Anglican Youthworks respects and protects your rights to privacy and is committed to complying with the Australian Privacy Principles (APPs), with regard to how we collect, use, disclose, transfer, store, retain or otherwise process your information - whether provided through Youthworks websites, or acquired directly by other means - and how that information will be dealt with in accordance with the law.
- For our legitimate interests, in accordance with current data protection regulations; or
On the basis of the consents you have given.
Whenever “We”, “Our” or “Us” is used in this Policy it is referring to your relationship with Youthworks.
Whenever “Youthworks” is used in this Policy it is referring to the subsidiaries of Anglican Youthworks and their associated websites and social media sites. These include Christian Education Publications (CEP), CEP Connect, CEP Teachers' Lounge, CEP International, Teen Sex by the Book, Christian Outdoor Education (COE), Conference Centres, Growing Faith, Ministry Support Team, Why SRE, Think Faith, Year 13 Gap Year and Youthworks College.
If you disagree with any part of this policy please do not provide personal information to Youthworks.
What information do we collect?
Youthworks will only collect personal information that is necessary for us to provide the products, services, help or training you request of us or that is directly related to our functions or activities as a not-for-profit Christian organisation. Information is usually collected each time you are in contact with Youthworks by way of website visits, telephone calls, texts, online forms, hard copy forms, emails, interviews, social media platforms and face-to-face meetings. The kind of information we collect, and our use of that information will depend on the purpose for which it was collected, but may relate to:
- Employees, job applicants, volunteers, and contractors
- Customers who purchase products through our webstores
- Students enrolled in programs of study with Youthworks
- Participants in training courses or conferences,
- Attendees and parents/guardians attending Youthworks camps, Conference Centres or events
- People who donate to Youthworks
- Survey respondents
- Others who come into contact with Youthworks
a) Personal information
Personal Data is any information that relates to an identified or identifiable, living individual (not legal entities). This can include full name, home address, email address, phone number or cultural preferences.
The types of personal information collected by us can include:
- Personal details such as title, name, next of kin, date of birth
- Contact details such as postal address, postcode, email, mobile and telephone numbers
- When relevant to our mission, demographic information such as marital status, nationality, education, employment/qualifications and family details
- Financial information such as donation history, purchase history and your bank details
- Employee and volunteer data such as qualifications, employment history and experience
- Records of your contact with Youthworks and or its subsidiaries including involvement and history of attendance at events
- Photographs, images or audio recordings provided by you or taken at Youthworks events
- Student information such as academic progress and history
We may also obtain personal information from third parties such as the Sydney Diocesan Secretariat (SDS), your church (for Special Religious Education (SRE) authorisation) or training providers of Safe Ministry or SRE Accreditation training. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.
Where practicable, you will be given the opportunity to engage with us on an anonymous basis or using a pseudonym.
b) Sensitive information
Sensitive Data is any personal data that includes information on an individual’s health, race/ethnic origin, sexual orientation, religion, political beliefs or trade union membership.
As part of administering our services, Youthworks may collect sensitive personal information such as health information and religious information (current and previous church attendance, religious affiliation or associations, personal faith decisions). For example, we may collect medical history information from you for duty of care purposes if you are participating in an event.
We will limit the collection of sensitive information to the minimum amount required to perform our services.
Use and disclosure of personal information
Your personal information will be dealt with in accordance with the law. It is never sold or given away, and is only shared with third parties - in accordance with your consents - (also contractually or legally required to comply with the law) to assist us to provide the service requested by you.
We will not use your personal information for any purpose not outlined in this Policy without first seeking your consent, unless authorised or required by law.
Youthworks may use the information you give us for the purposes of:
- Managing student, employee, trainee, volunteer or contractor information
- Meeting our obligations to the Sydney Anglican Diocese and NSW Department of Education
- Communicating with you about events, alumni activities, campaigns, donations, products and services
- Processing information and providing services for conference bookings, donations, fundraising, fees, purchases, and event participation
- Evaluating our programs and services
- Maintaining contact with you and or reporting to you about the work of Youthworks
- Encouraging you to learn about what Youthworks does
- To answer an inquiry, a request for further information, or a complaint about Youthworks
- To assist Youthworks to provide services and products more valuable to those involved in Youthworks
- To carry out analysis and market research and improve our website and communications.
Youthworks will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your information. The legal basis will be:
- Because you have consented to Youthworks using your information for a particular purpose
- Because it is in our legitimate interest as a not-for-profit, Christian, religious and education entity to use your personal information to operate and improve our service
- To fulfil any contractual relationship we have with you in relation to the provision of products or services
- Because we need to use your personal information to comply with a legal obligation, such as protection and welfare of individuals e.g. providing relevant information to medical practitioners and emergency personnel as required and needed for attendees at events
- To protect the vital interests of you or another person
- To process sensitive personal data that is relevant to us as a not-for-profit religious organisation
- Where you have given consent for us to contact you by email, mail, phone or text, to send you information and marketing communications.
a) Data storage
Reasonable steps will be taken to keep secure any personal information - which is held. Security measures are taken to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
Information you provide electronically may be held on computers in Youthworks locations and on servers in Australia, New Zealand, Canada and the USA. Information you provide in paper form, such as letters, applications or recorded in face-to-face meetings; may be transferred to secure virtual systems or stored in secure physical filing systems.
Subject to compliance with our relevant Policies and Procedures, information may be accessed, used and stored:
- On computers in Youthworks locations and servers based in Australia, New Zealand, Canada and the USA; and
- By a limited number of staff or key volunteers under a duty of confidentiality who are involved in development, maintenance and operation of our websites, or the services provided through our websites, or who act for us for the uses set out in this policy, or other purposes approved by you. Those parties may also process information, fulfil and deliver orders, process credit card payments and provide support services to us.
Third party service providers may process information, fulfil and deliver orders, process donations and credit card payments, and provide support services on our behalf. Where such details are shared, agreements in place restrict the use of information to the purpose for which it is provided and ensure it is stored securely and in accordance with applicable data protection and privacy laws. We will take reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information.
Two of our main third party service providers are The Rocket Science Group in the USA, doing business as MailChimp, and Shopify Inc. Both are certified under the EU-US Privacy Shield Framework approved by the European Commission.
We do not sell or pass any of your personal information to any other organisation and or individuals without your express consent, unless required by law.
We will only keep your personal information for as long as it is required and in accordance with the law and other legal requirements.
Where we hold sensitive personal information, unless we have evidence of your regular contact with us or we are required by law to retain, the sensitive information will be deleted after a period of two (2) years.
Where we have given you, or where you have chosen security codes (username, password, memorable word or PIN), which enable you to use any online service, you are responsible for keeping those security details confidential.
b) Payment card and online financial transactions
All financial payments and records are held in accordance with The Payment Card Industry Data Security Standard (PCI DSS). Information on our websites is protected by encryption and firewall technology.
All credit/debit card transactions made online or by phone, are made securely through third party service providers and payment gateways, which comply with the PCI DSS. Unredacted card details are not recorded and stored on our systems.
We do not store unredacted financial details (credit or debit card numbers) obtained through online transactions nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.
c) Cookies and websites
d) Links to other sites
Youthworks websites may also include links to other websites or may provide social media buttons, permitting sharing web content directly to a social media platform, such as Facebook, Twitter and YouTube.
We do not endorse social media websites and have no responsibility for the content unless posted by or approved by us nor are we responsible for the cookies such websites may contain. Use of such buttons or links is at your own risk and you must verify the authenticity of sites before posting or providing personal information on such sites.
We do not ask for passwords or personal details on social media.
Websites such as Vimeo and YouTube are used to embed videos on the website and service providers may send their own cookies via this site. Please look at the cookie and privacy policies on these third party sites if you want more information about this.
Youthworks websites may also contain sponsored links and adverts. These may typically be through partner ministries or service providers, who may have their own detailed privacy policies.
Any documents or files made available to download from our websites are provided at users’ own risk.
a) Personal information
Where you have provided your consent to us processing your personal data, you may withdraw this consent at any time. In addition, the law gives you the right, under certain circumstances:
- To request in writing and securely obtain copies of the personal information we hold about you;
- To correct or update your personal information held by us.
- To exercise any of these rights please contact the Privacy Officer.
Please let Youthworks know as soon as any of your contact details change so that records can be kept up to date. We will take reasonable steps to correct any of your information, which is inaccurate, incomplete or out of date.
A request to access or amend your personal information may be refused in certain circumstances. If we refuse we will note with your personal information that its accuracy is disputed. A request to delete your personal information may be refused in certain circumstances. If we refuse to give you access we will provide a reason for the decision. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information.
If you do not provide some or all of the personal or sensitive information requested, Youthworks may not be able to process camp, conference bookings, purchases or donations, provide you with relevant information about our events, or satisfy duty of care requirements.
Youthworks has an obligation to identify any data breach, carry out an assessment to establish its possible impact on those affected, and take action to ensure that those individuals can protect themselves, and to notify the Privacy Commissioner. Youthworks will endeavour to notify individuals whose personal information is involved in a data breach that is likely to pose serious harm to those involved.
b) Modifying your preferences
If at any point you would like to change your preferences and:
- You do not wish to receive further communications from Youthworks; or
- You wish to change the way you receive any communication
- please contact our Privacy Officer, being as specific as possible in regards to what you wish to modify, where your request will be dealt with in accordance with this Policy. Alternatively, follow the instructions to ‘unsubscribe’ on any email or text communication received from Youthworks.
If you have indicated that you no longer wish to hear from us, we will keep the minimum information necessary to ensure that no future contact is made.
However, even after you modify your communication preferences, we may retain copies of information about you for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, or legal process.
Complaints and concerns
If you wish to raise an objection or complaint about the handling of your personal information or have a concern about our approach to privacy, please contact our Privacy Officer.
Youthworks Privacy Officer
PO Box A287
Sydney South NSW 1235
You also have the right to lodge a complaint with the Office of the Australian Information Commissioner about how your data is managed.
Youthworks may amend this Policy from time to time to reflect changes in best practice, security and control and to ensure compliance with any changes or amendments to the law or other applicable legislation. Any amended version will be available on the website. We suggest you visit regularly to keep up to date with any changes.
European Union users
The General Data Protection Regulation (GDPR) regulates the ‘processing’ of personal data for EU individuals, which includes collection, storage, transfer, or use. The GDPR applies no matter where the data is processed and where the organisation processing data is physically located.
Youthworks is committed to complying with the GDPR for its EU users and in addition to what is set out above the following applies:
- You have the ‘right to be forgotten’, which means the right to require that Youthworks erases personal data about you in certain conditions, including if the personal data is no longer necessary for the original purpose of the processing or if you withdraw consent for the processing;
- You may request that Youthworks share your personal data with a nominated third party;
- You may object to profiling activities based on our legitimate interest;
- You may request us to stop using your personal information for marketing purposes or for any other purpose where there is no legal requirement for continued processing.
If you believe that we have not been able to assist with your complaint or concern, and you are located in the EU, you have the right to lodge a complaint with the competent supervisory authority.