Privacy Policy
1. Privacy Policy
Protecting business / client privacy and the confidentiality of their information -- over the Internet, on the telephone, or through the Association office – is fundamental to the way the Association does business. The Association operates on the basis of a Privacy Policy and related procedures that guide the handling of the personal information collected. This privacy statement demonstrates the organization's commitment to protecting the privacy of BRZ ratepayers, partners and potential Web site visitors. This policy and related procedures are consistent with the Canadian Standards Association Model Code for the Protection of Personal Information (herein “CSA Model Code”) and applicable privacy legislation.
1.1 Privacy Statement
This policy deals only with personal information handled by the Downtown Business Association. Personal information is information about an identifiable individual, excluding business contact information. The following explains how the Association handles personal information. The Association reserves the right to change this policy and it may be updated periodically. These changes may affect our use of business' information. Accordingly, businesses are advised to check for changes regularly.
1.2 Accountability
The Downtown Business Association is accountable for all personal information under its control. The Association's privacy officer is the Program Assistant who is designated as responsible for the Association’s privacy policy.
Any questions about the Association’s handling of personal information should be directed to the privacy officer.
1.3 Purpose of Personal Information
The purpose for which the Downtown Business Association collects personal information will be identified at or before the time the information is collected. The Association may collect personal information for the purposes of:
- Administering and providing services;
- Publishing a Business Directory on line or in print;
- Registering for Downtown Business Association events;
- Purchasing various Association products or services including document certification;
- Processing and administering the above or other purposes as necessary;
- Confirming that an organization or individual is a BRZ ratepayer;
- Complying with any statutory requirements;
- Recommending a business as a provider of a product/service; and
- Where business information is requested, in special circumstances, to offer a potential benefit to downtown businesses and where there is no other cost-effective means of obtaining the benefit.
The Downtown Business Association will not use personal information for any other purpose than identified at or before the time of collection.
1.4 Consent
The Downtown Business Association seeks consent for all personal information it collects, uses and discloses through information provided to individuals prior to collection, or at the time of collection.
If an individual voluntarily provides information, it has consented to the collection, use and disclosure of personally identifiable information as described in this privacy policy. As required by the CSA Model Code, the Downtown Business Association will not use personal information for any purpose other than that for which the individual has consented. Should the Association require personal information for a new purpose, it will contact the individual to seek consent for that new use.
1.5 Limits for Collecting, Using, Disclosing and Keeping Personal Information
The Downtown Business Association does not collect, use or disclose personal information of individuals except when individuals give consent and provide the information on a voluntary basis.
There may be occasions where more specific personal information is necessary for it to proceed with a request for information, or provide individuals with a product or service. In such cases, it will provide the business with a description of the information it needs. In all cases, the Association limits the amount and type of information collected to only the personal information that is required to provide the individual with the requested information, product, or service. The Association collects only information that is voluntarily provided by and undertakes that such information will be kept strictly confidential.
The Association retains personal information only as long as is necessary to provide the individual with the requested product, service or information and delete or destroy this information after that time. For example: if personal information is given to enable an individual to register for an event, the personal information will only be used for this event and will then be deleted or destroyed. In some cases, however, legal reporting and retention requirements necessitate that the Downtown Business Association retain information for a specific amount of time.
The Downtown Business Association does not sell or trade any personal information with third parties. The Association may transfer information to service providers where information processing is outsourced by the Downtown Business Association in the course of its administrative procedures or services to businesses in specific cases. Where personal information is transferred to a service provider for processing, we require the service provider to respect this Privacy Policy and we restrict them from using or disclosing personal information transferred to them for any purpose other than the provision of services to us.
Any personal information that the Association retains is kept in such a manner as to ensure its security and confidentiality at all times.
1.6 Safeguarding Personal Information
The Downtown Business Association respects the privacy of BRZ ratepayers, partners, potential website visitors and Internet users and will protect that privacy as vigorously as possible. It stores personal information in electronic and physical files that are secure. Its security measures include secure locks on filing cabinets, and using industry standard techniques such as firewalls, intrusion detection and restricted access to records and to equipment, including computers. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while the Association strives to protect personal information, it cannot ensure or warrant the security of any information transmit to it or received from it electronically. This is especially true for information transmitted to us via e-mail. The Association has no way of protecting that information until it reaches it. Once the Association receives a transmission, it makes best efforts to ensure its security on its servers.
1.7 Accuracy of and Access to Personal Information Collected
The Downtown Business Association makes every effort to keep personal information as accurate, complete, current and relevant as necessary for the identified purposes. The Association does not routinely update personal information.
The Association makes readily available to individuals its Privacy Policy and related procedures for managing personal information. It provides access to the Privacy Policy and related procedures to individuals on the Downtown Business Association’s Web site and in written form on request. Any questions about the handling of personal information by the Association can be raised with our privacy officer.
At the written request of an individual, he or she may view or edit their personal information as collected by the Association. The Downtown Business Association will inform them of what personal information it has about the individual, what it is being used for and, in cases where it has been disclosed, to whom it has been disclosed. There may be exceptional circumstances as provided by the CSA Model Code under which the Downtown Business Association may not be able to give an individual access to the personal information about her or him held by the Association. In this case the Association will explain the reason for this lack of access, as provided by the CSA Model Code.
To make a request, send a letter, email or fax addressed to our privacy officer at the Association address. The request must include the following information:
Name, contact details, the nature of the request, including whether the individual wishes to view and/or edit information or inquire regarding use and/or disclosure.
The Downtown Business Association will reply to the request in no later than thirty days after receipt of the request, or if it is not able to respond within this time period, it will send a notice of extension. If it is not able to disclose all the personal information it holds, it will give a reason for its inability to do so, unless prohibited by law.
1.8 Questions
Any questions or comments about the Downtown Business Association’s handling of personal information should be directed to our privacy officer.
