Protecting the privacy and confidentiality of personal information is an important aspect of the way Ortona Gymnastics Club (“OGC”) conducts its business. Collecting, using, and disclosing personal information in an appropriate, responsible, and ethical manner is fundamental to OGC’s daily operations. OGC strives to protect and respect personal information of its customers, employees, business partners, and so on, in accordance with Alberta’s Personal Information Protection Act ("PIPA"), and other applicable laws. Each staff member of OGC must abide by this organization’s procedures and practices when handling personal information.
Personal information is defined as including any identifying information about an individual or group of individuals, including name, date of birth, address, phone number, e-mail address, marital or family status, social insurance/security number, identifying number, employee file, nationality, gender, health history, financial data, credit card numbers, bank account numbers, assets, debts, liabilities, payment records, opinions, and personal views ("Personal Information").
OCG advises that Personal Information will be collected for the purposes of establishing an employment/volunteer relationship and consent is deemed through the employment/volunteer relationship. Withdrawal or Variation of Consent If any individual wishes to withdraw or vary his/her consent respecting the collection, use, or disclosure of his/her Personal Information, please notify of this in writing to the OGC Privacy Officer. At that point, OGC will note the request and discuss with the individual options going forward.
Where Consent Not Needed
OGC may collect, use, or disclose Personal Information without an individual’s consent under particular circumstances. These situations include, but are not limited to:
- a reasonable person would consider that the information being collected, used or disclosed is clearly in his/her interest and consent cannot be obtained in a timely way or it would not be reasonably expected that consent would be withheld;
- OGC is under obligation by law to collect, use, or disclose Personal Information in order to adhere to the requirements of an investigation of the contravention of a regional or federal law, under the purview of the appropriate authorities.
- the Personal Information collected, used or disclosed is reasonable for the purposes of an investigation or legal proceeding (i.e. pertaining to a breach of contract);
- an emergency exists that threatens an individual’s life, health, or personal security;
- the Personal Information is for in-house statistical study or research; and
- the Personal Information is already publicly available or from a public body authorized to disclose the information.
Personal Information Purposes
OGC collects and uses Personal Information solely for the purpose of conducting business and developing an understanding of its customers. Personal Information may be collected from a prospective member, member, athlete, participant, employee, coach, referee, manager, fan and volunteer (“Individual”) and used by OGC representatives for purposes that include, but are not limited to, the following:
- Name, address, postal code, phone number, cell phone number, first language, date of birth, fax number and e-mail address for the purpose of providing insurance coverage, managing insurance claims and obtaining Alberta Gymnastics Federation membership;
- Employee information including name, address, postal code, phone number, e-mail address, social insurance number, work permit, working visa and banking information for the purpose of processing payroll, source deductions, insurance and health plans;
- Credit card numbers or chequing information for the purpose of processing merchandise orders, registration, travel administration, purchasing equipment and paying competition fees;
- Criminal records check, resume and personal reference for the purpose of implementing OGC’s screening program;
- Personal health information including provincial health card numbers (for minors travelling without a legal guardian or parent), allergies, emergency contact and past medical history for the safety of the athlete and for use in the case of medical emergency;
- Coach information including name, address, telephone number, e-mail, school, year of coaching, experience, qualifications, resume, employment record, NCCP number, reference letters and performance results for employment purposes, media relations and determining level of certification;
- Athlete information including relevant medical history, height, weight, uniform size, birth date, citizenship, shoe size, feedback from coaches and trainers, and performance results for the purpose of athlete registration forms, outfitting uniforms, media relations, monitoring eligibility and various components of athlete and team selection.
- Athlete status information including sport/discipline, training times and venues, training camp dates and locations, travel plans, competition schedule and disabilities, if applicable, for Canadian Centre for Ethics in Sport and inquiries for the purposes of possible applicable drug testing;
- Video footage and photographs at competitions and at OGC for the purpose of technical monitoring, coach/club review, officials training, educational purposes, sport promotion, media publications and posting on OGC’s website, displays or posters;
- Marketing information including attitudinal and demographic data on individual members to determine membership demographic structure, and program wants and needs; and
- Passport numbers and frequent flyer number for travel purposes.
Policy Statements and Measures
- OGC obtains Personal Information directly from the Individual to which the information belongs. Individuals are entitled to know how OGC uses Personal Information and this organization will limit the use of any Personal Information collected only to what is needed for those stated purposes. OGC will obtain consent if Personal Information is to be used for any other purpose, other than in situations where consent is not required as permitted by legislation.
- OGC will retain Personal Information only for the duration it is needed for conducting business. Once Personal Information is no longer required, it will be destroyed in a safe and secure manner. However, some laws may require that certain Personal Information be kept for a specified amount of time, which will govern. For more information, please refer to the OGC Records Retention Policy and Procedure.
- OGC vows to protect Personal Information with the appropriate security measures, physical safeguards, and electronic precautions. OGC maintains Personal Information through a combination of paper and electronic files. Where required by law or disaster recovery/business continuity policies, older records may be stored in a secure location. For more information, please refer to the OGC Records Retention Policy and Procedure, but some safety measures include that:
- Access to Personal Information will be authorized only for the employees and other agents of OGC who require the information to perform their job duties, and to those otherwise authorized by law;
- OGC’s computer and network systems are secured by passwords. Only authorized employees may access secure systems and databases;
- Active files are kept in locked filing cabinets;
- Routers and servers connected to the Internet are protected by a firewall, and are further protected by virus attacks or “snooping” by sufficient software solutions; and
- Personal Information is not transferred to volunteers, summer students, interns, or other non-paid staff by e-mail or any other electronic format.
- Personal Information that can identify any individual person (“personally identifiable information”) that is collected from the Website or through affiliate sites;
- Information about the organization collecting the data;
- How the data will be used;
- With whom the data may or may not be disclosed;
- What options are available to the individual regarding the collection, use, and disclosure of Personal Information;
- The information technology security procedures in place that protect against the destruction, loss, theft, alteration, or misuse of Personal Information under OGC possession and control;
- How the Individual may access and correct any inaccuracies in his/her Personal Information;
- OGC does not collect any personally identifiable information from any individual known to be under the age of 13;
- OGC may share compiled demographic information with its business partners and/or advertisers, but no personally identifiable information shall be disclosed;
- OGC Website may contain links to other sites, but OGC is not responsible for the privacy practices of other organizations’ sites;
- While IP addresses will be logged in order to administer the site, track visitor movement, and gather demographic information, these IP addresses will not be linked to any personally identifiable information;
- Any registration or order form asking site visitors to enter personal or financial information will be protected by SSL encryption; and
- Site visitors are given the choice to opt out of having their Personal Information used at the point where the information is gathered.
7. OGC will make efforts to ensure the accuracy of the Personal Information recorded/collected. However, OGC relies on Individuals to notify OGC in writing if there is a change to their Personal Information.
8. In most instances, OGC will grant Individuals access to their Personal Information upon presentation of a written request and satisfactory identification to the Privacy Officer. Should the OGC deny an Individual’s request for access to his/her Personal Information (i.e. where the information cannot be severed and is protected by legal privilege, the information was collected for an investigation or legal proceeding, where the information could reasonably be expected to threaten the life or security of another individual, or if it would reveal the identity of an Individual who has provided an opinion in confidence and that Individual does not consent to its disclosure), OGC will advise in writing of the reason for such a refusal. The Individual may then challenge the decision through an internal review/grievance process and if still unresolved it may be brought to the attention of the Office of the Information and Privacy Commissioner for Alberta, if necessary.
9. If an Individual finds errors of fact with his/her Personal Information, the OGC should be notified in writing as soon as possible of the request to make the correction(s). OGC will correct, where appropriate, the information as soon as reasonably possible, and if the organization has disclosed the incorrect information to other organizations, the OGC will send a notification containing the corrected information to each organization to which the incorrect information has been disclosed, if it is reasonable to do so. If, despite the request for a correction, OCG decides that no factual error or omission exists, the request will be documented nonetheless.
10. OGC will respond to an Individual seeking to access or correct Personal Information within 45 days from the day that the OGC has received the written request. In certain situations, this time period can be extended by up to 30 days (or longer with the permission of the Information and Privacy Commissioner of Alberta) and the Individual will be notified of the extension and the reason(s) for such.
12. In the case of a privacy breach (where there is an unauthorized access to, collection, use, disclosure, retention or destruction of Personal Information) OGC will respond as quickly as possible upon notice. OGC will first use its best efforts to stop the privacy breach from continuing. The Privacy Officer will then conduct an investigation to determine the source and make recommendation(s). The Individual whose Personal Information has been affected, will be contacted and it will also be reported to the Office of the Information and Privacy Commissioner of Alberta. Police may be notified if there is a possible criminal infraction such as theft. Other bodies that may be notified include insurers, professional or other regulatory bodies involved, and credit card companies and/or credit reporting agencies.