Privacy and Confidentiality Acknowledgement

General

The South Cariboo Elizabeth Fry Society (the Society) is dedicated to safeguarding the privacy of information related to its employees, members, clients, and other stakeholders. We highly value the trust placed in us by those we engage with, including the public. Recognizing the significance of this trust, we commit to being transparent and accountable in our handling of the information shared by our donors and clients. Throughout our various projects and activities, we routinely collect and utilize personal information. Individuals providing such information can expect meticulous protection, with any use or handling of the information contingent upon consent. This policy is available on the Society's website to ensure transparency.

Definition of Personal Information

Personal information refers to any data that can distinguish, identify, or facilitate contact with a specific individual. This may encompass an individual's opinions, beliefs, and factual details concerning or linked to that person. There are exceptions, however, as business contact information and specific publicly available details, such as names, addresses, email addresses, and telephone numbers found in public directories, are not categorized as personal information. In cases where an individual utilizes their home contact details for business purposes, that information will be considered business-related.

Purpose

Use of the South Cariboo Elizabeth Fry Society website, or by submitting personal information online, signifies consent to all the terms as outlined within this privacy and confidentiality policy. If you do not agree to the terms stated within, please refrain from using the website or providing personal information.

An individual who wishes to review or verify the personal information which is retained by the Society, or to whom the information has been disclosed (as permitted by legislation),may make the request for access, in writing, to the Privacy Officer as provided within this policy. Information will only be released upon identity verification, and the Privacy Officer will respond within sixty (60) days.

Personal information gathered by the Society is treated with the utmost confidentiality. Our staff members are granted access to personal information only based on their necessity to handle the information for the specific reason(s) for which it was acquired and as detailed below:

For clients:

• Government-issued ID, Proof of residency, and source of income. This information is used to better understand client needs, track trends in demand, and is part of the necessary information required for service utilization and reporting to municipal, provincial, and federal governments and our generous funders.

For volunteers:

• Name, address, date of birth, phone number, emergency contact person(s),references. The Society uses personal information from volunteers to support program delivery, matching interests and abilities with volunteer opportunities available, and:
  • As part of the application process
  • Maintaining contact with volunteers to ensure coverage for volunteer activities
  • To satisfy reporting requirements
  • To facilitate accommodation requirements for volunteers with disabilities, chronic illness, or injury
  • To share future volunteer opportunities or provide training

For Donors:

• Full name, email address, home address, and payment information or other banking/financial information. This information may be collected to:
  • Provide tax receipts when users make online donations
  • Allow users to authorize recurring donations
  • Gather statistical data for internal and external reporting purposes
  • Communicate with users if opted in to receive information and fulfill any requests that were made

All donor information is collected through CanadaHelps, a registered charity (BN 896568417RR0001). CanadaHelps maintains and adheres to their own Terms of Use and Privacy Policy which can be accessed and reviewed via our website on the donations page.

Limiting Use, Disclosure, and Retention

The Society prioritizes the privacy and protection of personal information, adhering strictly to the purposes for which information was collected, seeking consent for any other use. Exceptions may arise in compliance with laws, regulations, or government requests, as well as in scenarios like acquisitions, where information may be shared with third parties bound by confidentiality agreements. We retain personal information only as long as necessary, following the initially stated purposes or legal requirements. Moreover, your consent extends beyond our active relationship. Credit card account information is handled with utmost care, sharing it solely with authorized entities for processing or dispute resolution.

Stringent safeguards are implemented to ensure that the information is not disclosed or shared more extensively than required to fulfill the intended purpose of its collection.

Practices and Safeguards

Measures are in place to uphold the integrity of this information and prevent its loss or destruction. We collect, use, and disclose personal information solely for purposes that a reasonable person would find appropriate given the circumstances. Regularly, we provide individuals we interact with the option to choose not to have their information shared for purposes beyond the explicit collection intent.

Regrettably, complete security of data transmissions over the internet cannot be 100% guaranteed. Despite our commitment to safeguarding your personal information, we cannot assure or warrant the security of any information you share with us. The following safeguards and practices are enacted to prevent and mitigate the risk of privacy breaches.

• Encryption: To enhance the protection of personal and other information obtained when service requests or donations are made online or paid for online, we employ password protocols and encryption software. These security measures are routinely updated to ensure the maximum protection of such information.
• Access Controls: Access to personal information is limited to employees who need the information to fulfill their job responsibilities. Access permissions are regularly reviewed and updated. Any information which is stored in hard copy is organized and stored in locked filing cabinets. No information may be left visible to unauthorized personnel, and all information must be secured by workers when leaving their work area. No unauthorized individuals have access to files or databases.
• Firewalls and Network Security: Our systems are protected by firewalls and other security measures to prevent unauthorized access, ensuring the integrity of personal information.
• Regular Security Audits: We perform regular security audits to identify and address potential vulnerabilities in our systems, ensuring the ongoing protection of personal information. This is reflected in our Annual Board Work Plan.
• Employee Training: Our employees undergo regular training sessions to stay informed about privacy policies, data security practices, and compliance requirements.
• Data Backups: Data backups are conducted regularly to ensure the availability and integrity of personal information in the event of system failures or other emergencies.
• Incident Response Plan: We have an Incident Response Plan within both our Cyber Security Management and Business Continuity plans which outlines the procedure to address security incidents promptly and effectively, including notifying affected individuals as required by law.

A designated Board member or staff member is available to address any questions, concerns, or complaints related to this policy. Details are included under "Contact Us" within this policy.

Donors

Board members and staff are consistently obligated to uphold the confidentiality of a donor's name, the extent of their contribution, and any personal details that could reveal a donor's identity, if requested by the donor or through a Board motion. Donor requests for confidentiality and anonymity are rigorously honored. Access to donor information is limited to individuals who require it for the fulfillment of their responsibilities. Physical records are securely stored, and electronic records are safeguarded through password protocols.

Donor lists are not shared with any other fundraising organizations, and the Society refrains from engaging external contract fundraisers. This commitment ensures the protection of donor information and maintains the trust placed in us by our contributors.

Contracts/Grants

The Society, as part of its operations, engages in contracts and applies for grants to fulfill its mission. In doing so, the organization may contract with professional and business corporations, and all details of these transactions will be handled with the utmost respect and discretion. This includes information related to personnel, litigation, property contracts, and the resulting transactions, which will be treated with strict confidentiality.

In instances where the Society hires external individuals, such as contracted professionals, to fulfill specific tasks or projects, there may be a need to share certain personal information related to staff or board members. The Society commits to ensuring that any such sharing of personal information is done responsibly and with the explicit consent of the individuals involved. This aligns with our dedication to maintaining the confidentiality of information and respecting the privacy of our staff and board members.

As an additional measure to safeguard sensitive information, a Non-disclosure Agreement (NDA) will be executed with external contractors prior to the commencement of any work. This ensures a legally binding commitment to confidentiality, further emphasizing our commitment to privacy and data protection.

Meetings

The Board and all its committees function collectively, ensuring a cohesive approach. Deliberations, including the viewpoints of individual Board and Committee Members, will be treated with confidentiality. Third-party opinions concerning contracts or grant applications will also be held in strict confidence. Board members are obligated to maintain the utmost confidentiality regarding all matters discussed during in-camera meetings, as well as those pertaining to personnel and property matters. This commitment reinforces our dedication to preserving the privacy of sensitive information and promoting transparent decision-making within the organization.

Applicable Legislation

South Cariboo Elizabeth Fry Society is committed to complying with the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA),Canada’s federal privacy law, and the provincial Personal Information Protection Act (PIPA).

• For more information on PIPEDA, you can visit the Office of the Privacy Commissioner of Canada.
• For more information on PIPA, you can review the guide provided by the Office of the Information and Privacy Commissioner for British Columbia.

Contact Information

To access your personal information which has been collected by South Cariboo Elizabeth Fry Society, to make a privacy-related inquiry or share concerns, please reach out to us in one of the below formats:

Designated Privacy Officer: Trish Schachtel
By email: trish.schachtel@scefry.ca
By phone: 250-453-9656 and ask for the Privacy Officer, Trish

Implementation

The above constitutes the Statement of Confidentiality and Privacy. Each Board member, staff, and volunteer will sign and date this statement.