BACKGROUND
In order to comply
with the federal government's Personal
Information Protection and Electronic Documents Act ("PIPEDA")
that regulates the collection, use and disclosure of personal information in
commercial activities, we have developed this Privacy Policy. We have adopted as the foundation of our
Privacy Policy the 10 Principles
that are set out in the National Standard of Canada entitled "Model Code for the Protection of Personal
Information" and that form part of PIPEDA. Our objective is to promote responsible and transparent personal
information management practices.
The following principles guide us in the
collection, use, disclosure and retention of personal information. Since we regularly review all of our
policies and procedures, and since privacy law can be expected to evolve in
Canada as the Office of the Privacy Commissioner and the courts provide
guidance as to the application of PIPEDA to specific fact situations, as PIPEDA
may itself be amended and as provincial privacy laws are enacted, we may change
our Privacy Policy at any time or from time to time.
SCOPE
AND APPLICATION
The scope and application of our Privacy
Policy is as follows:
1.
1. The 10 Principles that form the basis of our
Privacy Policy are interrelated, and we will strive to adhere to them as a
whole.
2.
2. Our Privacy Policy applies to personal
information about the members, volunteers, donors, and
other constituents or stakeholders of our Congregation (collectively, our "Stakeholders")
that we collect, use or
disclose in the course of commercial activities.
3.
3. Our Privacy Policy applies to the management
of personal information in any form, whether written, oral or electronic.
4.
4. Our Privacy Policy does not impose any
limits on our collection, use or disclosure of any of the following
information:
(a)
(a)
an individual's name, address
and telephone number that appears in a telephone directory that is available to
the public, where the individual can refuse to have their personal information
appear in such a directory;
(b)
(b)
an employee's name, title,
business address or telephone number; or
(c)
(c)
other information about an
individual that is publicly available or that is specified by regulation
pursuant to PIPEDA.
5.
5. The application of our Privacy Policy is
subject to the requirements and provisions of PIPEDA, the regulations enacted
thereunder and any other applicable legislation, regulation, court order or
other lawful authority.
GOVERNING PRINCIPLES
Principle 1 – Accountability
We are responsible
for personal information in our possession or under our control.
1.1 Responsibility
for compliance with the provisions of our Privacy Policy rests with our Privacy
Officer, who can be reached by using the contact information at the end of this
Privacy Policy. Other individuals
within our organization may be delegated to act on behalf of our Privacy
Officer or to take responsibility for the day-to-day collection and processing
of personal information.
1.2 We will implement policies and
procedures to give effect to our Privacy Policy, including:
(a) implementing procedures to protect personal information and to oversee our compliance with our Privacy Policy;
(b) developing information materials to explain
our policies and procedures;
(c) training our pastors, employees, contractors, directors and volunteers about our policies and procedures; and
(d) establishing
procedures to receive and respond to inquiries or complaints.
Principle 2 -
Identifying Purposes for Collection of Personal Information
We will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 We collect personal information only for the
following purposes:
(a) to identify our Stakeholders;
(b) to establish and maintain responsible
relationships with our Stakeholders;
(c) to understand, develop and/or enhance the
needs, desires, concerns or opinions of our Stakeholders;
(d) to carry out our organizational activities,
all with a view to advancing the goals of our Mission Statement;
(e) to manage and develop our business and
operations;
(f) to meet legal and regulatory requirements;
(g) to record the history of our Congregation,
which may be shared with Lutheran Church-Canada as well as with any District of
Lutheran Church-Canada and their respective agencies and affiliates, and which
may be made available to the public through the Lutheran Historical Institute;
and
(h) to communicate with our Stakeholders, to keep
our Stakeholders advised of our activities, to send important notices to our
Stakeholders, to respond to special needs or inquiries, and to send information
regarding our mission and ministry, as well as that of Lutheran Church-Canada,
any District of Lutheran Church-Canada, and their respective agencies and
affiliates. For example, we may use
personal information to send our Stakeholders information regarding:
·
·
ministry
resources and services,
·
·
selected
third-party suppliers,
·
·
Congregation
financial initiatives,
·
·
estate
planning information,
·
·
continuing
education opportunities,
·
·
the
source of books, services and merchandise which are available by various
vendors, and
·
·
the
provision of gifting opportunities.
2.2 When
personal information that has been collected is to be used or disclosed for a
purpose not previously identified, the new purpose will be identified prior to
use. Unless the new purpose is
permitted or required by law, consent will be required before the personal
information will be used or disclosed for the new purpose.
Principle 3 -
Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of an individual are required for the
collection, use or disclosure of personal information, except where
inappropriate.
3.1 In
obtaining consent, we will use reasonable efforts to ensure that an individual
is advised of the identified purposes for which personal information is being
collected and will be used or disclosed.
Purposes will be stated in a manner that can be reasonably understood by
that individual.
3.2 Generally,
we will seek consent to use and disclose personal information at the same time
as we collect the information. However,
we may seek consent to use and disclose personal information after it has been
collected, but before it is used or disclosed for a new purpose.
3.3 In
determining the appropriate form of consent, we will take into account the
sensitivity of the personal information and the reasonable expectations of the
individual to whom the personal information relates.
3.4 An
individual may withdraw consent at any time, subject to legal or contractual
restrictions and reasonable notice.
Individuals may contact us for more information regarding the
implications of withdrawing consent.
3.5 In certain circumstances, personal
information can be collected, used or disclosed without the knowledge and
consent of the individual. For example:
(a) if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is seriously ill or mentally incapacitated;
(b) if seeking the consent of the individual might defeat the purpose for collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law, or that of a foreign jurisdiction;
(c) if there is an emergency where the life,
health or security of an individual is threatened; or
(d) if disclosure is to a lawyer representing us, to comply with a subpoena, warrant or other court order, or is otherwise required or authorized by law.
Principle 4 -
Limiting Collection of Personal Information
We will
limit the collection of personal information to that which is necessary for the
purposes that we have identified. We
will collect personal information by fair and lawful means.
4.1 Generally,
we will collect personal information from the individual to whom it
relates. With your consent, personal
information may be gathered from you personally, on the telephone, through the
mail or over the Internet.
4.2 4.2
We
may also collect personal information from other sources including employers or
personal references, or other third parties who represent that they have the
right to disclose the information.
4.3 4.3
The personal information typically collected and maintained by us
includes an individual's:
(a) (a)
name,
(b) (b) mailing
address,
(c) (c)
e-mail address,
(d) (d) telephone
number,
(e) (e) date of
birth,
(f) (f)
place of employment,
(g) (g) photographs,
(h) (h)
baptismal records,
(i) (i)
marriage records,
(j) (j)
burial records,
(k) (k)
participation and/or membership in classes and groups with the
Congregation,
(l) (l)
participation and/or membership in Congregation boards and committees,
(m) (m) charitable
contributions and pledges,
(n) (n)
list of talents and areas of interest,
(o) (o) attendance
and communion records, and
(p) (p) Confirmation
records
The
information so collected depends upon the project, committee or purpose
disclosed at the time of collection.
4.4 4.4
We
may also request personal information from an individual to assist us in making
mission and ministry decisions. For
example, we may collect and use personal information to assess the strengths
and weaknesses of workers and volunteers so that we are able to match a
congregation's needs with a worker's strengths.
Principle
5 - Limiting Use, Disclosure, and Retention of Personal Information
We will not use or disclose personal information for purposes other
than those for which it was collected, except with the consent of the
individual or as required by law. We
will retain personal information only as long as necessary for the fulfillment
of the purposes for which it was collected.
5.1 We may disclose an individual’s personal
information to:
(a) our pastors, employees, contractors, directors
and volunteers;
(b) our external auditors or legal counsel;
(c) a person who is an authorized agent of that individual. For example, we may provide information about an individual’s donations to that individual’s legal, accounting or financial advisors;
(d) a third party who requires such information in order to assist us in the general administration and/or operation of our business and/or the supply of products and/or services to that individual;
(e) a third party who requires such information and who is affiliated with or otherwise related to or part of Lutheran Church-Canada (including Lutheran Church-Canada, any District of Lutheran Church-Canada, any of their respective agencies and affiliates.
(f) a third party with whom we may at any time in the future be negotiating for the purpose of that third party taking over some or all of our activities;
(g) a public authority or agent of a public authority if, in our reasonable judgment, it appears that there is imminent danger to life or property which could be avoided or minimized by the disclosure of the information;
(h) a third party where that individual has
consented to such disclosure; and
(i) a third party where such disclosure is
required or permitted by law.
5.2 Only
our pastors, employees, contractors, directors and volunteers with a business
need to know, or whose duties or services reasonably so require, are granted
access to personal information about a Stakeholder.
5.3 We
will keep personal information only as long as it remains necessary or relevant
for the identified purposes or as required by law. Depending on the circumstances, where personal information has
been used to make a decision about an individual, we will retain, for a period
of time that is reasonably sufficient to allow for access by that individual,
either the actual information or the rationale for making the decision.
5.4 We
will maintain reasonable and systematic controls, schedules and practices for
information and records retention and destruction which apply to personal
information that is no longer necessary or relevant for the identified purposes
or required by law to be retained. Such
information will be destroyed, erased or made anonymous.
Principle 6 -
Accuracy of Personal Information
Personal information will be as accurate, complete, and up-to-date as
is necessary for the purposes for which it is to be used.
6.1 Personal information
used by us will be sufficiently accurate, complete, and up-to-date to minimize
the possibility that inappropriate information may be used to make a decision
about an individual.
6.2 We
will update personal information about an individual as necessary to fulfill
the identified purposes or upon notification by that individual.
Principle 7 -
Security Safeguards
We will protect personal information through the use of security
safeguards appropriate to the sensitivity of the information.
7.1 We
will use appropriate security measures to protect personal information against
such risks as loss or theft or unauthorized access, disclosure, copying, use,
modification or destruction, regardless of the format in which it is held.
7.2
7.2
We
will protect personal information disclosed to third parties by contractual or
other means stipulating the purposes for which it is to be used and the
necessity to provide a comparable level of protection.
7.3
7.3
We
will ensure that the protection methods include,
(a) (a)
Physical measures, for example,
locked filing cabinets and restricted access to offices;
(b) (b) Organizational
measures, for example, security clearance and limiting access on a
“Need-to-know” basis; and
(c) Technological measures, for example, the use
of passwords and encryption.
7.4
7.4 We shall ensure
that all employees and volunteers know the importance of keeping personal
information confidential.
Principle 8 -
Openness Concerning Policies and Procedures
We will make readily available to our Stakeholders specific information
about our policies and procedures relating to our management of personal
information.
Principle 9 - Access
to Personal Information
We will inform an individual of the existence, use and disclosure of
his or her personal information upon request, and will give the individual
access to that information. An
individual will be able to challenge the accuracy and completeness of the
information and request to have it amended as appropriate.
9.1 Upon
request, we will provide a Stakeholder with a reasonable opportunity to review
the personal information in that individual’s file. Personal information will be provided in an understandable form
within a reasonable time and at minimal or no cost to the individual.
9.2 In
certain situations we may not be able to provide access to all of the personal
information we hold about an individual.
In such a case, we will provide the reasons for denying access upon
request. For example:
(a) if doing so would likely reveal personal information about another individual or could reasonably be expected to threaten the life or security of another individual;
(b) if
doing so would reveal any of our confidential information;
(c) if
the information is protected by solicitor-client privilege;
(d) if the information was generated in the course
of a formal dispute resolution process; or
(e) if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law, or that of a foreign jurisdiction.
9.3 Upon
request, we will provide an account of the use and disclosure of personal
information and, where reasonably possible, will state the source of the
information. In providing an account of
disclosure, we will provide a list of organizations to which we may have
disclosed personal information about the individual when it is not possible to
provide an actual list.
9.4 In
order to safeguard personal information, an individual may be required to
provide sufficient identification information to permit us to account for the
existence, use and disclosure of personal information and to authorize access
to a particular file. Any such
information will be used only for this purpose.
9.5 We will promptly correct
or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or
completeness will be noted in the individual’s file. Where appropriate, we will transmit to third parties having
access to the personal information in question any amended information or the
existence of any unresolved differences.
9.6 Individuals
can obtain information or seek access to their personal information by
contacting our Privacy Officer during our office hours.
Principle 10 -
Challenging Compliance
An
individual will be able to address a challenge concerning compliance with the
above principles to our Privacy Officer.
10.1 We
will maintain procedures for addressing and responding to all inquiries or
complaints from any Stakeholder about our handling of personal information.
10.2 We
will inform Stakeholders about the existence of these procedures as well as the
availability of complaint procedures.
10.3 Our
Privacy Officer may seek external advice where appropriate before providing a
final response to individual complaints.
10.4 We
will investigate all complaints concerning compliance with our Privacy
Policy. If a complaint is found to be
justified, we will take appropriate measures to resolve the complaint
including, if necessary, amending our policies and procedures. An individual will be informed of the
outcome of the investigation regarding his or her complaint.
ADDITIONAL INFORMATION
For more information
regarding our Privacy Project, please contact our Privacy Officer by:
(a) telephone: (519)
519-733-2127
(b) mail: First Evangelical Lutheran Church
27
Spruce St. N.
Kingsville,
ON N9Y 1G2
(c) e-mail: flckingsville@xplornet.com
For a copy of PIPEDA
or to contact the Privacy Commissioner of Canada, please visit the Office of
the Privacy Commissioner of Canada’s web site at: http://www.privcom.gc.ca
Respecting the
privacy and confidentiality of personal information has always been an
important part of our commitment to our constituents, investors, donors,
sponsors, volunteers and other stakeholders.
Effective as of
January 1, 2004, the federal government's Personal
Information Protection and Electronic Documents Act ("PIPEDA")
imposed new legal obligations for the collection, use and disclosure of
personal information in the course of commercial activities. We are committed to complying with
PIPEDA. As a result, we have developed:
(a)
(a)
a Privacy Protection Pledge,
which explains why we collect personal information, how we use personal
information, when and why we disclose personal information, and how we protect
personal information; and
(b)
(b)
a Privacy Policy, which
specifies and describes the principles and guidelines that we have adopted for
the collection, use, disclosure and retention of personal information.
We have also
appointed a Privacy Officer, who is responsible for overseeing our Privacy
Project. Our Privacy Officer is already
working with our employees, volunteers and other service providers so that they
are familiar with and understand our Privacy Protection Pledge and our Privacy
Policy and can therefore assist us in complying with PIPEDA.
If you would like to
receive copies of our Privacy Protection Pledge and our Privacy Policy or if
you have any questions regarding our Privacy Project, please contact our
Privacy Officer by:
(a) telephone: 519-733-2127
(b) mail: First Evangelical Lutheran Church
27
Spruce St. N.
Kingsville,
ON N9Y 1G2
(c) e-mail:
fckingsville@sterlingmutuals.com
For a copy of PIPEDA or to contact the
Privacy Commissioner of Canada, please visit the Office of the Privacy
Commissioner of Canada’s Internet web site at: http://www.privcom.gc.ca