Approved by the Board: November 10, 2019
Clarkson recognizes that privacy is a key component of its relationship of trust.
3. Roles and Responsibilities
Clarkson’s Board is responsible for personal information within its control and will promote the personal information protection principles.
The Lead Pastor, as the Chief Privacy Officer, is responsible for establishing and implementing practices and guidelines that reflect the personal information protection principles.
The Chief Privacy Officer is designated to ensure that Clarkson is in compliance with the Personal Information Protection Guidelines.
All Clarkson employees and the Board have a duty to protect the personal information that is used, collected, retained or disclosed in the course of conducting Clarkson activities.
4. Our Privacy Standards
Clarkson is responsible for all personal information under its custody or control. Personal information includes, but is not limited to, donor information. Clarkson shall designate an individual or individuals as the Chief Privacy Officer (See Section 3) who shall be accountable for compliance with the following principles.
4.2. Identifying Purposes
Clarkson collects and uses personal information only for the following purposes:
- To process donations and provide income tax receipts;
- To keep our members and adherents informed about the activities of the church;
- To ask individuals and organizations for their support for programs and special projects (e.g. Building Campaign).
- To meet policy requirements such as child protection.
The only circumstance under which personal information may be disclosed to third parties is for the fulfillment of any purposes identified above, or as required by law. Where personal information is disclosed to third parties for the fulfillment of any purpose identified above, Clarkson will make all reasonable efforts to ensure that the third party has appropriate security procedures in place for the protection of the information being transferred.
If personal information is to be used for a purpose not previously identified, Clarkson will identify this purpose prior to use and provide individuals with an opportunity to opt-out of this activity.
Business contact information and certain publicly available information, such as names, addresses and telephone numbers as published in telephone directories, are not considered personal information.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual, including the following situations:
- The investigation of a breach of an agreement or a contravention of a federal or provincial law;
- The case of an emergency where the life, health or security of an individual is threatened;
- To comply with a subpoena, warrant or court order; or
- As may otherwise be required or authorized by law.
Generally, Clarkson shall seek consent to use and disclose personal information at the same time it collects personal information. However, Clarkson may seek consent to use and disclose personal information after it has been collected, but before it has been used or disclosed for a new purpose.
In determining the appropriate form of consent, Clarkson shall take into account the sensitivity of the personal information and the reasonable expectations of an individual.
In general, the receipt of a donation by Clarkson constitutes implied consent for Clarkson to collect, use and disclose personal information for all identified purposes.
A donor may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Donors may contact Clarkson for more information regarding the implications of withdrawing consent. If consent is withdrawn, Clarkson will comply with this request.
4.4. Limiting Collection
The collection of personal information will be limited to that which is necessary for the purposes identified by Clarkson. Clarkson will collect information by fair and lawful means.
4.5. Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Clarkson shall retain personal information only as long as necessary for the fulfillment of those purposes, unless the law requires that the information be retained for an extended period of time.
Personal information will be as accurate, complete and up-to-date as is necessary for the identified purposes for which it is to be used.
Clarkson shall protect personal information by security safeguards appropriate to the sensitivity of the information.
Clarkson shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use modification or destruction through appropriate security measures. Clarkson shall protect the information regardless of the format in which it is held.
Clarkson shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
All of Clarkson’s employees or volunteers with access to personal information shall be required to respect the confidentiality of that information by signing a confidentiality agreement and implementing methods of protection that include:
- Physical measures: for example, locked filing cabinets and restricted access to offices.
- Organizational measures: for example, limited access on a “need-to-know” basis
- Technological measures: For example, may include the use of passwords, encryption and audits.
Clarkson will make readily available to individuals specific information about its policies and practices related to the management of personal information. This information will be made available in multiple formats.
4.9. Individual Access
Clarkson shall inform an individual of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information. An individual whose information has been recorded by Clarkson shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
In certain situations, Clarkson may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement will be limited and specific. Exceptions may include information that is prohibitively costly to provide, information that contains certain references to other individuals, information that cannot be disclosed for legal, or security reasons. If access cannot be provided, Clarkson will notify the individual, in writing, of the reasons for refusal.
4.10. Challenging Compliance
Clarkson shall maintain procedures for addressing and responding to all inquiries or complaints from its donors about Clarkson’s handling of personal information. The Chief Privacy Officer is accountable for overseeing Clarkson’s timely implementation of the procedures.
5. Revisions to this policy
Complaints regarding compliance with the principles contained in this policy should be directed to:
Chief Privacy Officer: Lead Pastor
Mississauga, Ontario, Canada