The AMPJP’s document Ministerial PJP Governance Principles, Foundations and Applications states that operations should “…uphold the dignity of all people…”. The protection of a person’s privacy is seen as an important element of their dignity.
This policy also addresses the European Union (EU) privacy law (General Data Protection Regulation) that from 25 May 2018 made new requirements on how organisations treat or use the personal data of people located in the EU. The most likely application for AMPJP is when a person from the EU subscribes to the AMPJP newsletter.
This policy applies to all information, related to individuals and organisations (you/your), collected, stored and shared by AMPJP (we/our) across all its operations.
The AMPJP is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your personal information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.
A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at https://www.aoic.gov.au
Personal Information is information, or an opinion, that identifies an individual person or organisation. Examples of Personal Information that AMPJP collects may include: names, addresses, email addresses, phone and facsimile numbers, organisational income/expenditure and other organisational information.
This Personal Information is obtained in many ways including: interviews, correspondence, accounts, activity registration, election nomination/acceptance forms, surveys, meetings, by telephone and facsimile, by email, from other publicly available sources and from third parties.
When you browse our website (www.ampjp.org.au) we collect and track information that helps us learn more about our visitors and their engagement with our website. None of this information is capable of personally identifying you. We learn about what city you live in, what browser you use, what device you were using to view our site, how long you spent on certain pages and the like. We use this information to help improve the user experience of our site. We don’t guarantee website links or policy of authorised third parties. When you submit information to us by way of a form, we only use this information to further correspond with you about the enquiry you sent. We do not store any email addresses or personal information on this website. When you subscribe to our newsletter we use a double opt in to give you the chance to change your mind. Every newsletter we send contains an unsubscribe link. The email address you submit is not stored on our website but managed on secure servers in a hosted email management application. Currently MailChimp is our email management application. Upon request AMPJP can show subscribers how their personal data is stored in the AMPJP MailChimp account.
AMPJP collects Personal Information for the primary purpose of:
We may also use Personal Information for secondary purposes that are closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
Individuals/organisations may unsubscribe from AMPJP mailing/marketing lists at any time by contacting us or selecting the “unsubscribe” option on the newsletter.
When AMPJP collects Personal Information we will, where appropriate and where possible, explain to the individual/organisation why the information is being collected and its intended use.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by AMPJP only:
Where reasonable and practicable to do so, AMPJP will collect Personal Information only from the individual/organisation concerned. However, in some circumstances AMPJP may be provided with information by third parties. In such a case, AMPJP will take reasonable steps to ensure that the individual/organisation is made aware of the information provided by the third party.
An individual/organisation’s Personal Information may be disclosed in a number of circumstances including the following:
An individual/organisation’s Personal Information is stored in a manner that reasonably protects it from misuse, loss and from unauthorised access, modification or disclosure.
When an individual/organisation’s Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in files which will be kept by us for a minimum of 7 years.
The AMPJP, having an annual turnover of less than $3 million is not bound by the Notifiable Data Breaches section of the Privacy Act except where the data is a person’s tax file number.
Where the data that is breached is a person’s tax file number, the AMPJP will notify the individual and provide recommendations about the steps the individual should take in response to the breach.
In other cases, the AMPJP may notify individuals or organisations whose personal information is involved in a data breach that is likely to result in serious harm. This notification may include recommendations about the steps individuals or organisations could take in response to the breach.
Where there has been unauthorised access, unauthorised disclosure or loss of data the AMPJP Executive Director will consult with the Office of Information Privacy Commissioner to determine whether that Office and the persons involved require notification.
An individual/organisation may access their Personal Information held by the AMPJP.
An individual/organisation may request that their Personal Information be updated and/or corrected, subject to certain exceptions. An individual/organisation wishing to access their Personal Information can do so by contacting AMPJP in writing.
AMPJP will not charge any fee for an individual/organisation’s requesting access to their information. The AMPJP may charge an administrative fee in the event that the individual/organisation wants a copy of their Personal Information.
In order to protect an individual/organisation’s Personal Information, AMPJP may require identification from an individual/organisation before releasing the requested information.
It is important to AMPJP that all Personal Information is up to date. AMPJP will take reasonable steps to make sure that an individual/organisation’s Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
This Policy may change from time to time and will be available on our website.
PO Box 6, The Junction NSW 2291
Ph: 0408 867 046
Compliance with this policy is being measured by:
This policy objective can be evaluated as achieved by:
|Civil law||a) Privacy Act 1988 (Cth)
b) Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
c) Australian Charities and Not-for-profits Commission Act, 2012 (Cth)
d) Corporations Act, 2001 (Cth)
|Church teaching||a) Holy See (1983) Code of Canon Law
b) National Committee for Professional Standards (2011) Integrity in the Service of the Church A Resource Document of Principles and Standards for Lay Workers in the Catholic Church in Australia https://www.catholic.org.au/documents/1345-integrity-in-service-of-the-church-1/file
|Other references||a) AMPJP (2016) Constitution, 05 May 2016 https://www.acnc.gov.au/RN52B75Q?ID=56A842CF-7D5E-4A3D-8FFD-75582C329D23&noleft=1
b) AMPJP (2018) Governance Principles, Foundations and Applications
d) Office of Information Privacy Commissioner Notifiable Data Breaches scheme (website page) https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
e) Office of Information Privacy Commissioner Privacy business resource 21: Australian businesses and the EU General Data Protection Regulation (website page) https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation
|Date of change||Section changed||Nature of change|
|01 Nov 2018||All sections||Document created|
|01 Nov 2020||Policy Review Due|