Invasive Species Council of British Columbia

Privacy Policy

1. Background

The Invasive Species Council of B.C. (the “Council”) recognizes the value of its relationships with donors, members, volunteers and employees, and is committed to respecting and protecting their personal information. We value the trust of those we deal with, and of the public, and recognize that maintaining this trust requires transparency and accountability in our treatment of the information that is entrusted in us.

To meet these goals, the Council complies with the British Columbia Personal Information Protection Act (PIPA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA). Our privacy policy adheres to the 10 principles that comprise the Canadian Standards Association Model Privacy Code and form the basis of this legislation.

Definition of Personal Information

Personal information includes any factual or subjective information, recorded or not, about an identifiable individual. Personal information does not include the business contact information of an individual.

2. Accountability

An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.

  1. Accountability for the Council’s compliance with privacy legislation rests with the designated Privacy Officer. The name and contact information of the Privacy Officer will be made available to interested individuals through the Council’s website, this policy or upon enquiring of the Council’s staff.
  2. We are responsible for personal information in our possession, including information that has been transferred to a third party for processing. In cases where such transfers take place we ensure that the third party has comparable privacy safeguards in place.

3. Identifying Purposes

The purposes for which personal information is collected shall be identified by the Council when or before the information is collected. The purposes will be limited to those which are related to our business and which a reasonable person would consider to be appropriate in the circumstances. We collect personal information concerning our employees, donors, potential donors, volunteers and members for the following reasons:

  1. To provide them with information about how donated funds are used by the Council;
  2. To keep them informed about the Council’s activities;
  3. To promote opportunities for them to support the Council;
  4. To build and maintain relationships;
  5. To appropriately acknowledge and steward the gifts of donors;
  6. To comply with Canada Revenue Agency requirements;
  7. To protect against fraud;
  8. To carry out appropriate human resource management.

4. Consent

The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.

  1. The principle requires “knowledge”, and the Council will make a reasonable effort to ensure that individuals know – are aware of – the purposes for which information is collected at the time of collection.
  2. The manner in which the Council obtains consent for the collection of personal information varies with the sensitivity of the information being collected. PIPA makes provision for different kinds of consent depending on the situation: express and deemed consent, as well as consent by not declining consent (by not opting out). Individuals can give consent to the Council:
    • In writing, such as when completing an online donation form or signing a Memorandum of Support to become a Member;
    • Through an opt-out-process, either by checking off a box on a response form or by contacting the Council;
    • Orally, either in person or by telephone.
  3. Individuals may withdraw consent at any time, by any means, with reasonable notice to the Council. This notice period will not exceed one month.
  4. The Council may collect, use and disclose personal information without consent if that information is considered by law to be in the public domain. Sources of public information include telephone and professional directories, newspapers, periodicals and public registries.

5. Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

The Council will not collect information indiscriminately. It is limited to that which is necessary and reasonable to fulfill the purposes identified in “2. Identifying Purposes”. The Council will collect personal information by lawful means and will not mislead individuals about the purposes which information is being collected. Types and means by which information is collected by the Council include:

  1. Information collected automatically from the Council’s website
    1. The internet protocol address and domain name used. The internet protocol address is a numerical identifier assigned either to the donor’s internet service provider or directly to the donor’s computer. This address can be translated to determine the domain name of the donor’s service provider (e.g. bcinvasives.ca);
    2. The type of browser and operating system;
    3. Date and time of the visit; and
    4. The web pages or services accessed.
  2. Information collected directly from a donor
    • The Council will collect and record personal information provided to us by individuals through correspondence, conversations, meetings, conferences, donations, and other forms of communications.
  3. Information collected from public sources

    These types of information and means of collection are not intended to be an exhaustive list, and the Council may collect other information about an individual from time to time as is consistent with the purposes identified in “2. Identifying Purposes”.

    6. Limiting Use, Disclosure and Retention

    Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

    1. When the Council uses personal information for purposes other than those given at the time of collection, consent will be obtained for these purposes.
    2. The Council does not sell, rent or trade mailing lists.
    3. Personal information is disclosed only to third parties who have signed an agreement binding them to the Council’s privacy policies.
    4. The Council will not use electronic information to determine an individual’s identity unless required to do so as a part of an internal investigation or other law enforcement purpose, nor will the Council disclose personal information to third parties unless required to do so by law.
    5. Personal information will be retained as long as the purpose for which the information was originally collected remains valid.

    7. Accuracy

    Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

    The Council will use its best efforts to ensure that information that is used on an ongoing basis, including information that is disclosed to third parties, and information that is used to make a decision about an individual (such as a giving recognition category) is accurate, complete and up-to-date.

    8. Safeguards

    Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

    1. The Council is obligated to protect individuals’ personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal. Security measures have been integrated into the day-to-day operating practices of the Council.
    2. We will make our employees aware of the importance of maintaining the confidentiality of personal information and will exercise care in the disposal and destruction of personal information to prevent unauthorized parties from gaining access to it. All employees and volunteers having access to personal information are required to sign an oath of confidentiality.
    3. Our methods of protection include physical measures (e.g. locked filing cabinets, restricted access to offices), organizational measures (e.g. security clearances as appropriate and limiting access to a ‘need-to¬-know’ basis) and technological measures (e.g. use of security passwords and encryption).
    4. Third parties are expected to safeguard personal information entrusted to them in a manner consistent with the policies of the Council and are required to sign a confidentiality agreement as part of all contracts. Examples of third parties include mailing and photocopy services, payroll services and data analysis providers.

    9. Openness

    An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

    1. The Council is open about privacy policies and procedures concerning the management of personal information and makes them readily available in a form that is generally understandable.
    2. The information made available includes:
      • The name or title and contact information of the Privacy Officer who is accountable for compliance with the Council’s policies and procedures, and to whom complaints or inquiries can be forwarded;
      • The means of gaining access to personal information held by the Council;
      • A description of the types of personal information held by the Council;
      • A copy of any document that explains the Council’s policies, procedures, standards or codes; and
      • The types of information made available to third parties.

    10. Individual Access

    Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

    1. The Council will respond to an individual’s request within a reasonable length of time, but no longer than one month. While our response will typically be provided at no cost to the individual, depending on the nature and amount of information involved, we reserve the right to impose a fee to recover our costs.
    2. The requested information will be made available in a form that is generally understandable. For example, where the Council uses abbreviations or codes to record information an explanation of those codes will be provided.
    3. For the Council to provide an account of the existence, use and disclosure of personal information, an individual may be asked to provide additional information to aid in the search. The additional information provided will be used only for this purpose.
    4. Upon request, the Council will provide specific information about third parties to whom personal information has been disclosed.
    5. When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the Council will amend the information as required. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
    6. Individuals may review the personal information the Council has recorded for that individual and only that individual. Individuals may also provide written permission to the Council to permit another individual to review the personal information the Council has recorded for that individual but only for that individual.

    11. Challenging Compliance

    1. An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
    2. The name of the Privacy Officer will be known to staff. The Council will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures will be straightforward.
    3. Individuals who make inquiries or lodge complaints will be given information by the Council of the existence of relevant complaint procedures.
    4. If a complaint is found to be justified, the Council will take appropriate measures, including revision of the personal information, and, if necessary, amendment of the Council’s policies and practices.
    5. The Privacy Officer will report all complaints or challenges under this policy to the Finance and Fund Development Committee

    Policy Review

    This policy will be reviewed every 3 years or as required.

    How to contact the Privacy Officer

    Inquiries, complaints or access requests should be addressed to: Privacy Officer, Invasive Species Council of B.C., #72 7th Ave South, Williams Lake, British Columbia V2G 4N5; Email: info@bcinvasives.ca, Subject: Privacy