Privacy Policy

Policy Approved: February 24, 2020

Introduction

The federal and provincial governments have passed legislation that require charities and notfor-profit organizations to have in place by January 1, 2004 a privacy policy and public statement, plus a framework for practices to implement the policy and monitoring to ensure compliance.

The following is our Association’s privacy policy and statement, plus a set of principles to guide how we implement the policy in practice.

For YMCA Staff & Volunteers

The following Privacy Policy is to be included in our Association Human Resources Policies and published in our communication materials and on our website.

“The YMCA strives to ensure that volunteers and employees conduct their relationships with each other, participants and all other Association contacts with integrity, good judgement and fairness. The YMCA respects the right of individuals to the protection of their personal information. The YMCA is committed to maintaining the confidentiality, privacy, and accuracy of personal information it collects, uses and discloses about its participants, members, donors, parents/guardians, staff and volunteers.”

Protecting the Privacy of Personal Information

Personal information is information about an identifiable individual.

Examples of personal information include, but are not limited to, name, address, gender, age, ID numbers, income, racial or ethnic origin, relationship status, employee files, payment or medical/health records, assessments or evaluations.
An individual’s name does not need to be attached to the information in order for it to qualify as personal information.
Personal information does not include name, title, business address, or business phone number of an employee of an organization.

Available Resources

The following websites provide useful information on privacy:

Office of the Information and Privacy Commissioner/Ontario: https://www.ipc.on.ca
Privacy Commissioner of Canada: https://www.priv.gc.ca/en/

Privacy Protection Procedure

All staff and volunteers must protect personal information by following responsible information handling practices, in keeping with privacy laws. YMCA staff and volunteers having access to personal information must follow the ten fair information principles and steps for implementing these principles, in keeping with privacy laws. These principles form the ground rules for the collection, use and disclosure of personal information, as well as for providing access to personal information. Collection, use or disclosure of personal information must only be for purposes that a reasonable person would consider appropriate.

PIPEDA Fair Information Principles

Office of the Privacy Commissioner of Canada, revised May 2019

Principle 1 – Accountability

An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.

Principle 2 – Identifying Purposes

The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.

Principle 3 – Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

Principle 4 – Limiting Collection

The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.

Principle 5 – Limiting Use, Disclosure, and Retention

Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.

Principle 6 – Accuracy

Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.

Principle 7 – Safeguards

Personal information must be protected by appropriate security relative to the sensitivity of the information.

Principle 8 – Openness

An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.

Principle 9 – Individual Access

Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Principle 10 – Challenging Compliance

An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.

Ongoing Relevancy

The YMCA regularly reviews its policies and procedures to ensure we remain current with changing laws and evolving public expectations.

Privacy Officer

The Association’s Privacy Officer is responsible for ongoing monitoring of the privacy policy and practices to ensure compliance. Privacy breaches are to be reported to the Privacy Officer immediately. Any inquiries or concerns can be directed to the Privacy Officer at [email protected].