| Promoting Truth & Reconciliation in Land Use Planning |
© Copyright - Shared Path Consultation Initiative i
Privacy Policy
Last updated: July 27, 2019
●
1. Preamble
The Shared Path Consultation Initiative (Shared Path) is dedicated to protecting members’ privacy and safeguarding members’ personal information. The Shared Path Privacy Policy sets forth the policies with respect to the processing of personal information collected in association with membership.
The purpose of this Privacy Policy is to inform members about the types of personal information Shared Path collects about them to provide them with membership benefits. It explains how Shared Path uses and discloses that information, the choices members have regarding such use and disclosure, and how members can correct this information. Shared Path primarily collects, uses, and discloses personal information for non-commercial purposes such as membership and communications.
From time to time, Shared Path may make changes to this Privacy Policy. The Privacy Policy is as current as the "last revised" date which will appear at the end of this document. Shared Path will treat personal information with great care in a manner consistent with the Privacy Policy under which it was collected, unless the organization has the member’s consent to treat their personal information differently. This Privacy Policy applies to any information Shared Path collects or receives about members, from any source including the website and social media accounts.
2. What this policy does not cover
This policy applies to the collection of information/data from members, vendors, partners and other Shared Path contacts for the purposes of operations and administration, and providing benefits and services to members. From time to time, Shared Path may engage in research projects alone or in partnership with granting organizations, universities and other organizations. In such cases, Shared Path would be governed by additional comprehensive research ethics protocols and guidelines for consent, research and data storage contained in documents such as the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (2010) and others.
3. Definitions
Personal Information (Data): includes information that can be used to identify an individual such as name, address, email address, date of birth, donations, etc. In the case of interests or opinions, it may be subjective, or it may be factual like a credit card number. Publicly available information such as the name, business address, or title of an employee or organization is not considered to be personal information.
Consent: occurs when someone agrees to an act, idea, request or proposal. It can be express or implied. Express consent; whether spoken, electronic or in writing, is clear agreement to a specific request until notified otherwise. Implied consent can be assumed when an individual acts in a manner that infers agreement or compliance. In both cases, individuals may withdraw consent at any time.
Third Parties: individuals or organizations external to the Shared Path Consultation Initiative.
4. Principles
This Privacy Policy sets out a summary of the principles and procedures that Shared Path follows in meeting its privacy commitments and complying with the requirements of the laws and regulations under applicable privacy laws in Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA). All personal information is held and maintained in accordance with PIPEDA and the ten principles set out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information, CAN/CSA-Q830-96, which are as follows:
4.1. Accountability
Shared Path has developed policies and practices to ensure accountability to the ten principles. These policies and practices are outlined later in this document. Shared Path has appointed a Chief Privacy Officer (contact information available at the end of this document) who is accountable for the organization’s compliance with the following principles. Staff and volunteers of the Shared Path are required to read and sign off on the Privacy Policy. Shared Path will never sell, trade or rent personal data to third parties. The information members provide may be shared with trusted service providers only in order to fulfil the purposes outlined in Section 7. The Shared Path shall use contractual or other means to provide a comparable level of protection if personal information is processed by a third party.
4.2. Identifying Purposes
The purposes for which Shared Path collects personal information are outlined in Section 7. If personal information is to be collected or used for a purpose not previously identified, the new purpose shall be identified prior to use.
4.3. Consent
Consent for the Shared Path to collect, use, or disclose personal information shall be sought at the time of the individual’s application for membership in the Shared Path or registration for/at an event hosted by the Shared Path. The form of the consent sought by the Shared Path may vary, depending upon the circumstances. Members may choose to withdraw their consent at any time which, depending upon the nature of the information, may result in the termination of their membership benefits with the Shared Path.
4.4. Limiting Collection
The Shared Path shall not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to provide the membership benefits identified by the Shared Path. See Section 5 of this document for details.
4.5. Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes. See Section 11 of this document for details.
4.6. Accuracy
It is the responsibility of the Shared Path member to ensure that their personal contact information is accurate, complete, and up-to-date. See Section 10 of this document for details.
4.7. Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. See Section 9 of this document for details.
4.8. Openness
This Privacy Policy document is made readily available to individuals via the Shared Path website so that they may access specific information about the Shared Path’s policies and practices relating to the management of personal information.
4.9. Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. See Section 10 of this document for details.
4.10. Challenging Compliance
Contact information for the appointed Chief Privacy Officer and procedures in place to receive and respond to complaints or inquiries about the Shared Path’s policies and practices relating to the handling of personal information, are available in Section 13.
5. Personal information collected by Shared Path
Shared Path only collects and has access to information that members voluntarily give the organization through registration, email or other direct contact. When members register with Shared Path they are asked to provide their basic contact information such as their full name, address, email, and phone number, as well as information about their occupation, employer and other information to determine their interest in the work done by Shared Path. Members may also be asked about the types or formats of information they are interested in receiving from Shared Path. This information is gathered so that the Shared Path can provide members with the membership benefits they request.
To be eligible for the Student membership rate, members will be asked to provide proof of enrolment at an accredited post secondary institution in each year that they are a Shared Path member. This information is collected to ensure the discounted Student membership rate is accessible to those with little or no income while they are in school. A copy of the member’s student card, current timetable or letter from the respective registrar’s office clearly showing their name and the name and address of the issuing school is sufficient. Scans or copies can be securely uploaded to membership or renewal forms or if preferred, can be emailed or sent by Canada Post to the Shared Path’s office address.
6. Information collection and storage
Once a membership is activated, members are given a one-time link to login to the Members Only portion of the website and asked to choose a new secure password. Once logged in to their account, a member may choose to share information about their work, research and interests with others in the Shared Path Member Directory, update their profile or upload an avatar.
Unless changed by members themselves, all information contained in member profiles is set to private by default. Shared Path will ensure that members’ personal information is handled in compliance with the privacy settings they select for their member profile. Wild Apricot, the member management software that stores contact information, member profiles and other data is located in Toronto.
7. Why personal information is collected or disclosed
Personal information is collected to provide members with general membership benefits such as access to the resources database, newsletters, and invitations to special events. In addition, under the Canada Not-for-Profit Corporations Act (CNCA), Shared Path must maintain a permanent register of the names and residential or business addresses of current and past members.
8. How personal information is used
Shared Path will not sell or rent members’ personal information to anyone. Shared Path will not share members’ information with third parties without their knowledge and consent. To obtain meaningful consent, Shared Path will provide the following information:
● the nature of the information collected or requested
● the person(s)/organization requesting the information
● the purpose(s) for collecting, using or disclosing the information
● any risk/harm or other consequences that might result
The Shared Path will without prejudice, clearly identify members’ options including their right to grant, decline, modify or withdraw consent.
9. Steps taken to protect personal information
To ensure the security and privacy of members’ data, the Shared Path member website uses traffic encryption (https). Members are asked to create their own unique password to access their online profile. Access to the membership database is protected by password, as well as antivirus and cybersecurity software. Physical documents containing members’ information are stored in a locked filing cabinet in a secured office space. Shared Path staff are required to regularly update their software and passwords. Wild Apricot, the member management software that stores contact information, member profiles and other data uses Amazon Web Services (AWS), one of the largest and most secure cloud hosts. Payment transactions are processed by a certified Level 1 Payment Card Industry Data Security Standard (PCI DSS)-compliant processor (Affinipay: https://affinipay.com/wild-apricot/) to ensure payment information is processed, stored and transmitted in a secure environment.
10. Access to personal information
Member profiles are only accessible by Shared Path’s account administrator and by the individual member through the password-protected portion of the Shared Path website. Members are encouraged to keep their passwords secure and personal information up-to-date to ensure it is accurate and complete. Members can also choose the kinds of information they wish to share with other Shared Path members and the broader public via the Shared Path website. Within the member profile, individuals can choose to receive information and announcements from Shared Path or opt out of any or all communications at any time.
Members may request to see the data stored by Shared Path at any time by submitting a request via email, phone, or in person at the address below:
Shared Path Consultation Initiative
720 Bathurst Street, Suite 321
Centre for Social Innovation (CSI Annex)
Toronto, ON M5S 2R4
(416) 642-3019
admin@sharedpath.ca
Shared Path will respond to inquiries within a reasonable timeframe.
11. Storage of Personal Information
In the event that a membership becomes inactive for any reason (termination, suspension, lapsed, or expires beyond the grace period identified in the Membership Policy), members will continue to be able to access their account information but will no longer appear in the Member Directory, and will be unable to access member-only pages/features on the website. If the membership remains inactive (e.g.: not reinstated or renewed), the account will be archived where it will be inaccessible to anyone other than the Shared Path staff member responsible for administering the membership database. In such cases, a member may request that certain information be deleted from the Shared Path database, such as events attended or research interests, however Shared Path will retain contact information to comply with CNCA requirements or as required by law.
12. Risks of sharing personal information with Shared Path
Unless required by law, Shared Path will only use members’ information for the purposes for which it was collected. Shared Path may use information collected from members in aggregate or anonymized forms; however, Shared Path will never publicly use photos from events, member profiles, information gathered from surveys, or any other personal or identifying information, without members’ consent. Shared Path will take all reasonable precautions to ensure that the information the organization has in its care is protected against unauthorized access using all reasonable physical, organizational and technological means at its disposal. This includes locked filing cabinets, passwords, passcodes, regular software updates, secure cloud storage, encryption, antivirus and anti malware protection. Payment transactions are processed by a certified Level 1 Payment Card Industry Data Security Standard (PCI DSS)-compliant processor (Affinipay: https://affinipay.com/wild-apricot/) to ensure payment information is processed, stored and transmitted in a secure environment.
As a consequence, Shared Path has not identified any meaningful risk associated with the collection, use or disclosure of the personal information gathered for the provision of membership benefits.
13. Redress
Shared Path has an appointed Chief Privacy Officer (CPO) who can work with members to address their privacy concerns.
Please contact Morgan Peters by email mpeters@sharedpath.ca or by phone 416-642-3019
Shared Path Consultation Initiative
720 Bathurst Street, Suite 321
Centre for Social Innovation (CSI Annex)
Toronto, ON M5S 2R4
(416) 642-3019
The redress process is generally as follows:
● The member will be asked to record their concern(s), either in writing or as a voice memo, and provide it to the CPO. While the CPO will require the member’s name and contact information to help address their concern, they may request that the CPO submit their concern anonymously to the Shared Path Board.
● Within four (4) weeks, the CPO will contact the member to review the details of the situation, including how they would like it to be addressed or remedied.
● The CPO will then prepare a written memo for the Shared Path Board, which they will share with the member and present at the next Board meeting.
● The Shared Path Board will review the memo and decide on a course of action, which will be recorded in the Board minutes.
● The CPO will notify the member either in writing or by phone of the Board’s decision within one week following the Board meeting.
● If the member is unhappy with the Board’s response, they will be invited to continue to work with the CPO and the Board to find a mutually satisfactory outcome.
http://www.pre.ethics.gc.ca/eng/archives/tcps2-eptc2-2010/Default/