PRIVACY & INFORMATION Policy
“Personal Information” is any information that relates to an identifiable individual and is supplied by clients or potential clients of Rise that may reveal personal identifying information, including health information, trade secrets, scientific, technical, commercial, financial or labour relations information.
Personal Information may include, but is not limited to:
- An individual’s name, mailing address, and email address;
- An individual’s credit card number, Social Insurance Number, personal income, banking information or creditor information, credit history, or any other identifying financial information;
- Ideas for businesses, goods and services, or inventions, business plans, processes or operations, financial projections and results (whether patented or not), and;
- Information about an individual’s health status, mental health or addiction history.
Personal Information does not include the name, business title or business address and business telephone number in a person’s capacity as an employee of Rise.
Confidential Information: ‘Confidential Information’ means all Personal Information, as well as information acquired by Rise Asset Development that was supplied in by clients or potential clients of Rise where it would be reasonably expected by the provider of information that such information is to be kept confidential, whether such desire is expressly provided or not. For greater certainty, all Personal Information shall be considered Confidential Information, and both Personal Information and Confidential Information, where it includes elements of personal health information, must be kept confidential and secure in accordance with the Personal Health Information Protection Act, 2004.
Rise Asset Development (“Rise”) respects the privacy of its lending and training clients, donors, prospective donors, volunteers, staff and partner agencies. Rise is committed to protecting privacy and will always collect Personal Information by lawful means.
This policy complements Rise’s online Privacy Notice: https://risehelps.ca/privacy-policy/
This policy applies to all staff, volunteers and advisors employed by or affiliated in any with Rise Asset Development (hereinafter referred to collectively as “staff”).
COLLECTION OF PERSONAL INFORMATION
Rise will collect Personal Information lawfully and fairly.
We collect Personal Information from individuals directly, and from third party service providers, where we have obtained consent to do so, or where we are otherwise permitted by law, including all applicable federal privacy legislation, to do so.
Rise collects certain types of information when an individual interacts with our websites, emails, and online advertising. Rise’s purpose in collecting this information is to allow the correct functioning of our website, to evaluate use of the website, and to support website analytics and marketing campaigns.
Rise’s collection of information includes but it not limited to:
- Collecting technical information such as a person’s internet protocol address, that person’s computer’s operating system and browser type, the address of a referring website, if any, and the path taken through our web pages.
- Collecting and using “cookies” to recognize an individual as they use or return to our sites. This may be done so that we can provide a continuous and more seamless online experience. A cookie is a small text file that a website or email may save to an individual’s browser and store on that individual’s hard drive to record which websites an individual has visited.
- Collecting and using web beacons. Beacons allow us to know if a certain page was visited, an email was opened, or if ad banners on our website and other sites were effective.
If an individual makes a written request to access any Personal Information about them that we have collected, utilized or disclosed, we will endeavour to provide that person with any such Personal Information to the extent required by law. We will make such Personal Information available to that individual in a form that is generally understandable and will explain any abbreviations or codes.
We will ensure that Personal Information is kept as accurate, complete and up to date as necessary for the purpose for which it was collected. We expect individuals to supply us with written updates to their Personal Information, when required.
At any time, a person can confirm the accuracy or completeness of their Personal Information in our records. If they successfully demonstrate that their Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. If an individual wishes to correct information that Rise stores about them, they may contact the Chief Operating Officer to make such a request. Where appropriate, we will transmit the amended information to third parties having access to that Personal Information
USE OF PERSONAL INFORMATION
We identify the purposes for which we use Personal Information at the time we collect such information and obtain consent, in any case, prior to such use.
In addition to uses permitted or required by law, we use Personal Information for the following purposes (the “Purposes”):
- to process a submitted Lending Program, Training Program or volunteer application;
- to administer a loan
- to build relationships, facilitate networking opportunities and match entrepreneurs with volunteers
- to assist with administrative or technical support
- to gather opinions and feedback through surveys and to conduct data and statistical analysis
- to enroll eligible participants in our contests or promotional programs
- to use in solicitations for fundraising, for donation processing and for donor stewardship
- to include an individual on our mailing list, and
- other consistent uses that individuals might reasonably have expected at the time of collection (e.g. quality control).
Employees, volunteers and contractors should only access personal information if the discharge of their duties reasonably require it.
DISCLOSURE OF PERSONAL INFORMATION
We identify to whom, and for what purposes, we disclose Personal Information, at the time we collect such information from an individual. We obtain consent to such disclosure. In general, Personal Information collected will be limited to that required for the purposes identified.
In addition, we may send Personal Information outside of the country for the purposes set out above, including for process and storage by service providers in connection with such Purposes, it should be noted that while such information is out of the country, it may be subject to the laws of the foreign country in which it is held, and may be subject to disclosure to the governments, courts, law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
We will only make disclosures of Personal Information to such persons for which an individual provides consent. Notwithstanding the foregoing, we may also make disclosures of Personal Information to a potential partner in connection with a transaction involving the sale of a part of Rise’s business, a merger or consolidation, or as otherwise permitted or required by law.
We may keep a record of an individual’s Personal Information, correspondence or comments in a file specific to that individual. We will use, disclose or retain Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law.
We will always endeavour to store Personal Information securely, through a combination of physical, administrative and technological safeguards to protect against loss, theft, unauthorized access, use and disclosure, copying, modification and improper destruction.
Examples of physical safeguards include:
- Controlled access to work and storage spaces (e.g. locked doors)
- Unattended records are filed and locked up
- Electronic devices are locked up or handed off when not in use
- Pockets are emptied when leaving work, so documents are not unintentionally removed from the workspace; and
- Paper and electronic files are secured in transit (e.g. using a locked briefcase, putting paper in pockets with zippers or buttons, etc.).
Examples of technical safeguards include:
- Technical access controls are activated for files and folders that do not need to be shared across the organization
- Passwords are used – To be effective, passwords should be at least 8 characters long and include letters, numbers and symbols. Avoid using dictionary words as a password; and
- Digital files are only saved to Rise networks or to cloud storage.
Examples of administrative safeguards include:
- Controlled access to work and storage spaces (e.g. receptionist who monitors people coming and leaving the workplace)
- Placing filing cabinets in spaces where access can be monitored and controlled (e.g. behind a desk); and
- Processes to permit access to sensitive information (e.g. manager sign-off on granting access or permitting disclosure).
Rise collects Confidential Information from its clients and potential clients, and it has a duty to safeguard that information. Ensuring that Confidential Information is securely destroyed using the procedures outlined in this policy is one way in which Rise safeguards this information.
Procedure for paper documents
Confidential Information must never be discarded in the regular garbage or recycling bins. All paper documents containing Confidential Information must be discarded into the designated shredding containers, or cross-cut shred.
Procedure for electronic or digital information
All electronic and digital media (e.g. CD’s, USB keys, video tapes, diskettes, etc.) containing Confidential Information must be physically destroyed or magnetically erased, as follows:
- Physical Destruction – Electronic and digital media can be physically destroyed by discarding it in the designated shredding containers or cross-cut shred.
- Magnetic Destruction – Larger electronic and digital media, such as hard drives, can be magnetically erased through processes such as degaussing.
Notwithstanding the above-noted data security processes and safeguards and ongoing employee training protocols, the Chief Operating Officer must be notified in the event of a potential data breach or if Confidential Information is disposed of by any means other than as set out in this policy and procedure. The Chief Operating Officer will determine, in consultation with legal counsel, if required, whether Rise has a statutory obligation to provide mandatory notice to any Canadian privacy regulator.
Staff can notify the Chief Operating Officer at email@example.com
Individuals who fail to comply with any part of this policy and procedure may be subject to discipline up to and including dismissal.
The following departments can be contacted for further assistance:
Beth Dea, Chief Operating Officer, firstname.lastname@example.org