Privacy Policy
Our Commitment
Christ Memorial Church (the Church) is committed to maintain the privacy of its members, adherents, donors, volunteers, employees, directors, officers and any other persons about or from whom the Church collects personal information. While it is necessary for the Church to collect personal information in order to carry out its normal functions, its policy and practice is to use appropriate safeguards to ensure that this information is collected, used, protected and disposed of according to the ten principles of Canada’s Protection of Personal Information and Electronic Documents Act (PIPEDA).
Introduction
The Act (PIPEDA) balances the needs for organizations to gather and use personal information with the individual’s right to privacy. It gives control to the individual by requiring the organization to obtain consent to collect, use or disclose any such personal information. Personal information includes all information that can identify or give information about an individual. It does not include the sort of general information that could be found in a business directory or a telephone book.
1. Accountability
The Church is responsible for maintaining and protecting all personal information under its control. The Incumbent has been designated as the Church’s Privacy Officer, responsible for ensuring compliance with its privacy obligations in accordance with applicable privacy laws.
2. Identifying the Purpose
Whenever the Church asks for personal information, the purpose for which it is being collected will be identified and explained. Generally, the information is used to maintain membership lists; to manage payroll and benefits; to establish and maintain lists of donors; to communicate with Parish Council, Committee members and other volunteers; to inform members about church activities; to maintain subscription lists to church publications; to register participants for church events; and to compile statistical and historical information about the Church. These purposes may change or be added to from time to time.
3. Obtaining Consent
The Church requires an individual’s knowledge and consent to the collection, use or disclosure of personal information. It shall be ensured that the individual reasonably understands why and how the information is to be used when consent is given. Sometimes a person’s consent may be implied by virtue of their membership in the Church or because of the person’s conduct within the Church. Express written consent will be obtained when possible and in all cases where the information may be particularly sensitive. Completion of an application or registration form assumes consent to collect the information. Consent may be obtained in person, by phone, by mail or email. Verbal consent should be recorded electronically or on hard copy by the person collecting the information. Written or email consent will be kept on file as long as the information is reasonably necessary. A person may withdraw his or her consent at any time, subject to legal or contractual restrictions and reasonable notice. The person will be informed of reasonably foreseeable implications of the withdrawal.
4. Limiting Collection
The Church will collect its information by fair, open and lawful means and will limit the collection to the amount and type of information necessary for the identified purpose. Usual information collected is limited to name, title, gender, address, telephone number, email address, baptism and confirmation status, date of birth, and additional personal information required for the purpose of screening volunteers and staff who accept positions of responsibility in Church activities.
5. Limiting Use, Disclosure and Retention
The Church will use personal information only for the purpose it was collected unless consent is obtained to do otherwise. Information is only accessible to staff persons on a need-to-know basis. Office volunteers may occasionally have access to specific information for the carrying out of their duties. Information released for a specific task or activity will be destroyed when that task or activity is completed. All persons having access to personal information will be provided with guidance on the use and disclosure of such information.
Personal information is not disclosed to any third party without an individual’s consent. The Church membership list is released to the Anglican Journal for subscription purposes only, and further disclosure by that publication to other organizations is protected.
General information may be held by the Church indefinitely for archival and historical purposes. Otherwise, all collected information shall be destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant.
6. Accuracy
The Church tries to ensure that all the information collected and used is accurate, complete and up-to-date. Individuals are relied upon to inform the Church of any changes in their personal information. Any individual may request to view their personal information for accuracy by contacting the Privacy Officer, and may request the Church to make corrections or changes.
7. Safeguarding Personal Information
Personal information is stored in an electronic database that is password protected, and access is limited to only those personnel who need to use it for the purposes identified. Any printed or written documents containing personal information are protected against loss, theft or unauthorized access by storing them in secured cabinets when not in use. Access to these cabinets is restricted to authorized personnel. Any such information is shredded before discarding.
8. Openness
The Church will publish its Privacy Policy and Practices for the handling of personal information on its web site. Individuals requesting information about the Policy and Practices may be directed to the web site where appropriate, or will be provided with a copy of this document.
9. Individual Access
All individuals are entitled to know what personal information the Church holds, and how it is used, disclosed and retained. Written requests to the Privacy Officer to view their personal information will be honoured in a reasonable time, and any requested corrections or deletions will be handled as quickly as possible.
10. Challenging Compliance
The Privacy Officer will answer any questions or enquiries relating to the collection, use and retention of personal information, and will respond promptly to any challenges. If not satisfied by the response, the individual will be advised of avenues of recourse under the Act.
The Diocesan privacy policy can be located at www.toronto.anglican.ca.