As a representative of the Australian Government I have an obligation to protect your privacy and maintain confidentiality.
Personal Information about individuals is to satisfy legal obligations and to fulfil the celebrant’s official purpose. If the Celebrant requests information to be provided and the request is not complied with, the Celebrant may be unable to fulfil their obligation to marry the parties.
I collect, hold, use and disclose Personal Information so that I can exercise my function and activity and fulfil relevant duties and obligations.
That may include (but is not limited to):
- not discussing any information with a third party without explicit permission
- provide an appropriate environment where clients can discuss issues in privacy and confidence
- ensure that personal information collected is used only for the purpose for which it is collected, unless permission to do so is given by the client
- make the personal information available to the client if they request it
- refrain from talking about clients in public spaces
- all personal information is to remain confidential.
I will collect Personal Information about an individual by way of forms, face-to-face meetings, interviews and telephone calls.
Collection of Personal Information from a third party will be undertaken where it is reasonably necessary to do so.
Kinds of information to be collected and held
The type of information that I collect, and hold will be in line with the Marriage Act and will include but not limited to: name, address, email address, contact telephone number, gender, age, place of birth, parent details.
Sensitive Information will be collected where it is reasonably necessary to develop and create a ceremony, for one or more functions and/or activities. It will only be collected with consent.
Use and disclosure
Personal Information is for the primary purpose of your registration of marriage under the Marriage Act in order for your ceremony to be solemnised.
Personal information will only be used for a secondary purpose if consent has been obtained, where it is reasonably expected or if such use or disclosure falls within a permitted exception.
Sensitive Information will be used and disclosed for the primary purpose of collection, unless I am advised otherwise, or the use or disclosure is required / permitted by law.
Quality of information and security
I will endeavour to ensure that the Personal Information I hold is accurate, complete and up to date.
Reasonable steps will be taken to:
- Protect Personal Information from misuse, interference, loss, unauthorised access, modification or unauthorised disclosure; and
- Destroy or de-identify information that is no longer needed, or not subject to a Notice.
Updating the accuracy of records
If I hold Personal Information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, I will take steps that are reasonable to correct the information.
If I hold Personal Information and a party makes a request in writing to correct the information, I will take steps that are reasonable to correct the information and will respond to any request within a reasonable period.
There are certain circumstances in which I may refuse to correct the Personal Information. In such situations I will give the person written notice that sets out:
- the reasons for the refusal; and
- the mechanisms available to the party to make a complaint.
Storing and archiving records
Personal information is stored in hard copy and electronically.
Hard copy records
Hard copy files are to be stored in locked storage in my office. Access to these records is restricted to myself and my next of kin.
Transportation of all documents will be in a secure lockable container/briefcase
Any destruction of copies of documents or unwanted pieces should be by way of shredding.
All electronic correspondence or other electronic documents regarding Personal Information are filed in the appropriate file in document storage solution.
Only myself and my next of kin have access to these files.
Archiving and Destruction
According to the Marriage Act all documents must be kept for 6 years.
After 6 years, I will destroy any physically stored records in a secure way and for Personal Information contained in an electronic form I will ensure that this information is put in a form beyond use.
Notifiable data breaches
What is a Notifiable Data Breach?
A Notifiable Data Breach occurs when Personal Information of an individual is accessed by, or is disclosed to, an unauthorised person, or is lost, and:
- a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual; or
- in the case of loss (i.e. l leaving a laptop containing Personal Information in a car), unauthorised access or disclosure of Personal Information is likely to occur, and a reasonable person would conclude that the unauthorised access or disclosure would likely result in harm to the relevant individual.
If I suspect that a Notifiable Data Breach has occurred, I will conduct a reasonable and expeditious assessment to determine if there are reasonable grounds to believe that a Notifiable Data Breach has occurred.
I will take all reasonable steps to ensure that the assessment is completed within 30 days of becoming aware of the suspected Notifiable Data Breach.
Subject to any restriction under the Privacy Act, in the event a Notifiable Data Breach occurs, I will, as soon as practicable, prepare a statement outlining details of the breach, and:
- notify the party of the unauthorised access, disclosure or breach; and
- notify the Office of the Australian Information Commissioner of the unauthorised access, disclosure or breach.