As part of our work, the Canadian Council for Refugees (CCR) frequently gathers and uses personal information from donors, members, participants at consultations, webinars and other CCR activities, individuals purchasing resources or signing up for electronic communications and individuals affected by Canadian immigration policies and practices. Personal information is any information that can be used to distinguish, identify or contact a specific individual, including name, email address, address and financial information.
The Canadian Council for Refugees is committed to carefully protecting all personal information and using it only for the purpose for which it was collected, subject to the individual’s consent.
Accountability – The CCR recognizes that we are responsible for all personal information under our control.
Identifying Purposes – The CCR will identify the purposes for which personal information is collected at or before the time the information is collected.
Consent – The CCR will ensure that the knowledge and consent of the individual are obtained for the collection, use, or disclosure of personal information, except where inappropriate.
Limiting Collection – The CCR will only collect personal information that is necessary for the purposes identified. Information will be collected by fair and lawful means.
Limiting Use, Disclosure and Retention – The CCR will ensure that personal information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes.
Accuracy – The CCR will ensure that personal information under our care is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Safeguards – The CCR will protect personal information by security safeguards appropriate to the sensitivity of information. The CCR is conscious of the particular need for sensitivity with regard to personal information of individuals who have fled persecution or who do not have permanent status in Canada.
Openness – The CCR will make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Individual Access – Upon request, an individual will be informed by the CCR of the existence, use, and disclosure of their personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Provide Recourse – The CCR will ensure that an individual is able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
You have concerns?If you have concerns or questions about the CCR's protection of personal information, or you want to complain about a breach of the Privacy Policy, please send an email to privacy@ccrweb.ca |
APPLICATION OF PRIVACY POLICY
Privacy officer
Responsibility for ensuring that CCR complies with the Privacy Policy lies with the Director of Operations.
Participation at CCR meetings
- In the registration process, we only collect from participants personal information necessary for registration, meeting planning and networking purposes.
- A printed list of participants with contact information is given to participants to facilitate networking. The registration process offers participants the option to decline to have their contact information included in the participants’ list. The participants’ list will not be posted online.
- During CCR meetings, CCR photographers may take photos for the purposes of documenting the meeting. Participants have the option of sitting in a “no photo” part of the meeting, in which case they will not be photographed.
- CCR’s policy on Photography, filming and audio recording prohibits participants from recording or taking photos during CCR sessions. Photos or recordings may be made outside the CCR sessions, but ONLY after explaining the purpose and obtaining permission of each person photographed, filmed or recorded.
- Resource persons at CCR consultations are given the option of not having their name included in the consultation report published online.
Personal case information
- We receive personal information related to individual cases, for the purpose of intervening on behalf of the individuals or providing advice. The information will only be disclosed to persons within the CCR who need access to it for the intended purpose and will not be disclosed to anyone outside the CCR without the consent of the individual.
- We collect and publish personal stories for the purposes of illustrating issues of concern to the CCR. The CCR will not publish any personal stories without the consent of the individual. We will usually use a pseudonym. In certain circumstances (e.g. when the case is already in the public domain) we may use the person’s real name, but only with the person’s consent.
- We store personal case information securely.
- An individual has the right to withdraw consent but must be aware that it may be impossible for the CCR to erase a photo (or other information) from all materials.
- We regularly receive individual case information from member organizations: in these situations, we communicate clearly the need for consent to the member organization, which will be responsible for obtaining consent.
Payment information
- Credit cards: We receive payments by telephone, in person or through the mail. The information about the card is kept in a safe place and destroyed :
- 60 days after the transaction is approved for a one-time payment (donation, registration or )
- Until credit card number expires or the donor withdraws his consent for monthly donors
Online payments: While using Beanstream for processing credit card payment, we have restricted access to credit card information and no information on card numbers.
On-line information
Limiting Collection
- Through its website CCR collects only personal information that is necessary for the purposes for which the information is collected. Any information collected is done in a straightforward and honest manner and with the individual or organization’s consent.
Use of personally identifiable information
- We use personally identifiable information to customize the site and give access to the member section.
Online registrations
- Individuals may register online for webinars and consultations. We may email them about their registration and the event for which they registered. We may subsequently email them about other opportunities to participate in the CCR (such as becoming a member or upcoming consultations or webinars). We do not share their personal information with any person or organization outside the CCR.
Newsletter Subscriptions
- Persons subscribing to one of the CCR newsletters you need only supply an email address. They may also provide (optionally) their name. The email address is used to deliver the newsletter. The email address is not used or known by any other newsletter subscriber, organization, Web site or government agency.
Polls and Surveys
- Occasionally CCR members and allies will have the opportunity to respond to an online poll or survey. Responses are private. We may give respondents the option to provide their email address, in which case we will clarify the potential use that might be made of the address (e.g. to send the final report, or to ask for further information). If a respondent opts to provide their email address, we only use it for the purposes indicated. Any report of polls or surveys presents all responses completely anonymously.
Storage of personally identifiable information
- Personally identifiable information collected online by CCR is securely stored and is not accessible to third parties. It is used by CCR only for purposes for which it is collected.
Donors
- All information concerning donors or prospective donors, including their names, addresses and telephone numbers, the names of their beneficiaries, the amount of their gift, etc., is kept strictly confidential by the CCR, unless permission is obtained from donors to release such information.
- Donor information may be accessed only by CCR employees who have a need to know in order to perform a “fundraising activity” and members of the fundraising committee. Donor information is used only for development or recognition purposes.
Employee information
- We collect and maintain different types of personal information in respect of those individuals who are, or were employed by us, including the personal information contained in:
- resumes and/or applications;
- references and interview notes;
- letters of offer and acceptance of employment;
- payroll information; including but not limited to social insurance number, pay cheque deposit information
- wage and benefit information;
- forms relating to the application for, or in respect of changes to, employee health and welfare benefits; including, short and long term disability,
- Personal information contained in the files of candidates who have not been admitted to the final selection will be kept only for 3 months, then destroyed.
- The personal information collected is used and disclosed for “business purposes” including establishing, managing or terminating the employment relationship.
- Privacy laws do not generally require CCR to obtain the employee’s consent for the collection, use or disclosure of personal information for the purpose of establishing, managing or terminating an employment relationship.
- Employees’ personal information is kept in a safe place in order to prevent personal information from loss and unauthorized access, copying, use, modification or disclosure.
- CCR keeps employees’ personal information as long as required by law (see http://www.portailrh.org/protection/fiche.aspx?p=345633).
Volunteer access to personal information
- In the course of their work for the CCR, Executive Committee members, Working Group chairs and volunteers may have access to personal information. Before having such access, volunteers must review and state that they intend to respect the Privacy Policy.
PRIVACY BREACH
Definition
- A privacy breach involves improper or unauthorized collection, use, disclosure, retention or disposal of personal information.
Reporting the Breach
- Any employee who becomes aware of a possible privacy breach will immediately inform the Director of Operations.
Containing the Breach
- Whenever a possible or actual breach is identified, the CCR will do a preliminary assessment and if necessary take immediate action to contain the breach. The CCR will then conduct a full assessment. If a breach has occurred, the CCR will make reasonable efforts to identify the individuals affected by the breach. If this is not possible, efforts should be made to identify the groups of individuals likely to have been affected. The CCR will take appropriate action to mitigate the breach and prevent similar breaches in the future.
Breach of confidentiality
- A breach of confidentiality involves the improper or unauthorized disclosure of personal information. A breach of confidentiality by an employee will result in disciplinary action up to and possibly including immediate dismissal for cause.
Signature
- Staff must sign the privacy policy to acknowledge that they have read, understood and will comply with the requirements to carefully protect all personal information.
Individual recourse
- Information will be made available on the CCR website and upon request by telephone, email or in person about how to contact the Director of Operations in order to address a challenge concerning compliance with the Privacy Policy.
- The CCR will make every effort to respond openly to inquiries or complaints regarding its management, collection and disclosure of personal information. The CCR will ensure that every complaint is investigated and that the appropriate actions required to rectify the situation are taken.