1. Open and Transparent Management of Personal Information
2. Anonymity and Pseudonymity
3. Collection of Solicited Personal Information
2.1. Individuals have the option to remain anonymous when dealing with C3 Church in relation to a particular matter as long as it is lawful and practicable for C3 Church.
2.2. C3 Church reserves the right to lawfully refuse service to any individual.
3.1. C3 Church collects solicited personal and sensitive information from individuals if it is reasonably necessary for one or more of the activities of C3 Church.
3.2. Information will only be collected with the individual’s consent.
3.3. Personal Information that may be collected includes:
o 3.3.1. Full Name;
o 3.3.2. Gender;
o 3.3.3. Marital Status;
o 3.3.4. Address;
o 3.3.5. Phone numbers;
o 3.3.6. Emails;
o 3.3.7. Birth dates; and
o 3.3.8. CCTV footage of high-risk areas.
• 3.4. Sensitive information that may be collected:
o 3.4.1. Dates of religious decisions, such as baptisms, salvations, rededications;
o 3.4.2. History of involvement in the church;
o 3.4.3. Communications between the individual and the church;
o 3.4.4. Details of donations;
o 3.4.5. Financial details where an individual has provided their financial
details to C3 Church;
o 3.4.6. Educational details for the purposes of the C3 Church training
o 3.4.7. Medical information.
3.5. C3 Church will collect details of family members from individuals where it is impracticable and unreasonable to obtain the information from those family members directly.
3.6. C3 Church does not collect any other sensitive or personal information unless the individual has consented, it is required to do so by law, or it is necessary in relation to a threat to any individual.
4. Dealing with Unsolicited Personal Information
4.1. If C3 Church receives unsolicited personal information through any means, it will determine whether the information could have been solicited under section
4.2. If C3 Church determines that the information could not have been solicited under section 3, it will be destroyed or de-identified unless it is required to be kept by law, or it is necessary in relation to a threat to any individual.
5. Notification of the Collection of Personal Information
• 5.1. Individuals will be notified before or at the time of collection of the following:
o 5.1.1. C3 Church’s name and contact details;
o 5.1.2. The purpose of collecting the personal and sensitive information; o 5.1.3. How their information will be used; and
• 5.2. Individals will be notified by a statement on all information collection cards and on the C3 Church website.
6. Use or Disclosure of Personal Information
• 6.1. C3 Church will only use personal and sensitive information for the purposes for which it was collected, unless:
o 6.1.1. It is required by law;
o 6.1.2. The individual has explicitly consented to its use; or
o 6.1.3. The secondary usage is directly related to the primary purpose of
• 6.2. C3 Church does not transfer personal or sensitive information to any other organisation outside C3 Church.
7. Direct Marketing
7.1. C3 Church will use all data gathered for the purposes of direct marketing for C3 church events, programs and initiatives.
7.2. C3 Church will provide an option for individuals to opt-out of direct marketing for C3 Church events, programs and initiatives.
7.3. C3 Church will not send direct marketing to individuals who have opted out of these processes.
8. Cross-border Disclosure of Personal Information
• 8.1. Personal and sensitive information is sometimes held on Internet cloud servers. C3 Church has taken every practicable step to ensure that the organisations whose services it utilises have privacy policies in line with the Australian Privacy Principles. These cloud servers are located in Australia and United States of America.
9. Adoption, Use or Disclosure of Government Related Identifiers
• 9.1. C3 Church does not adopt, use or disclose government related identifiers as its own identifier of the individual.
10. Quality of Personal Information
11. Security of Personal Information
10.1. The Elvanto Database is updated weekly by authorised personnel and tested for data quality on a monthly basis to ensure the data it holds and uses is accurate, up-to-date and complete
10.2. C3 Church undertakes annual reviews of all collected data to ensure it is up-to-date, accurate and complete. C3 Church will make every reasonable effort to update information.
• 11.1. Misuse:
o 11.1.1. Access to relevant information is provided to all volunteers and staff members for the effective execution of their C3 Church-specific role only. They will only have access to those details which are necessary for the effective execution of their role.
o 11.1.2. Misuse of information by any staff member or volunteer will result in prompt disciplinary action.
• 11.2. Loss:
o 11.2.1. All data is either electronically stored or entered into the Elvanto Database and is backed up to avoid loss of information.
• 11.3. Unauthorised Access:
o 11.3.1. All information is kept under password protection or appropriate Internet security to avoid unauthorised access. Access for staff members and volunteers is reviewed monthly.
• 11.4. C3 Church undertakes annual reviews of all collected data to ensure it is still relevant to the organisation’s purposes. If data is deemed irrelevant, it is destroyed or deidentified.
12. Access to Personal Information
13. Correction of Personal Information
• 12.1. Any individual has the right to view the personal or sensitive information held by C3 Church by written request to the Privacy Officer. C3 Church will provide access to this information within 30 days unless it is legally authorised to refuse the request.
• 13.1. Individuals are encouraged to update any inaccurate, incomplete or out of date information by contacting C3 Church. When advised that information is wrong, authorised personnel will update, delete or de-identify personal information as soon as possible.