The GodSpace website is owned and operated by the Baptist Association of NSW and ACT (ABN 24 941 624 663, legal entity name Baptist Union of NSW).
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Sensitive Information means:
- information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual orientation or practices; or
- criminal record;
that is also personal information; or
- health information about an individual; or
- genetic information about an individual that is not otherwise health information; or
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
Information that we collect from you and hold about you
We collect and hold personal information such as:
- Phone number
- Position held at your organisation
Also, we collect personal information about your interactions with us for example, when you make a purchase from us, make a donation to us, when you attend our events and when you phone us and this information is held in our database, registrations form files and attendance lists.
Purpose of collection, holding, use and disclosure of personal information
The purpose of collection, holding, use and disclosure of the personal information is to fulfil the ministry and administrative functions of the Association. This may include things such as:
- to supply goods or services to you;
- to contact you;
- to comply with legal obligations;
- to sign you up to our newsletters and invite you to our events that may be of interest and relevance to your role; or
Who may we disclose your information to?
We may disclose your personal information to the following groups:
- to our employees
- to our contractors who perform tasks directly on our behalf (for example, mailing houses)
- other Baptist Churches and Baptist affiliated organisations
- anyone you authorise us; or
- anyone to whom we are required to by law.
We do not pass on personal information to any third parties other than those stated in this policy, or publish them in our publications or on our website without explicit permission. We do not buy or sell personal information from or to third parties.
We will only use or disclose sensitive information for the purpose for which we collected it or for a directly related secondary purpose, unless you give your consent to another use or we are required or permitted by law to use or disclose the sensitive information.
Your right to information
Whilst we keep all personal information about you secure from others, you may request access to your information at any time.
Your individual information can be accessed by contacting the Privacy Officer by writing emailing email@example.com . Also, if you believe that a correction is required, please contact us.
We may ask for verification of your identity when you request access to your information. If you wish to have your personal information deleted, we will take reasonable steps to delete it unless we need to keep it for legal, auditing or internal risk management reasons.
We may decline to provide details of personal information to a supporter in any legal dispute where access is not permitted.
There may be cases where we cannot provide access to personal information we hold, for example, where providing access would interfere with the privacy of others or breach confidentiality.
If we use personal information in ways other than as stated in this policy, we will ensure we comply with the requirements of Privacy law.
Complaints about a breach of the Australian Privacy Principles
Any complaints in relation to the breach of the Australia Privacy Principles can be made to the Privacy Officer by emailing firstname.lastname@example.org. We will keep you updated on the progress of correcting the breach. The Association will investigate the complaint and will notify the individual of its decision and any action taken as soon as possible.
How we keep your information secure
We actively seek to ensure that all personal information we collect is protected from misuse, unauthorised access, modification or disclosure. We make all reasonable efforts to ensure that your information is stored securely, via our secure password and firewall-protected servers, both in electronic and physical forms, and that only those persons who require access are authorised. Staff are employed on the basis that they will protect information about you. All sales, donations and communications made via our website are secure. All electronic financial transactions and payment details entered through our website or by staff directly into our database are protected by encryption technology.
Eligible Data Breaches
The Privacy Act stipulates reporting and management requirements for certain data breaches, known as ‘eligible data breaches.` An ‘eligible data breach’ occurs when personal information held by us is lost or unauthorised access, disclosure, or other interference has taken place, and the access or disclosure would likely result in serious harm to the individuals to whom the information relates. ‘Serious harm’ may include physical, emotional, economic, and financial harm, as well as reputational damage.
Examples of a data breach include: –
- A device containing personal information is lost or stolen;
- The Association’s databases containing personal information is hacked;
- The Association mistakenly provides personal information to the wrong person.
If we suspect there has been an eligible data breach, we will carry out an assessment within 30 days of the suspicion to determine whether or not a data breach has occurred. The Finance, Risk and Audit and Compliance Committee is responsible for determining if an eligible data breach has occurred. In the case of an eligible data breach, the Association will take all steps to immediately contain the breach, determine who needs to be notified of the breach (whether internally and/or externally), what the best form of notification is, and how this process will be managed.
Third Party Websites
Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.