Personal Information Protection Policy (PIPA)
Commitment
The Gibsons & District Library Foundation (the "Foundation") is committed to maintaining the security, confidentiality and privacy of personal information. This privacy policy documents the Foundation's ongoing commitment to its members and donors and has been developed in compliance with the British Columbia Personal Information Protection Act (PIPA). The Foundation will inform its members and donors of why and how they collect, use and disclose personal information, obtain consent where required and only handle personal information in a manner that a reasonable person would consider appropriate in the circumstances.
Scope
This policy addresses personal information about individuals and does not impose any limits on the collection, use or disclosure of business contact information and certain publicly available information.
Definitions
Personal Information
means information about an identifiable individual, e.g. name, age, home address and telephone number, social insurance number, marital status, religion, credit history, medical information, education, employment or income. Personal information does not include contact information.
Contact Information
means information that would enable an individual to be contacted at a place of business and includes name, position or title, business telephone number, business address, business email or facsimile number. Contact information is not covered by this policy or PIPA.
Privacy Officer
means the individual designated responsibility for ensuring that the Foundation complies with this policy and PIPA.
Collection
Unless the purposes for collecting personal information are obvious and the member or donor voluntarily provides their personal information for those purposes, the Foundation will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection. The Foundation will only collect member or donor information that is necessary to fulfill the following purposes:
- To verify identity
- To register members and potential donors
- To send out membership information
- To contact our members and donors for fund raising
- To meet legal and regulatory requirements.
Consent
The Foundation will obtain member and donor consent to collect, use or disclose personal information, except where the Foundation is authorized or required by law to do so without consent. For example, the Foundation may collect, use or disclose personal information without your knowledge or consent where:
- The information is publicly available, as defined by statue or regulation.
- The Foundation is obtaining legal advice.
- The Foundation reasonably expects that obtaining consent would compromise an investigation or proceeding.
Consent may be provided to the Foundation orally, in writing, electronically or through an authorized representative such as lawyer, agent, broker and it can be express, implied where the purposes for collecting, using or disclosing the personal information would be considered obvious and the member or donor voluntarily provides personal information for that purpose. Consent may be withdrawn at any time, subject to legal and contractual restrictions provided that reasonable notice of withdrawal of consent is given to the Foundation. On receipt of notice of withdrawal of consent, the Foundation will inform its member or donor of the likely consequences of the withdrawal of consent may restrict the Foundation's ability to provide a particular service or product.
Use and Disclosure
The Foundation will not collect information indiscriminately and will limit collection of information to that which is reasonable and deemed necessary to provide services and authorized by law. The collection of name, home address, home telephone number and email addresses are a necessary part of the Foundation's relations with its members and donors.
Retaining Personal Information
If the Foundation uses member or donor personal information to make a decision that directs that member or donor, the Foundation will retain that personal information for at least one year so that the member or donor has a reasonable opportunity to request access to it. The Foundation will retain member and donor personal information only as long as necessary to fulfil the identified purposes, legal or business purposes. It will destroy, erase or make anonymous document or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and it is no longer necessary for legal or business purposes. The Foundation will not sell membership or donor lists or personal information to other parties unless we have consent to do so.
Accuracy
The Foundation will make reasonable efforts to ensure that member and donor information it is using or disclosing is accurate and complete. Members and donors may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. A request to correct personal information should be forwarded to the Secretary of the Foundation. If the personal information is demonstrated to be inaccurate or incomplete, the Foundation will correct the information as required and send the amended information to any third parties to whom the information was disclosed in the previous year. If the correction is not made, we will note the member or donor's correction request in the file.
Security
The Foundation is committed to ensuring the security of member and donor personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. The following security measures will be followed to ensure that member and donor information is appropriately protected:
- Physical measures such as locked filing cabinets.
- Restriction of personal information to Board Members.
- Electronic measures such as passwords and firewalls.
The Foundation will take due care when destroying personal information so as to prevent unauthorized access to the information. The Foundation will review and update security policies and controls as technology changes to ensure ongoing personal information security.
Access
All members and donors have a right to access their personal information held by the Foundation, subject to limited exceptions, such as:
- Solicitor/client privilege.
- Disclosure would reveal personal information about another individual.
- The information was collected for the purposes of an investigation.
- Prevented by law from providing access to certain personal information.
A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought. The Foundation will make the information available within thirty days, or provide written notice where additional time is required to fulfill the request. If a request is refused in full or in part, the Foundation will notify the member or donor in writing, providing the reasons for the refusal and the recourse available to them.
Complaints
The Privacy Officer is responsible for ensuring the Foundation's compliance with this policy and the Personal Information and Protection of Privacy Act. All complainants should direct their concerns, questions or disputes about the collection, use, disclosure and protection of the personal information or other privacy issues to the Foundation's Privacy Officer:
Ms. Lynda Coote
C/O Gibsons & District Library Foundation
Box 109, Gibsons, B.C., V0N 1V0
Tel: (604) 886-2130;
Email: info@gibsonslibraryfoundation.org
The Privacy Officer will inform the complainant that all complaints must be in writing, specifying the nature and substance of the complaint, the relevant date and the names of individuals involved and attach any relevant documentation. The Privacy Officer will verify the identity of the complainant and inform the complainant that the Privacy Officer may access the complainant's information and discuss the complaint with the Foundation Board or staff, in order to investigate and resolve the complaint. The Privacy Officer may request further information and documents from the complainant and from other sources in order to investigate and resolve the complaint.
The Privacy Officer will acknowledge receipt of all written complaints and will respond promptly in writing to all complaints. The Privacy Officer will attempt to resolve all complaints in a timely fashion to the mutual satisfaction of the complainant and the Foundation. If the Privacy Officer is unable to resolve the complaint to the complainant's satisfaction, the Privacy Officer will inform the complainant that the complaint may be brought to the British Columbia Privacy Commissioner, whose contact information is as follows:
Office of the Information and Privacy Commissioner of British Columbia
Attention: Privacy Commissioner
P.O. Box 9038, Stn. Prov. Govt., Victoria, B.C. V8W 9A4
Tel: (250) 387-5629; Toll free: (604) 660-2421, transfer to (250) 387-5629
Fax: (250) 387-1696; Web: www.oipc.bc.ca
