Privacy Policy

ONTARIO SAILING

PRIVACY POLICY

Article 1 – General

1.1

Purpose – The purpose of this policy is to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of Ontario Sailing Association to collect, use or disclose personal information.

1.2

Definitions – The following terms have these meanings in this Policy:

a)	Act – Personal Information Protection and Electronic Documents Act
b)	Commercial Activity – any particular transaction, act or conduct that is of a commercial character.
c)	Organization – includes an association, a partnership, a person, an unincorporated association, a trust, a not for profit organization, a trade union and a corporation.
d)	Personal Information – any information about an identifiable individual, but does not include an employee’s name, title, business address or telephone number.
e)	Personal Health Information – any health information about an identifiable individual.
f)	Representatives- Directors, officers, employees, committees, members, volunteers, coaches, contractors and other decision makes with Ontario Sailing Association.

1.3

Application – This Policy applies to directors, officers, employees, committee members, volunteers, coaches, contractors, and other decision-makers with Ontario Sailing Association in the case of personal information that is collected, used or disclosed in connection with any commercial activity.

1.4

Statutory Obligations – Ontario Sailing Association is governed by the Personal Information Protection and Electronic Documents Act in matters involving the collection, use and disclosure of personal information.

1.5

Additional Obligations – In addition to fulfilling all requirements of the Act, Ontario Sailing Association and its Representatives will also fulfill the additional requirements of this Policy. Representatives of Ontario Sailing Association will not:

a)	Disclose personal information to a third party during any business or transaction unless such business, transaction or other interest is properly consented to in accordance with this policy;
b)	Knowingly place themselves in a position where they are under obligation to any person to disclose personal information;
c)	In the performance of their official duties, disclose personal information to family members, friends or colleagues, or to organizations in which their family members, friend or colleagues have an interest;
d)	Derive personal benefit from personal information that they have acquired during the course of fulfilling their official duties with Ontario Sailing Association; and
e)	Accept any gift or favor that could be construed as being given in anticipation of, or in recognition for, the disclosure of personal information.

1.6

Ruling on Policy – Except as provided in the Act, the Board of Directors of Ontario Sailing Association will have the authority to interpret any provision of this Policy that is contradictory, ambiguous, or unclear.

Article 2 – Accountability

2.1

Personal Information – Ontario Sailing Association will be responsible for personal information that is in its custody or under its control and will implement policies and practices to secure all personal information during collection, use and disclosure.

2.2

Employees – Ontario Sailing Association will be responsible to ensure that the employees, contractors, agents or otherwise are complaint with the Act and this Policy.

2.3

Privacy Officer – Ontario Sailing Association will designate an individual to oversee the implementation and monitoring of this Privacy Policy and the security of personal information.

2.4

Duties – The Privacy Officer will:

a)	Implement procedures to protect personal information;
b)	Establish procedures to receive and respond to complaints and inquiries;
c)	Ensure all staff implements the proper procedures to protect personal information.
d)	Make his/her identity and contact information known to the public via OSA’s web site and will be publicly accessible;
e)	Respond to all requests and inquiries in regards to personal information;
f)	Train staff and communicate to staff information about the Ontario Sailing Association’s policies and practices; and
g)	Develop information to explain Ontario Sailing Association’s policies and procedures to members and the public.

2.5

Disclosure to Third Parties – A contract made with a third party having access to personal information held by Ontario Sailing Association will include a clause that ensures the third party does not breach Ontario Sailing Association’s privacy policies.

2.6

Information- Information will be made available to the public via Ontario Sailing Association’s web site explaining privacy policies and procedures.

2.7

Annual Review – This Policy will be reviewed annually by the Privacy Officer and necessary changes will be made to ensure the protection of personal information and compliance with the law.

Article 3 – Identifying Purposes

3.1

Collection – Ontario Sailing Association will only collect information reasonably necessary for the identified purposes set out in Article 3.3 and will identify in writing the purposes for which personal information is collected at or before the time of collection. The purposes will be stated in a manner that an individual can reasonably understand how the information will be used or disclosed.

3.2

Notification – Before or at the time of collecting personal information Ontario Sailing Association will notify the individual in writing or orally the purposes for which the information is collected and the name of the Privacy Officer.

3.3

Purpose – Personal information may be collected from prospective members, members, participants, coaches, referees, managers, and volunteers (“Individuals”) and used by Ontario Sailing Association Representatives for purposes that include, but are not limited to, the following:

a)	Name, address, phone number, cell phone number, fax number and e-mail address for the purpose of providing information to Ontario Sailing Association.
b)	Nationality for statistics as required by Sport Canada
c)	NCCP number, education, resumes and experience for database entry at the Coaching Association of Canada to determine level of certification and coaching qualifications.
d)	Credit card information for registration at conferences, purchasing equipment, coaching manuals and other resources.
e)	Date of birth and athlete biography for media releases and to determine age group.
f)	Banking information, social insurance number, criminal records check, resume, and beneficiaries for Ontario Sailing Association’s payroll, company insurance and health plan.
g)	Personal health information including provincial health card numbers, allergies, emergency contact and past medical history for use in the case of medical emergency.
h)	Personal health information for individuals with a disability in order to determine eligibility to compete and classification.
i)	Athlete information including height, dietary supplements taken, uniform size, shoe size, feedback from coaches and trainers, performance results, biography information and Ontario Sailing Association registration number for required registration forms, outfitting uniforms, media relations, and components of selection.
j)	Athlete whereabouts information including sport/discipline, training times and venues, training camp dates and locations, travel plans, competition schedule, and disability, if applicable, for Canadian Centre for Ethics in Sport inquiries for the purpose of out-of-competition doping testing.
k)	Individual measurements for adjusting equipment.
l)	Body weight, mass and body fat index to monitor physical response to training and to maintain an appropriate weight for competition.
m)	Marketing information including attitudinal and demographic data on individual members to determine membership demographic structure, and program wants and needs.
n)	Passport numbers and Aeroplan/frequent flyer number for travel purposes.
o)	Individuals providing their addresses or e-mail addresses to Ontario Sailing Association will receive an advertisement from new and existing Corporate Partners, an alumni letter, a newsletter and donation request for the purpose of fundraising.

3.4

Purposes not Identified – Ontario Sailing Association will seek consent from individuals when personal information is used for a purpose not previously identified. This consent will be documented as to when and how it was received.

Article 4 – Consent

4.1

Consent – Ontario Sailing Association will obtain consent from individuals at the time of collection prior to the use or disclosure of this information.

4.2

Lawful Means – Consent will not be obtained by deception.

4.3

Requirement – Ontario Sailing Association will not, as a condition of a product or service, require an individual to consent to the collection, use or disclosure of information beyond that required to fulfill the specified purpose.

4.4

Form – Consent may be written, oral or implied. In determining the form of consent to use, Ontario Sailing Association will take into account the sensitivity of the information, as well as the individual’s reasonable expectations. Individuals may consent to the collection and specified used of personal information in the following ways:

a)	By filling out an application form;
b)	By signing a form;
c)	By checking a check off box;
d)	By providing written consent either physically or electronically;
e)	By consenting orally in person; or
f)	By consenting orally over the phone.

4.5

Withdrawal – An individual may withdraw consent to the collection, use or disclosure of personal information at any time, subject to legal or contractual restrictions, provided the individual gives one week’s notice of such withdrawal. Ontario Sailing Association will inform the individual of the implications of such withdrawal.

4.6

Legal Guardians – Consent will not be obtained from individual who are minors, seriously ill, or mentally incapacitated and therefore will be obtained from a parent, legal guardian or person having power of attorney.

4.7

Exceptions for Collection – Ontario Sailing Association is not required to obtain consent for the collection, of personal information if:

a)	it is clearly in the individual’s interests and consent is not available in a timely way;
b)	knowledge and consent would compromise the availability or accuracy of the information and collection is required to investigate a breach of an agreement or contravention of a federal or provincial law;
c)	the information is for journalistic, artistic or literary purposes;
d)	the information is publicly available as specified in the Act.

4.8

Exceptions for Use – Ontario Sailing Association may use personal information without the individual’s knowledge or consent only:

a)	if Ontario Sailing Association has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
b)	for an emergency that threatens an individual’s life, health or security;
c)	for statistical or scholarly study or research (Ontario Sailing Association must notify the Privacy Commissioner before using the information);
d)	if it is publicly available as specified in the Act;
e)	if the use is clearly in the individual’s interest and consent is not available in a timely way; or
f)	if knowledge and consent would compromise the availability or accuracy of the information and collection was required to investigate a breach of an agreement or contravention of a federal or provincial law.

4.9

Exceptions for Disclosure – Ontario Sailing Association may disclose personal information without the individual’s knowledge or consent only:

a)	to a lawyer representing Ontario Sailing Association;
b)	to collect a debt the individual owes to Ontario Sailing Association;
c)	to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
d)	to a government institution that has requested the information, identified its lawful authority, and indicated that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or that suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or provincial law;
e)	to an investigative body named in the Act or government institution on Ontario Sailing Association’s initiative when Ontario Sailing Association believes the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or suspects the information relates to national security or the conduct of international affairs;
f)	to an investigative body for the purposes related to the investigation of a breach of an agreement or a contravention of a federal or provincial law;
g)	in an emergency threatening an individual’s life, health, or security (Ontario Sailing Association must inform the individual of the disclosure);
h)	for statistical, scholarly study or research (Ontario Sailing Association must notify the Privacy Commissioner before disclosing the information);
i)	to an archival institution;
j)	20 years after the individual’s death or 100 years after the record was created;
k)	if it is publicly available as specified in the regulations; or
l)	if otherwise required by law.

Article 5 – Limiting Collection

5.1

Limiting Collection – Ontario Sailing Association will not collect personal information indiscriminately. Information collected will be for the purposes specified in Article 3.3.

5.2

Method of Collection – Information will be collected by fair and lawful means.

Article 6 – Limiting Use, Disclosure, and Retention

6.1

Limiting Use – Personal information will not be used or disclosed for purposes other than those for which it was collected as described in Article 3.3, except with the consent of the individual or as required by law.

6.2

Retention Periods – Personal information will be retained for certain periods of time in accordance with the following:

a)	Registration data and athlete information will be retained for a period of three years after an individual has left the program in the event that the individual chooses to return to the program;
b)	Parental/family information will be retained for a period of three years after an individual has left the program in the event that the individual chooses to return to the program;
c)	Credit Card information will be destroyed immediately upon completion of a financial transaction.
d)	Information collected by coaches will be retained for a period of three years after an individual has left the program in the event that the individual chooses to return to the program, and in order to communicate program and conference dates.
e)	Employee information will be retained for a period of seven years in accordance with Canada Customs and Revenue Agency requirements.
f)	Personal health information will be immediately destroyed in the event that the individual chooses to leave the program
g)	Personal health information of paralympic athletes will be retained for a period of three years after an individual has left the program in the event that the individual chooses to return to the program;
h)	Marketing information will be immediately destroyed upon compilation and analysis of collected information.
i)	As otherwise may be stipulated in federal or provincial legislation.

6.3

Destruction of Information – Documents will be destroyed by way of shredding and electronic files will be deleted in their entirety.

6.4

Exception – Personal information that is used to make a decision about an individual will be maintained for a minimum of one year of time to allow the individual access to the information after the decision has been made.

6.5

Third Parties- Information which has been consented to be disclosed to a third party will be protected by a third party agreement to limit use and disclosure.

Article 7 – Accuracy

7.1

Accuracy – Personal information will be accurate, complete and up to date as is necessary for the purposes for which it is to be used to minimize the possibility that inappropriate information may be used to make a decision about the individual.

7.2

Update – Personal information will only be updated if it is necessary to fulfill the purposes for which the information was collected unless the personal information is used on an ongoing basis.

7.3

Third Parties – Personal information disclosed to a third party will be accurate and up-to-date.

Article 8 – Safeguards

8.1

Safeguards – Personal information will be protected by security safeguards appropriate to the sensitivity of the information against loss or theft, unauthorized access, disclosure, copying, use or modification.

8.2

Sensitivity – The nature of the safeguards will be directly related to the level of sensitivity of the personal information collected. The more sensitive the information, the higher the level of security employed.

8.3

Methods of Protection – Methods of protection and safeguards include, but are not limited to, locked filing cabinets, restricted access to offices, security clearances, need-to-know access and technological measures including the use of passwords, encryption, and firewalls.

8.4

Employees – Employees will be made aware of the importance of maintaining personal information confidential and may be required to sign confidentiality agreements.

8.5

Coaches Information – Personal information in the possession of coaches will be secured in a locked filing cabinet and a password protected computer accessed only by the OSA Program Director responsible for the Coaching portfolio.

8.6

Financial Information – Personal information of employees will be secured in a locked filing cabinet and on a password protected computer accessed only by the Finance Officer and office staff with permission for the Finance Officer.

8.7

Membership Information- Membership information will be secured in a locked filing cabinet and on a password protected computer accessed only by office staff with permission of the Executive Director.

8.8

Athlete Information – Athlete information will be secured in a locked filing cabinet in Ontario Sailing Association’s office and on a password-protected computer, both of which will only be accessed by office staff with permission of the Executive Director.

8.9

Personal Health Information – Personal health information will be secured in a locked filing cabinet in Ontario Sailing Association’s office and on a password-protected computer, both of which will only be accessed by approved Ontario Sailing Association staff.

8.10

Marketing Information – Marketing information will be secured in a locked filing cabinet and on a password-protected computer, both of which will only be accessed by the Director of Development.

Article 9 – Openness

9.1

Openness – Ontario Sailing Association will make publicly available information about its policies and practices relating to the management of personal information. This information will be in a form that is generally understandable.

9.2

Information – The information made available will include:

a)	the name or title, and the address, of the person who is accountable for the organization’s policies and practices and to whom complaints or inquiries can be forwarded;
b)	the means of gaining access to personal information held by the organization;
c)	a description of the type of personal information held by the organization, including a general account of its use;
d)	a copy of any brochures or other information that explain the organization’s policies, standards, or codes; and
e)	organizations such as CCES, Canadian Yachting Association, Sport Canada, and Coaches Association of Canada in which personal information is made available.

Article 10 – Individual Access

10.1

Individual Access – Upon written request, and assistance from Ontario Sailing Association, an individual will be informed of the existence, use, and disclosure of his or her personal information and will be given access to that information.

10.2

Amendment – An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

10.3

Denial – An individual may be denied access to his or her personal information and provided a written explanation as to why if:

a)	the information is prohibitively costly to provide;
b)	the information contains references to other individuals;
c)	the information cannot be disclosed for legal, security, or commercial proprietary reasons, and
d)	the information is subject to solicitor-client or litigation privilege.

10.4

Contents of Refusal – If Ontario Sailing Association determines that the disclosure of personal information should be refused, Ontario Sailing Association must inform an individual the following:

a)	the reasons for the refusal and the provisions of the Act on which the refusal is based;
b)	the name, position title, business address and business telephone number of the Privacy Officer who can answer the applicant’s questions; and
c)	that the individual may ask for a review within thirty (30) days of being notified of the refusal.

10.5

Source – Upon request, the source of personal information will be disclosed along with an account of third parties to whom the information may have been disclosed.

10.6

Identity – Sufficient information may be required to confirm an individual’s identity prior to providing that individual an account of the existence, use, and disclosure of personal information.

10.7

Response – Requested information will be disclosed within 30 days of receipt of the request at minimal expense for copying or no cost to the individual, unless there are reasonable grounds to extend the time limit. The requested information will be provided in a form that is generally understandable.

10.8

Costs – Costs may only be levied if an individual is informed in writing in advance of the approximate cost and has agreed to proceed with the request.

10.9

Inaccuracies – If personal information is inaccurate or incomplete, it will be amended as required and the amended information will be transmitted to third parties in due course.

10.10

Unresolved Complaints – An unresolved complaint from an individual in regards to the accuracy of personal information will be recorded and transmitted to third parties having access to the information in question.

Article 11 – Challenging Compliance

11.1

Challenges – An individual will be able to challenge compliance with this Policy and the Act to the designated individual accountable for compliance.

11.2

Procedures – Upon receipt of a complaint Ontario Sailing Association will:

a)	Record the date the complaint is received;
b)	Notify the Privacy Officer who will serve in a neutral, unbiased capacity to resolve the complaint;
c)	Acknowledge receipt of the complaint by way of telephone conversation and clarify the nature of the complaint within three (3) days of receipt of the complaint;
d)	Appoint an investigator using Ontario Sailing Association personnel or an independent investigator, who will have the skills necessary to conduct a fair and impartial investigation and will have unfettered access to all file and personnel, within ten (10) days of receipt of the complaint.
e)	Upon completion of the investigation and within twenty-five (25) days of receipt of the complaint, the investigator will submit a written report to Ontario Sailing Association.
f)	Notify the complainant the outcome of the investigation and any relevant steps taken to rectify the complaint, including any amendments to policies and procedures within thirty (30) days of receipt of the complaint.

11.3

Assistance – Ontario Sailing Association will assist an individual in preparing a request for information.

11.4

Whistleblowing – Ontario Sailing Association must not dismiss, suspend, demote, discipline, harass or otherwise disadvantage an employee of Ontario Sailing Association, or deny that employee a benefit because the employee, acting in good faith and on the basis of reasonable belief:

a)	has disclosed to the commissioner that Ontario Sailing Association has contravened or is about to contravene the Act;
b)	has done or stated an intention of doing anything that is required to be done in order to avoid having any person contravene these Act;
c)	has refused to do or stated an intention of refusing to do anything that is in contravention of these Act.