Insight for Living Canada (IFLC) is committed to respecting the privacy of its constituency. In demonstration of our commitment to this privacy and in compliance with the Personal Information Protection Act (PIPA) we have created the following Privacy Policy (the Policy). The Policy is designed to reflect our commitment to the principles outlined in PIPA that are as follows:
- Accountability
- Identifying purposes
- Consent
- Limiting collection
- Limiting use, disclosure, and retention
- Accuracy
- Safeguards
- Openness
- Individual access
- Challenging compliance
All directors, officers, employees, and volunteers of IFLC are required to comply with the Policy and may be given restricted access to personal information solely to fulfill the purposes as set out in this Policy.
All other persons or organizations who act for, or on behalf of, IFLC are also required to comply with the principles and the Policy and may be given restricted access to personal information solely to fulfill the purposes as set out in this Policy.
Privacy Officer
IFLC’s Privacy Officer will be responsible for overseeing the Policy as well as any inquiries, requests, or concerns relating to privacy matters. You may contact the Privacy Officer at the following address:
Privacy Officer
Insight for Living Canada
1-30445 Progressive Way
Abbotsford, B.C.
V2T 6W3
1.800.663.7639
Overview
This Policy covers our treatment of the personal information we collect from our constituency.
In this Policy we will outline the purposes behind our collection and use of constituents’ personal information. In addition we will outline our policies concerning the collection, use, distribution, and retention of this information. Finally, we will set out our policies for addressing any concerns or complaints.
Requests to Add, Change, or Delete
If at any time you wish to add, change, or delete your personal information, which is retained by our office, please contact our Privacy Officer in writing at:
Privacy Officer
Insight for Living Canada
1-30445 Progressive Way
Abbotsford, B.C.
V2T 6W3
1.800.663.7639
Principle 1—Accountability
IFLC is responsible for personal information which we collect, use, or distribute. Any personal information in our custody or under our control. In order to fulfill our responsibility and comply with current legislation:
1.1 We have designated a Privacy Officer who is responsible to oversee our Policy and ensure routine compliance with it
1.2 We shall make known the name or names of the Privacy Officer(s) and contact information upon request
1.3 We have developed procedures in accordance with this Policy to govern the handling of personal information and respond to complaints
1.4 Our staff and volunteers are trained in accordance with this Policy and committed to ensuring privacy is protected
1.5 Our policy is made available to our constituents through our website and from our head office
1.6 In the event that personal information is made available to contracted third parties, we will hold parties responsible to maintain comparable levels of protection of privacy while the information is in their control
Principle 2—Identifying Purposes
2.1 IFLC is committed to ensuring the purposes for which personal information is used are identified
2.2 IFLC will only collect personal information from our constituents, which is necessary to fulfill the following purposes:
- To verify identity
- To verify creditworthiness
- To identify constituent preferences
- To understand the payment preferences of our constituents
- To deliver requested products and services
- To provide counselling services
- To send out partnership information
- To contact our constituents for fundraising
- To ensure a high standard of service to our constituents
- To meet regulatory requirements
2.3 IFLC will make these purposes known to individuals at the time personal information is collected either orally, electronically, or in writing
2.4 Unless required by law, IFLC will notify and obtain the consent of an individual before using previously collected information for a new purpose
Principle 3—Consent
3.1 IFLC will obtain reasonably informed consent of a constituent to collect, use, or disclose personal information, except where authorized to do so without consent
3.2 Consent can be provided orally, in writing, electronically, or through an authorized representative. We will take reasonable steps to ensure that consent given is clearly understood
3.3 Consent can be implied where the purpose for collecting, using, or disclosing the personal information would be considered obvious and the constituent voluntarily provides personal information for that purpose
3.4 In general, the use of products and services by a constituent, or the acceptance of employment or benefits by an employee, constitutes implied consent for IFLC to collect, use, and disclose personal information for all identified purposes
3.5 Consent may also be implied where a constituent is given notice and a reasonable opportunity to opt out of his or her personal information being used for mailing lists and fundraising, and the constituent does not opt out
3.6 Subject to certain exceptions, constituents can withhold or withdraw their consent for IFLC to use their personal information in certain ways
3.7 A constituent may not be able to withhold consent when withdrawal of consent would frustrate the performance of a legal obligation
3.8 IFLC will not require consent to the collection and use of information in order to access goods or services unless that information is necessary to fulfill the purpose identified. In a situation where a constituent’s decision to withhold or withdraw his or her consent to certain uses of personal information may restrict our ability to provide a particular service or product, we will explain the consequences of withdrawing consent to assist the constituent in making the decision
3.9 The following are examples of when we may collect, use, or disclose the personal information of a constituent without his or her consent:
- When the collection, use, or disclosure of personal information is permitted or required by law
- When collection is clearly in his or her best interest and we are unable to obtain consent in a timely way
- In an emergency, which threatens an individual’s life, health, or personal security
- When disclosure is required to comply with a court order
- When disclosure is required for archival purposes
- When the personal information is available from a public source (e.g. a telephone directory)
- When the personal information is available through observation at a public event to which he or she attended voluntarily
- When the collection, use, or distribution is necessary to determine his or her suitability to receive an honour, award, or similar benefit or to be selected for an athletic or artistic purpose
- When we require legal advice from a lawyer
- For the purposes of collecting a debt
- To protect ourselves from fraud
- To investigate an anticipated breach of an agreement or a contravention of law
Principle 4—Limiting Collection
4.1 IFLC shall limit the collection of personal information to the purposes set out in this Policy in compliance with our legal obligations
4.2 IFLC will not collect personal information indiscriminately
4.3 The purposes for collecting personal information shall be reasonably clear at the time of collection and we will not deceive or mislead our constituents as to why information is being collected
Principle 5—Limiting Use, Disclosure, and Retention
5.1 IFLC will only use and disclose personal information where necessary to fulfill the purposes identified at the time of collection or for a purpose reasonably related to those purposes except where we are authorized to do so (see Principle 3—Consent)
5.2 IFLC will not use or disclose constituent personal information for any additional purpose unless we obtain consent to do so
5.3 IFLC will not sell constituent lists or personal information to other parties without consent
5.4 IFLC will only retain personal information as long as it is needed for the purposes for which it was collected or consented to. IFLC will maintain reasonable schedules to ensure that personal information is reviewed on an ongoing basis to determine relevance and if retention is required
5.5 When personal information collected is no longer relevant to its purpose or when it is permitted by law, IFLC will ensure it is deleted, destroyed, or made anonymous. In general, all personal information shall be deleted, destroyed, or made anonymous no later than seven years after the purpose for which it was collected has been completed, unless the law requires otherwise
5.6 If IFLC uses personal information to make a decision, which directly affects the constituent we will retain that personal information for at least one year to give the constituent a reasonable opportunity to request access to it
Principle 6—Accuracy
6.1 IFLC is committed to ensuring the accuracy of its information and will take reasonable efforts to ensure personal information is accurate and complete where it is necessary
6.2 IFLC will update information when it is necessary or when an individual notifies us
6.3 Constituents may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. This request should be directed to the Privacy Officer
Principle 7—Safeguards
7.1 IFLC is concerned about the safety of our constituents’ personal information. In order to address security concerns, we have developed the following safeguards:
- Physical security measures, including locked cabinets, restricted access to areas where sensitive personal information is kept, security alarm systems, etc.
- Organizational security measures, including employee confidentiality agreements, sensitive information restricted to those involved, etc.
- Technological security measures, including use of passwords, firewalls, and security encryptions
7.2 IFLC shall protect personal information disclosed to third parties by contractual agreement, which stipulates the confidentiality and safeguard requirements that are comparable to our own.
7.3 We will use appropriate security measures when destroying personal information such as:
- Shredding any documents
- Deleting any electronic records
7.4 IFLC will routinely review and update our security measures
7.5 IFLC shall stress to both employees and volunteers the importance of safeguarding the confidential nature of personal information
Principle 8—Openness
8.1 IFLC is committed to making its privacy policies and procedures available and clear to all interested parties
8.2 We will demonstrate our commitment to this openness by making the Policy easy to access and by making the name and contact information of our Privacy Officer readily available
8.3 Any questions or concerns regarding our policy or procedure may be directed in writing to our Privacy Officer
Principle 9—Individual Access
9.1 Constituents have a right to access their personal information, subject to limited exceptions including, but not limited to:
- Situations of solicitor-client privilege
- Situations where disclosure may reveal the personal information of another individual
- Situations where the health or safety of an individual may be jeopardized
9.2 A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought and should be forwarded to the attention of the Privacy Officer. We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. A reasonable fee may be charged for providing access to personal information, in which case we will inform the constituent prior to proceeding
9.3 We will endeavour to make all information provided easy to understand and explain any acronyms, abbreviations, etc. used
9.4 We reserve the right to confirm the identity of the individual seeking access to personal information before complying with any access requests. In this event, information related to the constituent’s identity would be used exclusively for the purposes of confirming access
9.5 In certain situations, it may not be possible to provide access to all the personal information, which is held and a request may be refused in whole or in part. For example, information may not be provided if to do so would reveal personal information about a third party or jeopardize the security of another person
9.6 If a request is refused, in full or in part, or if the information requested is not available, we will notify the constituent in writing, providing the reasons for refusal and the recourse available to the constituent. This notification will be kept on file
9.7 In the event that information provided is shown to be incomplete or inaccurate, we will amend the constituent’s personal information appropriately. When appropriate, we will transmit this correction to third parties with access to this information. When a challenge is not resolved to the constituent’s satisfaction, we will destroy all personal information under our care and control
Principle 10—Challenging Compliance
10.1 Complaints made regarding the Policy or the use of personal information should be made to the Privacy Officer in writing
10.2 The Privacy Officer shall receive and respond to all personal information requests, including challenges, or complaints
10.3 It is IFLC’s policy that all complaints shall be investigated
10.4 If a complaint is found to be justified, the Privacy Officer shall take appropriate measures, including, if necessary, amending this Privacy Policy
10.5 The Privacy Officer may seek external advice where appropriate before providing a final response to individual complaints
10.6 If the Privacy Officer is the subject of the complaint, then the Executive Director of IFLC will address any complaints or concerns. If the Privacy Officer is unable to resolve the concern, the constituent may also write to the Information and Privacy Commissioner of British Columbia
10.7 IFLC’s procedure for dealing with complaints is as follows:
- Record the date and nature of a complaint when it is received
- Acknowledge receipt of the complaint promptly
- Review the matter fairly and impartially, providing to the individual where possible, access to all relevant records
- Notify the individual of the outcome of the investigation promptly and clearly
- Correct any inaccurate or incomplete information when possible
10.8 The contact information for the Privacy Officer is:
Privacy Officer
Insight for Living Canada
1-30445 Progressive Way
Abbotsford, B.C.
V2T 6W3
1.800.663.7639
