Privacy

1. Context

The AMPJP’s document Ministerial PJP Governance Principles, Foundations and Applications states that operations should “…uphold the dignity of all people…”. The protection of a person’s privacy is seen as an important element of their dignity.

This AMPJP Privacy Policy draws upon the Business Victoria Privacy Policy Template1. This AMPJP Privacy Policy has been checked against the Office of Information Privacy Commissioner’s Australian Privacy Principle privacy policy checklist2.

This policy also addresses the European Union (EU) privacy law (General Data Protection Regulation) that from 25 May 2018 made new requirements on how organisations treat or use the personal data of people located in the EU. The most likely application for AMPJP is when a person from the EU subscribes to the AMPJP newsletter.

2. Scope

This policy applies to all information, related to individuals and organisations (you/your), collected, stored and shared by AMPJP (we/our) across all its operations.

3. Policy

The AMPJP is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your personal information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.

A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at https://www.aoic.gov.au

4. Procedure

4.1 Personal Information and why do we collect it?

Personal Information is information, or an opinion, that identifies an individual person or organisation. Examples of Personal Information that AMPJP collects may include: names, addresses, email addresses, phone and facsimile numbers, organisational income/expenditure and other organisational information.

This Personal Information is obtained in many ways including: interviews, correspondence, accounts, activity registration, election nomination/acceptance forms, surveys, meetings, by telephone and facsimile, by email, from other publicly available sources and from third parties.

When you browse our website (www.ampjp.org.au) we collect and track information that helps us learn more about our visitors and their engagement with our website. None of this information is capable of personally identifying you. We learn about what city you live in, what browser you use, what device you were using to view our site, how long you spent on certain pages and the like. We use this information to help improve the user experience of our site. We don’t guarantee website links or policy of authorised third parties. When you submit information to us by way of a form, we only use this information to further correspond with you about the enquiry you sent. We do not store any email addresses or personal information on this website. When you subscribe to our newsletter we use a double opt in to give you the chance to change your mind. Every newsletter we send contains an unsubscribe link. The email address you submit is not stored on our website but managed on secure servers in a hosted email management application. Currently MailChimp is our email management application. Upon request AMPJP can show subscribers how their personal data is stored in the AMPJP MailChimp account.

4.2 Why we collect personal information

AMPJP collects Personal Information for the primary purpose of:

  • providing our services to organisations and individuals;
  • providing information to our member organisations;
  • informing/educating others about Ministerial PJPs; and
  • marketing of AMPJP.

We may also use Personal Information for secondary purposes that are closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

Individuals/organisations may unsubscribe from AMPJP mailing/marketing lists at any time by contacting us or selecting the “unsubscribe” option on the newsletter.

When AMPJP collects Personal Information we will, where appropriate and where possible, explain to the individual/organisation why the information is being collected and its intended use.

4.3 Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by AMPJP only:

  • For the primary purpose for which it was obtained;
  • For a secondary purpose that is directly related to the primary purpose; and
  • With the individual/organisation’s consent; or where required or authorised by law.

4.4 Third Parties

Where reasonable and practicable to do so, AMPJP will collect Personal Information only from the individual/organisation concerned. However, in some circumstances AMPJP may be provided with information by third parties. In such a case, AMPJP will take reasonable steps to ensure that the individual/organisation is made aware of the information provided by the third party.

4.5 Disclosure of Personal Information

An individual/organisation’s Personal Information may be disclosed in a number of circumstances including the following:

  • Third parties where the individual/organisation concerned has given consent to the use or disclosure; and
  • Where required or authorised by law.

4.6 Security of Personal Information

An individual/organisation’s Personal Information is stored in a manner that reasonably protects it from misuse, loss and from unauthorised access, modification or disclosure.

When an individual/organisation’s Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in files which will be kept by us for a minimum of 7 years.

4.7 Data breaches

The AMPJP, having an annual turnover of less than $3 million is not bound by the Notifiable Data Breaches section of the Privacy Act except where the data is a person’s tax file number.

Where the data that is breached is a person’s tax file number, the AMPJP will notify the individual and provide recommendations about the steps the individual should take in response to the breach.

In other cases, the AMPJP may notify individuals or organisations whose personal information is involved in a data breach that is likely to result in serious harm. This notification may include recommendations about the steps individuals or organisations could take in response to the breach.

Where there has been unauthorised access, unauthorised disclosure or loss of data the AMPJP Executive Director will consult with the Office of Information Privacy Commissioner to determine whether that Office and the persons involved require notification.

4.8 Access to your Personal Information

An individual/organisation may access their Personal Information held by the AMPJP.

An individual/organisation may request that their Personal Information be updated and/or corrected, subject to certain exceptions. An individual/organisation wishing to access their Personal Information can do so by contacting AMPJP in writing.

AMPJP will not charge any fee for an individual/organisation’s requesting access to their information. The AMPJP may charge an administrative fee in the event that the individual/organisation wants a copy of their Personal Information.

In order to protect an individual/organisation’s Personal Information, AMPJP may require identification from an individual/organisation before releasing the requested information.

4.9 Maintaining the Quality of your Personal Information

It is important to AMPJP that all Personal Information is up to date. AMPJP will take reasonable steps to make sure that an individual/organisation’s Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

4.10 Policy Updates

This Policy may change from time to time and will be available on our website.

4.11 Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:
AMPJP
PO Box 6, The Junction NSW 2291
info@ampjp.org.au
Ph: 0408 867 046

5. Compliance

Compliance with this policy is being measured by:

  1. The AMPJP Privacy Policy is publicly available at: www.ampjp.org.au
  2. Data breaches are notified as required;

6. Evaluation

This policy objective can be evaluated as achieved by:

  1. AMPJP personnel and member organisations having no complaints about AMPJP collection, use, storage, maintenance and access to their Personal Information.

7. References

Civil law a) Privacy Act 1988 (Cth)
b) Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
c) Australian Charities and Not-for-profits Commission Act, 2012 (Cth)
d) Corporations Act, 2001 (Cth)
Church teaching a) Holy See (1983) Code of Canon Law
b) National Committee for Professional Standards (2011) Integrity in the Service of the Church A Resource Document of Principles and Standards for Lay Workers in the Catholic Church in Australia https://www.catholic.org.au/documents/1345-integrity-in-service-of-the-church-1/file
Other references a) AMPJP (2016) Constitution, 05 May 2016 https://www.acnc.gov.au/RN52B75Q?ID=56A842CF-7D5E-4A3D-8FFD-75582C329D23&noleft=1
b) AMPJP (2018) Governance Principles, Foundations and Applications
c) Business Victoria Privacy Policy Template https://www.business.vic.gov.au/__…/BV-Privacy-Policy-Template-Update- 2017.docx
Office of Information Privacy Commissioner. Australian Privacy Principle Privacy Policy Checklist https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-developing-an-app-privacy-policy
d) Office of Information Privacy Commissioner Notifiable Data Breaches scheme (website page) https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
e) Office of Information Privacy Commissioner Privacy business resource 21: Australian businesses and the EU General Data Protection Regulation (website page) https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation

8. Record of changes to document

Date of change Section changed Nature of change
01 Nov 2018 All sections Document created
01 Nov 2020 Policy Review Due

1 Business Victoria Privacy Policy Template https://www.business.vic.gov.au/__…/BV-Privacy-Policy-Template-Update- 2017.docx
2 Office of Information Privacy Commissioner. Australian Privacy Principle Privacy Policy Checklist https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-developing-an-app-privacy-policy