Small Church Connections
Privacy Policy
In order to safeguard the personal information entrusted to Small Church Connections
(“SCC”), SCC will comply with:
• The Personal Protection and Electronic Documents Act (PIPEDA)
• Any other applicable legislation
Small Church Connections is committed to maintaining the accuracy, confidentiality
and security of all personal information in its possession. SCC, its Board members,
officers, employees and volunteers are required to comply with this policy. As part of
this commitment SCC has adopted the following ten principles, based on the values
set out by the Personal Information Protection and Electronic Documents Act.

  1. Accountability
    SCC has appointed the Director of Small Church Connections as the Privacy Officer
    responsible for the organization’s compliance with this policy. Each SCC department is
    responsible for maintaining and protecting the personal information under its control
    and is accountable for such information to the privacy officer.
  2. Identifying purposes
    SCC will identify the purposes for which personal information is collected at or before
    the information is collected.
    The officer shall endeavour to make the purposes clear and understandable for the
    person providing the information.
    The officer will ensure that the information collected will not be used for any other
    purpose unless the new purpose is required by law.
    The officer shall ensure that limited collection, limited use, disclosure and retention
    principles are respected in identifying why personal information is collected.
  3. Consent
    Use of SCC products or services, enrolment as a volunteer, attendance at a SCC event
    constitutes consent for SCC to collect and use information. An individual may withdraw
    consent at any time subject to legal or contractual restrictions and reasonable notice.
    The choice to provide information is always the individual’s.
    Consent can be expressed in writing, by using or not using a check-off box,
    electronically, orally (in person of by telephone) or by the conduct of the parties.
  4. Limiting Collection
    The personal information SCC collects will only be used or disclosed for the purpose
    for which it was collected or as required by law.
  5. Limiting Use, Disclosure and Retention
    The officer shall ensure that personal information shall not be used or disclosed for
    purposes other than those for which it was collected, except with the consent of the
    individual or as required by law.
    Personal information shall be kept only as long as necessary for the fulfillment of the
    purposed for which it was collected.
  6. Accuracy
    SCC will keep personal information as accurate, complete and up-to-date as
    necessary for the purposes for which it is to be used. From time to time, SCC may
    contact the individual to ensure that the information which it has collected is or remains
    accurate and up-to-date.
  7. Safeguards
    SCC shall ensure that there are proper security safeguards to protect personal
    information against loss or theft as well as unauthorized access, disclosure, copying,
    use or modification. Safeguards include physical, administrative and electronic security
    measures. All employees are required to abide by the privacy standards we have
    established. In the course of daily operations access to personal information is
    restricted to those employees whose job responsibilities require them to access it.
  8. Openness
    Information about SCC’s policies and practices relating to the management of personal
    information is readily available to individuals upon request to the Chief Privacy Officer.
  9. Individual Access
    Upon written request from an individual, SCC will provide access to the individual for
    the purpose of reviewing that individual’s personal information. In certain situations,
    SCC may refuse to disclose personal information to the individual to whom the
    personal information relates:
    • where required by law, certain personal information may not be disclosed
    • where the information contains personal information about another person
    • where the information was gathered in the course of a formal dispute resolution
    process
    • where the information is subject to solicitor-client privilege
    If access cannot be provided SCC will notify the individual, in writing, of the reasons for
    refusal.
  10. Challenging Compliance
    Where it is suspected or evident that an unauthorized disclosure of personal
    information, a privacy breach, has occurred, the individual or individuals who are aware
    of the potential privacy breach shall immediately notify the Privacy Officer who will
    immediately investigate the concern.
    If the complaint is found to be justified, the Officer shall take appropriate measures,
    including, if necessary, emending this policy and general policies and procedures to
    personal information entrusted to SCC.