The Catholic Development Fund (CDF) is a division of the Roman Catholic Church Trust Corporation of the Archdiocese of Hobart. It is committed to complying with its obligations under the Privacy Act 1998 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs).
CDF is committed to respecting your privacy and protecting your rights with respect to your personal information.
This policy explains how CDF manages and secures your personal information. It also describes the kinds of personal information that CDF holds and for what purposes, and how that information is collected, held, used and disclosed.
This policy is easy to access and is available on CDF’s website at www.cdftas.com. You may request a copy of the policy by contacting the Privacy Officer in accordance with paragraph 13 of this policy.
Please read this policy carefully before you provide CDF with any personal information.
3. Types of personal information that CDF collects and holds
CDF may collect and hold the following types of personal information about you:
- identification information, including your name, postal address, email address, date of birth, Medicare number, driver’s licence, Centrelink number, passport and contact details;
- bank account details;
- financial transactions relating to your CDF accounts;
- balances of accounts held at CDF;
- tax file number;
- marital status; and
- any other information that CDF considers to be reasonably necessary.
CDF may need to collect sensitive information about you. CDF will only collect sensitive information about you if:
- you consent to the collection of the information and the information is directly related to CDF’s functions; or
- the information relates:
- to the activities of CDF; and
- solely to the members of CDF, or to individuals who have regular contact with CDF in connection with its activities; or
- the collection is otherwise permitted in the Privacy Act.
Information required by law
CDF may also collect personal information about you because the collection of the information is required or authorised by law or a court/tribunal order.
4. Collecting your personal information
CDF will, if it is reasonable and practical to do so, collect personal information directly from you.
CDF may collect your information when you:
- give CDF information over the telephone;
- interact with CDF electronically or in person;
- access its website;
- complete application forms.
Sometimes CDF may collect personal information about you from third parties where it is necessary to do so. This may include schools or other financial institutions requesting us to do or stop a direct debit.
If you do not provide CDF with your personal information, it may not be able to:
- provide you with the service you want; and
- verify your identity.
5. Storing personal information
CDF stores your personal information in different ways, including paper and electronic form.
CDF treats all personal information as confidential. It will take reasonable steps to ensure personal information is protected from:
- misuse, interference and loss; and
- unauthorised access, modification and disclosure.
Some of the ways CDF does this are confidentiality requirements for employees, document storage facilities, security measures for access to systems, only giving access to personal information to a person who is verified to be able to access that information, control of access to buildings, electronic security systems, such as firewalls and data encryption, user identifiers, passwords or other access codes, antivirus, antispyware, backup and recovery of systems.
If CDF no longer needs your personal information for any purpose, it will take reasonable steps to destroy or permanently de-identify the information, unless:
- the information is contained in a Commonwealth record; or
- CDF is required by law, or a court/tribunal order, to retain the information.
6. Purpose for collecting, holding, using and disclosing information
CDF collects, holds, uses and discloses your personal information for the following purposes:
- to assess your account application;
- to establish and administer your account;
- to verify your identity;
- to consider any other application made by you for products or services;
- for customer relations purposes, including managing CDF’s relationship with you;
- to comply with any applicable laws, regulations or codes of practice;
- to comply with any payment systems requirements;
- for information technology systems development and testing where our internal computer system is upgraded;
- for CDF’s internal operations, including record keeping, risk management, auditing, training, file reviews and account analysis;
- to investigate, resolve and prevent complaints;
- to make arrangement with other organisations to provide services in relation to CDF’s products and services (for example, CDF may arrange for mailing houses to distribute account statements);
- to conduct fraud assessments;
- for reporting and data analytics purposes, including for regulatory, management, statistical or research purposes;
- direct marketing purposes; and
- for any other purpose for which you have given your consent.
7. Use and disclosure of information
Personal information CDF holds about you that was collected for a particular purpose will not be disclosed for another purpose, unless:
- you have consented to the use or disclosure of the information for another purpose; or
- the access, use or disclosure is otherwise permitted under the Privacy Act (e.g. you would reasonably expect CDF to use or disclose the information for another purpose or the use or disclosure of the information is required or authorised by law or a court/tribunal order).
CDF may disclose your personal information to the following third parties:
- CDF’s service providers;
- CDF’s agents, contractors and external advisors (for example, CDF lawyers, auditors and Catholic Development Fund Melbourne);
- any person acting on your behalf, including your legal and financial advisers;
- Government and other regulatory bodies, law enforcement bodies and courts as required or authorised by law;
- external dispute resolution bodies;
- other financial institutions; and
- any other person where you have given your consent.
CDF is not likely to disclose your personal information to any overseas recipients.
Where your personal information is disclosed, CDF will seek to ensure that information is used, held and disclosed consistently with the Privacy Act and any other applicable laws.
8. Direct marketing
CDF may use or disclose your personal information for direct marking purposes.
CDF may conduct direct marketing via email, telephone, mail out or any other electronic means.
If at any time you decide you do not want to receive any more marketing material from CDF, you may:
- contact the Privacy Officer in accordance with paragraph 13 of this policy; or
- opt-out of receiving any more marketing material via a clearly visible and user friendly tick-box.
All CDF’s marketing correspondence will display a clearly visible and user-friendly opt-out tick box. CDF may imply consent to receive direct marketing material if you do not tick the opt-out box.
If you request to no longer receive direct marketing material CDF will process your request within a reasonable period after the request is made.
9 Quality of personal information
CDF must take reasonable steps to ensure that any personal information it collects, uses or discloses is accurate, complete, up-to-date and relevant to CDF’s functions or activities.
If you believe that your personal information is not accurate, complete or up to date, please contact the Privacy Officer in accordance with paragraph 13 of this policy.
10. Access to personal information
You can access your personal information unless an exception in the Privacy Act applies.
You can request access to your personal information by contacting the Privacy Officer in accordance with paragraph 13 of this policy.
Depending on the nature of the request, CDF may charge you a small fee for giving you access.
CDF will respond to a request for access within a reasonable time (usually 30 days), and give access in the manner requested by you, if it is reasonable and practicable to do so.
Sometimes, it may not be possible for CDF to give you access. If CDF refuses to give you access, it will:
- take reasonable steps to give you access in a manner that meets CDF’s needs as well as yours;
- provide you with written reasons for the refusal provided it is reasonable to do so; and
- provide you with the mechanisms available to complain about the refusal.
11. Correcting personal information
If you think that any personal information CDF holds about you is incorrect, inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request CDF to correct the information by contacting the Privacy Officer in accordance with paragraph 13 of this policy.
CDF will take reasonable steps to correct that information to ensure that, having regard to the purposes for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If CDF corrects personal information that has been disclosed to another entity and you ask CDF to tell the other entity about the correction, CDF will take reasonable steps to tell the other entity about the correction, unless it is impractical or unlawful to do so.
If CDF refuses to correct the personal information, then it will provide you with:
- written reasons for the refusal provided it is reasonable to do so; and
- the mechanism available to complain about the refusal.
CDF must respond to a correction request within a reasonable time (usually 30 days).
You have the option to remain anonymous, or to use a pseudonym when dealing with CDF where it is lawful and practical to do so.
13. Complaints or queries
- have any issues about the way CDF handles your personal information after reading this policy;
- become aware of a potential breach of privacy; or
- wish to make a privacy complaint,
please contact the CDF Privacy Officer at:
CDF Privacy Officer
Telephone: 03 62086 260
Post: GPO Box 35, Hobart, Tas, 7001
Visit: 35 Tower Road, New Town, Tas, 7008
If CDF’s Privacy Officer is unable to resolve the matter, it will be escalated (internally or externally) as appropriate to facilitate resolution.
If you are not happy with the outcome of CDF’s Privacy Officer’s investigation, then you can raise your concern with the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
Telephone: 1300 363 992
Mail: GPO Box 5218 Sydney NSW 2001
Changes to this policy
CDF will review this policy from time to time. CDF encourages you to check its website regularly for any updates to this policy.
Last updated in April 2014