Privacy Policy

1. Introduction

Hello, thanks for choosing Elvanto and welcome to our Privacy Policy.

Before getting into the details, we'd like to highlight some of the key principles behind our Privacy Policy. These principles are important to us because we know they're important to you.

The Privacy Policy is here to do three things:

  • Explain the way we use information Churches share with us in order to build a great product and give you a great experience with it;
  • Ensure that you understand what information we collect with your permission, and what we do — and do not do — with it;
  • Hold us accountable for protecting your rights and your privacy under this policy.

This current policy came into effect at 25 May 2018. We may need to update it over time but if we do, we'll post the updated version on our website.

2. The information we collect

2.1. Church Information

Elvanto provides church management software to help Churches manage their congregations. As part of providing that service, we collect information from people who make enquiries of us, trial our software, or set up and operate an account on behalf of a Church. This might include:

  • Name and contact details
  • Church name and location and number of members
  • Financial information like your Church's bank account details

We call this information “Church Information.”

2.2. Individual Information

Our service aims to give Churches the right tools and flexibility to help stay connected with their congregations and other people. As part of this, Churches can include lots of information about their members in their account by adding new fields to the standard data categories which we set up.

Churches themselves upload or support the uploading of Individual Information into the Church Account. That Individual Information is usually not disclosed to us nor do we have any right to use that Individual Information.

The information that our Church clients enter and store about their congregations and other people in our software is called “Individual Information.” We assume that Churches have collected all Individual Information lawfully.

3. How we collect information

We collect Church Information directly from you unless you authorise another person to provide the information. We may also collect personal information from you when you interact with us online or over the phone in order to assist with your on-line query, email or call.

If you contact Elvanto with a general question you can interact with us anonymously or through the use of a pseudonym.

Sensitive Information

Because we offer church management software, the Church Information we collect includes information about your religious opinions, beliefs, associations or affiliations. This type of information is regarded as deserving special treatment and is defined as “sensitive information” by privacy laws.

We need your consent to the collection of sensitive information. To support this requirement, we have included confirmation of your consent in our on-line forms and on our website. If you do not provide this information, we may not be able to provide our Services.

Member Information is also sensitive information but this information has been collected by the Church. If you are concerned about the Member Information that has been included in the Elvanto service, we recommend you contact your Church directly.

3.1. Social Networking Services

We use social networking services such as Twitter, Facebook and YouTube to communicate with Churches and the public about our Services. When you communicate with us using these services we may collect your Personal Data, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies and we recommend that you review them.

4. Use of your information

We will only use personal information for purposes related to providing our Services.

Examples of this use by us include:

  • providing you with services requested;
  • administering your account, including billing and dealing with payment issues;
  • dealing with requests, enquiries or complaints and other customer care related activities;
  • marketing our services generally.

We will not use your information for purposes other than described in this Section unless we have your consent or there are specified law enforcement or public health and safety reasons or other uses required by law.

In most cases, Elvanto will interact only with the nominated Super Admins for a Church Account, and not directly with Individual users. We are happy to interact with Individual Users but in most cases will direct them back to the Super Admin or Authorised User for their Church Account. In later sections of this Policy we describe how we respond to requests for access to, correction and deletion of Individual Information.

Generally, we do not collect Individual Information (other than in special cases, such as when we help with on-boarding). However, if Churches do provide us with Individual Information (for example, for on-boarding) we will only use this information for the specific reason for which it is provided.

4.1. Interacting with Elvanto

Elvanto may use Church Information for marketing purposes, or to send you promotional material. We will only do this if you have opted into receiving marketing material.

We may also conduct surveys or market research or seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the types and quality of services offered to you, and the way those services are offered to you.

Unsubscribe

To opt-out of receiving certain marketing materials through the Elvanto system either:

  • contact Elvanto by email info@elvanto.com; or
  • select the "unsubscribe" link provided in the email.

4.2. Interacting with your Church

Your Church has the flexibility to determine how it might use Individual Information. If you are concerned or have any questions about that use, you should contact your Church directly.

Your Church may use Elvanto to send you marketing or promotion material. To opt-out of receiving certain marketing materials through the Elvanto system if you are a Church member, you may contact your Church or select the "unsubscribe" link provided in the email.

5. Sharing information and Sub-processors

Unless you consent, we will not disclose any Church Information or Individual Information to third parties, other than sub-processors we use as part of delivering the Service.

The sub-processors used by us include Amazon Web Services, Inc., SendGrid, Inc., and Pusher Ltd. These sub-processors are located in the US, the UK and the EU.

Use of their services may involve the transfer of personal information to them.

For all our sub-processors:

  • we remain primarily liable to you for the acts and omissions of the sub-processor;
  • each sub-processor has agreed that it will only access and use Church or Individual Information to the extent necessary to perform the functions contracted to it by us and which are necessary for us to be able to provide the Services;
  • we ensure that they will comply with all the obligations contained in this Policy and principles substantially similar to those contained in Australian privacy laws either as part of the terms of service we have with them or pursuant to their commitment as organisations that have certified as being compliant with the EU-US Privacy Shield arrangement.

5.1. Third party services and websites

We also give our Churches the option to use services that may involve third parties. This may be done via a link to another service or website and may include, as an example, links to PayPal or Stripe for online payment.

The decision to use these services is at the discretion of each Church.

Although we try to only partner with reputable and trustworthy suppliers, we cannot control or be responsible for the policies of other sites we may link to, or the use of any Personal Data you may share with them.

Please note that this Policy does not cover these other websites, and we recommend that you review the privacy policies attached to the use of those services and websites before deciding whether to proceed.

If you do not want your Individual Information to be shared with third parties for example for the purposes of emailing or texting you or supporting event registration, please let your Church know and they can disable these services for you.

6. How we hold your information

We store your personal information using secure servers provided by Amazon Web Services, which servers are protected from unauthorised access, modification or disclosure.

The location of the server on which your information is stored is dependent on your Church's location:

Church Location Server Location

Australia, New Zealand, the Pacific and Asia

Australia

United States

United States

All other locations

Ireland

7. Security of your Personal Information

We take steps to protect the security of the personal information we hold from both internal and external threats by:

  • regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information
  • taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to; and
  • conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.

However, we also note that no data transmission over the Internet or information system or storage technology can be guaranteed to be 100% secure.

If a data breach occurs, we will:

  • notify you of it as soon as reasonably possible after it comes to our attention;
  • take reasonable steps to secure the affected data and minimise harm to all individuals; and
  • provide you with whatever reasonable assistance might otherwise be required.

8.Elvanto's use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how you use the site.

Cookies are used to store information, such as the time that the current visit occurred, whether you have been to the site before and what site referred you to our web page.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

9. Retention and Deletion of Personal Information

9.1. Retention

Generally, we will keep Personal Information for the period during which any legal claim may be made in regard to the provision of Services in accordance with legal requirements or to meet our legal obligations. For example, we hold billing records, and any information associated with those records (such as the number of members a Church had) for 7 years.

This is in accordance with our Data Retention and Deletion Policy. Please let us know if you would like to see a copy of this policy.

9.2. Deletion and Disposal

If we hold personal information about you, and we do not need that information for any purpose, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law. The basis on which we delete information is included in our Data Retention and Deletion Policy.

An Authorised User can ask us to delete Church Information at any time, and we will delete it from all live systems and make sure we do not process it further in any way (other than as we may need to support your account or for other reasonable administrative or legal purposes, such as billing).

We do not delete Church Information from back-ups. However, we only keep back-ups for a maximum of 30 days. All our back-ups are encrypted and stored securely. If any back up is used to restore data, we will check and ensure that all deletion requests are actioned before restoring the data. Generally, we only restore data from the last 24 hours.

We apply the following rules to the permanent deletion of information:

  • Church Accounts and associated Individual Information, where there has been no activity for more than 7 months (and where not required for Elvanto's own records or administrative processes) will be deleted permanently; and
  • Individual Information which has been deleted or disabled, will be permanently deleted or de-identified 90 days after deletion or disabling (or 18 months where members have financial data associated to them).

More detailed information on when we delete information is included in our Data Retention and Deletion Policy. Please let us know if you would like a copy of this policy.

9.3. Deletion of Individual Information by Churches

Churches can delete or disable Individual Information at any time. Members who wish to delete or stop the use of their Individual Information should contact their Church. Permanent deletion of Individual Information will be done in accordance with section 9.2 above.

If a Member feels their Church has not dealt with their request promptly or effectively, we will respond in the same way we would to a request for access (see the next paragraph for more information).

10. How to access your Personal Information

You can contact us at any time and Elvanto will provide access to Church Information we hold (subject to allowable exceptions). We will provide access within a reasonable time and at a reasonable cost.

We endeavour to only hold personal information that is accurate, complete and up-to-date, Authorised Users can update their Church Information at any time via the Account Settings for their Church Account. We encourage you to keep these details up to date.

If you become aware that any Church Information we hold is no longer accurate, complete or up-to-date please contact us to correct the information (using the contact details below).

Members who wish to access or correct their Individual Information should contact their Church.

If Members contact us, we will refer them to the Church. If the Church does not promptly or effectively respond to their requests, we will do so after having taken reasonable steps to verify their identity. In these circumstances, we expect that the Church will promptly provide us with all reasonable assistance to fulfil the Member's request at its cost (as provided in the Terms of Service).

11. How to contact us

If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact either of the following:

Elvanto:

Suite 5, 15 Lake Street
Varsity Lakes QLD 4227
Australia

Phone: (07) 3062 2359

Email: info@elvanto.com

Elvanto Data Protection Officer:

Dr Jodie Siganto
Ringrose Siganto

PO Box 3295
Yeronga 4104
Australia

Email: jodie.siganto@ringrosesiganto.com.au

12. Amendments of this Privacy Policy

We may need to update this Privacy Policy from time to time. If we do, we'll post the updated version on our website. Your continued use of the Service or the site after the notice period has lapsed indicates your consent to be bound by the amended Privacy Policy.

13. More information

For further information about privacy in general, please refer to the Office of the Australian Information Commissioner's website located at http://www.oaic.gov.au.

14. Copy of this policy

To download a PDF version of this Privacy Policy, click here.

Alternatively, please contact us or our Data Protection Officer using the contact details above and we will gladly send you a copy free of charge.