Privacy Policy of the Woodstock Cycling Club (WCC)

As a member of the Woodstock Cycling Club (“Club”) you entrust us with the care of your personal information. We respect that trust and want you to be aware of our responsibilities and accountability to protect your privacy as detailed in this Privacy Policy (or “Policy”). We do this not only as a matter of good practice but also because it is required by federal law.

In this Policy the terms Director, Executive, and Board of Directors (“Board”) have the meaning given in the Club Constitution. Other definitions are as defined in this Policy.

The Club is accountable for its responsibilities under federal statutes

It is important that the Club complies with legislation that affects our operations. In particular, the Club will comply with the federal PIPEDA (PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT). We are also accountable to our membership to ensure compliance with PIPEDA.

The requirements to meet PIPEDA (see for details) are summarized by the following 10 principles:
1. Accountability
2. Identifying purposes
3. Consent
4. Limiting collection
5. Limiting use, disclosure, and retention
6. Accuracy
7. Safeguards
8. Openness
9. Individual access
10. Challenging compliance

The Club’s Board of Directors (“Board”) has appointed the Vice President as the Privacy Officer responsible for our compliance. Our Privacy Officer has our authority to intervene on privacy issues relating to any of our operations or activities. The name and title of the Privacy Officer will be stated prominently wherever the Policy is displayed.

How we use and disclose your personal information

Your personal information is collected on our membership application forms or application forms for participation in Club activities and is collected with members’ written consent or the written consent of the legal guardian if the member is a minor. These forms may be printed or electronic.

On all of these forms we will tell you how we will use and/or disclose your personal information in a privacy statement, and require you to consent to such use and/or disclosure.

The Club will only permit use of your personal information by authorized persons. An authorized person (“Authorized Person”) is a Club member who is a Director, employee or volunteer who is authorized by the Director responsible for the purpose for which the personal information has been collected, or by an authorized employee.

The Club will give your personal information to third parties or individuals other than Authorized Persons only when it is done to fulfill requirements to enable your participation in a Club activity and to meet your stated needs and preferences. Examples include registration for accommodation and meal choices.

If we receive a lawful order the Club may be compelled to disclose your personal information to a third party. In this event the Club will notify you as expediently as practicable.

How we will NOT use your personal information

The Club will not sell or give your personal information to advertisers or mailing lists.

The Club will not collect your personal information by deceptive means or assume implied consent to uses beyond those we explicitly tell you.

The Club will not require you to disclose more personal information than is required for the stated purposes when it is collected.

The Club’s Privacy Policy and its implementation is transparent to the membership

The Privacy Policy is available for inspection on the Club web site. When the Policy is changed by the Board, members will be notified using the Club’s usual communications media, which will as a minimum include notices in the newsletter and the web site.

At every point where the Club asks that you provide personal information you will be asked to agree to a privacy statement that describes how the information will be used and which includes a reference to this Policy.

The Privacy Officer will communicate to the membership any actions with respect to this Policy, including complaints and investigations, and will proactively notify the membership of any otherwise discovered breaches to the safeguards under this Policy. These communications will protect the privacy of any affected individual, including the complainant. The communication will be prompt, and may include direct notification of individual members if the protection of their personal information has been compromised.

You have access to your personal information in our care

Should you wish to inspect the presence and accuracy of the personal information the Club has collected about you, you can do so in writing to the Club. The Club will confirm with you the presence and accuracy of your personal information as soon as practicable and in no case more than 3 business days, and if found inaccurate Club records will be corrected. You should be prepared to identify yourself at the time of your request. If you are making the request on behalf of another Club member, including a member who is your legal guardian or a family member, you may be required to provide written confirmation from that person that you are acting on their behalf.

If you instruct the Club to restrict the use of or withdraw consent to use your personal information you understand that this may impair the ability of the Club to communicate with you and to permit your continued participation in Club activities.

We protect your personal information

All Authorized Persons granted access to membership or other records that contain your personal information will be instructed that they are to use that information only for the intended purpose.
The membership records containing your personal information, whether stored in electronic form or on paper, are in the safekeeping of the Club. When in paper form, or on removable electronic media, the information is stored in locked cabinets in a building with controlled access. When in electronic form the information is stored in files and/or media that are password-protected, and is archived when not required for current use.

Physical and electronic access to these records is restricted to Authorized Persons. Paper records are destroyed when they are no longer required for insurance and other permitted purposes. Electronic records containing your personal data may be archived in perpetuity for historical and statistical purposes determined by the Board, and will survive your active membership in the Club.

You have a right to challenge Club compliance with this Policy

If you believe the Club and/or any of its employees, Directors or volunteers has breached this Policy with respect to your personal information or any aspect of this Policy you can file a written complaint with the Privacy Officer. The Privacy Officer will investigate your complaint and report the result of that investigation to the Executive and to you within 1 month of receiving the complaint. If a breach is confirmed the Executive will, if practicable, correct the breach, take any disciplinary action it deems appropriate against the individual(s), which may include dismissal or ejection from the Club. If appropriate to the circumstances the Club’s policies and procedures may be amended by the Board to reduce or eliminate the likelihood of a recurrence of the breach.