Protection of Privacy Act
Holy Trinity Ukrainian Orthodox Cathedral
The Protection of Privacy Act (PIPA) regulates how private sector organizations within British Columbia collect, use, disclose and retain personal information. PIPA also provides public access rights to certain records and personal information held by private sector organizational bodies in British Columbia and establishes a regime of independent review.
Act makes private bodies more accountable to the public and protects personal privacy by preventing the unauthorized collection, use or disclosure of personal information by private bodies, and oversight.
The congregation recognizes its obligation in maintaining confidentially of all its members information.
Congregation is committed to protecting the privacy, confidentiality, accuracy, and security of personal information collected, used, retained, and disclosed, in compliance with all applicable Canadian laws,
Congregation respecting privacy rights and personal information has always been an important part of our commitment to our members, volunteers, employees, and partners. The congregation recognizes and respects the importance of privacy and recognizes the sensitivity of personal information received by it, in the course of its congregational business.
The Protection and Privacy Act defines personal information as any recorded information about an identifiable individual including:
- race, national or ethnic origin, colour, religion, age or marital status
- education, medical, criminal or employment history of an individual or information about financial transactions
- any assigned identifying number or symbol
- address,
- private or confidential correspondence sent
- the name of the individual where it appears with other related personal information or where the disclosure of the name itself would reveal information about the individual.
The privacy policy has been developed with those exact obligations in mind.
Why Congregation Requires Personal Information
Information collected will include personal information about the congregation’s members along with individuals that are not members in accordance with the provision of the Act.
The membership directory contains personal information such as names, addresses, age, phone #, e-mail address, place of Baptism, children’s names, birthdays, and anniversaries.
This information is collected directly from members of the congregation who have voluntary provided this information to be included into the directory.
The personal information that is collected in the membership directory is used solely for the purpose of communicating with members of the congregation and facilitating member connections. This includes sending newsletters, event invitations and other important updates related to the cathedral.
Collection assists in tracking volunteers and their skills, tracks donations, provides receipts, Manages, and develop our organization and missionary work, Process payment for the products and services requested, Meet statutory and regulatory requirements, disclosure to the Ukrainian Orthodox Consistory, disclosure to other branches of the Ukrainian Orthodox Church of Canada, and to its affiliates.
Collection disclosure and use of personal information
(a) We identify purpose, obtain consent, limit collection, determine accuracy, provide openness.
(b) Information collected is limited to its original usage, and the congregation collects only amount required to achieve its specific use and purpose as set out in the PIPA. Information is shared on a need-to-know basis.
Congregation makes all reasonable efforts that information collected is accurate and complete by obtaining the information direct from the person whom the information pertains to. Congregation will also endeavour to keep personal information in active files as accurate and UpToDate as they become aware of changes.
PIPA is a consent-based statute, congregation must obtain an individual’s express or implied consent.
Express Consent: the individual signs the application, or other forms containing personal information, authorizing congregation to collect, use and disclose the individual’s personal information for the purposes set out in the application and/or forms.
Implied Consent: The organization may assume that the individual consents to the information being used, retained, and disclosed for the original purposes unless notified by the individual.
Upon joining the congregation, the congregation considers that an individual consents to the Cathedrals collection disclosure and use of the individual personal information deemed necessary to properly perform its duties to its members.
Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes.
Protection of Personal Information
Congregation takes the protection of personal information seriously.
All personal information collected is stored on secured servers and access to this information is restricted and provided on a need-to-know basis.
The administrator is responsible for protecting personal information collected. The administrator will destroy, erase, or make anonymous personal information about you that it no longer needs for the purpose for which it was collected or for a related or legal reason.
All inactive files or personal information no longer required are shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons.
Use of Personal Information
Congregation will use personal information without the individual’s consent, where:
The Act also permits the Congregation to collect, use or disclose personal information about an individual in some circumstances without the individual’s consent for the following instances.
(a) circumstances include (but are not limited to) situations in which:
(b) the collection, use or disclosure is clearly in the interests of the individual and
(c) consent cannot be obtained in a timely way.
(d) the collection, use or disclosure is reasonable for the purposes of an investigation or proceeding.
(e) the personal information is available to the public from a prescribed source.
(f) the collection, use or disclosure is required or authorized by a statute.
Retention of Personal Information
Congregation, for legal or business purposes, can legally retain personal information for as long as is reasonable.
Personal information will be retained in files as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations.
A file will be deemed inactive if the individual requests removal or is deceased or has ceased being a member and is inactive for 2 years.
Safeguards
Congregation will use physical, organizational, and technological measures to safeguard personal information to only those employees, volunteers, or third parties who need to know this information for the purposes set out in this Privacy Policy.
Board members, and committee are required to sign a confidentiality agreement binding them to maintain the confidentiality of all personal information to which they have access.
Active files are stored in secured filing cabinets when not in use. Access to active files is restricted to authorized members and authorized parties.
Technological Safeguards: Personal information contained in computers and electronic databases are password protected. Access to computers is also password protected.
By reviewing security update to ensure safety and oversee any possible vulnerabilities.
By training to ensure everyone is aware of the importance of maintaining security and confidentiality of personal information.
Any individual may rescind collection of personal information by calling the congregation office requesting deletion of their personal information or by electing at the time of application of membership.
Privacy Breach Notifications
“privacy breach” means the theft or loss, or the collection, use or disclosure that is not authorized, of any personal information in the custody or under the control of a public body.
Privacy Offences
An individual, other than an individual who is a service provider or an employee or associate of a service provider, who wilfully does any of the following commits an offence:
- collects personal information Without purpose, uses, disclose PI without authorization.
- fails to notify the head of a public body of unauthorized disclosure as required. commits privacy offence.
Right to Access Personal Information
PIPA give you the right to request access to your personal information and ask for Corrections if warranted and challenge its accuracy, if need be,
To view personal information and or request corrections, send written request to the administrator of the congregation that has custody or control of your personal identification.
Provide specific information, example date and program the information was collected.
Providing accurate information allows the administrator of the congregation to locate your personal information and provide same within a 30 day period.
Denying Access
Under some circumstances, the congregation may deny access to your personal information. Some examples include: the personal information was obtained or prepared by an investigative body specified in the regulations.
An individual’s ability to access his or her personal information under control of the
Congregation is not absolute. The law provides that the Congregation must not.
- disclose personal information where: the disclosure could reasonably be expected.
- to threaten the safety or physical or mental health of an individual other than the individual who made the request; reveal personal information about another individual; reveal
- the identity of an individual who has in confidence provided the Congregation with an opinion about another individual,
- and the individual providing the opinion does not consent to the disclosure of his or her identity.
Once access is granted, check for accuracy and completeness. If it is not, you can send a completed record correction form to the congregation to ask that corrections, additions or deletions be made.
Where a requested correction is not made, a note may be added to the Personal information to set out the individuals view on the matter.
Process for Enquiries and Complaints
PIPA Act gives you the right to complain on how the congregation handles your personal information. The congregation is to inform doners, members, employees of how to bring a request for access or complain.
A person who questions the accuracy of their personal information or has concerns about how their personal information is being handled may complain in writing to the congregation administrator who after investigating the complaint will respond to the person in writing.
If the individual is dissatisfied with the finding and the corresponding action, he or she may bring the complaint to the
Office of the information and Privacy Commissioner for British Columbia
PO Box 9038 Stn. Prov. Govt. Victoria B.C. V8W 9A4
e-mail info@oipc.bc.ca Tele# 250-387-5629