The Greater Napanee Ratepayers Association (the “GNRA”) collects personal information as necessary in the course of its relationship with its members, customers, contributors and others having dealings with it. “Personal information” means information about an identifiable individual. For example, when a person obtains membership, registers for an event, or purchases a publication or other product, personal information relating to payment, including contact information like physical or electronic address may be collected. The GNRA may also keep a record of contacts, including copies of correspondence and history of transactions.
This information is used only for the purposes for which it was collected, namely to provide goods and services to members and customers, to process payments and correspondence and to keep members and customers informed of activities and products. Under no circumstances does the GNRA rent, sell or trade any of this personal information.
This information is retained only so long as is necessary for the fulfilment of the purposes for which it is collected.
All personal information provided to the GNRA by members, customers, contributors and others having dealings with it is kept physically and electronically secure, as is appropriate to the sensitivity of the particular information. All such information is used only for the purposes for which it was collected, and access to it is limited to staff who require it to perform necessary job functions.
The GNRA has put in place and maintains specific security safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, or use or unauthorized modification. These safeguards include the use of password protocols, encryption and other security software to protect personal information when goods or services are purchased. This software is updated periodically to improve protection.
In very limited circumstances, the GNRA may disclose personal information to third parties who provide services to the GNRA in the normal course of business. For example, some personal financial information must be disclosed to the bank in order to process payments of fees or other financial transactions or couriers in order to ship orders to members or others. In these circumstances, the GNRA discloses only the information that is necessary to obtain the service in question.
Service providers who perform internal functions for the GNRA, such as information storage, are bound by contract to keep personal information provided to them by the GNRA confidential, to safeguard it and to use it only for the purposes of rendering the contracted services.
The GNRA may also disclose personal information in other circumstances specifically permitted or required by applicable legislation, such as where a government institution has lawful authority to obtain the information.
Consent and Access to Information
The GNRA obtains the consent, either express or implied, of members, and others with whom it has dealings to use their personal information for the purposes for which it has been collected. Based on this, it is expected that these persons have an understanding of how this information is used and the limited circumstances in which it is shared with third parties. If any member or other person with whom the GNRA has dealings wishes to withdraw this consent, this may be accomplished by written notification to the GNRA Privacy Officer. However, it must be understood that in cases where such consent is withdrawn, or where it is not given, there could be circumstances in which the GNRA will be unable to service a membership or provide requested products or services.
Any member, customer, contributor or other person having dealings with the GNRA may request a copy of that person’s personal information contained in the records of the GNRA, or a list of third parties to whom that information has been disclosed, by written request to the GNRA Privacy Officer. Acceptable proof of identification will be required before responding to such a request. In some cases it will not be possible to provide a person with the complete record of that person’s personal information, because of other applicable constraints, such as where that record contains non-severable personal information about another person. In such circumstances, an explanation of the reason for this will be provided. There are also other circumstances, such as where information was generated as part of a formal dispute resolution process, where personal information collected by the GNRA will not be disclosed upon such a request.
If any member, customer, contributor or other person having dealings with the GNRA feels that that person’s personal information as contained in the records of the GNRA is inaccurate, incomplete or out of date, or otherwise wishes to enquire about or challenge compliance by the GNRA regarding the use of that person’s personal information, that person may so advise the GRNA Privacy Officer in writing. The Privacy Officer will then examine the request and make such correction or take such action as is necessary in the circumstances.
All such requests shall be processed within thirty (30) days.
Contact the Privacy Officer at firstname.lastname@example.org.