Privacy Policy

Preamble

1. Cross Country Ski Ontario (XCSO) is subject to the Personal Information Protection and Electronic Documents Act (“the Act”) which sets out principles of fair information practices that in turn form ground rules for the collection, use and disclosure of personal information.

2. In accordance with the Act, XCSO is responsible for the protection of personal information and the fair handling of it at all times both throughout the organization and in dealings with third parties.

3. This policy is adapted from Cross Country Canada Ski de Fond Privacy Policy – document 1.13.

Aim

4. The aim of the XCSO Privacy Policy is to provide direction for how personal information will be collected, used and disclosed within XCSO. Personal information is recorded information about an identifiable individual. Examples of personal information examples are identified in the Act

General Policy

5. XCSO will comply fully with the principles and exceptions set out in the Act.

6. XCSO requires that its member Districts establish and implement policies that are substantially similar to the XCSO Privacy Policy.

Cross Country Ski Ontario Principles of Fair Information Practices

Identifying Purposes

7. Before or when any personal information is collected by or on behalf of XCSO, XCSO will identify the reason(s) for collecting the information and how it will be used. If the reason(s) for collecting the information and/or how it will be used changes after the information is collected, XCSO will inform the affected individual(s) and obtain consent before the information is used.

8. Personal information may be collected from more than one source and combined.

Consent

9. XCSO requires an individual’s consent to the collection, use and/or disclosure of personal information:

a. Before or when any personal information is collected by or on behalf of XCSO, or when the reason(s) for collecting the information and/or how it will be used changes, XCSO will obtain consent from the individual whose personal information is collected, used or disclosed.

b. For an individual who is a minor, seriously ill, or mentally incapacitated, consent may be obtained from a legal guardian, or person having power of attorney.

c. Consent may be obtained in person, by phone, by fax, by mail, by email or by internet, or by any other reasonable method, whether express or implied.

Limiting Collection

10. XCSO limits the information it collects to what is needed for specific purposes identified by XCSO at the time the personal information is collected.

Limiting Use, Disclosure and Retention

11. XCSO will limit the use and disclosure of the personal information it has collected to the purpose(s) for which it was collected, unless the individual otherwise consents or the use or disclosure is authorized by law.

12. Where possible, XCSO will use contracts or other agreements to ensure the protection of personal information that has been collected by XCSO and that is transferred to a third party for use, including but not limited to:

a. The personal information transferred to a third party will be limited to what is needed by and for the purposes necessary for the third party to fulfil the contract or agreement.

b. The third party will be required to refer to XCSO any requests for access to or complaints about the information provided.

c. When the personal information is no longer required by the third party, the third party will be required to either return the information to XCSO or dispose of it in a manner acceptable to XCSO.

13. Personal information collected by or on behalf of XCSO will be retained only as long as necessary to satisfy the purpose(s) for which it was collected. Any personal information collected by or on behalf of XCSO that is no longer required for an identified purpose or a legal requirement will be destroyed, erased or rendered anonymous in a manner that will prevent improper access.

Accuracy

14. XCSO will make efforts to keep the personal information collected as accurate, complete and up-to-date as is necessary, taking into account the purpose(s) for which the information is collected and the interests of the individual.

Safeguards

15. XCSO will make efforts to protect the personal information collected with appropriate safeguards and security measures:

a. Information may only be accessed by approved officials or employees, or by other persons designated as such by XCSO, and only to the extent necessary for the identified purpose(s).

b. Personal information will only be disclosed to a third party when: i. reasonable steps are taken to identify the individual requesting the personal information; ii. the individual requesting the information is able to establish his/her right to access the personal information requested; and iii. the proposed use of the personal information requested is consistent with the consent given with respect to the collection, use and/or disclosure of the personal information.

c. Personal information may only be stored, modified or deleted by the XCSO Administrator or his/her delegate as set out herein.

d. Physical safeguards include restricted physical access to XCSO offices and secure storage facilities.

e. Technological safeguards include restricted file access, computer passwords, firewalls and file encryption procedures.

Openness

16. Any requests or enquiries about this policy can be directed to the XCSO Provincial Office.

Individual Access

17. Any individual that has provided personal information to XCSO shall have access to that personal information collected, used or disclosed by or on behalf of XCSO.

18. An individual may review, amend or update the personal information collected about him/her.

19. If XCSO refuses access to an individual to the personal information collected, XCSO will provide to the individual the reason(s) for the refusal and any recourse available.

20. Where possible, a response to a request for access to personal information by an individual will be made within 30 days of the request.

21. XCSO will make every effort to provide access of any individual to his/her personal information at minimal or no cost. If a cost is anticipated to provide the information requested, XCSO will advise of the cost prior to disclosing the information.

Challenging Compliance

22. XCSO will investigate and respond to all concerns about any aspect of the collection, use and disclosure of personal information, in a timely manner. Where necessary, an individual will be advised of available avenues of complaint, including the Office of the Privacy Commissioner of Canada.

23. XCSO will take appropriate measures to correct any inaccurate personal information that is identified or to modify policies or procedures where necessary.

Responsibility and Accountability

24. XCSO is responsible for maintaining and protecting all personal information that it collects.

25. The XCSO Administrator has the primary responsibility for ensuring compliance with the XCSO Privacy Policy as set out herein and has the authority to intervene on privacy issues that relate to any of XCSO’s operations. The XCSO Administrator is responsible for the following:

a. Collection, use and disclosure of personal information;

b. Responding to requests and general inquiries for personal information;

c. Responding to requests for correction to personal information;

d. Responding to complaints about the collection, use and disclosure of personal information by XCSO;

e. Explaining the purpose(s) for the collection, use and disclosure of personal information;

f. Explaining the procedure to withdraw consent and the consequences, if any, of such a withdrawal.

26. The XCSO Administrator may delegate any responsibilities set out herein to another XCSO employee or to an individual approved by XCSO. All XCSO officials and employees, or any individual approved by XCSO to handle any responsibilities set out herein, are required to understand the nature and scope of and adhere to the XCSO Privacy Policy.

Privacy Policy Policy Created: September 30, 2016

Revised and reviewed October 12, 2016