Privacy Policy
PRIVACY POLICY
1.0 RATIONALE
The Mississauga Sports Council (MSC) values it's member/stakeholder/public relationships and is dedicated to effectively managing personal information in a respectful and appropriately secure manner as outlined below.
2.0 PURPOSE
​
This policy provides standards for MSC Board, staff and volunteers to protect all stakeholders individual personal information collected, used or disclosed by the MSC. An individual is a person who uses, participates in or applies to use MSC programs, products or services.
3.0 SCOPE
​
This policy applies to all staff and volunteers. Personal information may include but is not limited to:
Address, age, date of birth, gender, telephone number, facsimile number, email address, website address;
empolyment records; and MSC Policy decisions (e.g. Complaints, Appeals, Discipline, etc.)
4.0 POLICY
I). RESPONSIBILITY AND ACCOUNTABILITY
MSC is responsible for personal information under its control. In response, it has designated its Board of Directors as accountable for the association's compliance with the provisions of this policy and its Executive Director as primary contact. Other individuals within MSC may be delegated to act on behalf of the Executive Director.
II)Identifying Purposes For Collection Of Personal Information
​
MSC shall identify the purposes for which personal information is collected at or before the time the information is collected.
(a) MSC collects personal information only for the following purposes:
To establish and maintain responsible relations with individuals and to provide ongoing service;
To understand individual needs;
For the development, enhancement, and delivery of MSC programs, products and services;
To administer contests and events;
To manage and develop MSC's business and operations, including personnel and employment matters; and
To meet legal and regulatory requirements.
(b) Unless required by law, MSC shall not use or disclose for any new purpose, personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the individual.
III). OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION
​
The knowledge and consent of an individual is required for the collection, use, or disclosure of personal information, except under circumstances in which the MSC is obligated to comply with legal requirements. The individual's consent for the collection, use or disclosure of personal information shall be valid for the duration of the individual's active record or until the individual rescinds their consent.
IV). LIMITING COLLECTION
MSC limits the information it collects to what is needed for specific purposes identified by the association at the time the personal information is collected.
(a) This personal information may be collected when a person:
subscribes to or is involved with MSC programs, products, e-communications products or services.
makes inquiries by telephone, signs a contract, registers or provides information by email or through the Internet or registers online; and/or visits the MSC website.
V). LIMITING USE, DISCLOSURE AND RETENTION
​
MSC will limit the use and disclosure of the personal information it has collected to the purpose(s) for which it was collected, unless the individual otherwise consents or the use or disclosure is authorized by law.
Where possible, MSC will use contracts, confidentiality statements, or other agreements to ensure the protection of personal information that has been collected by MSC and that is transferred to a third party for use, including but not limited to:
(a) The personal information transferred to a third party will be limited to what is needed by and for the purposes necessary for the third party to fulfil the contract or agreement.
(b) The third party will be required to refer to MSC any requests for access to or complaints about the information provided.
(c) When the personal information is no longer required by the third party, the third party will be required to either return the information to MSC or dispose of it in a manner acceptable to MSC.
(c) Personal information collected by or on behalf of MSC will be retained only as long as necessary to satisfy the purpose(s) for which it was collected. Any personal information collected by or on behalf of MSC that is no longer required for an identified purpose or a legal requirement will be destroyed, erased or rendered anonymous in a manner that will prevent improper access.
​
VI). ACCURACY OF PERSONAL INFORMATION
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. MSC shall update personal information about individuals as and when necessary to fulfill the identified purposes or upon notification by the individual.
MSC will make efforts to keep the personal information collected as accurate, complete and up-todate as is necessary, taking into account the purpose(s) for which the information is collected and to fulfill the identified purposes or upon notification by the individual.
VII). SAFEGUARDS
​
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information
MSC will make efforts to protect the personal information collected with appropriate safeguards and security measures: (a) Information may only be accessed by approved officials or employees, or by other persons designated as such by AO, and only to the extent necessary for the identified purpose(s).
(b) Personal information will only be disclosed to a third party when:
i. reasonable steps are taken to identify the individual requesting the personal information;
ii. the individual requesting the information is able to establish his/her right to access the personal information requested; and
iii. the proposed use of the personal information requested is consistent with the consent given with respect to the collection, use and/or disclosure of the personal information.
(c) Personal information may only be stored, modified or deleted by the Chief Executive Officer or his/her delegate as set out herein.
(d) Endeavour to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate storage security measures. MSC shall protect the information regardless of the format in which it is held.
(f) Protect personal information it discloses to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
(g) As a condition of employment or engagement in activities with the MSC, require all persons with access to personal information to contractually respect the confidentiality of personal information as outlined in this policy.
(h) Physical safeguards include restricted physical access to MSC offices and secure storage facilities.
(i) Technological safeguards include restricted file access, computer passwords, firewalls, and file encryption procedures.
VIII). OPENNESS
​
(a) MSC shall make readily available to individuals specific information about its policies and practices relating to the management of personal information. Any requests or enquiries about this policy can be directed to the Executive Director.
​
IX). INDIVIDUAL ACCESS
​
(a) Any individual that has provided personal information to MSC shall have access to that personal information collected, used or disclosed by or on behalf of MSC. An individual may review, amend or update the personal information collected about him/her.
(b) In certain situations, MSC may not be able to provide access to all of the personal information it holds about an individual. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, information that is subject to solicitor-client or litigation privilege, or, in certain circumstances, information of a medical nature. MSC shall provide the reasons for denying access upon request.
(c) MSC will make every effort to provide access of any individual to his/her personal information at minimal or no cost. If a cost is anticipated to provide the information requested, MSC will advise of the cost prior to disclosing the information.
​
X). CHALLENGING COMPLIANCE
(a) An individual shall be able to address a challenge concerning compliance with this policy to the Executive Director or her/his delegate.
(b) MSC will investigate and respond to all concerns about any aspect of the collection, use and disclosure of personal information, in a timely manner. The Executive Director may seek external advice where appropriate before providing a final response to individual complaints. Where necessary, an individual will be advised of available avenues of complaint, including the Office of the Privacy Commissioner of Canada.
(c) A complaint may only be investigated if there is sufficient evidence to prove that procedures, as laid out in this policy, were not followed. If a complaint is justified, MSC shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures.
(d) MSC will take appropriate measures to correct any inaccurate personal information that is identified or to modify policies or procedures where necessary.