responsible for: 

• • • Ensuring this policy is upheld
    • Demonstrating a commitment to a culture of protecting privacy and leading by example
    • Informing the Board of any concerns relating to complaints that may present risk to CA or its personnel
    • Giving progress reports to the Board
    • Ensuring all senior employees are accountable to this policy

6.4 Managers are responsible for:

• • • Demonstrating a commitment to a culture of protecting privacy and leading by example
    • Communicating this policy and related procedures to personnel

6.5 Personnel (including you) are responsible for:

• • • Understanding and following this policy and related procedures
    • Ensuring that your actions are in line with this policy, and that your work reflects the Guiding Principles and Policy Commitments above
    • Not encouraging others (directly or indirectly) to breach this policy
    • Reporting any breach to your manager. However, if it is a sensitive complaint, you must report it to confidential@caritas.org.au (the Complaints Focal Point) or Stopline whistleblower service

We have a shared responsibility to ensure a culture of protecting privacy is at the forefront of all decisions and interactions of our work.

7. Related Documents  

This policy supports Caritas Australia’s compliance with the following: 

7.1 Legislation: 

• • • Privacy Act 1988 (Cth)
    • Australian Privacy Principles, schedule 1 to the Privacy Act 1988 (Cth)
    • Health Records and Information Privacy Act 2002 (NSW)
    • Data Provisions Requirements 2010 (Cth)
    • Freedom of Information Act 1982
    • State and Territory Privacy Laws and Principles; State based Health Privacy Laws

7.2 Standards: 

• • • n/a

7.3 Caritas Australia governance documents: 

• • • Data Breach Procedure
    • Speaking Up Policy

8. Appendix List 

• Appendix 1 - Collection of your personal information
• Appendix 2 - Collection of employee personal data

9. Information about this policy  

Can be accessed by	Anyone via website
Can be shared with	Internally and externally (including with other organisations)
Distributed to	Any person doing paid or unpaid work for, or on behalf of, CA including Australian-based employees, in-country employees, Board of Directors, Diocesan Directors, volunteers
Document Owner	Privacy Focal Point
Approved by	Board of Directors
Commencement Date	01 Oct 2020
Next Review Date	01 Oct 2023
Document number	CT-PR-POL-v1.1

How this policy has changed over time 

Version	Approval Date	Summary of changes
v1.0	22 Sep 2020	Combined the ACBC Privacy Policy and, the CA Finance Privacy Policy. Includes specific aspects relevant to Finance and Fundraising. Appendix 2 includes new content.
v1.1	18 Nov 2020	Put in new format
V1.2	8 September 2023	Added additional channels of communication

 

 

 

Appendix 1: Collection of your personal information

Key points

• Your privacy is important to us. We want to be transparent with you about how we capture, store and use information.
• If you wish to be removed from our mailing list, please contact our Supporter Services team: questions@caritas.org.au or call 1800 024 413
• If you have questions about this policy, suggestions how to improve or concerns about your data, please contact the Privacy Focal Point confidential@caritas.org.au

What personal information we collect

As part of our regular interactions with our supporters, volunteers, contractors and job applicants, we may need to collect personal information (including sensitive information).

The personal information we collect will vary. Some examples of the information we may collect include:

• Names and email addresses of people who subscribe to our emails
• Contact details, date of birth, gender and bank account details of our supporters
• Records of a supporter’s donation history and emails to us
• Employer details if a supporter donates via workplace giving
• History of employment and reference checks for potential employees and volunteers

Why we need to collect personal information

You do not have to provide us with your personal information. However, if you do not provide us with your personal information, it may be difficult for us to contact you and complete the request or transaction initiated by you.

For example, without your contact information, we may not be able to give you a receipt for tax purposes, offer you employment, or provide you with more information about our work.

If you are making a whistleblower or sensitive complaint, you may be able to make that complaint anonymously. To do this, you’ll need to contact Stopline whistleblower services.

How we collect personal information

We may collect personal information you provide to us directly. For example,

• in person
• via your parish
• over the phone
• by email
• via our website or social media platforms
• by completing a petition (online or hard copy)

We may also occasionally collect your personal information indirectly from publicly available sources and third parties.

If we collect personal information about you other than directly from you, we will take such steps as are reasonable in the circumstances to notify you that we have collected your personal information.

During your communications with us, please do not provide us with other people’s personal information. If you do provide us with information about another individual, you must:

• Tell that individual that you will be providing their information to us
• Tell them that we will handle their information in line with this privacy policy
• Confirm that you have that individual's consent to provide their information to us.

How we use personal information

We use the personal information you provide to us for the purpose for which it was provided to us, for other related purposes or as permitted or required by law. Such purposes include:

• Processing donations and transactions, including issuing receipts
• Communicating with you via mail, email, SMS, MMS or phone
• Responding to your questions, comments or other requests
• Undertaking marketing activities
• Analysing our effectiveness
• Any other purpose identified at the time of collecting your information

How you can opt-out of direct marketing

When we send you marketing materials (whether by post, email, SMS, MMS or telephone), we aim to provide you with an opportunity to opt-out (unsubscribe) to future communications.

By electing not to opt-out, we will assume we have your implied consent to receive similar communications in the future.

If you wish to opt-out, please email questions@caritas.org.au or call our Supporter Services team on 1800 024 413 or via post Level 2, 189 O’Riordan Street, Mascot NSW 2020.

When we can disclose personal information

We will only disclose your personal information for the purposes for which it was initially collected, for other directly related purposes or purposes to which you otherwise consent.

Strict confidentiality agreements are in place with our service providers and external agencies who may process data on our behalf. We use third parties who provide services on our behalf, such as mail, database, telephone, IT, audit, professional advice, payment processing and research services. Before disclosing your personal information to an overseas based third party, we will take all reasonable steps to ensure that the recipient will not breach the Australian Privacy Principles

From time to time, we may provide your contact details to other like-minded charitable organisations or data collectives to contact you with information that may be of interest to you. We will endeavour to provide you with an opportunity to opt out of receiving such communications.

If you do not wish to have your contact information shared with other like-minded organisations, please contact us by mail at Supporter Services, Level 2, 189 O’Riordan Street, Mascot NSW 2020, by phone at 1800 024 413, or by email at questions@caritas.org.au.

Other than as stated above, we will we not share your personal information. However, it is possible, though unlikely, that we might be forced to disclose personal information in response to legal processes or when we believe in good faith that the law requires it, for example, in response to a court order, subpoena or a law enforcement agency's request.

How we protect data security

Our employees and volunteers receive have signed a Code of Conduct and received training about how to handle personal information.

We comply with industry standards to ensure your personal information is protected from misuse, loss, interference and unauthorised access, modification or disclosure. For example, whenever we ask for your financial details online, we use security-encrypted response forms.

Unfortunately, despite all these measures, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Caritas Australia cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

If you do not wish to make your donation online, please contact us to receive a paper form.

How our website uses cookies and other technologies

Caritas Australia’s website contains cookies and technology allowing targeted advertising based on Google Analytics and other data sources. This allows us to display ads that relate to the content you are interested in and enhance your e-commerce experience. 

By default, many web browsers will accept cookies. However, you have the option to configure your browser to either prompt you before accepting cookies or to refuse them altogether by modifying its settings. Refer to your browser's "help" section for guidance on removing persistent cookies. Our use of cookies assists us in evaluating the efficacy of our advertisements and managing the frequency at which they are displayed to you.

We use this information to measure campaigns, analyse trends, identify the audience most likely to respond to an advertisement, and to tailor advertisement placements for our Advertisers accordingly.

If you would like to opt-out of out from having Caritas Australia collect your anonymised data in connection with the Site and the Technology, please deactivate ad tracking within your browser/device/application or click each of the following links below and follow the opt out instructions of our technology partners.

• Google at https://support.google.com/ads/answer/2662922?hl=en
• Google Analytics at https://marketingplatform.google.com/about/analytics/terms/us/ Facebook at https://www.facebook.com/policy.php
• LinkedIn at https://www.linkedin.com/legal/privacy-policy
• BingAds at https://privacy.microsoft.com/en-us/PrivacyStatement
• Twitter at https://twitter.com/en/privacy

We do not trade or sell any information that is volunteered or logged.

How to access or update your information

We take reasonable steps to ensure that the personal information that we hold is accurate, complete and up to date. However, we rely on you to advise us of any changes to your personal information is up to date.

We will, on request, provide you with access to the personal information we hold about you. If we cannot give you access to this information (for example, if we are not permitted by law), we will tell you the reason why.

To request access to your personal information or, to update or correct your personal information, please contact us questions@caritas.org.au.

How to make a complaint

If you wish to make a complaint about a breach of this privacy policy or the privacy principles of the Privacy Act 1988, you can contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint as well as any supporting evidence and/or information.

We will refer your complaint to our Privacy Focal Point who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information from you. We will notify you in writing of the outcome of the investigation.

For more information on our complaints process at Caritas Australia, please see our Speaking Up Policy.

If you are not satisfied with our decision, you can contact us to discuss your concerns. If your complaint is about the way we handle your personal information, you may also contact the Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.

How we revise our policies

We may revise our Privacy Policy from time to time. Please review this Privacy Policy periodically for changes (the final section “How this policy changes over time” outlines the specific changes). If we make substantial changes to this Privacy Policy, we will notify you by email or by putting a notice on our website.

Contact us

If you have any questions or concerns about our Privacy Policy or its implementation, please contact us at:

• Call Supporter Services 1800 024 413 during business hours (9 am – 5 pm AEST)
• Privacy Focal Point confidential@caritas.org.au
• Stopline whistleblower service (for anonymous complaints)
• Unsubscribe by sending an email to questions@caritas.org.au
• Caritas Australia, Level 2, 189 O’Riordan Street Mascot NSW 2020.

 

 Appendix 2: Collection of personal information for employees

At Caritas Australia, we comply with privacy laws when handling personal or sensitive information. See our Privacy Policy for more details.

What personal information we collect

As part of our regular interactions with our employees, volunteers and Directors of the Board, we may need to collect personal information (including sensitive information).

Some of the types of information we may collect include:

• Your contact details, including emergency contact details
• Bank account, superannuation and tax details to process your pay
• Background checks such as criminal history checks
• Employment history, reference checks, your CV
• Health information, such as for medical certificates if you use personal (sick) leave or do work-related travel
• Professional development and performance information, including probationary reviews and performance reviews

Why we need to collect personal information

The primary purpose for collecting the information is to administer your employment, including processing your salary and entitlements, maintaining your employee record and providing access to IT services. We also collect personal information in order meet legislative requirements.

 If you choose not to provide the requested personal information to us, then it may not be possible for us to process your entitlements and/or obligations in respect to your employment.

How we use your personal information

We use the personal information you provide to us for the outlined purpose, or a directly related purpose. It may be disclosed to organisations such as superannuation schemes, government departments or contracted service providers. It may be disclosed to relevant bodies when required and authorised to do so by law.

We may also disclose your personal information to third parties with your prior consent. We may also disclose your personal information in emergency situations, if it is reasonably necessary to lessen or prevent a serious threat to an individual’s life, or the public’s safety.

Strict confidentiality agreements are in place with our service providers and external agencies who may process data on our behalf. We use third parties who provide services on our behalf, such as mail, database, telephone, IT, audit, professional advice, payment processing and research services. Before disclosing your personal information to an overseas based third party, we will take all reasonable steps to ensure that the recipient will not breach the Australian Privacy Principles

How we protect data security

Our employees and volunteers receive have signed a Code of Conduct and received training about how to handle personal information.

We comply with industry standards to ensure your personal information is protected from misuse, loss, interference and unauthorised access, modification or disclosure.

Unfortunately, despite all these measures, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Caritas Australia cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

How to access or update your information

We take reasonable steps to ensure that the personal information that we hold is accurate, complete and up to date. However, we rely on you to advise us of any changes to your personal information is up to date.

You can request access to your personal information that we hold. If we cannot give you access to this information (for example, if we are not permitted by law, or if it breaches the confidentiality of another person), we will tell you the reason why.

To request access to your personal information or, to update or correct your personal information, please contact the Privacy Focal Point confidential@caritas.org.au

Contact us

If you have any questions or concerns about our Privacy Policy or its implementation, please contact the Privacy Focal Point confidential@caritas.org.au

 

Learn about the security measures we take around your personal information here.