1.0 Scope
This Privacy and Confidentiality Policy applies to:
- The MAID Family Support Society (the “Society”)
- Volunteers and board members
- Any of the Society’s subsidiaries or related affiliates
- Any service providers collecting, using or disclosing personal information on behalf of the Society.
2.0 Purpose
The purpose of this policy is to:
- Outline the obligations the Society, its volunteers, board members, and service providers must follow for protecting Personal Information as outlined by British Columbia’s Personal Information Protection Act (PIPA).
- Outline the principles and practices that must be followed in protecting personal information.
- Set out expectations for the Society’s volunteers, board members, and service providers for maintaining the confidentiality of information they may have access to during their time volunteering and/or collaborating with the Society.
3.0 Consent
- Consent may be implied, specifically:
- Where the purpose for collecting, using, or disclosing personal information would be considered obvious and a volunteer, client, or donor voluntarily provides personal information for that purpose.
- Where a volunteer, client, or donor is given notice and a reasonable opportunity to opt out of their personal information being used for newsletters, mail-outs, informational updates, or fundraising and the client or donor does not opt-out.
- Where required, we will obtain consent before collecting personal information.
- We will obtain volunteer, client or donor consent to collect, use, or disclose personal information (except where, as noted above, we are authorized to do so without consent).
- Consent can be provided orally, in writing, or via a third party in a similar fashion.
- Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), volunteers, clients, or donors can withhold or withdraw their consent for the Society to use their personal information. If a client’s or donor’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular service or product, we will explain the situation to assist the client or donor in making the decision.
- We may collect, use, or disclose personal information without the client or donor’s knowledge or consent in the following limited circumstances:
- When the collection, use, or disclosure of personal information is permitted or required by law.
- In an emergency that threatens an individual’s life, health, or personal security.
- When the personal information is available from a public source (e.g., a telephone directory).
- When we require legal advice from a lawyer.
- To collect a debt.
- To protect the Society from fraud.
- To investigate an anticipated breach of an agreement or a contravention of law.
4.0 Collection of Personal Information
- We collect personal information for record keeping.
- We use de-identified information as statistics (e.g., annual reports) to help us plan and evaluate services. We also include statistics in grant proposals.
- Unless the purpose for collecting personal information is obvious and personal information is voluntarily disclosed for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.
- We may collect information provided to us via interactions or information we obtain from third-party sources.
5.0 Use and Disclosure of Personal Information
- We handle personal information in a manner that a reasonable person would consider appropriate in the circumstances.
- We will only use or disclose volunteer, client, or donor personal information where necessary to fulfill the purposes identified at the time of collection, or for a purpose reasonably related to those purposes.
- We will not use or disclose personal information for any additional purpose unless we obtain consent to do so.
- We will not sell volunteer, client, or donor lists or personal information to other parties unless we have obtained consent.
6.0 Retaining Personal Information
- To ensure that an individual has a reasonable opportunity to access their personal information, we will:
- Retain client or donor personal information for at least one year.
- Retain volunteer personal information for at least one year from the time they have stopped volunteering.
- We will destroy documents containing personal information or remove how the personal information could be associated with particular individuals, as soon as it is reasonable to do so, and the information is no longer required for legal or business purposes.
7.0 Ensuring Accuracy of Personal Information
- We make all reasonable efforts to ensure that the personal information collected is accurate and complete.
- Volunteers, clients, and donors may request correction to their personal information to ensure its accuracy and completeness.
- A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought.
- If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information in the previous year.
8.0 Correction
- Individuals may request access to, and correction of, their personal information. All requests should be directed to info@maidfamilysupport.ca.
9.0 Securing Personal Information
- We are committed to ensuring the security of all personal information to protect it from unauthorized access.
- Personal information will be protected with safeguards as are appropriate for the level of security of the information obtained.
- We continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
10.0 Providing Access to Personal Information
- Volunteers, clients, and donors have a right to access and verify their personal information, subject to legal exceptions, or where disclosure may reveal personal information about another individual.
- A request to access personal information must be made in writing. The request should include sufficient detail to identify the personal information being sought.
- Upon request, we will advise volunteers, clients or donors how we use their personal information and to whom it has been disclosed, if applicable.
- We will make the requested information available within thirty business days or provide written notice of an extension where additional time is required to fulfill the request.
- A minimal fee may be charged to the person requesting access to their personal information. Where a fee applies, we will inform the requester of the cost.
- If an access request is denied either in full or in part, we will notify the requestor in writing. We will provide the reason(s) for refusal and the recourse available.
11.0 Compliance
- The Society’s Privacy Officer is responsible for ensuring the Society’s compliance with this policy and the Personal Information Protection Act.
- Volunteers, clients and donors should direct any inquiries regarding the Society’s compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, they should write to the Information and Privacy Commissioner of British Columbia at info@oipc.bc.ca or (250) 387-5629.
12.0 Definitions
Board Member – means a member of the executive committee that supervises the activities of the Society.
Client – means the individual requesting support from the Society.
Contact information – means information that would enable an individual to be contacted at a place of business or publicly available information, and includes name, position name or title, business telephone number, business address, business email or business fax number. Contact information is not covered by this policy or PIPA.
Donor – means the individual or organization making a charitable financial donation to the Society.
Implied consent – means when an individual doesn’t expressly give consent, but volunteers information for an obvious purpose and a reasonable person would consider it appropriate in the circumstances.
MAID Family Support Society (the “Society”) – means a Canadian registered charity in the province of British Columbia.
Personal Information –means personally identifiable information. Personal information includes volunteers, clients and donors.
Personal Information Protection Act (PIPA) – means British Columbia’s legislation that describes how all private and non-profit organizations must handle the personal information it collects, uses, and discloses.
Privacy Officer – means the individual designated accountability by the Society for ensuring that the Society complies with this policy and PIPA.
Volunteer – means an individual who agreed to volunteer with MAID Family Support Society and who has completed all required screening.
Contact information for the Society’s Privacy Officer:
Signy Novak
info@maidfamilysupport.ca