1. Purpose
The Drummond Hill Presbyterian Church has a Privacy Standards Policy applicable to all individuals, lay and ordained, paid and unpaid, who serve the church. This Policy will delineate the procedures regarding the proper collection, retention, and distribution of personal information.
2. Privacy Officer
2.1 The Session has been designated as the Privacy Officer of the Drummond Hill Presbyterian Church with responsibility to ensure compliance with the church's Standards Policy.
2.2 The Privacy Policy will be reviewed regularly.
3. Collection
3.1 Records containing personal information are kept in the office. These files will be identified and managed securely.
3.2 Our personal data bank, Gift Traq, has accepted and identified uses and remains internal to the church.
3.3 All individuals have access to their own personal information owned by the church.
4. Definitions
4.1 Personal Information: Any factual or subjective information, recorded (or not) in any format, about an identifiable individual. Personal information does not include the name, job title or business contact information of an employee of an organization.
4.2 The legislation considers personal information located in any format which would include any of the following: home address and phone number, age, marital status, family members’ names, employee files including photographic images, identification numbers, ethnic origin, evaluations, disciplinary actions, the existence of a dispute, opinions, comments, social status, income, credit records, donation information, loan records, and medical records.
4.3 Commercial Activity: Any particular transaction, act or conduct, or any regular course of conduct that is of a commercial (or fund-raising) character, including the selling, bartering for or leasing of donor, membership, or other personal lists.
4.4 Consent: Voluntary agreement with what is being done or proposed. Consent can either be expressed or implied. Express consent is given explicitly, either in writing or orally. Express consent is unequivocal and does not require any inference on the part of the organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual, for example, how registration forms are used for General Assembly.
4.5 Disclosure: Making personal information available to others outside the organization.
4.6 Use: Refers to the treatment and handling of personal information within an organization.
5. Principles
There are 10 principles established by Schedule 1of the Personal Information Protection and Electronic Documents Act of Canada that describe the handling of personal information. These principles include: accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access, and provision of recourse.
5.1 Accountability:
It is our intent to comply with all of the principles listed above.
> establish a Privacy Officer to ensure compliance
> establish Privacy Contacts to work with the Privacy Officer
> perform an annual review of Privacy Policy
> protect all personal information held by the PCC or transferred to a third party for processing
> instruct that each department follow the established procedures for the collection, retention, and distribution of information in their care and assign personal information to one of the following categories:
Level 1 – Highly Confidential or Highly Restricted (medical, financial, legal, disciplinary)
Level 2 – Confidential (performance reviews, salary, disability leaves, home contact info)
Level 3 – General Information
5.2 Identify the Purpose:
We will identify the reasons (especially with respect to matters of commercial activity) for collecting personal information before or at the time of collection. Each department will review all personal information holdings to ensure they are all required for a specific purpose.
> we will ensure that the purposes for which personal information is used are limited to what a reasonable person would expect under the circumstances.
5.3 Obtain Consent:
For information collected by the Drummond Hill Church, implied consent will be the norm, subject to ongoing review by the Session.
5.4 Limit Collection of Personal Information:
> the Drummond Hill Church will limit the amount and type of personal information collected based on what is necessary for the identified purposes.
> identify the type of personal information needed and the handling policies for same.
> ensure that the staff can explain why the information is needed.
5.5 Limit the Use, Disclosure and Retention:
> establish the best practices/legal requirements which will be used for overall records management in the office. This will involve maintaining appropriate records disposition, when timely, for the records that contain personal information.
> dispose of personal information that is no longer needed – document any new purpose for the use of personal information.
> dispose of any information that does not have a specific purpose or that no longer fulfils its intended purpose.
> ensure appropriate means of disposal for personal information such as shredding or deleting electronic records.
5.6 Accuracy:
Information on an individual collected by the Drummond Hill Church is to be as complete and up-to-date as possible — taking into account its use and the interests of the individual.
5.7 Safeguards:
We take seriously our responsibility to protect personal information against loss or theft, to safeguard the information from unauthorized access, disclosure, copying, use or modification, and to protect personal information regardless of what format it is stored on.
We will review and update security measures regularly taking the following factors into consideration in selecting appropriate safeguards:
> sensitivity of the information
> amount of information
> extent of distribution
> format of the information
> type of record
5.8 Openness:
We will inform donors, volunteers, and employees of our policies for the management of personal information.
5.9 Access:
When requested, we will inform individuals of any personal information that is held on them including: how the information is or has been used, and we will provide a list of any organizations to which it has been disclosed. Individuals will have access to their personal information. We will correct or amend any personal information if its accuracy and completeness is challenged or found to be deficient.
5.10 Recourse:
We encourage you to contact us with any questions or concerns you have about this privacy policy. If you have a question concerning this policy or if you have a complaint, please contact: Session of the Drummond Hill Church, 6136 Lundy's Lane, Niagara Falls, ON L2H 2V6 or via email: dhsession@gmail.com.
6. Exceptions to the Consent Principles re. Collection, Use and Disclosure
If it is clearly in the individual’s best interests and consent is not available in a timely way.
If personal information is required to investigate a breach of an agreement or contravention of a federal or provincial law.
Information used solely for journalistic, artistic, literary purposes or for statistical or scholarly study or research is exempted from the Act.
If it is publicly available.
For an emergency that threatens an individual’s life, health, or security.
The Drummond Hill Church may disclose and use personal information without consent:
To a lawyer representing the Drummond Hill Church.
To collect a debt an individual owes the Drummond Hill Church.
To comply with a subpoena, warrant, or order made by a court or other judicial body.
To a lawfully authorized government authority.
7.0 Online Donations Policy
The Drummond Hill Church has policies and procedures designed to protect the privacy of our people who donate on-line. We will never share or sell your personal information with any external organization. Any personal information (including name, address, credit card number, phone number etc.) are protected internally. All personnel with access to personal information are aware of our policies.
All donation transactions use the highest standard of security. Transactions take place on redundant Servers using SSL (Secure Socket Layer) encryption for the secure exchange of data between you and the payment engine. The system supports 128bit SSL encryption on virtually all browsers.