Privacy & Confidentiality Policy

CatholicCare respects the privacy rights of all individuals and is bound to the principles contained within the following privacy legislation:

  • Privacy Act 1988 (Cth)
  • Australian Privacy Amendment (Enhacing Privavcy Protection) Act 2012
  • Privacy and Personal Information Act 1988 (NSW)
  • Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
  • Government Information (Public Access) Act 2009 (GIPA Act)

We are also bound by the:

  • Australian Privacy Principles (Cth) (APP) of the Privacy Act 1988
  • Health Privacy Principles (HPP) of the Health Records and Information Privacy Act 2002 (NSW)
  • Information Privacy Principles (IPP) under the Privacy and Personal Information Act 1998 (NSW)

CatholicCare is committed to the protection of personal privacy. Here we identify how your personal information will be collected, stored, used, disclosed and disposed of. We also explain how you can access and amend your personal information.

Personal Information and Sensitive Personal Information

Personal Information: refers to information or an opinion, whether true or not, about an individual whose identity is apparent or could be reasonably ascertained from that information or opinion.

Sensitive Personal Information: includes ethnic or racial origin; political opinions; membership of a political association; religious or philosophical beliefs or affiliations; membership of a professional or trade association; health; sexual preferences, practices or activities; and criminal record.

Information Collection

Information and data collection is a requirement of many CatholicCare funding contracts with Government. We also use data for the purpose of research undertaken to improve the quality and types of service we provide where:

  • It is for a lawful purpose directly related to providing services, and
  • It is reasonably necessary for us to have this information.

We only collect personal information if both of the above tests are met, and

  • You have consented and/or
  • Collection is required by law and/or
  • It is needed to deal with a serious and imminent threat to any person (and the person is incapable of giving consent) or to the general public.

Information will only be collected directly from you, from a third party if you consent, or from your legally recognised or appointed representative. You, or your legally recognised representative, must provide informed consent before your personal information can be collected and disclosed.

If a child is under 16 years of age and it is not reasonable or practicable to collect the information directly from them, the information may be collected from a parent or guardian without the child’s consent.

You will be informed of the following:

  • The fact that information is being collected
  • Whether the collection is required by law
  • Who will hold/receive the information
  • The purposes for which information is collected
  • The consequences of not providing the information
  • How you can access the information and make changes if it’s not accurate
  • How you can make a complaint.

You will be asked to show you understand and give your consent.


All personal information is kept safely and securely to prevent loss, unauthorised access, use, modification or disclosure or other misuse. Information will not be made available to any unauthorised party.

Access & Amendment of Information

We will take reasonable steps to enable you to find out:

  • Whether we hold your personal information
  • What type of information we hold about you
  • The purposes for which the information will be used
  • How you can access the information.

If you request access to your personal information, it will be provided without unreasonable expense or delay, unless:

  • This would pose a serious and imminent threat to the life, health or safety of any individual
  • This would unreasonably affect the privacy of other individuals
  • The information is related to existing or anticipated legal proceedings between the organisation and yourself and this information could not be obtained by the legal process of discovery in those proceedings
  • It would be unlawful to provide access
  • Denying access is required or authorised by law
  • Providing access would be likely to prejudice an investigation into possible unlawful activity.

If we deny access to personal information, reasons will be provided in writing for doing so.

We will allow you to apply to update, correct or amend your personal information, to ensure its accuracy.

If CatholicCare is not prepared to amend  the information, you will be informed of the reasons for the refusal. At your request, CatholicCare will take reasonable steps to attach a statement by you to the original information to detail the amendment sought or state that you believe the information held is inaccurate, incomplete, not up-to-date and/or misleading.

Use of Information

Personal information will only be used for the purpose that it was collected, unless:

  • You give your express written consent to the information being used for other purposes; or
  • Further use of the information is directly related to the purpose of the original collection; or
  • Further use of the information is necessary to prevent a serious and imminent threat to the life or health of any individual, or to the general public; or
  • The use is required or allowed to be made by law (including for required data collection and program contract reporting).


CatholicCare will only disclose personal information:

  • For the primary purpose for which it was collected; or
  • For a directly related secondary purpose within your reasonable expectations as a client; or
  • With your consent; or
  • To deal with a serious and imminent threat to personal or public health or safety; or
  • Where authorised or required by law.

CatholicCare will only disclose sensitive personal information:

  • With your written consent; or
  • To deal with a serious and imminent threat to personal or public health or safety; or
  • Where authorised or required by law.

If you have a concern about the way your personal information has been handled, we ask that you try to resolve your information or privacy complaint directly with us first. You can do this by contacting:

Executive Manager – Quality, Safeguarding, Risk & Compliance
CatholicCare Diocese of Broken Bay
P: (02) 9481 2600

If you are unhappy with CatholicCare’s response, you can contact:

Information and Privacy Commission NSW

The Information and Privacy Commission  NSW (IPC NSW) has complaint handling responsibilities under the Government Information (Information Commissioner) Act 2009 and the NSW Privacy and Personal Information Protection Act 1998 (PPIP Act) including private agencies, like CatholicCare, which provides contracted services to the community on behalf of the NSW government.

Complaints can be lodged with the Information Commissioner:

P: 1800 IPC NSW (1800 472 679)
W: index.html

Office of the Australian Privacy Commissioner

The Office of the Australian Information Commissioner (OAIC) has complaint handling responsibilities under the Privacy Act 1988 (Cth) (Privacy Act). You can complain to the OAIC if you believe that your privacy has been interfered with by an Australian government agency or a private sector organisation, like CatholicCare, covered by the Privacy Act 1988 (Cth).

Privacy complaints can be lodged via:
P: 1300 363 992

Contact Form