Privacy Policy
Personal Information Compliance Officer
Catholic Christian Outreach
1247 Kilborn Place
Ottawa, Ontario K1H 6K9
privacy@cco.ca
Policy to Protect Personal Information
1.1.POLICY FOR CCO
Catholic Christian Outreach respects its constituent's
privacy. We protect personal information and adhere to all legislative
requirements with respect to protecting privacy. CCO does not rent, sell,
share, or trade mailing lists. The information one provides will be used to
deliver services and to keep them informed and up to date on the activities of
Catholic Christian Outreach, including programs, services, special events,
opportunities to volunteer or to give, etc through periodic contacts. If at any
time one wishes to be removed from any of these contacts, they can simply
contact CCO by phone at (613) 736-1999 or via email at privacy@cco.ca, and
we will gladly accommodate the request.
Our commitment:
1.1.1.1Our organization is committed to
protecting the privacy of the personal information of its employees, members,
customers and supporters. We value the trust of those we deal with, and of the
public, and recognize that maintaining this trust requires that we be
transparent and accountable in how we treat the information that you choose to
share with us.
1.1.1.2During the course of our various projects and activities, we
frequently gather and use personal information. Anyone from whom we collect
such information should expect that it will be carefully protected and that any
use of or other dealing with this information is subject to consent. Our
privacy practices are designed to achieve this.
1.1.1.3To safeguard the personal information entrusted to Catholic
Christian Outreach (CCO) and to comply with the Personal Information Protection
and Electronic Documents Act (PIPEDA) and any other applicable legislation, CCO
is committed to the following principles:
1.Accountability
2.Identifying Purposes
3.Consent
4.Limiting collection
5.Limiting use, disclosure, and retention
6.Accuracy
7.Safeguards
8.Openness
9.Individual access
10.Challenging compliance
1.1.1.4These principles will be enacted in
accordance with the CCO Policy to Protect Personal Information"
CCO, its directors, officers, employees and volunteers are required to comply
with the principles and the Policy and will be restricted access to personal
information solely to perform the services provided by CCO.
Other persons, or organizations who act for, or on behalf of CCO are also
required to comply with the principles and the comply with the principles and
the Policy and will be given restricted access to personal information solely
to perform the services provided for CCO.
Any inquiry, request or concern related to privacy matters should be made in
writing to CCO and sent to:
Personal Information Compliance Officer
Catholic Christian Outreach
1247 Kilborn Place
Ottawa, ON K1H 6K9
privacy@cco.ca
A copy of the Policy is available at CCO's website: www.cco.ca. A printed copy of the Policy may be requested by mail or e-mail at the above address.
1.2.ACCOUNTABILITY
1.2.1.A member of the Headquarters staff will be
appointed as the Personal Information Compliance Officer (the
"Officer") for Catholic Christian Outreach (CCO). To contact the
Officer, please call Headquarter at (613) 736-1999 or email privacy@cco.ca.
1.2.2.All persons, whether employees, volunteers, etc. who collect,
process, or use personal information shall be accountable regarding the
protection of personal information to the Officer. The Officer is directly
accountable to the CCO President who is accountable to its national Board of
Directors.
1.2.3.Catholic Christian Outreach's Policy To Protect Personal
Information (the "Policy") shall be made available via CCO's website
(www.cco.ca), or a paper copy provided upon written request.
1.2.4.Any personal information transferred to a third party for
processing is subject to this Policy. The Officer shall use contractual or
other appropriate means to protect personal information at a level comparable
to this Policy while a third party is processing this information.
1.2.5.Any person who believes CCO uses personal information
collected, retained, or used for purposes other than those that person
explicitly approved may contact the Officer to register a complaint or to make
any related inquiry.
1.2.6.Upon receiving a complaint from any person regarding the
collection, retention, or use of personal information, the Officer shall
promptly investigate the complaint and notify the person who complained about
his/her findings and corrective action taken, if any.
1.2.7.Upon receiving the response from the Officer, the person who
filed the complaint may, if he/she is not satisfied, appeal to the CCO
President and then CCO's Board of Directors to review and determine the
disposition of the complaint at issue.
1.2.8.The determination of the Board of Directors shall be final
and the Officer shall abide by and implement any of its recommendations.
1.2.9.The Officer shall communicate and explain this Policy and
give training regarding it to all employees and volunteers who might be in a
position to collect, retain, or use personal information.
1.2.10.The Officer shall prepare and disseminate information to the
public, which explains CCO's protection of personal information policies and procedures.
1.3.IDENTIFYING PURPOSES
1.3.1.The Officer shall document the purpose for
which personal information is collected to comply with the openness and
individual access principles outlined below.
1.3.2.The Officer shall determine the information that will be
needed to fulfill the purposes for which the information is to be collected, to
comply with the limited collection principle below.
1.3.3.The Officer shall ensure that the purpose is specified at or
before the time of collecting the personal information from an individual.
1.3.4.The Officer shall ensure that the information collected will
not be used for any other purpose before obtaining the individual's approval,
unless the new purpose is required by law.
1.3.5.The Officer shall ensure that a person collecting personal
information will be able to explain to the individual why this is being done.
1.3.6.The Officer shall ensure that limited collection, limited
use, disclosure, and retention principles are respected in identifying why
personal information is to be collected.
1.4.CONSENT
1.4.1.The Officer shall ensure that the
individual from whom personal information is collected consents to this and to
it being used and disclosed.
1.4.2.The Officer shall ensure that the individual can reasonably
understand why and how the information will be used when the consent is given.
1.4.3.The Officer shall ensure that no condition is attached to
supplying benefits, because of CCO's activities, requiring the individual to
give consent for the collection, use, or disclosure of information beyond that
required to fulfill the explicitly specified and legitimate purposes.
1.4.4.The Officer shall ensure that express consent is obtained
wherever possible and appropriate. In rare circumstances where, in the
Officer's opinion (having regard to the information's sensitivity and the
Policy's purpose and intent), implied consent might be acceptable.
1.4.5.In obtaining consent, the Officer shall ensure that the
individual's reasonable expectations are respected.
1.4.6.The Officer shall ensure that the express consent obtained
from an individual is clear and in an appropriately verifiable form.
1.4.7.The Officer shall ensure that the individual may withdraw
consent at any time, subject to legal or contractual restrictions and
reasonable notice. The individual shall promptly be informed of the
withdrawal's implications.
1.5.LIMITING COLLECTION
1.5.1.The Officer shall ensure that personal
information will not be collected indiscriminately. Both the amount and type of
information collected shall be limited to that which is necessary to fulfill
the purposes identified. The Officer shall specify the type of information to
be collected, according to the openness principle.
1.5.2.The Officer shall ensure that information is collected only
by fair and lawful means without misleading or deceiving individuals as to the
reason.
1.5.3.The Officer shall ensure that the identifying purposes and
consent principles are followed in identifying why personal information is to
be collected.
1.6.LIMITING USE, DISCLOSURE, AND RETENTION
1.6.1.The Officer shall ensure that personal
information shall not be used or disclosed for purposes other than those for
which it was collected, except with the consent of the individual or as
required by law, and any use of personal information shall be properly
documented.
1.6.2.The Officer shall ensure that all personal information is
destroyed, erased, or made anonymous as soon as the purpose for which it was collected
is no longer relevant, or as permitted by law. There shall be a regular review
of the need to continue retaining personal information.
1.6.3.The Officer shall ensure that all use, disclosure, and
retention decisions are made in light of the consent principle, the identifying
purposes principle and the individual access principle.
1.7.ACCURACY
1.7.1.The Officer shall reasonably ensure that
the personal information is accurate, complete, and up to date, taking into
account the individual's interests. The Officer shall ensure that the
information is sufficiently accurate, complete, and up to date to minimize the
possibility that inappropriate information might be used to make a decision
about an individual.
1.7.2.The Officer shall ensure that CCO does not routinely update
personal information, unless it is necessary to fulfill the purposes for which
the information was collected.
1.7.3.The Officer shall ensure that personal information used on an
ongoing basis, including information that is disclosed to third parties, should
generally be accurate and up to date, unless limits to the requirement for
accuracy are clearly set out.
1.8.SAFEGUARDS
1.8.1.The Officer shall ensure that CCO has
security safeguards to protect personal information against loss or theft, as
well as unauthorized access, disclosure, copying, use, or modification. He/she
shall do this regardless of the format in which CCO holds the information.
1.8.2.Depending on the information's sensitivity, the Officer may
permit reasonable discretion regarding the information that has been collected:
the amount, distribution, format, and the method of storage. A higher level of
protection shall safeguard more sensitive information according to the consent
principle's considerations.
1.8.3.The Officer shall ensure that the protection methods include,
(a) physical measures, for example, locked filing cabinets and restricted
access to offices;(b) organizational measures, for example, security clearance
and limiting access on a "need-to-know" basis; and(c) technological
measures, for example, the use of passwords and encryption.
1.8.4.The Officer shall ensure that all employees and volunteers
know the importance of keeping personal information confidential.
1.8.5.The Officer shall ensure that care is taken when personal
information is disposed of or destroyed to prevent unauthorized parties from
gaining access to it.
1.9.OPENNESS
1.9.1.The Officer shall ensure that CCO is open
about its policies and practices regarding the management of personal
information. The policies and information about the related practices shall be
available without unreasonable effort in a format generally understandable.
1.9.2.The Officer shall ensure that the information available shall
include,(a) the name or title and address of the Officer who is accountable for
CCO's policies and practices and to whom complaints or inquiries can be
forwarded;(b) the means of gaining access to personal information held by
CCO;(c) a description of the type of personal information held by CCO,
including a general account of its use;(d) a copy of any brochures or other
information that explain CCO's policies, standards, or codes; and(e) what
personal information is made available to related organizations (e.g.,
organizations that are affiliated).
1.9.3.The Officer shall ensure the information that must be
provided according to 19.10.2 is available at the locations CCO operates,
online, or through the mail.
1.10.INDIVIDUAL ACCESS
1.10.1.The Officer shall ensure that, upon
written request, CCO shall inform an individual whether CCO holds personal
information about him/her. If possible, the information's source shall also be
given. CCO shall allow the individual access to this information. CCO may,
however, choose to make sensitive medical information about its employees or
volunteers available through a medical practitioner. CCO shall also account for
the use that has been made or is being made of this information and give an
account as to the third parties to whom it has been disclosed. (Note: If the
Officer believes for valid reasons that access to personal information should
be denied, the Officer shall consult legal counsel before making such a
decision.)
1.10.2.A person requesting his/her personal information may be
required by the Officer to give sufficient information to permit CCO to provide
an account of the existence, use, and disclosure of personal information.
Information shall be used only for the purpose for which it was obtained.
1.10.3.If CCO has supplied personal information about an individual
to third parties, the Officer shall ensure that an attempt is made to be as
specific as possible. When it is impossible to give a list of organizations to
which CCO has actually disclosed information about an individual, CCO shall
provide a list of organizations to which it might have disclosed information
about the individual.
1.10.4.The Officer shall ensure that CCO responds to an
individual's request within a reasonable time and at minimal or no cost to the
individual. The requested information shall be made available in a generally
understandable form. For example, CCO shall explain abbreviations or codes it
uses to record information.
1.10.5.The Officer shall ensure that when an individual
successfully demonstrates the inaccuracy or incompleteness of personal
information, CCO shall amend the information as required. Depending on the
information challenged, amendment involves the correction, deletion, or
addition of information. When appropriate, the amended information shall be
transmitted to third parties having access to the information in question.
1.10.6.The Officer shall ensure that when a challenge is not
resolved to the individual's satisfaction, CCO shall record the unresolved
challenge's substance. When appropriate, the unresolved challenge's existence
shall be transmitted to third parties having access to the information in
question.
1.11.CHALLENGING COMPLIANCE
1.11.1.The Officer is authorized to address a challenge concerning compliance with the above principles.1.11.2.The Officer shall develop procedures to receive and respond to complaints or inquiries about the policies and practices regarding the handling of personal information. The compliance procedures shall be easily accessible and simple to use.
1.11.3.The Officer shall inform individuals inquiring about lodging complaints that relevant complaint procedures exist.
1.11.4.The Officer shall investigate all complaints. If a complaint is found to be justified, the Officer in collaboration with the CCO President shall take appropriate measures, including, if necessary, amending this Policy and general polices and practices pertaining to personal information entrusted to CCO.