At Closer to Home Community Services Society (CTH), we are committed to providing our members, clients, employees, volunteers, business partners and donors with exceptional services. Protecting the privacy and confidentiality of personal information is an important aspect of the way we conduct business.
The Organization1 strives to protect and respect personal information of its stakeholders2 in accordance with all applicable regional and federal laws. We will inform members, clients, employees, business partners, funders and donors of why and how we collect, use, and disclose their personal information in an appropriate, responsible, and ethical manner.
CTH obtains personal information directly from the individual to which the information belongs or through third parties3. Individuals are entitled to know how the Organization uses personal information and this organization will limit the use of any personal information collected only to what is needed for those stated purposes. We will obtain individual consent if personal information is to be used for any other purpose and will not use that information without the consent of the individual.
I. Personal Information
Personal information is defined as any identifying information about an individual or group of individuals, including name, date of birth, address, phone number, e-mail address, social insurance/security number, nationality, gender, health history, financial data, credit card numbers, bank account numbers, assets, debts, liabilities, payment records, credit records, loan records, opinions, and personal views.
II. Business Information
Information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number. Contact information is not covered by this Policy or PIPA.
Consent occurs and is obtained when an individual signs an application or other form or provides consent verbally which is noted, thereby authorizing the Organization to collect, use, and disclose the individual’s personal information for the purposes stated on the form or in the Appropriate Use section of this policy. This policy applies to all personal information within the possession and control of the Organization, informs all parties of our commitment to privacy and establishes the methods by which privacy is ensured. CTH assumes full accountability for the personal information within its possession and control.
Each employee must abide by the following procedures and practices when handling personal information:
I. Collection of Personal Information
CTH obtains personal information directly from the individual to which the information belongs. Individuals are entitled to know how CTH uses personal information and this organization will limit the use of any personal information collected only to what is needed for those stated purposes. CTH will obtain individual consent if personal information is to be used for any other purpose. CTH will not use that information without the consent of the individual.
II. Using and Disclosing Personal Information
CTH vows to protect personal information with the appropriate security measures, physical safeguards, and electronic precautions. The Organization maintains personal information through a combination of paper and electronic files. Where required by law or disaster recovery/business continuity policies, older records may be stored in a secure, offsite location.
- Access to personal information will be authorized only for the employees and other agents of CTH who require the information to perform their job duties, and to those otherwise authorized by law.
- Our computer and network systems are secured by complex passwords. Only authorized individuals may access secure systems and databases. • Active files are kept in locked filing cabinets.
- Routers and servers that are connected to the Internet are protected by firewalls, and are further protected from virus attacks or “snooping”4 by sufficient software solutions.
- Personal information is not transferred to volunteers, summer students, interns, or other non-paid staff by e-mail or any other electronic format.
- All volunteers, interns, contractors, and staff must sign a Non-Disclosure Agreement before working with any client data.
- Information about the organization collecting the data.
- How the data will be used.
- With whom the data may or may not be disclosed.
- What options are available to the individual regarding the collection, use, and disclosure of personal information?
- The information technology security procedures in place that protect against the destruction, loss, theft, alteration, or misuse of personal information under our possession and control.
- How the individual may access and correct any inaccuracies in their personal information.
- CTH may share compiled demographic information with its business partners and/or advertisers, but no personal information that can identify any individual person shall be disclosed.
- This website may contain links to other sites, but Closer to Home Community Services Society is not responsible for the privacy practices of other organizations’ sites.
- While IP addresses will be logged in order to administer the site, track visitor movement, and gather demographic information, these IP addresses will not be linked to any personally identifiable information.
- Any registration or order form asking site visitors to enter personal or financial information will be protected by SSL encryption.
- Site visitors are given the choice to opt out of having their personal information used at the point where the information is gathered.
- In most instances, CTH will grant individuals access to their personal information upon presentation of a written request and satisfactory identification. If an individual finds errors of fact with his/her personal information, they are asked to notify CTH as soon as possible to make the appropriate corrections. Should CTH deny an individual’s request for access to his/her personal information, CTH will advise, in writing of the reason for such a refusal. The individual may then challenge the decision.
The Organization may use personal information without the individual’s consent under particular circumstances. These situations include, but are not limited to:
- CTH is under obligation by law to disclose personal information in order to adhere to the requirements of an investigation of the contravention of a regional or federal issues, under the purview of the appropriate authorities.
- An emergency exists that threatens an individual’s life, health, or personal security.
- The personal information is for in-house statistical study or research.
- The personal information is already publicly available.
- Disclosure is required to investigate a breach of contract.
We will not use or disclose personal information for any additional purpose unless we obtain consent to do so, or if it is included in the exceptions listed above in compliance with The Personal Information Protection Act (PIPA) of the Government of Alberta. We will not sell member/donor/client/employee lists or personal information to other parties.
III. Retaining Personal Information
Personal information will be retained only as long as necessary to fulfill the identified purposes or a legal or business purpose.
IV. Ensuring Accuracy of Personal Information
CTH will make reasonable efforts to ensure that stakeholder information is accurate and complete where it may be used to make a decision about them or disclosed to another organization.
Stakeholders may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. A request to correct personal information should be forwarded to the Privacy Officer.
If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information in the previous year. If the correction is not made, we will note the members’ correction request in the file.
The Organization will retain personal information only for the duration it is needed for conducting business. Once personal information is no longer required, it will be destroyed in a safe and secure manner. However, certain laws may require that certain personal information be kept for a specified amount of time. Where this is the case, the law will supersede this policy.
V. Securing Personal Information
We are committed to ensuring the security all stakeholders’ personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal, or similar risks. The following security measures will be followed to ensure that stakeholders’ personal information is appropriately protected:
- Paper information is either under supervision or secured in a locked or restricted area.
- Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords and encryption are used on all devices.
- Paper information is transmitted through sealed, addressed envelopes or in boxes by reputable courier/delivery companies.
- Electronic information is transmitted either through a direct line or is encrypted.
- Staff are trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance with this policy.
- External consultants and agencies with access to personal information will provide CTH with appropriate privacy assurances and a signed non-disclosure agreement.
CTH will use appropriate security measures when destroying personal information such as shredding documents, deleting electronically stored information. We will ensure that all records are destroyed, or personal information rendered non-identifying when information is no longer needed. The records will be destroyed in a reasonable time frame. The Organization will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
VI. Providing Access to Personal Information
All stakeholders have a right to access their personal information, subject to limited exceptions. A full listing of the exceptions to access can be found in section 24 of PIPA. Some examples include: solicitor-client privilege, disclosure would reveal personal information about another individual, health and safety concerns.
A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought. A request to access personal information should be forwarded to the Privacy Officer.
Upon request, we will tell employees how we use their personal information and to whom it has been disclosed if applicable. We will make the requested information available within 30 business days or provide written notice of an extension where additional time is required to fulfill the request.
A minimal fee may be charged for providing access to personal information. Where a fee may apply, we will inform the member/client/employee of the cost and request further direction from the individual on whether or not we should proceed with the request.
If a request is refused in full or in part, we will notify the employee in writing, providing the reasons for refusal and the recourse available to the employee. Please refer to Freedom of Information Protections (FOIP) for more details on access to personal information.
VII. Questions and Complaints
The Privacy Officer is responsible for ensuring CTH is in compliance with this policy and the Personal Information Protection Act.
Members should direct any complaints, concerns or questions regarding CTH compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the member may also write to the Information and Privacy Commissioner of Alberta.
CTH will investigate and respond to concerns about any aspect of the handling of personal information. This organization will address concerns to the best of its abilities.
1 Closer to Home Community Services Society
2 Stakeholders are: members, clients, employees, volunteers, business partners and donors
3 Examples of third parties that provide information are Canada Helps, United Way etc.