The Crusader Union of Australia (CRU) respects your privacy and is committed to complying with the Australian Privacy Principles outlined in the Privacy Act 1988 and Privacy Amendment (Notifiable Data Breaches) Act 2017.
What type of personal and sensitive information does CRU collect?
CRU only collects personal and sensitive information that is necessary to carry out the organisation’s functions and activities. This information is collected by lawful and fair means. Where practicable, individuals may choose to interact with CRU anonymously or using a pseudonym, however, if personal information is not provided, CRU may not be able to process camp bookings, donations or satisfy duty of care requirements.
Information collected by CRU relates to:
- Campers and school children, parents and/or guardians before, during and after their immediate involvement with CRU
- Guests who use CRU’s campsites or services
- Representatives of groups and organisations who potentially might use CRU’s campsites, or other programs or services
- Job applicants, staff members, volunteers, participants in training courses and contractors
- People who donate to CRU and
- Other people who come into contact with CRU.
CRU generally collects the following kinds of personal information:
- Postal and email addresses and social media accounts
- Phone and fax numbers
- Date of birth
- Marital status
- Education and training
- Details about next of kin
- Occupation and employment history
- History of involvement in CRU activities
- Financial details (bank and credit card numbers) and donor history
- Photographic images, video clips and sound recordings.
CRU generally collects the following kinds of sensitive information:
- Religious beliefs
- Criminal record (for child protection purposes)
- Health information (for duty of care purposes)
- Working With Children Check numbers, as well as information used to verify such checks
- Access rights for children, including information about individuals who have restricted access
- Particular care information and needs for OOHC children
How is personal data collected?
Information is usually collected directly from the individual by way of telephone calls, online forms, hard copy forms, face-to-face meetings, interviews, surveys and use of CRU websites and emails. CRU will inform individuals about the purposes of collecting this information at the time of collection and will take reasonable steps to obtain express consent for collecting and using sensitive information.
CRU will collect personal and sensitive information about minors from their parents or guardians and treat consent given by parents as consent given on behalf of the child. Notice given to parents will act as notice given to the child.
From time to time, where it is impractical for information to be collected directly from the individuals concerned, CRU may also collect information about individuals or organisations from social media, a purchased list or online directory. CRU may also receive information from supporters about other contacts who may be interested in supporting CRU.
Use of personal and sensitive information
CRU uses personal data to:
- Process camp bookings and donations
- Keep parents and children informed about matters related to camps, school CRU Groups and events and the general work of the organisation
- Seek donations and market CRU as an organisation
- Satisfy CRU’s legal obligations and duty of care
- Understand the needs and preferences of CRU’s customers and supporters through conducting surveys
- Process information for the smooth running of training courses, and
- Promote CRU’s products and services through direct mail, email, at events, on the organisation’s website and through social media and publications.
CRU may use personal data for its marketing purposes to notify clients of special events, new resources or services, or other information that may be of interest. Individuals will be informed that their personal data may be used in this way when their information is collected. Where it is impractical to seek the individual’s consent before that particular use, marketing material may still be sent where individuals may reasonably expect to receive such material (e.g. after an individual has used one of CRU’s services).
All CRU’s marketing mailings feature an ‘opt-out’ clause. If individuals choose to ‘opt-out’ CRU will not contact them again for that particular purpose. Individuals can opt-out by clicking the ‘unsubscribe’ button in emails, returning the material and marking the opt-out option, or by contacting the Privacy Officer on (02) 9874 8933 or emailing [email protected]. Please note that this request may take a few weeks to come into effect.
On rare occasions CRU may purchase lists of potential supporters and customers and send them information about CRU and the organisation’s work and services. In this case, individuals will be notified of how their information was collected and will be provided with an opportunity to ‘opt out’ of any further contact with CRU.
Website security and Privacy
The Crusader Union of Australia respects and protects the privacy of all users of CRU’s websites. CRU reserves the right to collect personally identifying information from users during:
- online applications
- messages posted to blogs
- online purchasing, camp registrations or donations
- online surveys.
Generally the information collected includes: name; e-mail address; address; phone number; social media accounts; postal address; health information for campers; payment information; and answers to questions (surveys or otherwise). This information is used for the functioning of CRU’s programs and services and for marketing purposes, which help CRU to improve websites and products, reach new customers and generate support.
CRU does not store credit card details or information needed to verify online transactions. These are collected and processed by a secure payment gateway called Web Active Corporation Pty Ltd trading as “eWAY”. Their privacy statement can be viewed at http://www.eway.com.au/company/legal. All pages on CRU’s websites related to financial transactions are protected by Secure Sockets Layer (SSL) encryption.
CRU employs a marketing automation platform to track the patterns of behaviour of visitors to its websites. This information includes using “cookies” which are stored on an individual user’s internet browser. Individuals may choose to opt out of having cookies stored on their browser by setting “No Tracking” options in their Internet browser. CRU respects “No Tracking” options if selected.
The CRU website may contain links to third party websites. CRU is not responsible for the privacy practices of these sites.
Group Self Service online portal
CRU acknowledges that guests using our Group Self Service online portal (operated by Venue360) may provide similar information to the above in order to plan for their camp. CRU will NOT use any information provided through the Group Self Service online portal for any marketing reason or for any other reason besides the direct preparation of camp.
Storage and protection of personal data
CRU employs a cloud-based database system to catalogue and store personal details. This information is stored securely with password protection, robust network security and encryption in transmission. Only those staff and volunteers who require access to this information to complete their duties are supplied with a password and users only have access to the sections of the database relevant for their work.
CRU will take reasonable steps to protect the personal data it holds from misuse and loss and from unauthorised access, modification or disclosure. This includes physical security, computer and network security and personnel security.
CRU will take reasonable steps to destroy or permanently de-identify personal data if it is no longer reasonably necessary for one of CRU’s functions. CRU will continue to hold relevant information to resolve possible future complaints. In instances where information is archived, CRU will take reasonable steps to ensure the security of this information.
Disclosure of personal information
CRU does not engage in the selling, renting or exchanging of our clients’ and supporters’ personal information.
CRU only discloses Personal and Sensitive Information:
- To staff and volunteers to facilitate the smooth running of camps (i.e. directors, leaders and first aid staff)
- To medical practitioners, in the case of a client requiring medical attention
- To contractors providing services to a camp (e.g. Surf coaches are provided with information on how far each child can swim)
- To individuals who assist in CRU programs in schools, e.g. CRU teachers, chaplains or school pastoral staff
- To organisations, individuals and/or volunteers who assist in CRU’s fundraising and marketing activities, including database and mailhouse services
- When required by law or for governmental reporting
- To anyone the individual themselves authorises CRU to disclose information to.
CRU may pass on names and basic contact details of individuals (phone number and email address) to local churches. This disclosure would be for the purpose of allowing churches to care for the spiritual welfare of individuals. This information will only be disclosed if the individual gives consent to the disclosure. This consent will only be valid consent if the individual is adequately informed before giving consent, gives consent voluntarily and specifically, if the consent is current, and if the individual has the capacity to understand and communicate their consent. Taking advice from the Australian Privacy Principles guidelines, CRU assumes that camps or events which include senior high school years (Years 11 and 12) would have individuals who would be able to give consent to this disclosure.
Disclosure of information overseas
CRU employs a cloud-based database system. As a result, personal information may be transferred to, and stored at, a destination outside Australia, including but not limited to Japan, the United States of America, Chile, Taiwan, Singapore, Finland, Belgium and Ireland. CRU takes all reasonable steps to ensure that third parties comply with the Australian Privacy Principles or similar laws and that the privacy of individuals is protected.
The servers used for the Group Self Service online portal are located solely in Australia.
Job applicants, staff, volunteers, contractors and others
CRU’s primary purpose for collecting personal information from job applicants, staff members, volunteers and contractors is to assess and (if successful) engage the applicant, staff member, volunteer or contractor.
The purposes for which this information is used include:
- administering the individual’s employment or contract
- insurance purposes
- seeking funds and marketing for CRU and
- satisfying CRU’s legal obligations such as child protection legislation.
Access and correction rights
Individuals can request access to their personal data held by CRU by contacting the Privacy Officer. CRU will require each person to verify their identity in order to access information.
CRU may choose not to provide individuals with access to personal information if:
- Providing access would have an unreasonable impact on the privacy of other individuals
- The request for access is frivolous or vexatious
- The information relates to anticipated or existing legal proceedings and would not be discoverable in those proceedings
- Providing access would be likely to prejudice an investigation of possible unlawful activity.
If an individual believes that any personal information CRU holds is incorrect, incomplete, not up-to-date, or no longer relevant, they can request that the information is corrected and CRU will do so in a reasonably timely manner.
If a Data Breach occurs
The Crusader Union of Australia is an organisation that is required to report any known or suspected breaches of our data to the Privacy Commissioner, those affected, and the OAIC (Office of the Australian Information Commissioner). CRU’s Data Breach Response Plan outlines how CRU will respond in the event of a data breach.
If anyone believes that CRU may have breached their privacy rights, or is concerned about CRU’s information handling practices, please contact the Privacy Officer. The matter will be promptly investigated and where appropriate, steps taken to remedy any concerns. If you are dissatisfied with our response, you may refer the matter to the Australian Information (Privacy) Commissioner (www.oaic.gov.au).
CRU’s Privacy Officer:
Ph: (02) 9874 8933 (option 5)
Fax: (02) 9874 0218
Email: [email protected]
Mailing Address: PO Box 590, Eastwood NSW 2122 Australia
If you would like a printed copy of this document, please contact CRU’s Privacy Officer. CRU respects your privacy and is committed to complying with the Australian Privacy Principles outlined in the Privacy Act 1988 and Privacy Amendment (Notifiable Data Breaches) Act 2017.
Crusader Union of Australia ABN 90 213 359 332 PO Box 590, Eastwood NSW 2122 Australia (02) 9874 8933
Policy Updated November 2021