Introduction
The Governance Group of Gympie Baptist Church is committed to protecting the privacy of personal information which the church collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
Purpose
The purpose of this document is to provide a framework for Gympie Baptist Church in dealing with privacy considerations.
Policy
Gympie Baptist Church collects and administers a range of personal information for purposes including but not limited to:
- Furtherance of the mission of the church
- Administration and communication within the church
- Adherence to legislative and compliance requirements
- Maintaining records in the public interest (e.g. baptism rolls, wedding registers, and other related purposes)
Gympie Baptist Church recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies and reflected in our Privacy Policy, which is compliant with the Privacy Act 1988 (Cth).
Gympie Baptist Church is bound by laws which impose specific obligations when it comes to handling information. The church has adopted the following principles contained as minimum standards in relation to handling personal information.
Gympie Baptist Church will:
- Collect only information which the church requires for its primary function;
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
- Store personal information securely, protecting it from unauthorised access; and
- Provide stakeholders with access to their own information, and the right to seek its correction.
Management and security of personal information
The church has in place steps to protect the personal information it holds from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and passworded access rights to computerised records.
Church Website
When you use our website, having your cookies enabled will allow us to maintain the continuity of your browsing session and remember your details when you return. We may also use web beacons, Flash local stored objects and JavaScript. If you adjust your browser settings to block, reject or delete these functions, the webpage may not function in an optimal manner. We may also collect information about your IP address, although this may not identify you.
Video Surveillance
We use video surveillance (CCTV cameras) on the church premises for security purposes. Surveillance videos are not used by the church for other purposes and the footage is not publicly available. Surveillance cameras are not located in any bathrooms or change room facilities.
Access to and updating your personal information
The church endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to access or update their personal information held by the church by contacting the church office in writing.
133 Corella Road
Gympie Qld 4570
Identification will be required before the access of personal information if access is not done in person or the person is not familiar with Administration.
What steps does Gympie Baptist Church take when there is a data breach or privacy incident?
A data breach or privacy incident may result from unauthorised people accessing / disclosing, changing, losing or destroying personal information. Examples of situations where a data breach or privacy incident may occur include:
- Accidental download of a virus on to a Gympie Baptist Church computer
- Discussing or sharing of personal information on social media
- Non-secure disposal of hard copies of personal information (e.g. not keeping hard copies in secure cabinets or not disposing of them in a secure bin / shredder)
- Leaving an unlocked smart phone on public transport.
A data breach or privacy incident can occur due to human error or technical failures, can be accidental or deliberate and can apply to information in a number of forms (e.g. electronic as well as hard copy). In the event of a data breach or privacy incident, Gympie Baptist Church will respond in the following way which is in line with the Notifiable Data Breaches Scheme in the Privacy Act 1988 (Cth):
- The breach / incident will be identified and reported to the Governance Group of Gympie Baptist Church;
- The breach / incident will be contained so further access/disclosure/loss etc will not arise;
- The seriousness of the breach / incident will be assessed between the relevant personnel together with the Governance Group of Gympie Baptist Church;
- Regardless of the seriousness of the breach or incident, remedial action will be taken to reduce any potential harm to individuals;
- In cases where serious harm is likely, Gympie Baptist Church will notify the relevant individuals, the Office of the Australian Information Commissioner (OAIC), and issue a public statement that will be made available on its website;
- Following each breach / incident, Gympie Baptist Church will conduct a review of policies and processes and make any adjustments to avoid further breaches and incidents of a similar nature.
Policy Modifications
The church may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the church’s operations and practices and to make sure it remains appropriate to the changing legal environment.
Printed copies of this document are considered obsolete. The current document is accessed via Microsoft Teams internally and is publicly available at https://gympiebaptist.org/privacy-policy/.