Privacy Policy
Updated October 4, 2023
Background
- Different privacy legislation applies to the public sector and the private sector. Not-for-profit sports organizations in Canada are part of the private sector. The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy legislation that applies to all not-for-profit sports organizations in Canada.
- Alberta has provincial legislation like PIPEDA that applies first before PIPEDA is applied. However, PIPEDA will still apply if any personal information crosses provincial borders. In Alberta, the Personal Information Protection Act (PIPA) applies before PIPEDA.
- This Privacy Policy is based on the standards required by PIPEDA and PIPA as interpreted by the Organization.
Definitions
- The following terms have these meanings in this policy:
- “Commercial Activity” – any particular transaction, act or conduct that is commercial;
- “Individuals” – All categories of membership defined in the Association’s Bylaws, as well as all individuals employed by, or engaged in activities with, the Association including, but not limited to, athletes, coaches, convenors, referees, officials, volunteers, managers, administrators, committee members, spectators, parents/guardians and directors and officers of the Organization;
- “Organization” – Bow Valley Squash Foundation;
- “Personal Information” – any information about an individual that relates to the person’s personal characteristics including, but not limited to: gender, age, income, home address, home phone number, ethnic background, family status, health history, and health conditions;
- “Stakeholder” – Individuals employed by, or engaged in activities on behalf of, the Organization including coaches, staff members, contract personnel, volunteers, managers, administrators, committee members, and Directors and Officers of the Organization.
Purpose
- The Organization recognizes Individuals’ right to privacy with respect to their Personal Information. This Policy describes the way that the Organization collects, uses, safeguards, discloses, and disposes of Personal Information.
Application of this Policy
- This Policy applies to all Stakeholders and Individuals in connection with personal information that is collected, used, or disclosed during the Organization’s Commercial and Non-Commercial activity.
Obligations
- The Organization is obligated to:
-
- Follow and abide by PIPA and PIPEDA in all matters involving the collection, use, and disclosure of Personal Information during the Organization’s Commercial Activity;
- Always disclose what Personal Information is being collected from Individuals and for what purpose the Personal Information is being collected. The Organization will not require the collection of any Personal Information if the purpose for its collection is not identified.
-
- In addition to fulfilling the legal obligations required by PIPEDA and PIPA, the Organization’s Stakeholders will not:
- Publish, communicate, divulge, or disclose to any unauthorized person, firm, corporation, or third party any Personal Information without the express written consent of the Individual;
- Knowingly place themselves in a position where they are under obligation to any Organization to disclose Personal Information;
- In the performance of their official duties, disclose Personal Information to family members, friends, colleagues, or organizations in which their family members, friends, or colleagues have an interest;
- Derive personal benefit from Personal Information that they have acquired during the course of fulfilling their duties with the Organization;
- Accept any gift or favour that could be construed as being given in anticipation of, or in recognition for, the disclosure of Personal Information.
Accountability
- The Organization’s Privacy Officer (BVSF Vice President; Kevin Arnsdorf) is responsible for the implementation of this policy, monitoring information collection, data security, and ensuring that all staff receive appropriate training on privacy issues and their responsibilities. The Organization’s Privacy Officer also handles personal information access requests and complaints. The Organization’s Privacy Officer may be contacted at the following address: [email protected]; Bow Valley Squash Foundation, ATT: Kevin Arnsdorf, Privacy Officer, 301D-3000 Stewart Creek Drive, Canmore, Alberta, T1W 0GI
Duties
- The Privacy Officer will:
- Implement procedures to protect personal information;
- Establish procedures to receive and respond to complaints and inquiries;
- Record all persons having access to personal information;
- Ensure any third-party providers abide by this Policy;
- Train and communicate to staff information about the Organization’s privacy policies and practices.
Data Storage Location
- We are an Alberta-based foundation. Our hosting provider GoDaddy adheres to Canadian Privacy laws ensuring that your data is securely stored and is PIPA and PIPEDA compliant.
Data Collection Purposes
- The Organization may collect Personal Information from Individuals and prospective Individuals for the following purposes:
12.1 Non-Commercial Communications
-
- Sending communications with content related to the Organization’s programs, events, fundraising, activities, discipline, appeals, and other pertinent information;
- Award nominations, biographies, and media relations;
- Communication within and between Stakeholders and Individuals;
- Discipline results and long-term suspension list;
- Checking residency status.
12.2 Commercial communications – as defined by the Canadian Anti-Spam Law (CASL)
-
- Sending communications with content related to the Organization’s programs and activities such as events, fundraising, programs, relevant news, etc.
12.3 Identification
-
- Informing governing bodies (e.g., Squash Albert and Squash Canada regarding Individuals’ registration and/or participation with the Organization;
- Informing government organizations of the number and demographic profile of registered Individuals;
12.4 Registration, Database Entry, and Monitoring
-
- Registration of programs, events and activities;
- Database entry at the Coaching Association of Canada to determine the level of coaching certification, coaching qualifications, and coach selection;
- Database entry to determine the level of officiating certification and qualifications;
- Determination of eligibility, age group and appropriate level of play/competition;
- Athlete Registration, outfitting uniforms, and various components of athlete and team selection;
- Technical monitoring, officials training, educational purposes, sport promotion, and media publications.
12.5 General
-
- Travel arrangement and administration;
- Implementation of the Organization’s screening program;
- Medical emergencies, emergency contacts or reports relating to medical or emergency issues;
- Determination of membership demographics and program wants and needs;
- Managing insurance claims and insurance investigations;
- Payroll, honorariums, company insurance and health plans;
- Customize the website to make your experience more personal and engaging;
- Guarantee overall performance and functions smoothly.
12.6 Commercial Activity
-
- Purchasing equipment, coaching manuals, resources, and other products
12.7 Google Analytics
-
- We use Google Analytics on our site for anonymous reporting of site usage. No personalized data is stored. If you would like to opt-out of Google Analytics monitoring your behavior on our website please use this link: Google Analytics Opt-out.
12.8 YouTube
-
- We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.
13. The Organization’s Stakeholders may collect Personal Information from Individuals and prospective Individuals for other purposes, provided that documented consent specifying the use of the Personal Information is obtained from the Individuals or prospective Individuals.
Consent
- By providing Personal Information to the Organization, Individuals are implying their consent to the use of that Personal Information for the purposes identified in the Information Collection Purposes section of this Policy.
- At the time of the collection of Personal Information and prior to the use or disclosure of the Personal Information, the Organization will obtain consent from Individuals as identified by provincial and federal legislation.
- The Organization applies those laws to the collection and use of Personal Information, as described in provincial, federal, and country legislation, which may include some of the following ways:
- Completing and/or signing an application or registration form;
- Checking a check box, or selecting an option (such as ‘Yes’ or ‘I agree’);
- Providing written consent either physically or electronically;
- Consenting orally over the phone;
- The Organization will not, as a condition of providing a product or service, require Individuals to consent to the use, collection, or disclosure of Personal Information beyond what is required to fulfill the specified purpose of the product or service.
- An Individual may withdraw consent in writing, at any time, subject to legal or contractual restrictions.
- The Organization will not obtain consent from Individuals who are minors, seriously ill, or mentally incapacitated. Consent from these individuals will be obtained from a parent, legal guardian, or a person having power of attorney.
- The Organization is not required to obtain consent for the collection of Personal Information and may use Personal Information without the Individual’s knowledge or consent, only if:
- Knowledge and consent would compromise the availability or accuracy of the Personal Information and collection is required to investigate a breach of an agreement or a contravention of a federal or provincial law;
- An emergency threatens an Individual’s life, health, or security;
- The information is publicly available as specified in PIPEDA and/or PIPA.
- The Organization may disclose Personal Information without the Individual’s knowledge or consent only:
- To a lawyer representing the Organization;
- To collect a debt that the Individual owes to the Organization;
- To comply with a subpoena, a warrant, or an order made by a court or other body with appropriate jurisdiction;
- To a government institution that has requested the information and identified its lawful authority, if that government institution indicates that disclosure is for one of the following purposes: enforcing or carrying out an investigation, gathering intelligence relating to any federal, provincial, or foreign law, national security or the conduct of international affairs, or administering any federal or provincial law;
- To an investigative body named in PIPEDA or PIPA or a government institution, if the Organization believes the Personal Information concerns a breach of an agreement, contravenes federal, provincial, or foreign law, or if the Organization suspects the Personal Information relates to national security or the conduct of international affairs;
- To an investigative body for purposes related to the investigation of a breach of an agreement or a contravention of a federal or provincial law
- In an emergency threatening an Individual’s life, health, or security (the Organization will inform the Individual of the disclosure);
- If it is publicly available as specified in PIPEDA and/or PIPA
- If otherwise required by law
Accuracy, Retention, and Openness
- In order to minimize the possibility that inappropriate Personal Information may be used to make a decision about a Member, Personal Information will be accurate, complete, and as up-to-date as is necessary for the purposes for which it will be used.
- Personal Information will be retained as long as legally obliged and/or necessary to enable participation in the Organization’s programs, events, and activities. and to meet the legal requirements of PIPEDA, PIPA, and/or CASL
- The Organization’s Stakeholders will be made aware of the importance of maintaining the confidentiality of Personal Information and are required to comply with the Organization’s Confidentiality Policy.
- Personal Information will be protected against loss or theft, unauthorized access, disclosure, copying, use, or modification by security safeguards appropriate to the sensitivity of the Personal Information.
- Personal Information that has been used to make a decision about an Individual will be maintained for a minimum of one year in order to allow the individual the opportunity to access the Personal Information after the decision has been made.
- The Organization will make the following information available to Individuals:
- This Privacy Policy;
- Any additional documentation that further explains the Organization’s Privacy Policy;
- The name or title, and the address, of the person who is accountable for the Organization’s Privacy Policy;
- The means of gaining access to Personal Information held by the Organization
- A description of the type of Personal Information held by the Organization, including a general account of its use;
- Identification of any third parties to which Personal Information is made available.
- We don’t share your data with third parties in a way as to reveal any of your personal information like email, name, etc.
Access
- Upon written request, and with assistance from the Organization after confirming the Individual’s identity, Individuals may be informed of the existence, use, and disclosure of their Personal Information and will be given access to that Personal Information. Individuals are also entitled to be informed of the source of the Personal Information and provided with an account of third parties to which the Personal Information has been disclosed.
- Unless there are reasonable grounds to extend the time limit, requested Personal Information will be disclosed to the Individual, at no cost to the Individual, within thirty (30) days of receipt of the written request.
- Individuals may be denied access to their Personal Information if the information:
- Contains references to other individuals;
- Cannot be disclosed for legal purposes;
- If the Organization refuses a request for Personal Information, it shall inform the Individual of the reasons for the refusal and identify the associated provisions of PIPEDA and/or PIPA that support the refusal.
Compliance Challenges
- Individuals are able to challenge the Organization for its compliance with this Policy.
- Upon receipt of a complaint, the Organization will:
- Record the date the complaint is received;
- Notify the Privacy Officer who will serve in a neutral, unbiased capacity to resolve the complaint;
- Acknowledge receipt of the complaint by way of telephone conversation and clarify the nature of the complaint within seven (7) days of receipt of the complaint;
- Appoint an investigator using the Organization’s personnel or an independent investigator, who will have the skills necessary to conduct a fair and impartial investigation and will have unfettered access to all files and personnel;
- Upon completion of the investigation and within thirty (30) days of receipt of the complaint, the investigator will submit a written report to the Organization;
- Notify the complainant of the outcome of the investigation and any relevant steps taken to rectify the complaint, including any amendments to policies and procedures.
- The Organization will not dismiss, suspend, demote, discipline, harass, or otherwise disadvantage any the Organization Individual or Stakeholder who:
- Challenges the Organization for its compliance with this Policy;
- Refuses to contravene this Policy or PIPEDA;
- Takes precautions not to contravene this Policy, PIPA or PIPEDA; even though said precautions may be in opposition to the regular duties performed by the Individual.