Privacy Standards Policy
The Privacy Standards Policy and related procedures and guidelines for use are intended to ensure the proper collection, use, retention and distribution of personal information by the Moose River Heritage & Hospitality Association (MRHHA), and its agencies, to reflect the requirements of the PIPEDA. The Policy and its procedures and guidelines are to be followed by all individuals paid or unpaid at MRHHA.
Accountability
Staff and volunteers will be made aware of the importance of maintaining the security and confidentiality of personal information.
Collection
The MRHHA has a decentralized record management process for the collection, management, retention, and disposition of personal information collected from donors, subscribers, and clients. Information about employees or volunteers, whether full-time or part-time or contract is confidential and will not be shared with third parties.
Donations
Transaction Security
All Communications initiated through our online donations form(s) are transmitted via Secure Sockets Layer (SSL). The SSL protocol is the industry standard method for creating an encrypted, secure connection between your web browser and a web server. Online transactions are processed through trusted and secure third-party collection sites.
Computer and Network Systems
The MRHHA computer network systems and databases are secured by passwords and firewalls to which only authorized individuals have access.
Retention
Personal information will be retained by the MRHHA only for the duration it is needed to conduct its business and ensure statutory compliance. Once personal information is no longer required, it will be destroyed promptly, safely, and securely. However, certain laws may require that certain personal information be kept for a specified amount of time. Where this is the case, the law will supersede this policy. The MRHHA will take every reasonable precaution to protect personal information with appropriate security measures, physical safeguards, and electronic precautions. The MRHHA maintains personal information through a combination of paper and digital files. Where required by legislation, disaster recovery or business continuity policies, older records may be stored in a secure offsite location.
Definitions
Personal Information
Personal Information includes any factual or subjective information, recorded or not about an identifiable individual. This includes information in any form such as: home address or phone number, age, marital status, family members’ names, photographs or digital images of a person, employee files, identification numbers, evaluations, disciplinary actions, the existence of a dispute, opinions, comments, social status, income, credit records, donation information, loan records or medical records.
Commercial activity
The MRHHA does not participate in any transactional, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering, or leasing of donor, membership, or other fundraising lists to a third-party for profit.
Consent
Voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the
organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual. Consent occurs and is considered obtained by the MRHHA when an individual provides express consent orally, in writing or through an applicable online action. Before being asked to provide consent, individuals will be provided with reasons their personal information is being collected, how it will be used and stored and any disclosure or possible disclosure of information. Information, use of photos, or any content related to minors, must have a written consent form by a parent or legal guardian. No implied consent can be considered in the case of a minor.
Disclosure
Making personal information available to others outside the organization.
Use
Refers to the treatment and handling of personal information within an organization.
Statistical tracking
We do not store personal viewer data. However, we do track aggregated user data to evaluate the effectiveness of our Web site and help us improve our service. For example, we may compile statistics about our daily number of site visitors or specific page requests which we use to improve our site’s performance. We do not sell any information to a third-party, nor contact viewers.