Privacy Policy

 

“Organization” refers to:  Collingwood Cycling Club           

 

Background

1.        Different privacy legislation applies to the public sector and to the private sector. Not-for-profit sport organizations in Canada are considered to be part of the private sector. The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy legislation that applies to all not-for-profit sport organizations in Canada.

2.        PIPEDA applies to the Organization’s use of Personal Information for Commercial Activity.

3.        This Privacy Policy is based on the standards required by PIPEDA as interpreted by the Organization.

 

Definitions

4.        The following terms have these meanings in this Policy:

a)       “Commercial Activity” – any particular transaction, act or conduct that is of a commercial character.

b)       “Personal Information” – any information about an individual that relates to the person’s personal characteristics including, but  not limited to: gender, age, income, home address, home phone number, ethnic background, family status, health

history, and health conditions

c)        “Stakeholder” – Individuals employed by, or engaged in activities on behalf of, the Organization including: coaches, staff members, contract personnel, volunteers, managers, administrators, committee members, and Directors and Officers of the

Organization

d)       “Individual” - All categories of membership defined in the Organization’s Bylaws as well as all individuals employed by, or engaged in activities with, the Organization including, but not limited to, athletes, coaches, convenors, officials, volunteers, managers, administrators, committee members, and Directors and Officers of the Organization

 

Purpose

5.        The Organization recognizes Individuals’ right to privacy with respect to their Personal Information. This Policy describes the way that the Organization collects, uses, safeguards, discloses, and disposes of Personal Information.

 

Application of this Policy

6.        This Policy applies to all Stakeholders and Individuals in connection with personal information that is collected, used or disclosed during the Organization’s Commercial Activity and Non-Commercial activity.

 

7.        Except as provided in PIPEDA, the Organization’s Board will have the authority to interpret any provision of this Policy that is contradictory, ambiguous, or unclear.

 

Obligations

8.        The Organization is obligated to:

a)       Follow and abide by PIPEDA in all matters involving the collection, use, and disclosure of Personal Information during the Organization’s Commercial Activity; and

b)       Always  disclose  what  Personal  Information  is  being  collected  from  Individuals  and  for  what  purpose  the  Personal

Information is being collected. The Organization will not require the collection of any Personal Information if the purpose for its collection is not identified.

 

9.        In addition to fulfilling the legal obligations required by PIPEDA, the Organization’s Stakeholders will not:

a)       Publish, communicate, divulge, or disclose to any unauthorized person, firm, corporation, or third party any Personal Information without the express written consent of the Individual

b)       Knowingly place themselves in a position where they are under obligation to any organization to disclose Personal Information

c)        In the performance of their official duties, disclose Personal Information to family members, friends, colleagues, or organizations in which their family members, friends, or colleagues have an interest

d)       Derive personal benefit from Personal Information that they have acquired during the course of fulfilling their duties with the Organization

e)       Accept any gift or favour that could be construed as being given in anticipation of, or in recognition for, the disclosure of Personal Information

 


10.     The Organization’s Privacy Officer is responsible for the implementation of this policy and monitoring information collection and data security, and ensuring that all staff receives appropriate training on privacy issues and their responsibilities. The Organization’s Privacy Officer also handles personal information access requests and complaints. The Organization’s Privacy Officer may be contacted at the following address:

                     Noelle Wansbrough

                     4 Forest Path

                     Collingwood, ON L9Y 3Y9

11.     Duties - The Privacy Officer will:

a)       Implement procedures to protect personal information

b)       Establish procedures to receive and respond to complaints and inquiries

c)        Record all persons having access to personal information

d)       Ensure any third party providers abide by this Policy

e)       Train and communicate to staff information about the Organization’s privacy policies and practices.

 

Information Collection Purposes

12.     The Organization may collect Personal Information from Individuals and prospective Individuals for purposes that may include any of the following:

 

Non-Commercial Activity Communications

a)       Sending communications in the form of e-news or a newsletter with content related to the Organization’s programs, events, fundraising, activities, discipline, appeals, and other pertinent information

b)       Publishing articles, media relations and postings on the Organization’s website, displays or posters

c)        Award nominations, biographies, and media relations

d)       Communication within and between Stakeholders and Individuals

e)       Discipline results and long term suspension list

f)         Checking residency status

 

Identification

a)       Informing  governing  bodies  (e.g.,  Provincial  Sport  Organizations  (PSOs),  National  Sport  Organizations  (NSOs))  of Individuals’ registration and/or participation with the Organization

b)       Informing government funders the number and demographic profile of registered Individuals

 

Registration, Database Entry and Monitoring

a)       Registration of programs, events and activities

b)       Database  entry  at  the  Coaching  Association  of  Canada  and  to  determine  level  of  coaching  certification,  coaching qualifications, and coach selection.

c)        Database entry to determine level of officiating certification and qualifications

d)       Determination of eligibility, age group and appropriate level of play/competition

e)       Athlete Registration, outfitting uniforms, and various components of athlete and team selection

f)         Technical monitoring, officials training, educational purposes, sport promotion, and media publications

 


General


 

a)       Travel arrangement and administration

b)       Implementation of the Organization’s screening program

c)        Medical emergency, emergency contacts or reports relating to medical or emergency issues

d)       Determination of membership demographics and program wants and needs

e)       Managing insurance claims and insurance investigations

f)         Video recording and photography for personal use, and not commercial gain, by spectators, parents and friends

g)       Payroll, honorariums, company insurance and health plans

h)       Any and all complaints and inquiries


 

Commercial Activity

Sales, Promotions and Merchandising

a)       Purchasing equipment, coaching manuals, resources and other products

b)       Promotion and sale of merchandise

 

 

c)        Video recording and photography for promotional use, marketing and advertising by the Organization

 

13.     The Organization’s Stakeholders may collect Personal Information from Individuals and prospective Individuals for other purposes, provided that documented consent specifying the use of the Personal Information is obtained from the Individuals or prospective Individuals.

 

Consent

14.     By providing Personal Information to the Organization, Individuals are implying their consent to the use of that Personal Information for the purposes identified in the Information Collection Purposes section of this Policy.

 

15.     At the time of the collection of Personal Information and prior to the use or disclosure of the Personal Information, the Organization will obtain consent from Individuals by lawful means, in a manner similar to the form in Appendix A. The Organization may collect Personal Information without consent when it is reasonable to do so and permitted by law.

 

16.     In determining whether to obtain written or implied consent, the Organization will take into account the sensitivity of the Personal Information, as well the Individuals’ reasonable expectations. Individuals may consent to the collection and specified use of Personal Information in the following ways:

a)       Completing and/or signing an application or registration form (see Appendix A)

b)       Checking a check box, or selecting an option (such as ‘Yes’ or ‘I agree’)

c)        Providing written consent either physically or electronically

d)       Consenting orally in person

e)       Consenting orally over the phone

 

17.     The Organization will not, as a condition of providing a product or service, require Individuals to consent to the use, collection, or disclosure of Personal Information beyond what is required to fulfill the specified purpose of the product or service.

 

18.     An Individual may withdraw consent orally or in writing, at any time, subject to legal or contractual restrictions. The Organization will inform the Individual of the implications of withdrawing consent.

 

19.     The Organization will not obtain consent from Individuals who are minors, seriously ill, or mentally incapacitated. Consent from these individuals will be obtained from a parent, legal guardian, or a person having power of attorney.

 

20.     The Organization is not required to obtain consent for the collection of Personal Information, and may use Personal Information without the Individual’s knowledge or consent, only if:

a)       It is clearly in the Individual’s interests and the opportunity for obtaining consent is not available in a timely way

b)       Knowledge and consent would compromise the availability or accuracy of the Personal Information and collection is required to investigate a breach of an agreement or a contravention of a federal or provincial law

c)        An emergency threatens a Individual’s life, health, or security

d)       The information is publicly available as specified in PIPEDA

 

21.     The Organization is also not required to obtain consent for the collection of Personal Information if the information is for journalistic, artistic, or literary purposes.

 

22.     The Organization may disclose Personal Information without the Individual’s knowledge or consent only:

a)       To a lawyer representing the Organization

b)       To collect a debt that the Individual owes to the Organization

c)        To comply legal proceedings of any sort

d)       To comply with government regulations

e)       To an investigative body for purposes related to the investigation of a breach of an agreement or a contravention of a federal or provincial law

f)         In an emergency threatening an Individual’s life, health, or security (the Organization will inform the Individual of the disclosure)

g)       To an archival institution

h)       20 years after the individual's death or 100 years after the record was created

i)         If it is publicly available as specified in PIPEDA

 

Accuracy, Retention, and Openness

23.     To minimize the possibility that inappropriate Personal Information may be used to make a decision about a Member, Personal Information will be accurate, complete, and as up-to-date as is necessary for the purposes for which it will be used.

24.     Personal Information will be retained as long as reasonably necessary to enable participation in the Organization programs, events, and activities, and in order to maintain historical records as may be required by law or by governing organizations.

 

25.     Personal Information will be protected against loss or theft, unauthorized access, disclosure, copying, use, or modification by security safeguards appropriate to the sensitivity of the Personal Information.

 

26.     The Organization will make the following information available to Individuals:

a)       This Privacy Policy

b)       Any additional documentation that further explains the Organization’s Privacy Policy

c)        The name or title, and the address, of the person who is accountable for the Organization’s Privacy Policy

d)       The means of gaining access to Personal Information held by the Organization

e)       A description of the type of Personal Information held by the Organization, including a general account of its use

f)         Identification of any third parties to which Personal Information is made available

 

Access

27.     Upon written request, and with assistance from the Organization after confirming the Individual’s identity, Individuals may be informed of the existence, use, and disclosure of their Personal Information and will be given access to that Personal Information. Individuals are also entitled to be informed of the source of the Personal Information, and provided with an account of third parties to which the

Personal Information has been disclosed.

 

28.     Unless there are reasonable grounds to extend the time limit, requested Personal Information will be disclosed to the Individual, at no cost to the Individual, within thirty (30) days of receipt of the written request.

 

29.     Individuals may be denied access to their Personal Information if the information:

a)       Is prohibitively costly to provide

b)       Contains references to other individuals

c)        Cannot be disclosed for legal, security, or commercial proprietary purposes

d)       Is subject to solicitor-client privilege or litigation privilege

 

30.     If the Organization refuses a request for Personal Information, it shall inform the Individual the reasons for the refusal.

 

Compliance Challenges

31.     Individuals are able to challenge the Organization for its compliance with this Policy.

 

32.     Upon receipt of a complaint, the Organization will:

a)       Record the date the complaint is received

b)       Notify the Privacy Officer who will serve in a neutral, unbiased capacity to resolve the complaint;

c)        Acknowledge receipt of the complaint by way of telephone conversation and clarify the nature of the complaint within seven

(7) days of receipt of the complaint

d)       Appoint  an  investigator  using  the  Organization’s  personnel  or  an  independent  investigator,  who  will  have  the  skills necessary to conduct a fair and impartial investigation and will have unfettered access to all file and personnel

e)       Upon completion of the investigation and within thirty (30) days of receipt of the complaint, the investigator will submit a written report to the Organization

f)         Notify the complainant the outcome of the investigation and any relevant steps taken to rectify the complaint, including any amendments to policies and procedures

 

33.     The Organization will not dismiss, suspend, demote, discipline, harass, or otherwise disadvantage any Organization Individual or Stakeholder who:

a)       Challenges the Organization for its compliance with this Policy

b)       Refuses to contravene this Policy or PIPEDA

c)        Takes precautions not to contravene this Policy or PIPEDA; even though said precautions may be in opposition to the regular duties performed by the Individual