Privacy Policy


The purpose of this policy is to ensure and to protect the privacy of the personal and sensitive information which has been provided to St Paul’s African House.  

Relevant to

The Policy and Procedures apply to:

  • All programs and activities of St Paul’s African House
  • All employees, volunteers, hirers, and visitors.


The objectives of this policy are to ensure that all employees, members and volunteers:

  • Set a good example by treating all personal and sensitive information with care
  • Treat all personal and sensitive information in accordance with the Privacy Act (Cth) 1988 and the Privacy Act(NZ) 1993

Policy Statement

St Paul’s African House encourages strict standards of privacy and takes all reasonable measures to ensure that personal and sensitive information is used and cared for in an appropriate, respectful manner and in accordance with the Australian Privacy Principles and the New Zealand Privacy Principles.


Personal information collected by St Paul’s African House

  1. The types of personal information collected by SPAH includes:
    • Names, occupation, contact and address details
    • Date of birth and gender
    • Information on identification documents e.g. passport, drivers licence, Working with Children Check, Tax File Number
    • Bank account details
    • Details of superannuation and insurance arrangements
    • Educational qualifications, courses, employment and volunteer details, history and entitlements
    • Visa or work permit status
    • Personal information about a spouse or dependents
    • Details of any products, services, information or assistance obtained from SPAH or enquiries about products and services, together with any additional information necessary to deliver that product or those services, information or assistance or to respond to enquiries
    • Other information provided to SPAH; and
    • Commentary or opinion

Sensitive information collected by SPAH

  1. In order to provide specific products, services, information or assistance or for other purposes, it may be necessary in some circumstances for SPAH to collect sensitive information. Examples of the types of sensitive information that may be collected include:
  • Professional memberships
  • Racial or ethnic origin
  • Religious beliefs or affiliations including worship details
  • Criminal history; and
  • Health information

Exempt personal information

  1. In very limited circumstances the Privacy Act allows SPAH to deal with personal information other than in accordance with this policy. This is permitted where:
  • The personal information relates to the functions or activities of SPAH and the information relates solely to a member of SPAH or an individual in regular contact with SPAH in connection with its functions and activities;
  • SPAH reasonably believes that the personal information is;
    • Necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
    • Necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct
    • Reasonably necessary to assist in the location of a person who has been reported as missing
    • Reasonably necessary to establish, exercise or defend a legal or equitable claim; or
    • Reasonably necessary for the purposes of a confidential alternative dispute resolution process

Why SPAH collects, holds, uses and discloses personal information

  1. SPAH collects, holds and uses personal information for a number of purposes including:
  • The furtherance of the work and mission of the SPAH
  • The provision of products, services and information or assistance
  • To respond to requests or queries
  • To maintain contact with people
  • To keep people informed of SPAH’s services, developments, information and opportunities
  • To notify people of events
  • To provide and manage access to protected areas of any SPAH website or social media platform
  • To update SPAH records and keep contact details up to date
  • To process or respond to any complaint
  • For purposes relating to the engagement of employees and volunteers
  • To manage conflicts of interest
  • To conduct surveys
  • To permit interaction with SPAH’s websites and social media platforms
  • To meet any regulatory or compliance obligations; and
  • For any other related purpose
  1. If SPAH is not provided with the personal information it has requested, it may not be able to provide the products, services, information or assistance SPAH has been asked to provide and the experience of SPAH’s websites or social media platforms may be not be as enjoyable or useful.
  1. SPAH may disclose personal information to:
  • employees, members and volunteers of SPAH
  • Contractors
  • Third party service providers, including web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and research and marketing agencies and consultants
  • Professional advisors and experts such as accountants, solicitors and business advisors contracted as part of an engagement
  • Government or regulatory bodies
  • Any organization including funding bodies for any authorised purpose with express consent
  1. SPAH may send direct marketing communications products and services which SPAH considers may be of interest. These communications may be sent in various form, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act (Cth) 2003 and the Unsolicited Electronic Messages Act (NZ) 2007. At any time a person may opt out of receiving direct marketing communications from SPAH by contacting SPAH or by using the opt out facilities provided in the communications.
  1. SPAH does not disclose personal information to anyone otherwise than in accordance with this policy however SPAH may share de-identified information for research or promotional purposes.

How the church collects personal information

  1. Unless an exemption applies, SPAH will only collect sensitive information with express consent and will only collect personal information with consent. Such consent may be implied.
  1. SPAH collects personal information personally unless it is unreasonable or impractical to do so. When collecting personal information, SPAH may collect it directly or indirectly through use of social media platforms, engagement in surveys or otherwise from time to time.
  1. SPAH may also collect personal information from third parties including social media platforms, other websites, government entities, previous employers and other organisations.
  1. A person may deal with SPAH anonymously however SPAH will only be able to provide very limited services, information and assistance.
  1. Unless an exemption applies, a person may only provide SPAH with personal information about someone else if they have their authority or permission to do so. They should be advised that this information has been provided to SPAH and be provided with a copy of the information provided and the Privacy Policy of SPAH.

Cookies and IP addresses

  1. When a person accesses the SPAH website, SPAH may use software embedded in its website and SPAH may place small data files (or cookies) on that person’s device to collect their personal information or information about which pages they view and how they reach them, what they do when they visit a page, the length of time they remain on the page, and how SPAH performs in providing content to them. This enables SPAH or its third party hosting service provider to recognise their device and greet them each time they visit without requiring them to register.

    SPAH may also use cookies to measure traffic patterns, to determine which areas of the SPAHs websites or social media platforms have been visited and to measure transaction patterns in the aggregate.

    SPAH uses this information to research users’ habits in order to improve its products and services. Browsers can be set so that the device does not accept cookies.
  1. The Church may gather IP addresses (the electronic addresses of devices connected to the internet) to analyse trends, administer the website, track users movement and gather broad demographic information. This information does not identify a person.

Social media platforms

  1. People may wish to participate in the various blogs, forums and social media platforms hosted by SPAH. One of the aims of these social media platforms is to facilitate and allow content to be shared. However SPAH cannot be held responsible if any person shares personal information on these platforms which is subsequently used, misused or otherwise appropriated by another user.


  1. The websites and social media platforms of SPAH may contain links to other websites and platforms operated by third parties over which SPAH has no control. SPAH makes no representations or warranties in relation to the privacy practices of any third parties and is not responsible for the privacy policies or content of any third party websites. Third parties are responsible for providing information about their privacy practices.

Disclosure of personal information to overseas recipients

  1. SPAH uses data hosting facilities and third party service providers to assist with its functions and activities. As a result personal information may be transferred to, stored at, processed or backed up at a destination outside Australia.


  1. SPAH holds information in both electronic and paper forms. SPAH takes reasonable steps to ensure that personal information is securely stored and protected from misuse and loss from unauthorised access, modification or disclosure.
  1. The SPAH website and social media platforms are linked to the internet and the internet is inherently insecure. SPAH cannot guarantee that the information supplied will not be intercepted while being transmitted over the internet. Accordingly any information transmitted to SPAH online is at a person’s own risk.

Accessing and updating personal information

  1. A person may contact SPAH at any time to request access to any personal information SPAH holds about them. SPAH will endeavour to provide a suitable means of accessing information they are entitled to access. In some circumstances, SPAH may charge a fee to cover any reasonable administrative costs. SPAH will not charge a fee for simply making a request or for making any corrections to personal information.
  1. In some circumstances, SPAH may not be able to grant access to the personal information. For example SPAH may not be able to grant access if this would interfere with the privacy of others, would result in a breach of confidentiality, is contrary to natural justice or is prohibited by law. If this is the case the person requesting the information will be advised.
  1. If a person believes that the information SPAH holds is incorrect, incomplete or inaccurate, then they may request SPAH to amend it. SPHA will consider the request and will amend the information as appropriate. If SPAH does not agree with the request, SPAH will advise them of this decision and will add this information and material to their personal information.


  1. As SPAH is an outreach of St Paul’s Lutheran Church, Shepparton, a person wishing to complain about a breach of their privacy may send their complaint to:

The Secretary
St. Paul’s Lutheran Church Council
54 Poplar Avenue
Shepparton VIC 3630

Or by phone (03) 5821 5206 Or by email to . All complaints will be handled in accordance with the LCA Complaints Handling Policy. 27. If a person is dissatisfied with the response of the Church they may refer their complaint to the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commission.


  • SPAH Executive is responsible to ensure compliance with this policy across SPAH
  • SPAH Executive is responsible to ensure implementation of this policy and related procedures and to monitor compliance.
  • Partnerships & Programs Manager is responsible for the implementation of this policy and related procedures.
  • SPAH Executive are responsible for the application of Privacy policies and procedures that meet their particular requirements, but are consistent with the SPAH Privacy policy.

Document Controls

Document ID: SPAH

Prepared using LCA Privacy Policy 06.09 (Prepared by: PSD Reviewed by: EOC and Legal, Policy ownership: GCC, Approved publication: 31 July 2015)

Review date: –