Personal information is recorded information about an identifiable individual and does not include work contact information and work product information. Personal information includes things such as an individual's name, home address, email address, phone number etc.
Employee personal information is information that is collected, used or disclosed solely for the purposes reasonably required to establish, maintain, manage or terminate an employment relationship between an employee (including a volunteer) and an organization. This may include information such as name, home address, educational history and employment history. This does not include contact information or work product information (see below).
Work Contact information means information that allows an individual to be contacted at work. It includes the name, position name or title, business telephone number, business address, business e-mail and business fax number for the individual.
Work product information is information that is prepared or collected by an employee as part of that individual’s work responsibilities but does not include information about an individual who did not prepare or collect the information.
Collection & Use
GFCC is responsible for carrying out its purposes as stated in its constitution and collects personal information to aid in this:
Preach, teach, promote disseminate and advance the gospel of Jesus Christ both in Chilliwack and abroad and thus fulfill the command of our Lord that His gospel be preached in all the world as a witness for all nations; Gather for the purposes of exalting our God, extending His kingdom, encouragement, evangelism, and to edify and equip one another in the faith; Organize and provide religious instruction in the local Church; Perform pastoral and missionary work in the local Church; Commit together to live by Biblical teaching under the Lordship of Jesus Christ; Proclaim the gospel of Jesus Christ through preaching, teaching, personal witness and missions outreach in our community of Chilliwack and in our World; Maintain worship, fellowship, prayer, the study of Scripture, and the fulfillment of the great commission as outlined in Matthew 28:18-20.
We collect the following information from an individual for the following purposes:
- Name, email address and phone number to correspond with them regarding church activities and publish ministry details (specify event coordinators, ministry leaders etc.)
- Home address for internal church networking (church directory etc.) and application forms (Children’s Ministry volunteer, church membership etc.)
- Birth date for enrollment in specific ministry programs (children’s birthday card ministry, church directory etc.)
Limits on Collection, Use, & Disclosure
GFCC will only collect, use or disclose personal information that is necessary to fulfill the purposes identified in this policy unless we have received further consent from an individual. GFCC will only collect, use or disclose personal information in accordance with PIPA. GFCC will disclose personal information where authorized by PIPA or required by law - examples of a legal requirement to disclose include a court order, subpoena or search warrant. GFCC will not sell or rent personal information to anyone outside itself unless those individuals have given consent in accordance with PIPA.
How GFCC Obtains Consent to Collect, Use, & Disclose Personal Information
GFCC obtains consent (implied or verbal) to collect, use or disclose personal information. Individuals may refuse to give their personal information and may withdraw their consent later. Individuals may withdraw their consent at any time by giving GFCC reasonable notice but not where doing so would frustrate performance of a legal obligation (such as a contract between the individual and GFCC). When individuals tell GFCC they are withdrawing consent, PIPA requires GFCC to tell them of the likely consequences of withdrawing consent (such as us being unable to provide them with services that require their personal information). In the case of employee personal information, PIPA allows GFCC to collect, use or disclose employee personal information without consent if it is reasonable for the purposes of establishing, managing or terminating an employment relationship between GFCC and the individual.
GFCC is affiliated with various ministry organizations and may share information as deemed necessary e.g. share a membership roster with Grace Advance for shepherding purposes, share youth camp attendees’ names for a joint youth camp with Church on 99 etc.). GFCC will only disclose personal information if consent is obtained and it is clear and obvious what the individual is consenting to. An Example of obtaining consent would be sending a church-wide email specifying affiliate organizations and detailing that personal information will be shared and why.
How Long GFCC Retain Personal Information
GFCC keeps personal information used to make a decision that directly affects individuals for at least one year after they make that decision. (PIPA requires this.) Subject to the above one-year retention requirement, GFCC will only retain personal information for as long as necessary to fulfil the identified purposes or as long as required for legal or business purposes. Personal Information for previous attendees of GFCC (individuals who were attending but have decided to no longer attend) will be kept for one year.
GFCC destroys hard copies of personal information by shredding original and copied documents and digital copies by permanently deleting data and files.
How GFCC Keeps Personal Information Secure
Personal information under GFCC’s custody or control is kept secure. GFCC has security arrangements to prevent against risks such as unauthorized access, collection, use, disclosure, copying, modification or disposal of personal information. These security arrangements include locked doors, password protected and encrypted devices and properly trained employees and volunteers to handle personal information in compliance with this policy. For more information, please reference the following links on best practice for securing mobile devices (https://www.oipc.bc.ca/guidance-documents/1994) and proper security protocols in the office (https://www.oipc.bc.ca/guidance-documents/1439).
All breaches (or suspected breaches) of personal information must be reported to the affected individuals, to the privacy officer of GFCC, and, if serious, to the Office of the Information and Privacy Commissioner (OIPC).
How GFCC Ensures Personal Information is Accurate
GFCC is committed to ensuring that the personal information is accurate and will make reasonable efforts to ensure that the personal information it collects, uses or discloses is accurate and complete. Individuals may write to ask GFCC to correct any errors or omissions in their personal information that is under its control. If GFCC is satisfied that an individual’s request for correction is reasonable, they will correct the personal information as soon as reasonably possible. GFCC will, as soon as reasonably possible, also send an individual’s corrected personal information to each organization it was disclosed to during the year before GFCC corrected it. GFCC annotates any requested corrections to an individual’s personal information that remains uncorrected.
How GFCC Provide Individuals Access to Their Personal Information
Individuals can and have the right to gain access to their personal information under GFCC’s custody or control. GFCC may require individuals to prove their identity before giving them access to their personal information. GFCC will give individuals their personal information under their control, information about the ways in which their information is or has been used, and the names of the individuals and organizations to which their personal information has been disclosed. GFCC will provide requested personal information within 30 business days after it is requested, or it will give written notice if they need more time to respond. In some cases, GFCC may not give an individual access to certain personal information where authorized or required by PIPA to refuse access. If GFCC refuses an access request, they will tell the applicant in writing, stating the reasons for refusal and outlining further steps that are available to the applicant (including any internal review by GFCC and the right to ask the OIPC for British Columbia to review the decision).
Questions and Complaints
The Privacy Officer is responsible for ensuring GFCC’s compliance with this policy and the Personal Information Protection Act. Individuals should direct any complaints, concerns or questions regarding GFCC’s compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the individual may also write to the Information and Privacy Commissioner of British Columbia. Contact information for GFCC’s Privacy Officer: