As a Canadian organization, the Clean Resource Innovation Network (CRIN) may be subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.
PIPEDA sets out 10 principles that every private-sector organization in Canada must adhere to when collecting, using, or disclosing personal information in the course of direct or indirect commercial activities.
Not-for-profit organizations such as CRIN are usually not subject to PIPEDA because we do not typically engage in commercial activities. However, not-for-profit organizations are not automatically exempt from PIPEDA.
PIPEDA applies when selling, bartering or leasing a membership list or a list of donors.
CRIN may conduct the following activities which are not considered commercial and are not subject to PIPEDA:
- collecting membership fees
- organizing club (member) activities
- compiling a list of Members' names and addresses
- mailing out newsletters
PIPEDA defines personal information as information about an identifiable individual, including:
- Opinions, evaluations, comments
What is not covered by PIPEDA:
- Business contact information such as name, title, business address, email or phone number that is collected, used or disclosed solely for the purpose of communicating with that person in relation to their employment or profession
1.1 Commitment to Privacy
CRIN recognizes the importance of privacy and is committed to maintaining the accuracy, confidentiality, and security of the personal information that it collects about its members, (as “members” are defined by CRIN By-Laws (within referred to as “Member” or “Members”)), subscribers, authors, event and conference attendees, suppliers, clients, and other contacts, as outlined in this policy statement.
This Policy applies to all members of the CRIN community: CRIN members, staff, volunteers, directors and any other individuals who may, by virtue of their relationship with CRIN, have or be given access to Personal and / or Confidential Information.
In this Policy, “CRIN”, “we”, “our” refers to CRIN staff and all persons who volunteer or provide services to CRIN. “You” refers to a Member, individual or business that visit the CRIN website or subscribes to receive CRIN publications.
New sections, examples and guiding principles may be added to this Policy from time to time to ensure continued relevance and usefulness.
1.3 Review, Approval and Implementation
The responsibility for this Policy shall be as follows:
- CRIN Administrative Coordinator shall be responsible for implementation, maintenance and compliance,
- CRIN board of directors will be responsible for annual review and approval of any Policy revisions.
This Policy shall be reviewed and updated annually, including a privacy impact assessment and threat analysis of CRIN’s personal information handling practices, including ongoing activities, new initiatives, and new technologies.
2. Collection and Use of Personal Information
This Policy is related to the collection, use and protection of personal information, and shall be published to the CRIN website.
This Policy and related procedures are intended to be compliant with the 10 fair information principles set out by PIPEDA:
- Identifying purposes
- Limiting collection
- Limiting use, disclosure, and retention
- Individual access
- Challenging compliance
Information that is collected, used or disclosed by CRIN will be handled in a manner that recognizes both the right of the individual or business to have their information protected and the need of CRIN to collect, use and disclose information for purposes that are reasonable.
- We will not distribute or sell personal or business information to anyone.
- We explain from time to time how we use personal or business information, and that we will not use it for any other/unstated purpose.
- We limit how much personal or business information we collect, use, communicate and store to what is necessary only for our purposes.
2.1 Information we collect
|Information Category||Types of information we may collect||How we use it|
|Identity information||Name of individual or business||
|Contact information||Position or title, phone number, address and email address||
|Financial and commercial information||Your business revenue and industry (publicly available information only)||
|Interactions and preferences||Analytics related to your activity on the CRIN website, the newsletter and social media; Attendance at CRIN events; interaction with CRIN Members on social or online platforms||
2.2 We collect personal or business information
We collect personal or business information only when you provide it to us directly, that is,
- When you subscribe to one of CRIN’s email publications
- When you sign up as a CRIN member
- When you fill in an online form or submit a request
2.3 Why we collect and use your personal or business information
We collect your personal or business information if it relates directly to CRIN operating programs or activities and for the following purposes:
- To identify you or your business
- To communicate with you or answer inquiries
- To inform you of news, events and opportunities you may be interested in such as volunteering or program development support
- To allow Members to contact each other in the development of the CRIN network, in support of the CRIN vision, and in the spirit of the Social Contract signed by each Member as a condition of membership in CRIN. The availability of contact information for Members expressly excludes the use of this information by Members for any form of mass outreach or any form of solicitation of goods or services to fellow Members. Exceptions to this may be permitted but only after discussion with and written pre-approval from CRIN to ensure any such outreach is aligned to the purpose, values and beliefs of CRIN and CRIN membership.
CRIN operates in compliance with Canada’s anti-spam legislation (CASL) and will only send electronic communications and promotional emails if You have specifically agreed to receive them. For example, if You have subscribed to one of our newsletters.
Whenever You have specifically given your consent, You may revoke your consent at any time.
2.5 How we store your personal information
- Online Member directory containing personal or business contact information that is not covered by PIPEDA or applicable privacy legislation is accessible to Members on the CRIN website through the Member LOGIN.
- Your personal information will be stored within Canada on the Cloud.
2.6 How we keep it secure
CRIN is committed to protecting the security of the personal information that it collects. Security measures such as restricted access to any office files, minimal to no paper files, firewall-restricted access to the electronic database, and the use of two factor authentication and password protocols on computers and access to files have been adopted. These measures are in place to protect personal information against loss or theft, as well as against unauthorized access, copying, disclosure, use or modification. Access to this information is restricted to CRIN Staff who have been trained to respect and protect the privacy of personal information held by CRIN, in accordance with this policy, PIPEDA and all applicable laws.
CRIN will ensure that any of its staff, Members, volunteers or committee members who deal with personal information are properly trained and are aware of the necessary and appropriate measures required to protect personal information.
The purpose of conducting an audit is to measure the effectiveness of the practices in place, ensure compliance, measure gaps in associated policies and process and provide a basis for improvement.
3.1 We may change this policy from time to time.
3.2 What if the policy has changed?
This policy is governed by the laws of the Province of Alberta and Canada. This policy complies with the Personal Information Protection Act (Alberta), the Personal Information Protection and Electronic Documents ACT (Canada) and the Privacy Act (Canada).
3.3 Individual Access
All persons wishing to ascertain what personal information CRIN may have on file about them, to access that information, to receive a copy, to correct or amend it, to know the source, to find out how it may have been used, etc., may contact the CRIN Privacy Officer at firstname.lastname@example.org.
CRIN will not refuse individuals access to their own personal information, except in circumstances permitted by the applicable privacy legislation. If access is refused, CRIN will provide the reason(s) for such refusal. These reasons may include the fact that the information refers to other individuals, that it is subject to legal, commercial, or solicitor-client privilege, or that it bears on a matter before litigation.
To answer any questions about this policy, or its application, please contact the CRIN Privacy Officer at email@example.com.
Last Updated: May 18, 2021.