Privacy Policy

THE PRIVACY POLICY OF HILLS CHRISTIAN ALLIANCE CHURCH

(Revised 30th March 2023)


This policy has been adopted by Hills Christian Alliance Church (HCAC) in order to comply with the requirements of the Privacy Amendment (Private Sector) Act No 155 of 2000. The policy should be read together with the Australian Privacy Principles (APPs) set out in the Privacy Act. A summary of the APPs is attached.


  1. In this policy, a reference to HCAC means Hills Christian Alliance Church.
  2. HCAC will comply with the Australian Privacy Principles (APPs). If there is any inconsistency between this policy and the APPs, then the APPs prevail.
  3. Subject to paragraph 4, HCAC will only use personal information for the primary purpose for which it is collected. In most cases, the purpose will relate to the spiritual, pastoral, social, educational and administrative functions of the C&MA.
  4. HCAC will only use personal information about an individual for a secondary purpose (i.e. something beyond the scope of the primary purpose) if that individual has consented or the use is otherwise permitted by the APPs.
  5. HCAC will take reasonable steps to keep personal information secure and will, subject to the APPs, comply with any request from a person to correct or remove his or her information. HCAC will appoint a Privacy Officer who will be responsible for storing, correcting and giving people access to personal information collected about them.
  6. Personal information collected by HCAC may be sensitive information for the purpose of the APPs (e.g. information about a person’s religious beliefs). As a non-profit organisation, HCAC is permitted to collect sensitive information without a person’s express consent. However, HCAC will endeavour to seek consent from a person if sensitive information is sought for something other than the primary functions of HCAC described in paragraph 3.
  7. The operating procedures (whether or not they are formalised in a manual) of HCAC will comply with this policy and the APPs.
  8. We protect the personal and sensitive information that we have under our control from unauthorised access, improper use or alteration by restricting access to our files and database to only those personnel responsible for their maintenance and use.
  9. HCAC will appoint a Privacy Officer who will be empowered to receive and deal with any complaint that HCAC has not complied with this policy or the APPs.


If you have any questions about this Policy, please contact HCAC’s Privacy Officer on (02) 9484 6374 or admin@hillscac.org



Attachment to Privacy Policy – summary of the Australian Privacy Principles

This is only a summary of the Australian Privacy Principles as they apply to a church but full details can be found on the website:

Full details of Australian Privacy Principles can be found on the website:

https://www.oaic.gov.au/privacy/australian-privacy-principles

Section Australian Privacy Principles — a summary for APP entities (March 2014) For private sector organisations, Australian Government and Norfolk Island agencies covered by the Privacy Act 1988.


APP 1 — Open and transparent management of personal information

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP 2 — Anonymity and pseudonymity

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP 3 — Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.

APP 4 — Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information.

APP 5 — Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP 6 — Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP 7 — Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 8 — Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP 9 — Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual