The Unity Project for the Relief of Homelessness in London is committed to collecting, using, and disclosing the personal information of its donors in accordance with this policy.
Scope of this Policy
Personal Information Protection and Electronic Documents Act (“PIPEDA”)
This Policy sets out the principles that will be observed by Unity Project for Relief of Homelessness in London (hereinafter “Unity Project”) with respect to the collection, use, and disclosure of information about any identifiable individual who is or was a donor or prospective donor. If personal information is made anonymous by removing details so that no individual is identifiable to the user or recipient of that information, this Policy will not apply to that information.
What is Personal Information:
At Unity Project for Relief of Homelessness in London (Unity Project), we define personal information as most types of factual or subjective information that are linked to an identifiable individual. This may include, but is not limited to, name, address, financial, and donation information, age, sex, phone number, etc. In any circumstance wherein we are unable to separate personal and business contact information, both will be treated as personal information unless instructed by the individual to do otherwise.
Our Commitment to the Privacy of Personal Information:
Unity Project believes in the rights of all individuals to have their personal information remain private and confidential. Unity Project holds a strong commitment towards protecting the privacy of personal information of all clients, donors, Board members, staff, and volunteers. The following policy outlines how we collect, use, and protect personal information to ensure that safety is not compromised in any way by the practices observed at Unity Project. Furthermore, we ensure that all personal information is treated as sensitive and held to a high standard of security. Unity Project is also committed to following and honouring the 10 “fair information principles” included in the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private-sector privacy law.
The privacy principles and how they apply to the collection, use, protection, and disclosure of personal information at Unity Project are outlined below:
Principle 1 – Accountability
Only authorized staff or volunteers that have signed confidentiality agreements may handle personal information for its intended use. The confidentiality agreements used at Unity Project are designed to inform one about the importance of personal information and to ensure that personal information is treated with sensitivity and kept confidential.
Unity Project is committed to regularly assess our privacy management program and address any shortcomings to ensure that best practices are being followed.
Principle 2 – Identifying Purposes
The purposes for which personal information is collected will be identified at or before the time the information is collected at Unity Project. We will only use the personal information provided for the purpose of which it has been provided.
For donors, the names, addresses, and information about donations will be used only in the process of fundraising.
If situations arise in which personal information is required for a purpose that has not been identified at or before the time that it was collected, staff will ensure that the necessary steps are taken to contact and inform the individual and receive consent before such information is used.
Principle 3 – Consent
Unity Project requires the knowledge and consent of the individual for the collection, use, or disclosure of their personal information, except where inappropriate. All personal information will only be used for the purpose of which consent has been given. Staff members are required to be trained and informed on the proper methods of obtaining consent for personal information.
Personal information for donors will not be disclosed to other organizations without the expressed consent of the individual. Unity Project does not publish individual names except where express consent is given and relevant to the purpose or nature of a donation or sponsorship.
Furthermore, individuals may withdraw their consent for Unity Project to use their personal information at any time after it has been given. Individuals will be notified of the implications of this prior or at the time of the withdrawal of consent.
Principle 4 – Limiting Collection
The collection of personal information will be limited to that which is necessary for the purposes identified by Unity Project staff. Personal information will not be collected if its purpose has not been identified to the individual and documented on how it will be used in the organization. Information will always be collected by fair and lawful means and treated with the utmost importance and security.
Principle 5 – Limiting Use, Disclosure, and Retention
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes.
Since some of the personal information used at Unity Project may have a direct effect on an individual, any such information will be retained for a reasonable length of time that will allow the individual to access the information.
Once personal information no longer needs to be retained, the information will be marked as anonymous and/or destroyed.
Principle 6 – Accuracy
All personal information used at Unity Project will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Although we will try to keep our personal information as up-to-date as possible, we also encourage individuals to contact us, when necessary, if there is a change in their personal information in order to ensure accuracy at all times.
Principle 7 – Safeguards
Policies and procedures are in place at Unity Project to ensure that security safeguards appropriate to the sensitivity of the information protect personal information.
All physical or electronic information will be protected with varying degrees of security depending on the sensitivity of the information. Furthermore, access to personal information is restricted to authorized staff and volunteers that are involved with the information on a “need to know” basis.
Principle 8 – Openness
Principle 9 – Individual Access
Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Any requests for access to their personal information should be made to the Communications Officer. A response shall be delivered within 30-60 days of the request.
Principle 10 – Challenging Compliance
Any individual wanting to address a challenge concerning compliance with the above principles may direct their concerns to the Development Director, Silvia Langer.
Other relevant policy
Unity Project uses Kindful, a Customer Relationship Management (CRM) system to receive and process donations. Kindful is PCI SAQ-A compliant and holds all account information, lists and data in strict confidence. Unity Project holds your account information, lists, and data in strict confidence. Kindful will only share any information with an outside organization if reporting on or using overall customer base and activity, in which case only general, aggregate (non-personally identifiable) information will be used.
If a Kindful customer is located in Canada, then Kindful stores said customer’s data on its secure Canadian servers.
Kindful enforces HTTPS/TLS connections for all of its web resources, including the administrator portal and donation pages and its cloud-based services are protected by firewalls. Kindful’s integrated payment processors are PCI compliant.