This current policy came into effect at 25 May 2018. We may need to update it over time but if we do, we'll post the updated version on our website.
Elvanto provides church management software to help Churches manage their congregations. As part of providing that service, we collect information from people who make enquiries of us, trial our software, or set up and operate an account on behalf of a Church. This might include:
We call this information “Church Information.”
Our service aims to give Churches the right tools and flexibility to help stay connected with their congregations and other people. As part of this, Churches can include lots of information about their members in their account by adding new fields to the standard data categories which we set up.
Churches themselves upload or support the uploading of Individual Information into the Church Account. That Individual Information is usually not disclosed to us nor do we have any right to use that Individual Information.
The information that our Church clients enter and store about their congregations and other people in our software is called “Individual Information.” We assume that Churches have collected all Individual Information lawfully.
We collect Church Information directly from you unless you authorise another person to provide the information. We may also collect personal information from you when you interact with us online or over the phone in order to assist with your on-line query, email or call.
If you contact Elvanto with a general question you can interact with us anonymously or through the use of a pseudonym.
Because we offer church management software, the Church Information we collect includes information about your religious opinions, beliefs, associations or affiliations. This type of information is regarded as deserving special treatment and is defined as “sensitive information” by privacy laws.
We need your consent to the collection of sensitive information. To support this requirement, we have included confirmation of your consent in our on-line forms and on our website. If you do not provide this information, we may not be able to provide our Services.
Member Information is also sensitive information but this information has been collected by the Church. If you are concerned about the Member Information that has been included in the Elvanto service, we recommend you contact your Church directly.
We use social networking services such as Twitter, Facebook and YouTube to communicate with Churches and the public about our Services. When you communicate with us using these services we may collect your Personal Data, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies and we recommend that you review them.
We will only use personal information for purposes related to providing our Services.
Examples of this use by us include:
We will not use your information for purposes other than described in this Section unless we have your consent or there are specified law enforcement or public health and safety reasons or other uses required by law.
In most cases, Elvanto will interact only with the nominated Super Admins for a Church Account, and not directly with Individual users. We are happy to interact with Individual Users but in most cases will direct them back to the Super Admin or Authorised User for their Church Account. In later sections of this Policy we describe how we respond to requests for access to, correction and deletion of Individual Information.
Generally, we do not collect Individual Information (other than in special cases, such as when we help with on-boarding). However, if Churches do provide us with Individual Information (for example, for on-boarding) we will only use this information for the specific reason for which it is provided.
Elvanto may use Church Information for marketing purposes, or to send you promotional material. We will only do this if you have opted into receiving marketing material.
We may also conduct surveys or market research or seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the types and quality of services offered to you, and the way those services are offered to you.
To opt-out of receiving certain marketing materials through the Elvanto system either:
- contact Elvanto by email firstname.lastname@example.org; or
- select the "unsubscribe" link provided in the email.
Your Church has the flexibility to determine how it might use Individual Information. If you are concerned or have any questions about that use, you should contact your Church directly.
Your Church may use Elvanto to send you marketing or promotion material. To opt-out of receiving certain marketing materials through the Elvanto system if you are a Church member, you may contact your Church or select the "unsubscribe" link provided in the email.
Unless you consent, we will not disclose any Church Information or Individual Information to third parties, other than sub-processors we use as part of delivering the Service.
The sub-processors used by us include Amazon Web Services, Inc., SendGrid, Inc., and Pusher Ltd. These sub-processors are located in the US, the UK and the EU.
Use of their services may involve the transfer of personal information to them.
For all our sub-processors:
We also give our Churches the option to use services that may involve third parties. This may be done via a link to another service or website and may include, as an example, links to PayPal or Stripe for online payment.
The decision to use these services is at the discretion of each Church.
Although we try to only partner with reputable and trustworthy suppliers, we cannot control or be responsible for the policies of other sites we may link to, or the use of any Personal Data you may share with them.
Please note that this Policy does not cover these other websites, and we recommend that you review the privacy policies attached to the use of those services and websites before deciding whether to proceed.
If you do not want your Individual Information to be shared with third parties for example for the purposes of emailing or texting you or supporting event registration, please let your Church know and they can disable these services for you.
We store your personal information using secure servers provided by Amazon Web Services, which servers are protected from unauthorised access, modification or disclosure.
The location of the server on which your information is stored is dependent on your Church's location:
|Church Location||Server Location|
Australia, New Zealand, the Pacific and Asia
All other locations
We take steps to protect the security of the personal information we hold from both internal and external threats by:
However, we also note that no data transmission over the Internet or information system or storage technology can be guaranteed to be 100% secure.
If a data breach occurs, we will:
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how you use the site.
Cookies are used to store information, such as the time that the current visit occurred, whether you have been to the site before and what site referred you to our web page.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
Generally, we will keep Personal Information for the period during which any legal claim may be made in regard to the provision of Services in accordance with legal requirements or to meet our legal obligations. For example, we hold billing records, and any information associated with those records (such as the number of members a Church had) for 7 years.
This is in accordance with our Data Retention and Deletion Policy. Please let us know if you would like to see a copy of this policy.
If we hold personal information about you, and we do not need that information for any purpose, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law. The basis on which we delete information is included in our Data Retention and Deletion Policy.
An Authorised User can ask us to delete Church Information at any time, and we will delete it from all live systems and make sure we do not process it further in any way (other than as we may need to support your account or for other reasonable administrative or legal purposes, such as billing).
We do not delete Church Information from back-ups. However, we only keep back-ups for a maximum of 30 days. All our back-ups are encrypted and stored securely. If any back up is used to restore data, we will check and ensure that all deletion requests are actioned before restoring the data. Generally, we only restore data from the last 24 hours.
We apply the following rules to the permanent deletion of information:
More detailed information on when we delete information is included in our Data Retention and Deletion Policy. Please let us know if you would like a copy of this policy.
Churches can delete or disable Individual Information at any time. Members who wish to delete or stop the use of their Individual Information should contact their Church. Permanent deletion of Individual Information will be done in accordance with section 9.2 above.
If a Member feels their Church has not dealt with their request promptly or effectively, we will respond in the same way we would to a request for access (see the next paragraph for more information).
You can contact us at any time and Elvanto will provide access to Church Information we hold (subject to allowable exceptions). We will provide access within a reasonable time and at a reasonable cost.
We endeavour to only hold personal information that is accurate, complete and up-to-date, Authorised Users can update their Church Information at any time via the Account Settings for their Church Account. We encourage you to keep these details up to date.
If you become aware that any Church Information we hold is no longer accurate, complete or up-to-date please contact us to correct the information (using the contact details below).
Members who wish to access or correct their Individual Information should contact their Church.
If Members contact us, we will refer them to the Church. If the Church does not promptly or effectively respond to their requests, we will do so after having taken reasonable steps to verify their identity. In these circumstances, we expect that the Church will promptly provide us with all reasonable assistance to fulfil the Member's request at its cost (as provided in the Terms of Service).
If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact either of the following:
Suite 5, 15 Lake Street
Varsity Lakes QLD 4227
Phone: (07) 3062 2359
Elvanto Data Protection Officer:
Dr Jodie Siganto
PO Box 3295
For further information about privacy in general, please refer to the Office of the Australian Information Commissioner's website located at http://www.oaic.gov.au.
Alternatively, please contact us or our Data Protection Officer using the contact details above and we will gladly send you a copy free of charge.