Personal Information Protection Policy
1.1 To ensure transparency and accountability in how PWRDF handles personal information, in line with the “pledge to maintain relationships and ‘ways of working’ that are accountable and transparent.” (PWRDF Guiding Principles)
1.2 To ensure the protection of the privacy of the personal information of PWRDF’s employees, members, donors and other stakeholders .
1.3 To maintain the trust of those with whom PWRDF deals, and of the general public.
This policy applies to all board members, non‑board committee members, employees (full time, part time, temporary and casual), and volunteers.
PWRDF will use personal information provided by its employees, members, donors and other stakeholders to keep them informed and up-to-date, through periodic contact, regarding its activities, programs, funding needs and opportunities to volunteer or to donate.
PWRDF will observe the principles set out in Schedule 1 of the Personal Information Protection and Electronic Documents Act (“PIPEDA”) with respect to the collection, use and disclosure of personal information to third parties. (To guide the interpretation of this policy, elements of those principles particularly relevant to PWRDF are outlined below.)
PWRDF may collect personal information for one or more of the following reasons:
- to administer and maintain accounts relating to donations.
- to facilitate fundraising for the work of PWRDF
- to communicate with them and the PWRDF constituency
- to comply with legal and regulatory requirements.
A request by an individual not to be contacted for any of the purposes in the preceding paragraphs will be respectfully accommodated upon receipt by the PWRDF Privacy Officer.
The PWRDF Executive Director will appoint a Privacy Officer who will be accountable for compliance with this policy. The Privacy Officer’s name and contact information will be made readily accessible on the PWRDF website and will be made available to individuals upon request or on an as needed basis in line with this policy.
To facilitate implementation of this policy, PWRDF will establish and implement:
- procedures to protect personal information
- procedures to receive and respond to complaints and enquiries
- training / information for relevant staff regarding this policy
- practices to ensure access to this policy.
4. Definitions – for the purposes of this policy
4.1 Personal information – Any factual or subjective information, recorded or not, about an identifiable individual, with the exception of their name, title, business address, business telephone number and business e-mail address. Personal information includes, but is not limited to, an individual’s address, date of birth, gender, employment, bank account number, credit card number(s), donation history and/or other financial information.
4.2 Collect – To gather, receive, or obtain personal information from any source or by any means.
4.3 Disclose – To make known or reveal personal information by any means to any persons outside the organization.
4.4 Donor – An individual who has in the past, or it is anticipated may in the future, make a donation to PWRDF.
4.5 Third party – A person, organization or association other than PWRDF, or an employee or volunteer working at PWRDF.
4.6 Use – To review, access, employ or apply personal information for any purpose by and within PWRDF.
5. Guiding Principles – based upon PIPEDA, Schedule 1
PWRDF is responsible for all personal information under its control. The PWRDF Privacy Officer is accountable for compliance with these principles, even though others may be responsible for the day-to-day management of personal information.
PWRDF will ensure that third parties who may receive personal information for processing will give it an appropriate level of protection.
5.2 Identify Purposes
The purposes for which personal information is collected will be identified and documented by PWRDF at or before the time of collection.
Consent will be obtained by informing individuals of the purpose for the collection, use or disclosure of their personal information, before or at the time of collection. If personal information collected is to be used for a different purpose, the prior consent of the individual will be obtained, except when legal, medical or security reasons may make it inappropriate.
5.4 Limit Collection
The purposes for which personal information is collected will be identified and PWRDF will limit the amount and type of personal information gathered to what is necessary for the purposes identified by the organization.
5.5 Limit Use, Disclosure and Retention
PWRDF will only use or disclose personal information for the purposes for which it was collected, except when consent is obtained from an individual or as required or permitted by law.
PWRDF will provide any individual with the opportunity to obtain access to their own information and will document any new purpose for the use of personal information.
Personal information will be retained only as long as necessary for fulfillment of those purposes. Disposal of personal information will be in a way which prevents improper access.
PWRDF will keep personal information as accurate and complete as necessary to fulfill the purposes for which it is to be used and will work to minimize the possibility of inaccurate or inappropriate use of the information.
PWRDF will take necessary precautions to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, modification or disposal. The precautions will correspond to the sensitivity, amount, distribution, format and method of storage of the information collected. Precautions will include:
- Physical measures, such as locked filing cabinets and restricted offices.
- Organizational measures, such as security clearances and limiting access on a “need to know” basis; and
- Technological measures, such as the use of passwords and encryption.
5.9 Individual Access
Upon request and within a reasonable time, PWRDF will inform an individual of any personal information on file about them, including how it has been used. If the accuracy or completeness of any personal information is challenged, and found to be deficient, PWRDF will make the necessary corrections or amendments.
5.10 Challenging Compliance
PWRDF will investigate all complaints received in writing which challenge compliance with any of the above principles. If a complaint is found to be justified, PWRDF will take appropriate action, including, amending its policies and practices, if necessary.
This policy may be amended by the Board of PWRDF.
PWRDF Privacy Officer:
Finance & Administration Manager
80 Hayden St.
Approval Date: May 3, 2012