Privacy Policy &

Protection of Personal Information

 
Personal Information.png

Overview

The North Shore Unitarian Church (NSUC) is committed to protecting the privacy of its congregants, staff, volunteers, anyone else from or about whom the Church collects personal information.  We are committed to:

  • Collecting and using information only for the purpose of conducting church business,

  • Maintaining and protecting the personal information we have gathered, and

  • Disposing of the information properly when it is no longer required. 

This Privacy Policy & Protection of Personal Information is available in print on our foyer table and can be downloaded HERE.  


What is “Personal Information”?

Personal information means information about an identifiable individual, including: name, age, birthdate, home address and phone number, email address, marital status, and more.  Personal information is protected under British Columbia’s Personal Information Protection Act (PIPA).  PIPA gives you control over your personal information by requiring organizations to obtain your consent to collect, use, or disclose personal information about you. 


Accountability

The Privacy Officer is responsible for setting up procedures to support the implementation of this policy and report to the Board and Minister any breaches or release of personal information without consent.  NSUC's Privacy Officer is the Church Administrator, who can be reached at the church office by phone (604-926-1621) or mail (370 Mathers Avenue, West Vancouver BC, V7S 1H3), or by email at info@northshoreunitarians.ca.

The Privacy Officer will ensure:

  • That NSUC complies with its privacy obligations in accordance with applicable privacy laws

  • That employees and volunteers know the importance of keeping personal information confidential.

  • That care is taken when personal information is collected, used, stored, and disposed of to prevent unauthorized parties from gaining access to it.

All other persons associated with the church who collect, process or use personal information will be accountable to the Privacy Officer.


Consent

  • Personal information will be collected in a fair, open and lawful manner.

  • Personal information will be collected with the consent of the person providing the information or about whom the information is collected. 

  • When personal information is requested, the reason the information is needed, along with why and how it will be used, will be communicated as clearly as possible.

  • Sometimes consent may be implied by virtue of the person's involvement or role in the Church, or use of the church buildings. 

  • When written consent is obtained, it will be kept on file for as long as is reasonably necessary. 

  • A person may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The person will be informed of reasonably foreseeable implications of the withdrawal. 


Identifying Purposes

NSUC will only collect and use the personal information that is needed carry on activities as a congregation and to comply with legal/regulatory requirements.  Some of the purposes for which NSUC may collect personal information include:

  • Providing church services, programs, activities, and spiritual support for people in the congregation and from the wider community.

  • Enabling effective communication within the church community.

  • Announcing church news.

  • Maintaining membership lists for voting purposes.

  • Sharing contact information through an online Church Directory.

  • Tracking charitable donations for generating annual tax receipts.

  • Conducting rite of passage services for congregants and the wider community.

  • Renting church spaces for community events.   

  • Satisfying denominational requirements.

  • Raising money to fund church operations.

  • Managing payroll and benefits for Staff.


Limiting Use

Personal information that NSUC collects, retains and uses shall only be available for those who need it in order to perform the church functions for which they are responsible.  Some examples:

  • Information about children and youth will only be available to staff and to the leaders/teachers of programs that involve those age groups.

  • Information about an individual's financial contributions to the church (including pledges) will only be available to limited staff, the Treasurer, and the Stewardship Chair(s).

  • The Church Directory is not available to those outside the congregation.  Only church Staff, Members and Friends will be given access to an online Church Directory, which includes contact information (phone number, email address, and mailing address).

  • Paper employment records for staff (and police records checks for staff and volunteers) are kept in a locked filing cabinet that is accessible to the Church Administrator, the Financial Administrator, the Director of Engagement, and the Minister.  The Chair of the Human Resources Committee is granted access to these files upon request.

  • Pastoral care information collected by the Minister will remain the property of NSUC. This information will be kept confidential and will be retained and secured by the Minister and is accessible only by the minister unless the individual to whom the records relates provides express consent for access.  This information will only be disclosed to others if it is reasonably believed to be necessary to avoid physical or substantial financial harm, or is required by law. 

  • Some staff and volunteers who have not explicitly been given approval to access financial data may have incidental exposure to it, e.g. opening mail, stuffing envelopes and photocopying.  These individuals must respect the confidentiality of personal information, just as other staff and volunteers must. 

  • Staff, Board members, and other volunteers who may deal with confidential information in the course of their church duties will sign a Confidentiality and Non-Disclosure Agreement.


Limiting Disclosure

NSUC does not collect or use personal information for commercial purposes, nor does it sell personal information.  NSUC does not share or disclose personal information with third parties unless it is:

  • Required by law enforcement or court order.

  • Specifically authorized or requested by the individual(s) whose information is being shared.

  • Necessary to fulfill denominational obligations.

  • Needed for securing employee benefits.

  • Required by Canada Revenue or another government agency.

In the above cases, the request must be in writing and only the information that is specifically required for the stated purpose will be provided.  Information will not be shared if disclosure violates any applicable statutes or contracts with the person to whom the information pertains. 


Limiting Retention

  • All collected personal information shall be securely destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as permitted by the law.

  • Except as required by law, all personal information will be deleted, erased or made anonymous no later than seven years after the purpose for which it was collected is completed. 


Individual Access

  • Anyone may contact the Privacy Officer with specific inquiries about what personal information NSUC has collected or retained about them.  Such a request must be in person or in writing.

  • The Privacy Officer will respond within a reasonable period of time.

  • The Privacy Officer will make decisions on requests for access to personal information. The Minister and Board President will be informed when a request for information is refused, including the reasons for refusal.

  • Any inaccuracy or incompleteness of personal information will be amended as required.


Complaints

  • Anyone who believes NSUC uses personal information collected, used, or retained for wrongful purposes may contact the Privacy Officer with a written complaint.  

  • The Privacy Officer will promptly investigate and notify the person about their findings and any corrective action taken. 

  • If the person who filed the inquiry/complaint is not satisfied with the response from the Privacy Officer, they may appeal to NSUC’s Board of Trustees for review.  The determination of the Board of Trustees is final.


Accuracy

  • Personal information shall be maintained as accurately, completely, and up-to-date as possible in order to fulfill the purposes for which it was collected. 

  • Any inaccuracy or incompleteness of personal information will be amended as promptly as possible.


Safeguards

Personal information will be protected by the appropriate security safeguards, which can include some or all of the following:

  • Physical measures such as premises security, locked offices and filing cabinets.

  • Organizational measures such as restricted access to files with personal information.

  • Technological measures such as security and anti-virus software, secure passwords, and encryption.


How Does NSUC Collect Your Personal Information?

NSUC collects personal information in a variety of ways, which can include (but is not limited to):

  • Emails, mail, and other correspondence you may exchange with the church.

  • Phone conversations with Staff or congregants.

  • Paper or electronic forms you fill out.

  • Information that comes to us with financial donations you make to the church (e.g. name, address, and phone number printed on your cheque, or email address associated with an eTransfer). 

  • Social media.  (Example: We sometimes locate someone's profile picture on Facebook).


Who Does NSUC Collect Personal Information From?

NSUC may collect personal information from anyone who interacts with the church in the operation of church programs and business, including (but not limited to):

  • Congregants (including Visitors, Friends, Members, and volunteers).

  • Participants in church events. 

  • Parents or Guardians of Children and Youth who participate in our Children's and Youth programs.

  • Contractors the church hires to maintain the buildings and grounds.

  • Renters who rent space from us. 

  • Individuals, couples or families for whom NSUC conducts Rite of Passage services. 

  • Donors (including people who donate items to our annual auction).

  • People who purchase items from the church (including auction items). 


What Type of Personal Information Does NSUC Collect?

The type of information collected will vary depending on the purpose for which it was collected, but may include such things as:

  • Name, contact information (email, phone number, address)

  • Payment/donation history

  • Church roles or activities


Where Does NSUC Store Personal Information?

Depending on the type of information and how it will be used, it may be stored electronically, in paper form, or both.  Here are NSUC's primary storage methods:

  • Breeze.  Breeze is the online church management system that NSUC uses.  It contains names, contact information (email, phone, address), giving history, mailing lists, program involvement, and additional information.  (See additional information about Breeze below).

  • Paper files.  Some materials are saved in paper files stored in the Church building.  Those of a sensitive nature are stored in locked offices or cabinets.

  • Computers.  Staff computers are protected by anti-virus software, and are password protected. 


Where is Credit Card Information Stored?

  • NSUC does not collect or store credit card information.

  • Donors using Text Giving or Online Giving voluntarily provide their credit card numbers directly through Breeze's interface.  But credit card information is not seen or retained by NSUC or by Breeze; it is securely stored by Stripe (an industry leader in online payment processing).  More on Stripe's security here

  • When donating through our website's Generosity page, donors choose whether to use PayPal or CanadaHelps.  The credit card numbers are not seen or stored by NSUC, but are stored by the payment processor selected by the donor.


More About Breeze

  • Breeze is the online church management system that NSUC has used since 2017.

  • Breeze uses encryption technology, and their data centers have a Tier 4 rating (the highest/best rating possible).  Read more about Breeze security here:  https://www.breezechms.com/security.

  • The general public cannot access our Breeze information; only those to whom we've issued a username and password can access our Breeze account. 

  • Each Breeze user is assigned specific permissions that specify what they can and cannot see and do in Breeze. 

  • Church Members and Friends who have access to Breeze can see "Church-Directory" type information for other Members and Friends (such as names, images, email addresses, phone numbers, and addresses). 

  • Congregants can request that we mark their contact information (such as email, phone, and address) as "Private" so that other Breeze users cannot see it without special permission. 

  • Much of the information contained in Breeze can only be seen by specific Staff and/or volunteers.  For example, Pledging information can only be seen by the Financial Administrator, the Church Administrator, the Treasurer, and the Stewardship Chair. 

  • Breeze users can see their own pledges, but not each other's (see exceptions noted above).

  • Breeze users are automatically logged out when they close their browser window. 

  • Members and Friends can contact the Church Administrator to request access to Breeze. 


More about Mailchimp

MailChimp is the “bulk email” program that NSUC has used for over a decade to send out eBulletins, Newsletters, and other mass mailings sent to Members and Friends.

  • Our MailChimp account lists the names and email addresses of subscribers (church Members and those who have subscribed to our eBulletin and Newsletter lists). 

  • MailChimp collects statistics on each email campaign, allowing our Church Administrator to see how many “opens” each of our mailings has, as well as how many “clicks” each mailing generates.  But we cannot see who opened a specific mailing, or what links specific people clicked on.  (All we can see is summary info). 

  • MailChimp rates subscribers on how “engaged” they are with our mailings using a system of 1-5 stars.  Subscribers with 5 stars are, in general, more likely to be opening our emails and clicking on links; whereas 1-star subscribers are not generally opening or clicking on links.  But again, our Church Administrator cannot see specific details for any subscribers – just an overall rating showing their level of engagement with our mailings in general.

  • All messages sent through MailChimp have an “unsubscribe” option at the bottom of the emailed message, so subscribers can unsubscribe at any time.  Once unsubscribed, we cannot add a person back onto the list.  But our Church Administrator maintains a Breeze list for those who unsubscribe accidentally but still wish to receive our mailings.   Contact our Church Administrator if you are not receiving eBulletins and newsletters, so you can be added to the Breeze list.

  • To be added to our MailChimp list (to receive eBulletins, Newsletters, and other church mailings), please contact our Church Administrator.

  • For additional information on MailChimp Privacy and Security, visit https://mailchimp.com/en-ca/about/security/.


Photography & Videotaping

  • Photos and videos are taken at many church events, and are shared on social media. 

  • If you do NOT want your image used, please notify the leader of your event and/or the person taking photos/videos.    

  • We will communicate the fact that we take and share photos/videos in a variety of ways including: eBulletins, a sign in the foyer, our Privacy Policy and Protection of Personal Information handout (available in the foyer and on our website), printed Order of Service, on our website, and in verbal announcements made at the beginning of in-person church services or events.