In order to safeguard the personal information entrusted to Small Church Connections (“SCC”), SCC will comply with:
- The Personal Protection and Electronic Documents Act (PIPEDA)
- Any other applicable legislation
Small Church Connections is committed to maintaining the accuracy, confidentiality and security of all personal information in its possession. SCC, its Board members, officers, employees and volunteers are required to comply with this policy. As part of this commitment SCC has adopted the following ten principles, based on the values set out by the Personal Information Protection and Electronic Documents Act.
SCC has appointed the Director of Small Church Connections as the Privacy Officer responsible for the organization’s compliance with this policy. Each SCC department is responsible for maintaining and protecting the personal information under its control and is accountable for such information to the privacy officer.
2. Identifying Purposes
SCC will identify the purposes for which personal information is collected at or before the information is collected.
The officer shall endeavour to make the purposes clear and understandable for the person providing the information.
The officer will ensure that the information collected will not be used for any other purpose unless the new purpose is required by law.
The officer shall ensure that limited collection, limited use, disclosure and retention principles are respected in identifying why personal information is collected.
Use of SCC products or services, enrolment as a volunteer, attendance at a SCC event constitutes consent for SCC to collect and use information. An individual may withdraw consent at any time subject to legal or contractual restrictions and reasonable notice. The choice to provide information is always the individual’s.
Consent can be expressed in writing, by using or not using a check-off box, electronically, orally (in person of by telephone) or by the conduct of the parties.
4. Limiting Collection
The personal information SCC collects will only be used or disclosed for the purpose for which it was collected or as required by law.
5. Limiting Use, Disclosure and Retention
The officer shall ensure that personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
Personal information shall be kept only as long as necessary for the fulfillment of the purposed for which it was collected.
SCC will keep personal information as accurate, complete and up-to-date as necessary for the purposes for which it is to be used. From time to time, SCC may contact the individual to ensure that the information which it has collected is or remains accurate and up-to-date.
SCC shall ensure that there are proper security safeguards to protect personal information against loss or theft as well as unauthorized access, disclosure, copying, use or modification. Safeguards include physical, administrative and electronic security measures. All employees are required to abide by the privacy standards we have established. In the course of daily operations access to personal information is restricted to those employees whose job responsibilities require them to access it.
Information about SCC’s policies and practices relating to the management of personal information is readily available to individuals upon request to the Chief Privacy Officer.
9. Individual Access
Upon written request from an individual, SCC will provide access to the individual for the purpose of reviewing that individual’s personal information. In certain situations, SCC may refuse to disclose personal information to the individual to whom the personal information relates:
- where required by law, certain personal information may not be disclosed
- where the information contains personal information about another person
- where the information was gathered in the course of a formal dispute resolution process
- where the information is subject to solicitor-client privilege
If access cannot be provided SCC will notify the individual, in writing, of the reasons for refusal.
10. Challenging Compliance
Where it is suspected or evident that an unauthorized disclosure of personal information, a privacy breach, has occurred, the individual or individuals who are aware of the potential privacy breach shall immediately notify the Privacy Officer who will immediately investigate the concern.
If the complaint is found to be justified, the Officer shall take appropriate measures, including, if necessary, emending this policy and general policies and procedures to personal information entrusted to SCC.