________________________________________ (the "Congregation")
Principle 1 - Accountability
We are responsible for personal information in our possession or under our control.
Principle 2 - Identifying Purposes for Collection of Personal Information
We will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 We collect personal information only for the following purposes:
2.2 When personal information that has been collected is to be used or disclosed for a purpose not previously identified, the new purpose will be identified prior to use. Unless the new purpose is permitted or required by law, consent will be required before the personal information will be used or disclosed for the new purpose.
Principle 3 - Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of an individual are required for the collection, use or disclosure of personal information, except where inappropriate.
3.1 In obtaining consent, we will use reasonable efforts to ensure that an individual is advised of the identified purposes for which personal information is being collected and will be used or disclosed. Purposes will be stated in a manner that can be reasonably understood by that individual.
3.2 Generally, we will seek consent to use and disclose personal information at the same time as we collect the information. However, we may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
3.3 In determining the appropriate form of consent, we will take into account the sensitivity of the personal information and the reasonable expectations of the individual to whom the personal information relates.
3.4 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Individuals may contact us for more information regarding the implications of withdrawing consent.
3.5 In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example:
Principle 4 - Limiting Collection of Personal Information
We will limit the collection of personal information to that which is necessary for the purposes that we have identified. We will collect personal information by fair and lawful means.
4.1 Generally, we will collect personal information from the individual to whom it relates. With your consent, personal information may be gathered from you personally, on the telephone, through the mail or over the Internet.
4.2 We may also collect personal information from other sources including employers or personal references, or other third parties who represent that they have the right to disclose the information.
4.3 The personal information typically collected and maintained by us includes an individual's:
The information so collected depends upon the project, committee or purpose disclosed at the time of collection.
4.4 We may also request personal information from an individual to assist us in making mission and ministry decisions. For example, we may collect and use personal information to assess the strengths and weaknesses of workers and volunteers so that we are able to match a congregation's needs with a worker's strengths.
Principle 5 - Limiting Use, Disclosure, and Retention of Personal Information
We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. We will retain personal information only as long as necessary for the fulfillment of the purposes for which it was collected.
5.1 We may disclose an individual's personal information to:
5.2 Only our pastors, employees, contractors, directors and volunteers with a business need to know, or whose duties or services reasonably so require, are granted access to personal information about a Stakeholder.
5.3 We will keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about an individual, we will retain, for a period of time that is reasonably sufficient to allow for access by that individual, either the actual information or the rationale for making the decision.
5.4 We will maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information will be destroyed, erased or made anonymous.
Principle 6 - Accuracy of Personal Information
Personal information will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1 Personal information used by us will be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
6.2 We will update personal information about an individual as necessary to fulfill the identified purposes or upon notification by that individual.
Principle 7 - Security Safeguards
We will protect personal information through the use of security safeguards appropriate to the sensitivity of the information.
7.1 We will use appropriate security measures to protect personal information against such risks as loss or theft or unauthorized access, disclosure, copying, use, modification or destruction, regardless of the format in which it is held.
7.2 We will protect personal information disclosed to third parties by contractual or other means stipulating the purposes for which it is to be used and the necessity to provide a comparable level of protection.
Principle 8 - Openness Concerning Policies and Procedures
We will make readily available to our Stakeholders specific information about our policies and procedures relating to our management of personal information.
Principle 9 - Access to Personal Information
We will inform an individual of the existence, use and disclosure of his or her personal information upon request, and will give the individual access to that information. An individual will be able to challenge the accuracy and completeness of the information and request to have it amended as appropriate.
9.1 Upon request, we will provide a Stakeholder with a reasonable opportunity to review the personal information in that individual's file. Personal information will be provided in an understandable form within a reasonable time and at minimal or no cost to the individual.
9.2 In certain situations we may not be able to provide access to all of the personal information we hold about an individual. In such a case, we will provide the reasons for denying access upon request. For example:
9.3 Upon request, we will provide an account of the use and disclosure of personal information and, where reasonably possible, will state the source of the information. In providing an account of disclosure, we will provide a list of organizations to which we may have disclosed personal information about the individual when it is not possible to provide an actual list.
9.4 In order to safeguard personal information, an individual may be required to provide sufficient identification information to permit us to account for the existence, use and disclosure of personal information and to authorize access to a particular file. Any such information will be used only for this purpose.
9.5 We will promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness will be noted in the individual's file. Where appropriate, we will transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
9.6 Individuals can obtain information or seek access to their personal information by contacting our Privacy Officer during our office hours.
Principle 10 - Challenging Compliance
An individual will be able to address a challenge concerning compliance with the above principles to our Privacy Officer.
10.1 We will maintain procedures for addressing and responding to all inquiries or complaints from any Stakeholder about our handling of personal information.
10.2 We will inform Stakeholders about the existence of these procedures as well as the availability of complaint procedures.
10.3 Our Privacy Officer may seek external advice where appropriate before providing a final response to individual complaints.
For more information regarding our Privacy Project, please contact our Privacy Officer by:
For a copy of PIPEDA or to contact the Privacy Commissioner of Canada, please visit the Office of the Privacy Commissioner of Canada's Internet web site at: www.privcom.gc.ca