of West Highland Baptist Church, Hamilton
Policy for the Protection of Personal Information
In the course of serving the needs of its congregation West Highland Fellowship Baptist Church collects personal information from members, adherents and guests. The purpose of this policy is to outline how we treat this information recognizing that it has been entrusted to us for safe keeping.
This policy was developed to meet the requirements of Federal Legislation that came into effect on January 1, 2004.
1.1 The Administrative Assistant to the Senior Associate Pastor is appointed as the personal information compliance officer (the "Officer").
1.2 All persons, whether employees, volunteers or members of the Board or any committees who collect, process or use personal information shall be accountable for such information to the Officer.
1.3 This policy shall be made available to church members and employees upon request.
1.4 Any personal information that is transferred to a third party for processing in subject to this policy. The Officer shall use contractual or other appropriate means to provide a level of protection of personal information that is comparable to this policy while the information is being processed by a third party.
1.5 Personal information to be collected, retained or used by the Church shall be collected, retained or used only with the knowledge of the Officer. Such information shall be secured in accordance with the instructions of the Officer.
1.6 Any person who believes that personal information is collected, retained or used by the Church other than for purposes explicitly approved by that person may contact the Officer to register a complaint or to make any related inquiry.
1.7 Upon receiving a complaint from any person with respect to the collection, retention or use of personal information, the Officer shall promptly investigate the complaint and notify the person who complained about his findings and corrective action taken, if any.
1.8 Upon receiving the response from the Officer, the person who filed the complaint may, if he or she is not satisfied, appeal to the Board of Deacons for an independent evaluation and response with respect to the complaint issue.
1.9 The determination of the Board of Deacons shall be final ad the Officer shall abide by and implement any of its recommendations.
1.10 The Officer shall communicate and explain this policy and provide training with respect thereto to all employees and volunteers, who may be in a position to collect, retain or use personal information.
1.11 The Officer shall prepare and disseminate information to the public that explains the Church’s position on personal policies and procedures.
2. Identifying Purposes
2.1 The Officer shall document the purpose for which personal information is collected in order to comply with the openness and individual access principles outlined below.
2.2 The Officer in order to comply with the "Limiting Collection” principle below shall determine the information that will be needed to fulfill the purpose for which the information is to be collected.
2.3 The Officer shall ensure that the purpose is specified at or before the time of collecting the personal information from an individual.
2.4 The Officer shall ensure that the information collected will not be used for any other purpose prior to obtaining the individual’s approval, unless law requires the new purpose.
2.5 The Officer shall ensure that a person collecting personal information will be able to explain to the individual the purpose for which the information is being collected.
2.6 The Officer shall ensure that "Limiting Collection” and "Limiting Use, Disclosure and Retention” principles are respected in identifying the purposes for which personal information is to be collected.
3.1 The Officer shall ensure that the individual from whom personal information is collected consents that the personal information may be collected, used and disclosed. By personally giving the information the individual, by implication, gives consent to its collection.
3.2 The Officer shall ensure that the individual can reasonably understand for what purpose and how the information will be used at the time the consent is given.
3.3 The Officer shall ensure that there is no condition attached to the supply of benefits, as a result of the Church’s activities, requiring the individual to provide consent for the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes.
3.4 The Officer shall ensure that express consent is obtained where the information given will be used for purposes other than what would normally be expected based on the reason for its collection.
3.5 In obtaining consent, the Officer shall ensure that the reasonable expectations of the individual are respected.
3.6 The Officer shall ensure that the express consent obtained from an individual is clear and in an appropriately verifiable form.
3.7 The Officer shall ensure that the individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The individual shall promptly be informed of the implications of such withdrawal.
4. Limiting Collection
4.1 The Officer shall ensure that personal information will not be collected indiscriminately. Both the amount and type of information collected shall be limited to that which is necessary to fulfill the purposes identified. The Officer shall specify the type of information to be collected, in accordance with the "Openness” principle.
4.2 The Officer shall ensure that the information is collected only by fair and lawful means without misleading or deceiving individuals about the purpose for which information is being collected.
4.3 The Officer shall ensure that the "Identifying Purposes” and "Consent” principles are followed in identifying the purposes for which personal information is to be collected.
5. Limiting Use, Disclosure, and Retention
5.1 The Officer shall ensure that personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual, or as required by law, and any use of personal information shall be properly documented.
5.2 The Officer shall ensure that all personal information is destroyed, erased, or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as permitted by law. There shall be an automatic review of the need to continue the retention of personal information on an annual basis. Except as required to be retained by law, all personal information shall be deleted, erased or made anonymous no later than seven years after the purpose for which it was collected has been completed.
5.3 The Officer shall ensure that all use, disclosure, and retention decisions are made in light of the "Consent” and "Identifying Purposes” and the "Individual Access” principles.
6.1 The Officer shall ensure that the personal information shall be accurate, complete and up-to-date as is reasonable taking into account the interests of the individual. The Officer shall ensure that the information is sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
6.2 The Officer shall ensure that the Church does not engage in routine updating of personal information unless such a process is necessary to fulfill the purposes for which the information was collected.
6.3 The Officer shall ensure that personal information used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.
7.1 The Officer shall ensure that the organization has security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The Officer shall ensure such protection of personal information regardless of the format in which it is held.
7.2 Depending on the sensitivity of the information, the Officer may permit reasonable discretion regarding the information that has been collected, the amount, distribution and format of the information, and the method of storage. A higher level of protection shall safeguard more sensitive information.
7.3 The Officer shall ensure that the methods of protection are sufficient. Such measures might include, but are not limited to:
(a) Physical measures, for example, locked filing cabinets and restricted access to offices;
(b) Organizational measures, for example, security clearance and limiting access on a "need-to-know” basis; and
(c) Technological measures, for examples, the use of passwords and encryption.
7.4 The Officer shall ensure that all employees and volunteers are aware of the importance of maintaining confidentiality of personal information.
7.5 The Officer shall ensure that care is taken when personal information is disposed of or destroyed to prevent unauthorized parties from gaining access to the information.
8.1 The Officer shall ensure that the Church is open about its policies and practices with respect to the management of personal information. The Policies and related practices shall be available without unreasonable effort and shall be made available in a format that is generally understood.
8.2 The Officer shall ensure that the information available shall include:
(a) The name or title, and the address, of the Officer who is accountable for the Church’s policies and practices and to whom complaints of inquiries can be forwarded;
(b) The means of gaining access to personal information held by the Church;
(c) A description of the type of personal information held by the Church, including a general account of its use;
(d) A copy of any brochures or other information that explain the Church’s policies, standards or codes; and
(e) What personal information is made available to related organizations.
8.3 The Officer shall ensure that the information that must be provided in accordance with 8.2 is available either in a brochure at the Church, online, or through the mail.
9. Individual Access
9.1 The Officer shall ensure that upon request, the Church shall inform an individual whether or not the Church holds personal information about the individual. Where possible, the source of the information shall also be provided. The Church shall allow the individual access to this information. However, the Church may choose to make sensitive medical information about its employees or volunteers available through a medical practitioner. The Church shall also provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.
9.2 The Officer may require the individual requesting their personal information to provide sufficient information to permit the Church to provide an account of the existence, use, and disclosure of personal information. Information obtained for this purpose shall only be used for this purpose.
9.3 Where the organization has provided personal information about an individual to third parties, the Officer shall ensure that report is as specific as possible.
9.4 The Officer shall ensure that the Church responds to an individual‘s request within a reasonable time. The requested information shall be provided or made available in a form that is generally understandable. For example, if the Church uses abbreviations, acronym or codes to record information, an explanation shall be provided.
9.5 The Officer shall ensure that when an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the Church shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.
9.6 The Officer shall ensure that when a challenge is not resolved to the satisfaction of the individual, the Church shall record the substance of the unresolved challenge. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
10. Challenging Compliance
10.1 The Officer is authorized to address a challenge concerning compliance with the above principles.
10.2 The Officer shall develop and put procedures in place to receive and respond to complaints or inquiries about the policies and practices relating to the handling of personal information. The compliance procedures shall be easily accessible and simple to use.
10.3 The Officer shall inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures.
10.4 The Officer shall investigate all complaints. If a complaint is justified, the Officer shall take appropriate measures, including, if necessary, amending the policies and practices.
The West Highland Fellowship Baptist Church web site is provided as a service to our church members, attendees and the Christian world at large. It contains a wealth of information and resources that will enrich all Christians. It also provides a door to salvation, which can be opened by people who are not aware that Jesus is the savior of the world.
Other User Information
We may request your e-mail address or mailing address for the purposes of conducting surveys to provide you with additional services (for example, subscriptions to e-mail newsletters, announcement lists or information about upcoming events or seminars). We maintain a strict NOSPAM policy that means we do not intend to sell, rent or otherwise give your e-mail address to a third party.
Our site maintains detailed statistics. None involve collection of any information on our registered users. They record; type of browsers, operating systems (derived from ‘type of browsers’) pages visited, number of visitors, and a myriad of stats on timelines for visits. These statistics enable us to determine popularity of content on the site’s pages. For example, if it is shown through these statistics that no one ever visits page ‘x’ then that would prompt us to re-evaluate it’s usefulness to the visitor. If the information contained therein were still deemed to have value then we would place an announcement on the home page to induce visitors to view it.
Children’s On-Line Privacy
West Highland Fellowship Baptist Church places the on-line privacy and safety of our children in the highest regard. Site registration may be done by children under 13 years old; we have no way of knowing this. So it is imperative that the parents of children become involved with their child’s access to the Internet. Many browsers and operating systems provide options for the limiting of on-line time, exclusion of offensive sites and other third party software such as Net Accountability that can provide high levels of restrictions. A great resource for kids and parents is www.protectkids.com.