Purpose
The purpose of this document is to describe the policies and practices employed by the Probus Club of Ottawa- Rideau Valley, hereafter known as the Club, to comply with the principles set out in the Model code for the protection of personal information CAN/CSA-Q830-96.
Principle 1 – Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
- Accountability for the Club’s compliance with the principles rests with the Club President, who delegates actions to members of the Management Committee.
- The Club is responsible for personal information in its possession or custody, and shall not transfer the information to any third party for processing without contractual or other means of providing a comparable level of protection while being processed.
- The Club shall implement policies and practices to give effect to the principles including: implementing procedures to protect personal information; establishing procedures to receive and respond to complaints and enquiries; developing information to explain the Club’s policies and procedures.
Principle 2 – Identifying Purposes
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Personal information is collected from members solely to allow the Management Committee to communicate with the members and to maintain an archival record of Club members. The information shall be limited to that required for these purposes. These purposes shall be identified to the member by notification on the membership application and renewal application forms.
- If personal information collected is to be used for a purpose not previously identified, the consent of the individual shall be obtained prior to use for that purpose.
Principle 3 – Consent
The knowledge and consent of members is required for the collection, use, or disclosure of personal information except where inappropriate.
- Membership and renewal forms shall clearly advise the member of the purposes for which the information will be used and shall seek consent by signature for the use or disclosure described.
Principle 4 – Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means
- The Club shall collect only that information shown in the membership and renewal forms.
Principle 5 – Limiting Use, Accuracy, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual. Personal information shall be retained only as long as necessary for the fulfilment of those purposes. If it is proposed to use personal information for a new purpose, the purpose shall be documented.
- Personal information obtained through membership and renewal forms shall be retained by the member of the Club Management Committee responsible for membership, who shall maintain a membership list containing the information collected.
- The membership list shall be distributed only to Club Management Committee members having a need to communicate with the membership.
- The personal information shall be retained, as a minimum, while the member is in good standing and as a maximum for five years thereafter.
- Personal information no longer required to fulfil the identified purposes, shall be erased from the membership list and the original application forms destroyed.
- The only exception to the above shall be a list of member’s names and year of joining the Club, retained for archival purposes by the Management Committee.
Principle 6 – Accuracy
Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- The membership information shall be updated as requested by the individual members to maintain communications and at membership renewal time.
Principle 7 – Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- The personal communication information retained is considered of low sensitivity and will be safeguarded as such.
- The Club Management Committee member responsible for membership shall maintain the list on a personal computer file as appropriate, together with an eMail contact list which will be used for all notices to members using the Bcc message field.
- The member responsible for surface mailing notices shall be provided with an up to date list of addresses.
- Membership lists provided to Management Committee members for any other purpose shall not be copied or communicated to anyone outside the Committee and shall be destroyed when the action required has been completed.
Principle 8 – Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- This document shall be posted on the Club website (https://www.probusorv.ca)
- The membership applications shall include the following statement to be signed by the member:
I/We agree that the Management Committee may use the above personal information for internal Club use. Members’ names will not be made available to individuals or organizations outside the Club.
- Complaints or inquiries can be forwarded to: THE PRESIDENT, The Probus Club -Ottawa Rideau Valley
- Personal information retained by the Club can be reviewed by contacting the membership member of the Management Committee at any Club meeting.
Principle 9 – Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Personal information retained by the Club can be reviewed by contacting the membership member of the Management Committee at any Club meeting. The information shall be mended on request.
Principle 10 – Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual accountable for the organization’s compliance.
- Any challenge should be addressed to the President as shown in principle 8. The Club President shall receive and investigate complaints or inquiries about policies and practices for handling personal information and if justified shall take appropriate measures, including, if necessary, amending the Club’s policies and practices.