Updated: 2021.07.09
British Columbia’s Personal Information Protection Act (PIPA) sets rules for how organizations collect, use and disclose personal information. Personal information is defined as any information that can be used to identify someone – either by itself or in combination with other information.
The BC Freedom of Information and Privacy Association (FIPA/we/us/our) is committed to being accountable for complying with PIPA and protecting the personal information we collect from individuals under appropriate and reasonable business purposes.
Consent
As a function of our website, IP addresses are collected automatically.
In all other instances, at or before the point of personal information collection, we will communicate our business purpose for the collection and how the information will be used and disclosed. With an understanding of what we will do with the information you provide to us, you can orally, in writing or electronically provide express, implied or “opt-in” consent.
Collection
For business purposes, we collect:
- Staff and contractor information for hiring and contract management;
- Volunteer information for engagement and support;
- Contact information for responding to emails and phone calls;
- Subscriber information to sign up subscribers;
- Member information to set up and facilitate membership; and
- Donor information to process and track donations.
Types of personal information we collect:
We only collect the minimum amount of personal information required for business purposes. Examples include:
- Staff and contractors: for payment and applicable staff benefits
- Emails sent to FIPA: Name, email address
- Phone messages: Name, phone number
- Subscribers: First name, last name, email address, province and topics of interest
- Membership: First name, last name, company name (optional), street address, city, province, postal code, phone, email address, account password and credit card information (number, expiry and card security code).
- Donations: Same information as membership, with the exception of an account password.
- Internet Protocol (IP) addresses: Web servers automatically collect user IP address for performance and safety reasons.
Additional personal information you may provide to us:
If you are seeking information, advice or to lodge an FOI or privacy complaint, FIPA may need additional personal information from you to support your request. In these situations, we will ask you for the minimum amount of information needed, secure it within our systems and only disclose it with your consent.
Use and Disclosure
How we limit use and disclosure
FIPA only collects personal information for identified purposes of collection and does not rent, sell or trade any personal information collected from you with any third parties without your consent.
If we are required by law or authorized by PIPA to disclose the information that you have submitted, we will attempt to provide you with notice (unless we are prohibited) that a request for your information has been made, in order to give you an opportunity to object to the disclosure.
How we protect and store personal information
FIPA uses a combination of administrative, physical and technical safeguards to reduce the risk of loss, misuse, unauthorized access, disclosure and alteration of your personal information.
All documents and information are retained as part of our Records Classification and Retention Schedule. As part of onboarding, staff are trained on privacy policies, practices and breach protocols. Passwords are used on devices and software for access. Our member and donor database is encrypted and hosted on secure servers that are managed by a third party service provider.
We work to ensure all personal information is processed and stored in Canada.
Retention
All documents and information are retained as part of our Records Classification and Retention Schedule. Membership and one-time donor information is retained in compliance with Canadian Revenue Agency and BC Societies Act requirements.
PIPA requires us to retain personal information used to make a decision about individuals for at least one year, after it is no longer necessary to fulfill the collected purpose or any other legal or business purposes. After the appropriate time periods have passed, FIPA securely destroys personal information.
Your privacy rights and how we support them
By submitting a written request to our privacy officer, you can:
- withdraw consent with reasonable notice;
- access the personal information that we hold about you;
- update your personal information for accuracy and completeness; and,
- ask us to process your personal information using an alternative method.
Please note that we require proof of identity to fulfill privacy rights requests and that consent cannot be withdrawn retroactively.
Third-party service providers
For the fulfillment of business purposes, we use a number of third-party service providers. If personal information is disclosed to these third parties, FIPA ensure that appropriate security undertakings, such as confidentiality clauses in contractual agreements, are employed to protect the transfer and use of personal information.
Our current third-party providers:
- Operations and Management
- Financial Transactions: Moneris
- Office Suite: Microsoft
- Website Email
- Web Hosting: OVH Canada
- CRM: Sumac, CyberImpact
- Analytics: Matomo
- Authentication: hcaptcha
- Online Platforms and Social Media:
- Vimeo (with BC Courthouse Libraries) – https://vimeo.com/courthouselibrary
- To gain an understanding of the trackers used on our site or any other site you can use Black light at themarkup.org. Our site can be reviewed by following this link.
Our website, website links and cookies
Our website collects non-personally identifying information, browser type, referring site, time zone preferences and the date and time of each visitor request. This is to better understand how FIPA’s visitors use our website, to make sure it is functioning optimally and to improve the user experience.
Our website collects personal-identifying information with Internet Protocol (IP) addresses. This information is collected to recognize, identify, and stop outside attacks on the site, and it helps the site monitors its server resources and the usage of those resources to improve user experience and user interface. Your IP address is collected as soon as your browser opens https://fipa.bc.ca.
FIPA uses Hcaptcha, which implements cookies to authenticate human interactions to facilitate member, donor, and newsletter sign-up, as well as e-commerce. Throughout our website, we provide links to a wide variety of third-party websites, which use their own cookies to collect user information when you are on their websites. This includes interactive links to sites, like Twitter.
Cookies are small files that websites send to your device to store information about you, within your own internet browser. They typically contain information about your browsing activity and personalize your experience for authentication and certification purposes.
FIPA is not responsible for, and does not have any control over, the privacy practices or the content of third parties. We encourage users to read the privacy policies of any website visited.
Questions & Complaints
A third party view.
To gain an understanding of the trackers used on our site or any other site you can use Black light at themarkup.org our site can be reviewed by following this link.
How you can contact FIPA about privacy
If you wish to make a privacy rights request, have questions or concerns regarding this Privacy Statement, or would like to make a privacy complaint, you can:
- Call: 604-739-9788
- Email: privacy at fipa . bc . ca
- Write to:
- FIPA Privacy Officer,
- PO Box 8308 Victoria Main
- Victoria B.C. V8W 3R9
Not satisfied with our response and wish to challenge our compliance?
Under PIPA, within 30 days of receiving your privacy request, question, concern or complaint, we are obligated to respond.
If you haven’t heard back from us during this timeframe or you are unsatisfied with our response within 30 days of receiving it, you may contact the Office of the Information & Privacy Commissioner (OIPC) for British Columbia to make a complaint.
Information on the OIPC complaint process can be found here.
You can contact them here or mail them.
- Write to:
- Office of the Information and Privacy Commissioner for British Columbia
- PO Box 9038 Stn. Prov. Govt.
- Victoria B.C. V8W 9A4