Canadian Crossroads International (operating as Crossroads International) shall maintain the privacy of personal information it receives in the course of day-to-day operations from its various stakeholders. Crossroads stakeholders include, but are not limited to donors, funders, staff, board, volunteers, interns, partners and supporters.
Personal information is defined as any information that can be used to distinguish, identify or contact a specific individual. This can include:
- Facts about an individual: name, gender, address, race, ethnicity, identification documents, as well as their opinions or beliefs.
- This does not include: business contact information and information that is publicly available such as names, addresses and telephone numbers as published in telephone directories.
This policy outlines Crossroads’ overall commitment, principles and approach to protecting the privacy of stakeholder information, based on ten privacy protection principles that are recognized worldwide as standard rules for the collection, use and disclosure of personal information. These principles are entrenched in federal privacy legislation and complemented by the “Ethical Fundraising and Financial Accountability code”, which Crossroads adheres to and which provides donors with privacy rights.
Principle 1: Accountability
- develop procedures to protect personal information;
- develop procedures to receive and respond to complaints and inquiries;
- train staff about Crossroads policies and practices respecting personal information; and
- develop and distribute information to Crossroads stakeholders (staff, donors, volunteers, etc.) explaining Crossroads policies and procedures respecting personal information.
Principle 2: Identifying Purposes
Crossroads will identify the purposes for the collection of personal information no later than at the time when said information is collected.
Crossroads needs to collect, use and disclose some information about its various stakeholders in order to conduct its ongoing operations. The purposes for this include, but are not limited to, the following:
- to establish and maintain relationships with volunteers, staff, directors, partners and others;
- to manage and develop Crossroads operations, including human resources functions;
- to acknowledge donations, issue tax receipts and keep donors informed of Crossroads programs, special events and fundraising opportunities;
- to determine eligibility for program participation, volunteerism or other Crossroads activities;
- to enhance and ensure safety at Crossroads;
- to collect data for statistical purposes to better understand, improve and evaluate Crossroads programs and operations;
- to meet legal, regulatory and contractual requirements;
- to represent programs, and to solicit donations and support for our work.
Unless required by law, staff and volunteers shall not collect information for purposes other than those listed above. Should collection of information become desirable, Crossroads staff or volunteer must contact the supervisor for the area prior to proceeding with the collection of information.
Principle 3: Consent
Crossroads requires the consent of individuals for the collection, use or disclosure of personal information about them, except where exempted by law. Consent may be obtained in two ways: implied or explicit consent. Further, implied or explicit consent may be verbal or written and may be obtained through either opt–in or opt-out options.
Implied consent is when an individual takes a conscious action that indicates they expect Crossroads to handle or use their personal information for particular purposes. Implied consent is received for example when participants register for programs, donors submit pledge forms, staff accept employment, and when volunteers or students accept a placement with Crossroads and they can be reasonably assumed to understand that Crossroads will make use of their information for particular purposes (sending tax receipts to donors for example).
Explicit consent is required where the purposes for which Crossroads may use the information are not assumed to be obvious to the person providing the information.
Individuals may withdraw their consent for Crossroads’ collection, use or disclosure of their personal information at any time, subject to legal or contractual restrictions. Individuals wishing to withdraw their consent should do so in writing to “Privacy Officer, Crossroads International, 49 Bathurst St., Suite 201, Toronto, ON, M5V 2P2.”
Consent is not required where it is clearly in the best interest of the individual for Crossroads to collect information about him or her for the purpose of ensuring his or her personal safety. This would include emergency situations where the life, health or security of the individual is threatened.
Principle 4: Limiting Collection
Crossroads shall restrict the collection of personal information only to that information that is necessary for the purposes noted in principle 2 above. Crossroads is committed to collecting personal information in a fair, open and lawful manner.
Principle 5: Limiting Use, Disclosure, And Retention
Crossroads shall not use personal information for purposes other than those for which it was originally collected, unless it has first obtained the consent of the person from whom such information was received or as required by law.
Crossroads shall retain personal information only for as long as it is needed for the fulfillment of the purposes for which it was originally collected or as required by law
Principle 6: Accuracy
Personal Information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7: Safeguards
Crossroads shall protect personal information by security safeguards appropriate to the sensitivity of the information.
All Crossroads staff and volunteers with access to information shall be required as a condition of employment or volunteer role, to respect the confidentiality of personal information.
Crossroads staff shall protect personal information in their control (regardless of format) against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security safeguards.
Safeguards may include physical measures (such as locked doors, locked file cabinets), organizational measures (such as staff training, limited access, and security clearances) and technological measures (such as passwords, anti-virus software for computer systems).
Personal information shared with a third party for processing shall be protected through contractual agreements with requirements for confidentiality and appropriate safeguards.
Principle 8: Openness
Crossroads shall make readily available to individuals, information about its procedures and practices relating to the management of personal information.
Information on the Crossroads’ commitment to privacy is available to the public on the Crossroads web site at www.cintl.org or by contacting Crossroads’ Privacy Officer. Staff and volunteers shall make known upon request the contact information to whom inquiries or complaints can be forwarded.
Principle 9: Individual Access
Crossroads shall, upon request, inform an individual of the existence, use and disclosure of his or her personal information and shall give the individual access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Crossroads staff and volunteers shall refer requests about personal information held about an individual to their Manager or Director.
Crossroads staff shall immediately inform their Manager or Director of a request for access by an individual to his or her personal information collected by Crossroads. A Director shall respond to a written request for individual access by providing access to the individual’s data, except in limited circumstances. See Exceptions to Access below.
In order to safeguard personal information, an individual may be required to provide sufficient identification information to permit Crossroads to account for the existence, use and disclosure of personal information, and authorize access to the individual’s file.
A Crossroads Director shall respond to a written request for access in a reasonable time, and at minimal or no cost. Personal information shall be provided in a format that is understandable, along with any explanation needed to facilitate the individual's understanding.
A Crossroads Director or designate shall provide the individual a reasonable opportunity to review and challenge the accuracy and completeness of personal information. A statement of disagreement will be attached to records where a requested amendment cannot be made.
Upon request, a Crossroads Director shall provide an account of the use and disclosure of personal information. A list of organizations to which Crossroads may have disclosed personal information shall be provided, when it is not possible to provide a list of actual disclosures.
Crossroads staff can request access to their employee file by contacting their Manager or Director.
Exceptions to Access
Crossroads may not be able to provide an individual with access to some or all of his or her personal information in certain circumstances permitted by law. Some exceptions include if:
- doing so would likely reveal personal information about a third party;
- disclosure could reasonably be expected to threaten the life or security of another individual;
- information was collected in relation to the investigation of a breach of an agreement, or a contravention of law, or as otherwise permitted by law.
If access to personal information cannot be provided, a Crossroads Director shall provide the individual with written reasons for denying access.
Principle 10: Challenging Compliance
An individual shall be able to challenge compliance with the principles in this document.
Crossroads staff and volunteers shall refer any inquiries, concerns or complaints about Crossroads’ handling of personal information to the Manager for the relevant Crossroads program area for response in a fair and timely manner. In most cases, talking with the Department Manager for the area will resolve a complaint.
If the problem is not resolved to the individual’s satisfaction, the individual may contact the Privacy Officer. The individual will be asked to provide the Privacy Officer with the following information in writing:
- Name, address or fax number where the individual prefers to be reached;
- Nature of the complaint, relevant details, what the individual would like us to do;
- Name of Crossroads International staff whom the individual has already discussed the issue.
The Privacy Officer will immediately forward a privacy complaint to the attention of the relevant Department Manager. The Privacy Officer will work with the Department Manager to investigate privacy complaints. If a complaint is found to be justified, Crossroadsshall take appropriate measures to resolve the complaint.
Individuals who have general questions about Crossroads International information handling practices may contact the Privacy Officer in writing at: Privacy Officer, Crossroads International, 49 Bathurst St., Suite 201, Toronto, ON, M5V 2P2.
The privacy officer shall report to the Board on Crossroads’ compliance with the policy and any complaints received annually.
Crossroads shall regularly review its policies and procedures to ensure it remains current with changing laws and evolving public expectations.
Contact the Privacy Officer for more information on Crossroads’ commitment to privacy. Also, the following website provides useful information on privacy:
Privacy Commissioner of Canada http://www.privcom.gc.ca.