Unison Yoga’s code is based on the CSA Model Code for the Protection of Personal Information (CAN/CSA-Q830-96). This code describes Unison Yoga’s commitment and methods of subscribing to the principles of the CSA Model Code.
Purpose: Unison Yoga recognizes the right of an individual to the protection of personal information and the need for information management practices that adhere to national standards. Unison Yoga will ensure that its policies and operational guidelines, directed by the principles of the CSA Code, govern the management of personal information of its members, donors, staff and volunteers.
Definitions: (Taken from “Your Privacy Responsibilities” Canada’s Personal Information Protection and Electronic Documents Act”, December 2000).
Personal Information – Factual or subjective information, recorded or not. This can include, but is not limited to, age, name, addresses, e-mail addresses, giving history, financial information, identification numbers, income, ethnic origin, sexual orientation, opinions, evaluations, comments, disciplinary actions, employee files, loan records, medical files or documentation of a dispute. Personal information does not include the name, title or business address or telephone number of an employee of an organization.
Commercial Activity – Any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.
Consent – Voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.
Disclosure – Making personal information available to others outside the organization.
Use – Refers to the treatment and handling of personal information within an organization.
Accountability: Unison Yoga recognizes that it is responsible for all personal information under its control. This includes, but is not limited to, information in any form be it verbal, print or electronic document, such as age, name, address, telephone numbers, e- mail addresses, identification numbers, income, ethnic origin, opinions, evaluations, social status, credit records, and recordings of disputes between the organization and a donor/member.
Unison Yoga will ensure that a privacy protection clause be included in contracts with individuals/organizations both inside and outside the scope of the organization. The organization will be guided by the principles outlined in its Privacy Code in the daily development, administration, management and evaluation of personal information under its care.
Identifying Purposes: Unison Yoga and those designated or contracted to act for or on its behalf, shall identify the purposes for which personal information is collected at or before the time the information is collected. Unison Yoga will attempt to document and clearly define the purpose or purposes intended for personal data before it is collected and will always ensure that it is present at the time of its collection. Unison Yoga will only collect information that it views as a necessity in order to fulfill the identified purpose. Any secondary or optional uses of information by the organization will be identified and individuals will be provided with an opportunity to reject or accept such uses.
Unison Yoga will make every attempt to ensure that the purposes and uses of information it collects will be presented in easy and straightforward language. It will clearly identify why this information is needed and how it will be used. All materials used by Unison Yoga or those designated to work for it on its behalf, to collect information will present the purpose, need and use in a manner that is understandable to whomever it is intended.
Methods and procedures to ensure that all relevant materials used to collect personal information adhere to the “Identifying Purposes Principle” will be outlined in Operational Guidelines. These guidelines will assist individuals within the organization in directing inquiries or complaints regarding purposes of collection to the appropriate individual or individuals. Unison Yoga recognizes the diversity of its members and donors’ needs and will apply this to its operational guidelines.
Consent: Unison Yoga and those designated or contracted to act for it or on its behalf will ensure that the knowledge and consent of the individual are obtained for the collection, use, or disclosure of personal information, except where inappropriate. Unison Yoga has a responsibility to provide explanation in clear, simple and understandable language of the intended uses and impacts and to obtain consent before the information is used. The organization will provide this explanation on all appropriate forms, contracts and publicly available forms. Specific adherences to this principle will be outlined in the Operational Guidelines.
Consent may be express or implied dependent upon the particular situation. However, Unison Yoga will attempt to obtain express consent, where possible.
Unison Yoga recognizes the right of individuals to prevent their personal information from being provided to other organizations on a reciprocal basis for the purpose of fundraising. Unison Yoga will present its members and donors an opportunity to opt-out of such exchanges annually through its direct mail program. Unison Yoga will not disclose any personal information without providing an opportunity for individuals to opt-out.
Unison Yoga recognizes that individuals have the right to withdraw consent to personal information use at any time. Unison Yoga will provide its members/donors with an opportunity to opt-out of name exchanges annually and an opt-out option from receiving mail every three years. However this principle is subject to legal and contractual restrictions and reasonable notice.
In addition this principle is exempt in particular circumstances where criminal investigations, legal or security situations, medical emergencies or mental or physical incapacities arise. However, Unison Yoga will approach these situations with great caution and care.
Limiting Collection: Unison Yoga shall ensure that the collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. Unison Yoga will collect information in a straightforward and honest manner and with the individual’s consent. It will not collect information in an indiscriminate manner. Information will not be collected from other individuals associated with the person such as family members or friends without the consent and knowledge of the individual and only in situations that are deemed to be most compelling.
Limiting Use, Disclosure and Retention: Unison Yoga shall ensure that personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes. Unison Yoga will ensure that consent for personal information use is applied only to purposes agreed to initially by the individual. The use of the information will be presented clearly to the individual. In circumstances where potential purposes of use of information may appear as complex, all potential options of future use should be presented and an option to have one’s information either included or removed should be clearly presented. Unison Yoga will ensure that any inquiries regarding the organization’s purposes of use and practices of disclosure are responded to in an open and honest fashion.
Unison Yoga’s practices and procedures regarding the retention of personal information will be clearly outlined in its Operational Guidelines, including minimum and maximum retention periods.
Accuracy: Unison Yoga shall ensure that personal information under its care be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. Opportunities for individuals to inquire about and review their personal information, which they have consented to provide to Unison Yoga, will be made readily available following appropriate notice. Individuals will be provided an opportunity to update or correct personal information which is outdated or inaccurate.
Safeguards: Unison Yoga shall ensure that personal information shall be protected by security safeguards appropriate to the sensitivity of information. Unison Yoga shall take all reasonable means necessary to ensure that all personal information under its care is protected against loss or theft, unauthorized access, disclosure, copying, use or modification. This includes but is not limited to physical, organizational and technological means. Specific measures and procedures will be outlined in the Operational Guidelines.
Individual Access: Unison Yoga agrees to ensure that upon request an individual shall be informed of the existence, use, and disclosure of their personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Requests by individuals regarding the type of information Unison Yoga maintains, its uses and to whom it has been disclosed, will be responded to in an honest and timely fashion.
If, in certain circumstances, Unison Yoga is not able to provide certain information, an explanation outlining the reasons must be provided to the individual in writing. Exceptions to providing this information should be limited and specific. These may include but are not limited to cost, references to other individuals or for reasons of legal, security or litigation privilege.
Provide Recourse: Unison Yoga agrees to ensure that an individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance. Unison Yoga will make every effort to respond openly to inquiries or complaints regarding its management, collection and disclosure of personal information.
Unison Yoga will ensure that every complaint is investigated and that the appropriate actions required to rectify the situation will be taken.