On 1 January 2021, Centacare Ballarat, CatholicCare Melbourne/Gippsland and CatholicCare Sandhurst merged to form a new entity: CatholicCare Victoria.
CatholicCare Victoria (ABN 51 857 084 361), like our joining partners, is committed to protecting and upholding the right to privacy of clients, customers, staff, volunteers, students, Board members and others we deal with. CatholicCare Victoria will comply with the obligations of all relevant legislation [including the Privacy Act 1998 (Cth) (Privacy Act) and associated Australian Privacy Principles (APPs); and Health Records Act (Vic) (2001) and associated Health Privacy Principles (HPPs)] in how we collect, store and use information.
Our people are bound by our Code of Ethics and Conduct and Confidentiality Agreement.
CatholicCare Victoria is committed to respecting your privacy and protecting your rights with respect to your personal information.
From time to time CatholicCare Victoria may review and update this Privacy Statement, including to take into account new laws, regulations, practices and technology. All personal information held by CatholicCare Victoria will be governed by our most recent statement.
This statement explains how CatholicCare Victoria manages and secures your personal information. It also describes the kinds of personal information that CatholicCare Victoria holds and for what purposes, and how that information is collected, held, used and disclosed.
You may request a copy of the statement by contacting the Privacy Officer.
2. What personal information do we collect?
‘Personal Information’ is information or an opinion, whether true or not, and whether recorded in material form or not, about an identified individual or an individual who is reasonably identifiable. CatholicCare Victoria may collect and hold the following types of personal information about you:
- identification information including your name, postal address, email address, date of birth, Medicare number, driver’s licence, Centrelink number, passport and contact details
- bank account details;
- credit card details;
- financial transactions relating to your CatholicCare accounts;
- tax file number; and
- marital status.
CatholicCare Victoria may also need to collect sensitive information about you. ‘Sensitive Information’ is personal information that is also an information or opinion about your race or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a trade union or political association, sexual orientation or practices, criminal records or health information.
CatholicCare Victoria will only collect sensitive information about you if:
- you consent to the collection of the information and the information is directly related to CatholicCare’s functions; or
- the information relates:
- to the activities of CatholicCare; and
- solely to the members of CatholicCare, or to individuals who have regular contact with CatholicCare in connection with its activities; or
- the collection is otherwise permitted under the Privacy Act.
3. When and why we collect Personal Information
We collect personal information about you so we can, among other things,
- provide you with services and products;
- meet our funding body requirements;
- tailor the services we deliver;
- meet our legal obligations; and
- plan for the future.
CatholicCare Victoria will, if it is reasonable and practical to do so, collect personal information directly from you. CatholicCare Victoria may collect your information when you:
- give CatholicCare Victoria information over the telephone;
- give CatholicCare Victoria information via the CatholicCare website;
- interact with CatholicCare Victoria electronically or in person; and
- complete CatholicCare Victoria forms.
On occasion, CatholicCare Victoria may collect personal information about you from other sources where it is necessary to do so. Examples of other sources that CatholicCare Victoria may collect personal information from include, but are not limited to:
- your relatives;
- the Department of Social Services or other government agencies;
- CatholicCare’s service providers;
- information that is publicly available on the electoral roll.
If you do not provide CatholicCare Victoria with your personal information, it may not be able to:
- provide you with the product or service you want; and
- verify your identity.
If CatholicCare Victoria inadvertently collects personal information about you that it did not ask for, CatholicCare Victoria will check whether it could have collected that information itself. If CatholicCare Victoria could have collected the information, CatholicCare Victoria will handle it in the same way it handles other information it collects from you.
- CatholicCare Victoria could not have collected the personal information; and
- the information is not contained in a Commonwealth record,
CatholicCare will destroy the information or de-identify the information provided it is lawful and reasonable to do so.
4. Information collected via the CatholicCare Victoria website
CatholicCare Victoria will not collect personal information about you when you use its website except when you knowingly provide it, or as otherwise described below.
‘Cookies’ are small text files that are transferred to a user’s computer hard drive by a website for the purpose of storing information about a user’s identity, browser type or website visiting patterns.
‘Google Analytics’ – CatholicCare Victoria also uses Google analytics to collect information about how people use its website. Google Analytics does this by using cookies to understand the types of websites you visit and the way you interact with those websites.
5. Storing personal information
CatholicCare Victoria holds your personal information in different ways, including paper and electronic form. CatholicCare Victoria treats all personal information as confidential. It will take reasonable steps to ensure personal information is protected from misuse, interference and loss and unauthorised access, modification and disclosure.
Some of the ways CatholicCare Victoria does this are:
- confidentiality requirements for employees;
- contractual obligations with our service providers including CatholicCare Victoria Tasmania (CCVT) and its service providers who provide database services to CatholicCareVictoria ;
- secure document storage facilities;
- security measures for access to systems;
- only giving access to personal information to a person who is verified to be able to access that information;
- security obligations on third party information technology service providers;
- control of access to buildings; and
- electronic security systems, such as firewalls and data encryption, user identifiers, passwords
- or other access codes, antivirus, antispyware, backup and recovery of systems.
If CatholicCare Victoria no longer needs your personal information for any purpose, it will take reasonable steps to destroy or permanently de-identify the information, unless:
- the information is contained in a Commonwealth record; or
- CatholicCare Victoria is required by law, or a court/tribunal order, to retain the information.
6. Protecting personal information
At CatholicCare Victoria protecting your information is important to us. That’s why we’re dedicated to ensuring that our systems, policies, and procedures comply with government legislation, accreditation and best practice.
As part of this commitment, we’ve ensured that we’re certified according to the ISO 27001:2013 standard and the Australian Cyber Security Centre ISM Controls, and we work in alignment with the Victorian Protective Data Security Standards. We continually work to safeguard your information from unauthorised or accidental modification, loss, or dissemination, and that staff are aware of these systems.
7. How we use your personal information
CatholicCare Victoria uses and discloses your personal information to provide products and services to you which include:
- assessing your account applications;
- establishing and administering your accounts;
- verifying your identity;
- for customer relations purposes, including managing CatholicCare’s relationship with you;
- in person, remote/online and information based services;
- to comply with CatholicCare’s obligations to the Department of Social Services and other government departments (Victorian and Federal);
- to comply with any applicable laws, regulations or codes of practice;
- to comply with any payment systems requirements;
- for information technology systems development and testing where CatholicCare’s internal computer system is upgraded; for CatholicCare’s internal operations, including record keeping, risk management, auditing, training, file reviews and account analysis;
- to investigate, resolve and prevent complaints;
- to make arrangements with other organisations to provide services in relation to CatholicCare’s products and services (for example, CatholicCare may arrange for mailing houses to distribute account statements);
- to conduct fraud assessments;
- for reporting and data analytics purposes, including for regulatory, management, statistical or research purposes; and
- for any other purpose for which you have given your consent.
8. Use and disclosure of information
CatholicCare Victoria may disclose personal information about you to third parties. Examples of third parties that CatholicCare Victoria may disclose your personal information to include, but are not limited to:
- CatholicCare Victoria ’s service providers including CatholicCare Victoria Tasmania ACN 150 113 947 (CCVT) and providers of information technology services to CCVT;
- CatholicCare Victoria ’s agents, contractors and external advisors (for example, CatholicCare Victoria lawyers, auditors, information technology service providers, and Catholic Development Fund);
- any person acting on your behalf, including your legal and financial advisers;
- Government and other regulatory bodies (including the Department of Social Services), law enforcement bodies and courts as required or authorised by law; external dispute resolution bodies; and
- financial institutions.
We will not use or disclose the personal information we collect for a particular purpose for any other purpose without your consent, unless we are permitted to by law. We will not disclose your information to a third party, whether in Australia or overseas, without your consent.
For most of our services we use a common client management software and database to process and store your personal information. This software and database is licensed by CatholicCare Victoria Tasmania (ABN 150 113 947) (CCVT) and hosted and maintained by its contracted service providers.
9. Quality of personal information
CatholicCare Victoria will take all reasonable steps to ensure that any personal information it collects, uses or discloses is accurate, complete, up-to-date and relevant to CatholicCare’s functions or activities.
If you believe that your personal information is not accurate, complete or up to date, you should contact the Privacy Officer in accordance with paragraph 12 of this statement.
10. Access to personal information
You can access your personal information unless an exception in the Privacy Act applies.
You can request access to your personal information at any time by contacting the Privacy Officer in accordance with paragraph 12 of this statement.
Depending on the nature of the request, CatholicCare Victoria may charge you a small fee for granting you access.
CatholicCare will respond to a request for access within a reasonable time (usually 30 days), and give access in the manner requested by you, if it is reasonable and practicable to do so.
Sometimes, it may not be possible for CatholicCare Victoria to give you access. If CatholicCare refuses to give you access, it will:
- take reasonable steps to give you access in a manner that meets CatholicCare’s needs as well as yours;
- provide you with written reasons for the refusal provided if it is reasonable to do so; and
- provide you with the mechanisms available to complain about the refusal.
11. Correcting personal information
If you think that any personal information CatholicCare holds about you is incorrect, inaccurate, out- of-date, incomplete, irrelevant or misleading, you may request CatholicCare to correct the information by contacting the Privacy Officer in accordance with paragraph 12 of this statement.
CatholicCare Victoria will take all reasonable steps to correct that information to ensure that, having regard to the purposes for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If CatholicCare Victoria corrects personal information that has been disclosed to another entity and you ask CatholicCare Victoria to tell the other entity about the correction, CatholicCare Victoria will take all reasonable steps to tell the other entity about the correction, unless it is impractical or unlawful to do so.
If CatholicCare Victoria refuses to correct the personal information, then it will provide you with:
- written reasons for the refusal provided it is reasonable to do so; and
- the mechanism available to complain about the refusal.
CatholicCare must respond to a correction request within a reasonable time (usually 30 days).
You have the option to remain anonymous, or to use a pseudonym when dealing with CatholicCare Victoria where it is lawful and practical to do so.
13. Complaints or queries
- have any issues about the way CatholicCare Victoria handles your personal information after reading this policy;
- become aware of a potential breach of privacy; or
- wish to make a privacy complaint,
contact the CatholicCare Privacy Officer at:
- CatholicCare Victoria Privacy Officer
- Email: email@example.com
- Telephone: (03) 9287 5555
- Post: PO Box 196, East Melbourne, Vic 8002
- Visit: 383 Albert Street, East Melbourne, VIC 3002
If CatholicCare Victoria ’s Privacy Officer is unable to resolve the matter, it will be escalated (internally or externally) as appropriate to facilitate resolution.
If you are not happy with the outcome of CatholicCare Victoria’s Privacy Officer’s investigation, then you can raise your concern with the Office of the Australian Information Commissioner (OAIC):