Respecting your privacy
For the purposes of this Policy, references to “we”, “our”, “us” and “CDF” are references to The Roman Catholic Archbishop of Perth – Catholic Development Fund ABN 96 993 674 415.
What is personal information?
In this Policy, “personal information” has the same meaning as given to that term in section 6 of the Privacy Act 1988 (Cth) (Privacy Act) being –
information or an opinion (including information or an opinion forming part of a database), whether true or not, whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.
The types of personal information that we may collect and hold about you include, but are not limited to:
- ID information such as your name, postal and email address, telephone numbers, occupation and date of birth;
- contact details such as your social media handles;
- financial details such as your tax file number; and
- other information we think is necessary.
What sensitive information do we collect?
Sensitive information is information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.
We do not collect sensitive information in the general course of providing services. We will only collect sensitive information if we need the information for one of our functions or activities and we have your consent (or we are legally required to do so).
Collection when the law authorises or requires us to collect information
We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.
How we collect your personal information
We understand that your personal information need to be looked after and isn’t something you leave lying around for just anybody to take. So unless it’s unreasonable or impracticable, we will try to collect personal information directly from you referred to as ‘solicited information’ (referred to as ‘solicited information’). For this reason, it’s important that you help us to do this and keep your contact details up-to-date.
There are many ways we seek information directly from you. We might collect your information when you fill out a form with us, when you’ve given us a call, used our websites or dropped into our offices. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details.
We may also collect information about you from other people, sometimes without your direct involvement, including from:
- publicly available sources (such as telephone directories);
- your representatives (such as your legal advisers); and
What do we collect via your website activity?
When you connect to our website, our Internet Service Provider records your connection. This record does not contain any information that identifies you personally or gives details on your use of the site.
The CDF does not use “cookies” to get information on your use of our site. A “cookie” is a file that could be placed on your hard drive by our website without your knowledge to allow it to monitor how the site is used.
If you’re a customer of ours that is registered to use CDF Online, we monitor your use of internet access services to ensure we can verify you, you can receive information from us and to identify ways we can improve our services for you.
To improve our services and products, we sometimes collect de-identified information from web users. That information could include IP addresses or geographical information to ensure your use of our CDF Online application is secure.
We also collect de-identified information if you use one of our loan calculators. Although the information collected does not identify an individual, it does provide the CDF with useful statistics so that we can analyse and improve our web services
What if you don’t want to provide us with your personal information?
If you don’t provide your personal information to us, we may not be able to:
- provide you with the product or service you want;
- manage or administer your product or service; or
- verify your identity or protect against fraud.
How do we take care of your personal information?
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
- confidentiality requirements of our employees;
- document storage security policies;
- security measures for access to our systems;
- only giving access to personal information to a person who is verified to be able to receive that information;
- control of access to our buildings; and
- electronic security systems, such as firewalls and data encryption on our websites.
We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
What happens when we no longer need your information?
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act, the Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act for example. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
What are the main reasons we collect, hold, and use your personal information?
Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for. We will seek and use your personal information to:
- provide you with information about products and services;
- consider your request for products and services, including your eligibility;
- process your application and provide you with products and services;
- administer products and services which includes answering your requests and complaints, varying products and services, taking any required legal action in relation to our accounts and managing our relevant product portfolios;
- to perform other administrative and operational tasks (this may include using information for risk management, systems development and testing, staff training and market or customer satisfaction research);
- to prevent or investigate any fraud or crime (or a suspected crime or fraud); and
- to comply with legislative or regulatory requirements.
Who do we share your personal information with?
We may disclose your personal information to third parties outside of the CDF, including, but not limited to:
- other financial institutions, such as banks;
- fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
- government or regulatory bodies (including ASIC and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities);
- our accountants, auditors or lawyers and other external advisers;
- organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
- organisations that participate with us in payments systems including merchants, payment organisations and organisations that produce cheque books or statements for us; and
- mailing houses who assist us to communicate with you.
If we receive unsolicited personal or credit information about you, we will determine within a reasonable period after receiving the information whether or not we could have collected such information if we had solicited the information. If it is determined that we could not have collected such information in compliance with the Privacy Act and such information is not otherwise available on Commonwealth records, we will destroy the unsolicited information or ensure that the information is de-identified as soon as reasonably practicable (but only if it is lawful and reasonable to do so).
How do you access your personal information?
We‘ll always give you access to your personal information unless there are certain legal reasons why we can refuse to do so. You can ask us to access your personal information that we hold by contacting us using the details below. In some cases we may be able to deal with your request over the phone.
We will give you access to your personal information in the form you want it where it’s reasonable and practical.
We’re not always required to give you access to your personal information. Some of the situations where we don’t have to give you access include when:
- we believe there is a threat to life or public safety;
- there is an unreasonable impact on other individuals;
- the request is frivolous;
- the information wouldn’t be ordinarily accessible because of legal proceedings;
- it would prejudice negotiations with you;
- it would be unlawful;
- it would jeopardise taking action against serious misconduct by you;
- it would be likely to harm the activities of an enforcement body (e.g. the police); or
- it would harm the confidentiality of our commercial information.
If we can’t provide your information in the way you’ve requested, we will tell you why in writing.
If we refuse to give access to any personal information, we will tell you why in writing. If you have concerns, you can complain to us or the Office of the Australian Information Commissioner (contact details are below).
How do you correct your personal information?
Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it is:
- out of date;
- irrelevant; or
If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.
If we correct information that we have previously provided or disclosed to a third party, you may request that we notify that third party of the correction. On receipt of such a request we will take such steps as may be reasonable in the circumstances to give that notification, unless it would be impracticable or unlawful for us to do so.
If we unable to correct your personal information in accordance with your request, we will provide you with an explanation as to why we will not correct the relevant information and the mechanisms available to you to complain about the refusal.
How do you make a complaint?
If you have a complaint about how we handle your personal information or if you think we have breached the Privacy Act, you are entitled to complain and we want to hear from you. You are always welcome to contact us.
You can contact us by:
- writing to us at GPO Box M962, PERTH WA 6000;
- phone us on (08) 6104 3600;
- speaking to us in person at our offices at 249 Adelaide Terrace, Perth WA 6000.
We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within five business days, to acknowledge the complaint and let you know who will be responsible for managing your complaint. We will then try to resolve the complaint within 30 days of the complaint being made. When this is not possible, we will contact you within that time to let you know how long it will take to resolve the complaint.
Need more help?
If you still feel your issue hasn’t been resolved to your satisfaction, then you can raise your concern with the Office of the Australian Information Commissioner:
- Online: oaic.gov.au/privacy
- Phone: 1300 363 992
- Fax: +61 2 9284 9666
- Mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601
Is this Policy available in other formats (ie hard copy)?
You may seek this Policy in other formats (such as a hard copy) by contacting us by one of the means specified above.
Changes to this Policy
We may make changes to this Policy from time to time. We encourage you to check our website regularly for any updates to this Policy.