CALEDON SKI CLUB
June 30, 2004
CALEDON SKI CLUB
The Caledon Ski Club (“CSC”) recognizes that an individual’s right to privacy is an essential right to be protected. We understand the importance in maintaining anonymity and protecting personal information in our care and control. Our relationship with those that support the CSC is founded on trust and we are committed to maintaining this trust.
A. AN OVERVIEW
1. WHAT THIS POLICY COVERS
a) personal information that is aggregated in such a manner that it cannot be connected to a person; therefore any personal information that has been anonymized will not fall under the protection of the PIPEDA;
b) personal information consisting of the name, address and telephone number of a subscriber that appears in a telephone directory that is available to the public, where the subscriber can refuse to have the personal information appear in the directory;
c) the name, title, business address, e-mail address or telephone number of an employee of CSC; or
d) information that is publicly available and is specified by regulation pursuant to the PIPEDA.
2. PERSONAL INFORMATION COLLECTED BY CSC
Date of Birth
Address (including e mail) Marital Status
Health Card Numbers
Skier / Snowboarder abilities Credit Card Information
be collected, used or disclosed by CSC includes but is not limited
Social Insurance Numbers
Contact Person / Next of Kin
Canadian Ski Instructor’s Association Accreditations
Canadian Ski Coach Federation Accreditations
Canadian Association of Snowboard Instructor Accreditations
3. GUIDELINES FOR INTERNET/ WEBSITE USERS
Please be advised that information voluntarily disclosed online in discussion areas or other public areas of our website can be collected, used and disclosed by third parties. Any submissions made to discussion areas or other public areas on our website are done at the user’s risk and on the understanding that such information may be accessible to third parties. CSC will not be liable or held responsible for any damages that may result from such user activity.
Personal information that may to the following:
4. HOW PERSONAL INFORMATION IS MAINTAINED
CSC does not sell, barter, trade or give away personal information to third parties. For example, we do not provide our member lists to other organizations regardless of how similar their services may be to ours. By supporting CSC, Participants have confirmed their commitment to our services. If Participants wish to obtain services from other organizations, then this is a personal decision to be made by the Participant alone. We will not intervene in a Participant’s decision by providing their personal information to such organizations.
Attendees: an individual who is not a member, but uses services or facilities offered by CSC. Collection: obtaining personal information from any source, including third parties, by any
Consent: the granting of voluntary permission regarding the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied.
Disclosure: to make known personal information to a third party.
Personal Information: information about an identifiable individual, but does not include the
name, title, or business address or telephone number of an employee of CSC.
Use: the treatment, handling and management of personal information by and within CSC.
C. APPLICATION OF THE CODE
CSC applies the ten principles of the Code as follows:
1. ACCOUNT ABILITY
a) developed procedures to protect personal information;
b) developed procedures to receive and respond to complaints and inquiries;
c) trained our staff about our policies and practices respecting personal information; and
d) developed and distributed information to our staff and the general public explaining our policies and procedures respecting personal information.
1.3 To ensure that all personal information that is transferred by CSC to third parties on the consent of the Participant is protected, CSC enters into legal agreements with all third parties who use personal information collected by us. These legal agreements seek to ensure that these third parties employ comparable levels of control over this personal information.
2. IDENTIFYING PURPOSES FOR WHICH PERSONAL INFORMATION IS BEING COLLECTED
CSC is committed to openness regarding its collection of personal information. CSC shall identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 CSC usually only collects personal information for the following limited purposes:
i) To establish and maintain records in order to provide services to:
a) Members and prospective members of CSC;
b) Students participating in CSC’s ski and snowboarding
c) Race participants;
c) individuals that own ski chalets on CSC property;
d) Attendees at CSC facilities;
e) to enter and fulfill transactions;
f) administration, billing, accounting and collection in relation
to Participant’s relationship with us;
ii) To establish and maintain our mailing lists;
iii) To communicate information pertaining to employees for the following purposes:
a) decision making regarding employees hiring, duties, transfer, training, discipline, promotion and retention;
b) recording and determining employees eligibility for participation in various CSC’s benefit plans, including life insurance coverage, group RRSP and personal or maternity leave, and the receipt of short or long term disability payments and the managing of such participation;
c) recording and maintaining employees personal information, attendance record, service award and bonuses record, performance evaluations, performance improvement plans, remuneration details, or maintaining any other necessary information for establishing, managing or terminating the employment relationship (including its related benefits), as well as the determination of the applicable income and benefits;
2.2 CSC shall specify either orally, electronically or in writing the identified purposes to the individual, at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individuals to the Privacy Officers who shall explain the purposes.
2.3 CSC shall not use or disclose for any new purposes, personal information that has been collected from Participants without first identifying and documenting the new purposes and obtaining the prior consent of the Participants unless required to by law.
2.4 Furthermore, if any Participant wishes to be advised of the personal information we have related to them, they can contact us at the address set out in Section D below.
CSC is committed to ensuring that Participants are aware of how their personal information is used. CSC is dedicated to obtaining the consent of individuals who provide us with their personal information. To this end, all our employees, personnel or agents are instructed to provide information about how we use personal information to all interested individuals who inquire, as well as obtain the consent of those who provide their personal information.
3.1 In obtaining consent, CSC shall use reasonable efforts to ensure that a Participant is advised of the identified purposes for which personal information collected will be used ordisclosed. CSCshallstatetheidentifiedpurposesinamannerthatcanbereasonably understood by the Participants.
3.2 CSC shall seek consent to use and disclose personal information at the same time it collects the information. However, if CSC decides to use personal information of a Participant for a new purpose, CSC shall obtain consent from the Participant before the personal information is used or disclosed for a new purpose.
3.3 CSC will only require Participants to consent to the collection, use or disclosure of personal information as a condition to CSC providing products or services to the Participant, if such collection, use or disclosure is required in order to fulfill the identified purposes.
3.4 As well, we may periodically request written confirmation from a Participant to ensure that the personal information collected and maintained by us is up-to-date and accurate. We also may ensure that we have continuing consent to the use and retention of personal information.
3.5 In determining the appropriate form of consent, CSC shall take into account the sensitivity of the personal information and the reasonable expectations of the Participant. For sensitive information, CSC will obtain express written consent at or before the time
3.6 CSC may collect, use and disclose personal information without the knowledge and consent of the individual, in accordance with the provisions of the PIPEDA.
3.7 A Participant may withdraw consent at any time, subject to legal or contractual restrictionsandreasonablenotice. ParticipantsmaycontactCSCattheaddresssetoutin Section D below for more information.
3.8 Please be advised that at no time does a Participant’s relationship with CSC require that they provide us with their personal information if they do not wish to do so.
Note: In certain circumstances personal information can be collected, used or disclosed without the knowledge and consent of the individuals. For example, legal, medical or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In addition, organizations that do not have a direct relationship with the individual may not always be able to seek consent. For example, seeking consent may be impractical for a charity or a direct marketing firm that wishes to acquire a mailing list from another organization. In such cases, the organization providing the list would be expected to obtain consent before disclosing personal information. (Clause 4.3 of Schedule 1 of the Act)
4. LIMITING COLLECTION
CSC limits the collection of personal information only to that information that is necessary for the limitedpurposesnotedabove. Inaddition,CSCiscommittedtocollectingpersonalinformationinafair, open and lawful manner. For this reason, CSC does not indiscriminately collect personal information. We collect personal information to fulfill the above-noted purposes only, and for no other purposes.
5. LIMITING USE, DISCLOSURE AND RETENTION
CSC does not use personal information for purposes other than those for which it was originally collected, unless it has first obtained the consent of the individual from whom such information was received or if required to do so by law. We retain personal information only for as long as it is needed and only for the fulfillment of the purposes for which it was originally collected or as required by law.
5.1 Only those CSC staff and employees whose duties reasonably so require, are granted access to personal information about Participants.
5.2 CSC will only keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances where personal information has been used to make a decision about a Participant, CSC shall retain, for a period of time that is reasonably sufficient to allow for access by the Participant, either the actual information or the rationale for making the decision.
5.3 CSC will destroy, erase or make anonymous any personal information that is no longer necessary or relevant for the identified purposes or required to be retained by law. Nevertheless, CSC shall maintain reasonable and systematic controls, schedules and practices for the retention and destruction of personal information.
CSC is committed to maintaining accurate, complete and up-to-date personal information. If a Participant is aware of changes to the personal information they have given to us, they can simply inform us of the changes and we will update our records accordingly.
Personal information that is collected by CSC is processed and maintained in Belfountain, Ontario. ParticipantsmaycheckandcorrecttheirpersonalinformationbycontactingthePrivacyOffice assigned to oversee the day-to-day care and control of personal information by writing or emailing a request to the address set out in Section D below.
6.1 Personal information used by CSC shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used and to minimize the possibility that inappropriate or incorrect information may be used to make a decision about a Participant.
6.2 CSC shall not routinely update personal information. CSC shall update personal information about Participants as and when necessary to fulfill the identified purposes or upon receiving notification by the individual.
CSC has developed and implemented security safeguards commensurate to the level of sensitivity of the information.
7.1 CSC shall implement security safeguards to protect personal information against such risks as theft or loss, unauthorized access, copying, use, modification or destruction.
7.2 CSC shall protect personal information with physical security measures, such as locked cabinet storage and restricted access to areas where personal information is stored.
7.3 CSC shall protect personal information with internal employee security measures, including restricted computer access, employee confidentiality agreements, and limited access to where personal information is stored. CSC will also ensure that any of our employees who deal with personal information are properly trained and are aware of the necessary and appropriate measures required to protect personal information.
7.4 CSC will use security safeguards, including password and encryption security measures, to prevent unauthorized access to personal information stored on computer systems.
7.6 Any personal information kept by CSC is disposed of or destroyed once it is no longer needed to meet the purposes for which it was collected. CSC will ensure appropriate measures regarding the destruction or disposal of personal information so as to prevent unauthorized parties from gaining access to the personal information.
CSC makes information about its policies and practices respecting the collection and maintenance of personal information available to all interested parties.
We are pleased to answer any questions that an individual may have regarding the collection and maintenanceofpersonalinformation. Pleaseforwardanyquestionsinwritingoremailtotheaddressset out in Section D below.
b) the means of gaining access to personal information held by CSC; and
c) a description of the type of personal information held by CSC including a general account of its use.
9. INDIVIDUAL ACCESS
Upon request, CSC shall inform an individual of the existence, use and disclosure of his or her personal information and shall give the individual access to that information. A Participant shall be able to challenge the accuracy and completeness of their personal information and have it amended as appropriate.
9.1 When an individual has inquired as to whether personal information concerning him or her has been collected, used or disclosed, CSC may require that the individual provide sufficient information to allow CSC to provide an account of the existence, use and disclosure of personal information. However, the information provided in response to CSC’s request shall only be used for the purpose of providing the account. Please forward a request in writing or e-mail to the address set out in Section D below.
9.2 Upon written request, we will inform an individual if we have any of their personal information in our care and control, as well as providing them with the details of such personal information. In responding to requests, CSC may charge a nominal fee. If we are unable to provide a Participant with access to all of the personal information that we hold, then the reasons for the denial of access will be provided.
9.3 Upon request, CSC shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, CSC shall provide a list of organizations to which it may have disclosed personal information.
9.4 We are also committed to ensuring that the personal information that is collected and maintained by us is correct, accurate and complete.
9.5 In certain situations, CSC may not be able to provide access to all of the personal information that it holds of a Participant. Exceptions include but are not limited to personal information that is prohibitively costly to provide, information that contains references or identifies the personal information of other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons or information that is subject to solicitor-client or litigation privilege. CSC shall provide the reasons for denying access upon request.
9.6 As well, Participants may challenge the completeness of their personal information under ourcareandcontrol. WhereaParticipantcansuccessfullydemonstratethatanerrorin the accuracy or completeness of their personal information exists, we will amend their personal information appropriately. Any unresolved differences to accuracy or completenessshallbenotedintheirfile. Whereappropriate,CSCshalltransmittothird parties having access to the personal information in question any amended information or the existence of any unresolved differences.
10. CHALLENGING COMPLIANCE
As noted above, CSC has designated a Privacy Officer who is responsible for the day-to-day care and control of personal information. This Privacy Officer will receive and respond to all information requests regarding our privacy policies or about personal information under our care and control. Equally, if a Participant wishes to be added or removed from any of the lists that CSC maintains, please write or email a request to the Privacy Office.
10.2 CSC shall put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information.
10.3 CSC shall inform Participants about the existence of these procedures as well as the existence of relevant complaint procedures.
10.5 CSC shall investigate all complaints received and will respond in writing in a timely manner. If a complaint is found to be justified, then we will take appropriate measures to resolve the matter including, if necessary, amending our policies and proceedings.
D. HOW TO ADD, REMOVE OR AMEND PERSONAL INFORMATION
If, at any time, Participants wish to amend their personal information with CSC, simply inform us in writing at:
Caledon Ski Club Privacy Office
17431 Mississauga Road Caledon, Ontario L7K 0E9
or by e-mail to: email@example.com
Please note that further information can be obtained as well as a copy of the PIPEDA through the
Privacy Commissioner of Canada’s web site at www.privcom.gc.ca