Privacy Policy &

Protection of Personal Information

 
Personal Information.png

Overview

The North Shore Unitarians (NSU) are committed to protecting the privacy of its congregants, staff, volunteers, and anyone else from or about whom the NSU collects personal information.  We are committed to:

  • Collecting and using information only for the purpose of conducting NSU business,

  • Maintaining and protecting the personal information we have gathered, and

  • Disposing of the information properly when it is no longer required. 

This Privacy Policy & Protection of Personal Information is available on our website and in print on the foyer table.

What is “Personal Information”?

Personal information means information about an identifiable individual, including: name, age, birthdate, home address and phone number, email address, marital status, and more.  Personal information is protected under British Columbia’s Personal Information Protection Act (PIPA).  PIPA gives you control over your personal information by requiring organizations to obtain your consent to collect, use, or disclose personal information about you. 

Accountability

The Privacy Officer is responsible for setting up procedures to support the implementation of this policy and report to the Board and Minister any breaches or release of personal information without consent.   NSU's Privacy Officer is the NSU Administrator, who can be reached at the Main office at 604-926-1621 or by email at info@northshoreunitarians.ca.

 The Privacy Officer will ensure:

  • That NSU complies with its privacy obligations in accordance with applicable privacy laws.

  • That employees and volunteers know the importance of keeping personal information confidential.

  • That care is taken when personal information is collected, used, stored, and disposed of to prevent unauthorized parties from gaining access to it.

All other persons associated with NSU who collect, process or use personal information will be accountable to the Privacy Officer.

Consent

  • Personal information will be collected in a fair, open and lawful manner.

  • Personal information will be collected with the consent of the person providing the information or about whom the information is collected. 

  • When personal information is requested, the reason the information is needed, along with why and how it will be used, will be communicated as clearly as possible if it is not already obvious.

  • Sometimes consent may be implied by virtue of the person's involvement or role with NSU, or use of the NSU buildings. 

  • When written consent is obtained, it will be kept on file for as long as is reasonably necessary. 

  • A person may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The person will be informed of reasonably foreseeable implications of the withdrawal. 

Identifying Purposes

NSU will only collect and use the personal information that is needed to carry on NSU activities and to comply with legal & regulatory requirements.  Some of the purposes for which NSU may collect personal information include:

  • Providing NSU services, programs, activities, and spiritual support for people in the congregation and from the wider community.

  • Enabling effective communication within the NSU community.

  • Announcing NSU news.

  • Maintaining membership lists for voting purposes.

  • Sharing contact information through an online NSU Directory.

  • Tracking charitable donations for generating annual tax receipts.

  • Conducting rite of passage services for congregants and the wider community.

  • Renting NSU spaces for community events.   

  • Satisfying denominational requirements.

  • Raising money to fund NSU operations.

  • Managing payroll and benefits for Staff.

Limiting Use

Personal information that NSU collects, retains and uses shall only be available for those who need it in order to perform the NSU functions for which they are responsible.  Some examples:Information about children and youth will only be available to staff and to the leaders/teachers of programs that involve those age groups.

  • Information about an individual's financial contributions to the NSU (including pledges) will only be available to limited staff, the Treasurer, and the Stewardship Chair(s).

  • The NSU Directory is not available to those outside NSU.  Only NSU Staff, Members and Friends will be given access to an online NSU Directory, which includes contact information for Members & Friends (phone number, email address, and mailing address).

  • Paper employment records for staff (and police records checks for staff and volunteers) are kept in a locked filing cabinet that is accessible to limited Staff.  The Chair of the Human Resources Committee is granted access to these files upon request.

  • Pastoral care information collected by the Minister and/or Joys & Concerns Team will remain the property of NSU. This information will be kept confidential and will be retained and secured, accessible only by the Minister and/or Joys & Concerns Team, unless the individual to whom the records relates provides express consent for access.  This information will only be disclosed to others if it is reasonably believed to be necessary to avoid physical or substantial financial harm, or is required by law. 

  • Some staff and volunteers who have not explicitly been given approval to access financial data may have incidental exposure to it, e.g. opening mail, stuffing envelopes and photocopying.  These individuals must respect the confidentiality of personal information, just as other staff and volunteers do. 

  • Staff, Board members, and other volunteers who may deal with confidential information in the course of their NSU duties will sign a Confidentiality and Non-Disclosure Agreement.

Limiting Disclosure

NSU does not collect or use personal information for commercial purposes, nor does it sell personal information.  NSU does not share or disclose personal information with third parties unless it is:

  • required by law enforcement or court order

  • specifically authorized or requested by the individual(s) whose information is being shared

  • necessary to fulfill denominational obligations

  • needed for securing employee benefits

  • required by Canada Revenue Agency or another government agency

In the above cases, the request must be in writing and only the information that is specifically required for the stated purpose will be provided.  Information will not be shared if disclosure violates any applicable statutes or contracts with the person to whom the information pertains. 

Limiting Retention

  • All collected personal information shall be securely destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as permitted by the law.

  • Except as required by law, all personal information will be deleted, erased or made anonymous no later than seven years after the purpose for which it was collected is completed. 

Individual Access

  • Anyone may contact the Privacy Officer with specific inquiries about what personal information NSU has collected or retained about them.  Such a request must be in person or in writing.

  • The Privacy Officer will respond within a reasonable period of time.

  • The Privacy Officer will make decisions on requests for access to personal information. The Minister and Board President will be informed when a request for information is refused, including the reasons for refusal.

  • Any inaccuracy or incompleteness of personal information will be amended as required.

Complaints

  • Anyone who believes NSU uses personal information collected, used, or retained for wrongful purposes may contact the Privacy Officer with a written complaint.  

  • The Privacy Officer will promptly investigate and notify the person about their findings and any corrective action taken. 

  • If the person who filed the inquiry/complaint is not satisfied with the response from the Privacy Officer, they may appeal to NSU’s Board of Trustees for review.  The determination of the Board of Trustees is final.

Accuracy

  • Personal information shall be maintained as accurately, completely, and up-to-date as possible in order to fulfill the purposes for which it was collected. 

  • Any inaccuracy or incompleteness of personal information will be amended as promptly as possible.

Safeguards

Personal information will be protected by the appropriate security safeguards, which can include some or all of the following:

  • Physical measures such as premises security, locked offices and filing cabinets.

  • Organizational measures such as restricted access to files with personal information.

  • Technological measures such as security and anti-virus software, secure passwords, and encryption.

How Does NSUC Collect Your Personal Information?

NSU collects personal information in a variety of ways, which can include (but is not limited to):

  • Emails, mail, and other correspondence you may exchange with the NSU.

  • Phone conversations with Staff or congregants.

  • Paper or electronic forms you fill out.

  • Information that comes to us with financial donations you make to the NSU (e.g. name, address, and phone number printed on your cheque, or email address associated with an eTransfer). 

  • Social media.  (Example:  We sometimes locate profile pictures on Facebook).

Who Does NSUC Collect Personal Information From?

NSU may collect personal information from anyone who interacts with the NSU in the operation of NSU programs and business, including (but not limited to):

  • Congregants (including Visitors, Friends, Members, and volunteers).

  • Participants in NSU events. 

  • Parents or Guardians of Children and Youth who participate in our Children's and Youth programs.

  • Contractors the NSU hires to maintain the buildings and grounds.

  • Renters who rent space from us. 

  • Individuals, couples or families for whom NSU conducts Rite of Passage services. 

  • Donors (including people who donate items to our annual auction).

  • People who purchase items from the NSU (including auction items). 

What Type of Personal Information Does NSUC Collect?

The type of information collected will vary depending on the purpose for which it was collected, but may include such things as:

  • Name, contact information (email, phone number, address)

  • Payment/donation history

  • NSU roles or activities

Where Does NSUC Store Personal Information?

Depending on the type of information and how it will be used, it may be stored electronically, in paper form, or both.  Here are NSU's primary storage methods:

  • Breeze.  Breeze is the online NSU management system that NSU uses.  It contains names, contact information (email, phone, address), giving history, mailing lists, program involvement, and additional information.  (See additional information about Breeze on the next page).

  • Paper files.  Some materials are saved in paper files stored in the NSU building.  Those of a sensitive nature are stored in locked offices or cabinets.

  • Computers.  Staff computers are protected by anti-virus software, and are password protected. 

Where is Credit Card Information Stored?

  • NSU does not collect or store credit card information.

  • Donors using Text Giving or Online Giving voluntarily provide their credit card numbers directly through Breeze's interface.  But credit card information is not seen or retained by NSU or by Breeze; it is securely stored by Stripe (an industry leader in online payment processing).  More on Stripe's security here. 

  • When donating through our website, credit card numbers are not seen or stored by NSU, but are stored by the payment processor selected by the donor.

More About Breeze

  • Breeze is the NSU Management Software that NSU has used since 2017.  Breeze serves as our database, containing the contact information (our “NSU directory”) and also tracks incoming money and distributes charitable tax receipts.

  • Breeze uses encryption technology, and their data centers have a Tier 4 rating (the highest/best rating possible).  Read more about Breeze security here:  https://www.breezechms.com/security.

  • The general public cannot access our Breeze information; only those to whom we've issued a username and password can access our Breeze account. 

  • Each Breeze user is assigned specific permissions that specify what they can and cannot see and do in Breeze. 

  • NSU Members and Friends who have access to Breeze can see "NSU-Directory" type information for other Members and Friends (such as names, images, email addresses, phone numbers, and addresses). 

  • Congregants can request that we mark their contact information (such as email, phone, and address) as "Private" so that other Breeze users cannot see it without special permission. 

  • Much of the information contained in Breeze can only be seen by specific Staff and/or volunteers.  For example, Pledging information can only be seen by the Financial Administrator, the NSU Administrator, the Treasurer, and the Stewardship Chair. 

  • Breeze users can see their own pledging and giving, but not each other's (see exceptions noted above).

  • Breeze users are automatically logged out when they close their browser window. 

  • Members and Friends can contact the NSU Administrator to request access to Breeze. 

More about Mailchimp

MailChimp is the “bulk email” program that NSU has used for over a decade to send out eBulletins, Newsletters, and other mass mailings sent to Members and Friends.

  • Our MailChimp account lists the names and email addresses of subscribers (NSU Members and those who have subscribed to our eBulletin and Newsletter lists). 

  • MailChimp collects statistics on each email campaign, allowing our NSU Administrator to see how many “opens” each of our mailings has, as well as how many “clicks” each mailing generates.  But we cannot see who opened a specific mailing, or what links specific people clicked on.  (All we can see is summary info). 

  • MailChimp rates subscribers on how “engaged” they are with our mailings using a system of 1-5 stars.  Subscribers with 5 stars are, in general, more likely to be opening our emails and clicking on links; whereas 1-star subscribers are not generally opening or clicking on links.  But again, we cannot see specific details for any subscribers – just an overall rating showing their level of engagement with our mailings in general.

  • All messages sent through MailChimp have an “unsubscribe” option at the bottom of the emailed message, so subscribers can unsubscribe at any time.  Once unsubscribed, we cannot add a person back onto the list.  But our NSU Administrator maintains a Breeze list for those who unsubscribe accidentally but still wish to receive our mailings.   Contact our NSU Administrator if you are not receiving eBulletins and newsletters, so you can be added to the Breeze list.

  • To be added to our MailChimp list (to receive eBulletins, Newsletters, and other NSU mailings), please contact our NSU Administrator.

  • For additional information on MailChimp Privacy and Security, visit https://mailchimp.com/en-ca/about/security/

Photography & Videotaping

  • Photos and videos are taken at many NSU events, and are shared on social media. 

  • If you do NOT want your image used, please notify the leader of your event and/or the person taking photos/videos.    

  • We will communicate the fact that we take and share photos/videos in a variety of ways including: eBulletins, a sign in the foyer, our Privacy Policy (available in print on the foyer table), and on our website.