Whole of Church Privacy Policy Uniting Church in Australia, Queensland Synod

1. Policy Statement

The Uniting Church in Australia, Queensland Synod is committed to be obedient to both its mission and the laws of Australia. It therefore seeks to abide by the Privacy Act (2000). The Uniting Church in Australia, Qld Synod is a body of many parts.

2. Policy Framework

To provide a framework that:

Ensures the Church, including all its congregations, agencies and activities collect, use, keep secure and disclose personal information in a manner that conforms to the amended Privacy Act (2000).

Recognises that congregations, agencies and activities may have special privacy considerations and where this occurs that they are able to further develop the policy to address their specific needs (second generation policy).

Ensures all second-generation policies are consistent with one another and reflective of the Church’s mission.

3. Legal Framework

The Uniting Church in Australia, Qld Synod is an unincorporated association and as such, cannot own property, make contracts or sue and be sued, as it is not a legal entity. To enable the Church to conduct its external legal transactions, an Act of the Queensland Parliament, The Uniting Church in Australia Act 1977, establishes the Uniting Church in Australia Property Trust (Q.), (the Trust). The Trust is the legal entity which holds all property in trust for the Church. All actions and consequent documentation must be in the name of the Uniting Church in Australia Property Trust (Q).

4. Definitions

In this policy, unless the context or subject matter otherwise indicates:

Agency includes any body not separately incorporated and responsible to UnitingCare, Queensland

Parts of the Church includes any Presbytery, Congregation, School, Institution or other Agency not responsible to UnitingCare, Queensland

Second Generation Policy is any Privacy policy developed by any part of the Uniting Church in Australia, Qld Synod , not including this policy.

5. Whole of Church Privacy Policy

As from 21 December 2001 all personal information collected by all parts of the Uniting Church in Australia, Qld Synod will comply with the National Privacy Principles as detailed below and as amended from time to time:

1. Collection
2. Use and disclosure
3. Data quality
4. Data security
5. Openness
6. Access and correction
7. Identifiers
8. Anonymity
9. Transborder data flows
10. Sensitive Information
6 Second Generation Privacy Policies

The Uniting Church in Australia, Qld Synod has adopted a whole of church privacy policy, understanding that the work of the various parts of the Church is broad ranging and the process to develop and implement an appropriate policy to address the specific needs of each part is complex and cumbersome. Elements of specific policy development (called second Generation policies) and implementation are thus delegated to those agencies or parts of the Church that have specific privacy considerations.

To ensure that the Church across its parts has privacy policies that are consistent with one another and reflective of the Church’s mission, any Agency which develops a second-generation privacy policy, must have authorization by UnitingCare Queensland and must appoint a Privacy Officer.

Any other part of the Church is required to submit their second generation policy to the Property Office, Queensland Synod and to appoint a Privacy Officer.

7. Compliance

All parts of the Uniting Church in Australia, Qld Synod must perform a privacy audit of sensitive and confidential information from time to time to ensure that the Principles of the Privacy Act (2000) and of this, and any second generation policy are being adhered.

The Queensland Synod reserves the right to inspect second generation policies, procedures and relevant information at any time.

8. Information To Be Furnished Annually

Where a second generation privacy policy exists, the name and contact details of the Privacy Officer needs to be forwarded to the Property Division by 15 February of each year to ensure that queries are directed appropriately.

9. Changes to Privacy Policies

Changes to second generation Policies or associated documentation must be forwarded to the authorizing body, ie UnitingCare or the Property Office after amendment.