Skip to content
Decorative

Privacy Statement

We are committed to protecting the privacy and security of personal information, adhering to all Australian privacy laws and regulations.

MCM works together to support the delivery of programs and services in predictable, transparent and healing oriented ways. Our guidelines uphold the dignity, wellbeing, connectedness and self-determination of people and communities.

MCM is a Child Safe organisation and child safety is at the forefront of our program delivery. Our guidelines ensure that Child Safety is a primary part of everyday thinking and practice. All employees and volunteers have an obligation to ensure we keep children safe from harm and abuse. We are committed to protecting the privacy and security of personal information, adhering to all Australian privacy laws and regulations.

Grey Box Example


T
his statement describes how we collect and use personal information about individuals in accordance with the Australian Privacy Principles (APPs), which are part of the Privacy Act 1988 (Cth). 

MCM is also bound by the Privacy and Data Protection Act 2014 (Vic) (PDPA) and the Information Privacy Principles (IPPs) made under the PDPA and the Health Privacy Principles (HPPs) made under the Health Records Act 2001 (Vic).

What we use your personal information for

Melbourne City Mission (MCM) and MCM Housing uses personal information to carry out its functions and activities, to comply with legal obligations and to help us manage and provide our services.

As a client of MCM the types of personal information we collect may include your name, date of birth, gender, contact information, credit/debit card information, health information and other information about your history with, or relationship to MCM and the circumstances which led you to use our services.

MCM may collect, hold, use, and disclose personal and sensitive information for purposes necessary to carry out our functions and provide our services and programs. Generally, these purposes include:

to assess your welfare needs and to provide you with the welfare and community services and assistance we offer;

to provide you with the necessary care and assistance during your time as a resident of, or recipient of services from one of our services, centers or facilities (such as aged care centers, recovery services, crisis accommodation services, etc.);

  • to provide you with the services requested by you from us;
  • to comply with necessary business and accounting standards;
  • to comply with our reporting obligations to the Australian Taxation Office and other government agencies and public sector bodies;
  • to provide you with information and support services, and to evaluate and report on these services;
  • health promotion – to provide you with information about homelessness and other health factors that may impact on homelessness such as mental and physical health issues;
  • marketing, in order to communicate with you about services and events;
  • statistics so we can better understand the demographics of our clients, supporters, volunteers and donors in order to provide the most relevant information in the most appropriate manner;
  • to carry out internal functions including administration, training, accounting and auditing;
  • to comply with our external auditing obligations; and
  • to communicate with you in relation to our operations, activities, and objectives, to verify your identity, to improve and evaluate our programs and services and to comply with relevant laws.

We may also use personal information (including some sensitive) information to generate aggregated statistical data for the purpose of reporting to Government agencies and to plan for improvements to our services. We take reasonable steps to ensure that the information we report to Government agencies is de-identified and aggregated, so that the statistical data and reports cannot be used to identify you.

How we collect and keep safe your personal, sensitive and health information

As part of administering our services to you, we may collect health information and/or sensitive information. For example, we may collect medical history information from you if you are using particular services or participating in a specific activity where this information is required.

Where MCM engages an external organization to assist it in providing services to you, MCM will ensure that the external organization will only use your personal information collected in line with MCM’s privacy policies and procedures and the relevant privacy related legislation. 

How we collect and store your personal information varies depending on the purpose for which it is collected. MCM will always collect your personal information directly from you unless it is impracticable to do so. This is usually be done in person, over the telephone or by email. Examples may include copies of your written correspondence with us and copies of any application forms, request for assistance and/or other associated documents (including documents generated during your participation in a program with, or otherwise during your interactions with us) and information that you may provide to us in relation to one of the many services and programs we offer.

We may keep copies of your documents (in physical and/or electronic form, at our election) as is necessary to carry out our functions and provide our services and programs. All personal, sensitive and health information is securely stored at all times by us, or an authorised external service provider and only authorised MCM staff members will have access to your information.

Dealing with MCM anonymously or pseudonymously

MCM is committed to maintaining your privacy and we will only use your information for a permitted purpose for which we have collected the information. There is no obligation for you to provide us with any of your personal information however if you choose not to provide us with your personal information, we may not be able to provide you with the services that you require.

You have the option of not identifying yourself or using a pseudonym when dealing with us in relation to a particular matter, unless we believe it is impracticable to do so in the circumstances. If you wish to deal with us in this manner, you must tell us in writing so that we can consider if your request is practicable. Under the APPs, you have the right to deal with us on an anonymous or pseudonymous basis. This means that you do not need to provide us with personal information when we request that information.

How we collect and keep safe your personal, sensitive and health information

As part of administering our services to you, we may collect health information and/or sensitive information. For example, we may collect medical history information from you if you are using particular services or participating in a specific activity where this information is required.

Where MCM engages an external organization to assist it in providing services to you, MCM will ensure that the external organization will only use your personal information collected in line with MCM’s privacy policies and procedures and the relevant privacy related legislation. 

How we collect and store your personal information varies depending on the purpose for which it is collected. MCM will always collect your personal information directly from you unless it is impracticable to do so. This is usually be done in person, over the telephone or by email. Examples may include copies of your written correspondence with us and copies of any application forms, request for assistance and/or other associated documents (including documents generated during your participation in a program with, or otherwise during your interactions with us) and information that you may provide to us in relation to one of the many services and programs we offer.

We may keep copies of your documents (in physical and/or electronic form, at our election) as is necessary to carry out our functions and provide our services and programs. All personal, sensitive and health information is securely stored at all times by us, or an authorised external service provider and only authorised MCM staff members will have access to your information.

Dealing with MCM anonymously or pseudonymously

MCM is committed to maintaining your privacy and we will only use your information for a permitted purpose for which we have collected the information. There is no obligation for you to provide us with any of your personal information however if you choose not to provide us with your personal information, we may not be able to provide you with the services that you require.

You have the option of not identifying yourself or using a pseudonym when dealing with us in relation to a particular matter, unless we believe it is impracticable to do so in the circumstances. If you wish to deal with us in this manner, you must tell us in writing so that we can consider if your request is practicable.

Under the APPs, you have the right to deal with us on an anonymous or pseudonymous basis. This means that you do not need to provide us with personal information when we request that information.

How we may share your information

In order to carry out our functions and provide our services and programs to you, we may need to disclose your information to external service providers. This may include:

  • External support services: to healthcare professionals, other professionals, counsellors, service providers, agencies that provide support services. Your personal Information will only be provided with your expressed permission;
  • Contractors and service providers who perform services on our behalf, such as mailing houses, printers, information technology services providers (including offshore cloud computing service providers), and database contractors. The information we share with these will not be stored, used or shared by those parties; and
  • MCM Board members, staff and relevant program managers who may need to contact you to update your information.

We will only share your personal and sensitive information in accordance with your express consent and instructions, subject to the exclusions set out in the APP’s. We do not supply our database information to other marketing organisations not acting on our behalf.

Sharing your photographs/videos/recordings/experiences with others

MCM provides opportunities for individuals who engage with our services to share their experiences in several ways. These include sharing photographs, videos and recordings of individuals as well as their experiences during their time with MCM. Various mediums are used by MCM such newsletters, on our website and on social media. We will only share your information in this way with your express consent which is obtained via MCM’s media sharing consent process.

Security and retention of personal information

MCM takes all reasonable steps to protect your information from misuse, interference, and loss, and from unauthorised access, modification or disclosure. Information stored electronically will be stored securely either on an MCM database, a database maintained by a cloud hosting service provider or other third-party database storage or server provider. Backups of electronic information are written to drives which are stored offsite.

Except as otherwise permitted or required by applicable law or regulation, MCM only retains personal data for as long as necessary to fulfil the purposes they collected it for, as required to satisfy any legal, accounting or reporting obligations, or as necessary to resolve disputes.

To determine the appropriate retention period for personal data, MCM considers the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for processing the personal data, whether we can fulfil the purposes of processing by other means and any applicable legal requirements.
Hard copy information is also stored securing on our premises.

Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information and we take reasonable steps to protect the privacy and security of that information.

MCM takes reasonable steps to ensure that any third party to which we disclose personal information collected from or about an individual takes steps to protect the personal information so disclosed and to destroy or to de-identify the information when the information is no longer required.

When we take steps to destroy or to de-identify personal information that is no longer required for the purpose(s) for which the information was collected, we will take reasonable steps to destroy or to de-identify the information in a secure manner.

Your direct debit or credit card information

We use Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only.

Storage and retention of personal information

Most personal information held by us is stored in our systems. Some of these systems may be externally hosted or managed. Generally, your information will be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Accessing your personal information

We will take reasonable steps to ensure the personal information we hold about you is accurate, up-to-date, complete, relevant, and not misleading.You can request access to the personal information we hold about you at any time by contacting MCM’s Privacy Officer.  You also have a right to ask us to correct any inaccurate personal information we hold about you.  Sometimes, we may not be able to provide you with access to all your personal information.

In these instances, reasons include where:

  • it would pose a serious threat to the life, safety or health of any individual or to public health or public safety;
  • access would have an unreasonable impact on the privacy of other individuals;
  • the request is frivolous or vexatious;
  • denying access is required or authorised by a law or a court or tribunal order;
  • access would be unlawful; and
  • where access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.

If we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.

We also reserve the right to redact information made available in response to an access request, in order to protect the privacy of other individuals.

Given that we hold personal, sensitive  and health information collected from many individuals, and we do not wish to interfere with the privacy of other individuals, we reserve the right to request from you information in order to verify your identity in order to ensure that we do not inadvertently disclose personal information about another individual(s) to you where you are not entitled to access such access would pose a serious threat to the life, safety or health of any individual or to public health or public safety.

Data breach management

MCM is committed to protecting your privacy and where there has been a suspected or actual data breach we will follow the process in our Data Breach Policy and Response Plan which includes:

  • investigating any reported actual or suspected data security breaches;
  • where applicable, make the required report of a data breach to the relevant regulatory authority within the required time; and
  • notifying the affected individuals if a data breach is likely to result in serious harm as required by law.

How we comply with the Notifiable Data Breaches Scheme

MCM will notify you in the event your personal information is involved in a data breach that is likely to result in serious harm. This notification will include recommendations about the steps you should take in response to the breach. We will also notify The Australian Information Commissioner of eligible data breaches. Each suspected data breach reported to us will be assessed to determine whether it is likely to result in serious harm, and as a result require notification.

Updates to this Information Privacy Statement

We may update this Privacy statement from time to time to reflect new services, changes in our personal information practices or relevant laws.

How to raise a concern/contact our Privacy Officer

If you have any queries about how we manage your personal information please contact our Privacy Officer at privacy@mcm.org.au

Application process

Need help?

If you have any questions or would like more information, please don't hesitate to reach out to us. We're here to support you throughout the tenancy process.

Back to top