'The Lord is my rock, my fortress and my deliverer; my God is my rock, in whom I take refuge, my shield and the horn of my salvation, my stronghold.'
PSALM 18:2
Download PDF file
Protection of Personal Information Policies and Procedures
1.  Introduction
1.1. Hope Christian Reformed Church (the “Church”) is committed to protecting the privacy of its members, adherents, donors, volunteers, employees, directors, officers and any other persons about or from whom the Church collects personal information.  The purpose of this Policy to ensure that all personal information is properly collected, used only for the purposes for which it is collected and is disposed of in a safe and timely manner when no longer required.
1.2. This Policy applies to Personal Information which is collected, used or distributed by the Church for commercial purposes.

2.  Definitions
“Church” is defined as Hope Christian Reformed Church.
“Individual” is defined as any member, adherent, associate member, donor, volunteer, employee, director, officer, elder, pastor, and any other person who has dealings with the Church.
“Personal Information” is defined as any information about an Individual that the Church collects, processes or uses.
“Collector” is defined as any Individual who receives Personal Information on behalf of the Church.
“Policy” is defined as the Hope Christian Reformed Church Protection of Personal Information Policies and Procedures.
3. Accountability 
3.1 The Church is responsible for maintaining and protecting the personal information under its control.  The Church has appointed John Gilson as its Privacy Officer.  He is responsible for ensuring the Church complies with its privacy obligations in accordance with applicable privacy law.
3.2 John may be contacted as follows:
John Gilson, Privacy Officer
Hope Christian Reformed Church
64 Buchanan Crescent
Brantford, Ontario N3P 2A5 
Phone:             (519) 759-7581(519) 759-7581
E-Mail: info@hopecrc.ca
3.3 Collectors of Personal Information shall be accountable for such information to the Privacy Officer.
3.4 Any Personal Information that is transferred to a third party for processing is subject to this Policy.  The Church shall use contractual or other appropriate means to provide a level of protection of the Personal Information that is comparable to this policy while the information is being processed by a third party.
3.5 The Church shall communicate and explain this Policy and provide training with respect thereto to all persons who may be in a position to collect, retain or use Personal Information.
3.6 The Church shall prepare and disseminate information explaining the Policy to Individuals.

4. Identifying Purposes

4.1. The Church collects and uses personal information for a variety of purposes including:
providing services to individuals ministered to by the Church;
  • establishing and maintaining membership lists including sufficient information to meet denominational needs.
  • managing payroll and benefits for Church employees;
  • maintaining employment records including employee performance evaluations; and
  • establishing and maintaining lists of donors.
  • maintaining information for the protection of children involved in Church ministries
  • Publishing Sunday church bulletins in printed form and on our church website for members who cannot attend worship services and for members who require information from the bulletins.
4.2. The Church shall identify the purposes for which it collects personal information.

4.3. The purpose of collecting Personal Information shall be disclosed to the Individual from whom the Personal Information is being collected before or at the time the information is collected.

5. Consent

5.1. Consent will be obtained from the Individual whose Personal Information is collected, used and disclosed, unless obtaining the consent would be inappropriate or not required by law.  In some cases a person’s consent may be implied by virtue of their membership in the Church or because of the person’s conduct with the Church. 

5.2. When it is appropriate, written consent will be obtained. Written consents will be kept on file for as long as the information is reasonably necessary. 

5.3. The Church shall ensure that there is no condition attached to the supply of benefits requiring an Individual to provide consent for the collection, use, or disclosure of Personal Information beyond that required to fulfill the specified and legitimate purposes.

5.4. An Individual may withdraw his or her consent at any time, subject to legal or contractual restrictions and reasonable notice, where required.

5.5. If an Individual wishes to withdraw consent, he or she must provide explicit instructions in writing to the Privacy Officer.  The Privacy Officer will then determine whether any Personal Information about the person is in the Church’s possession or control.  If so, The Individual shall be informed of any reasonably foreseeable implications of withdrawing consent.

6. Limiting Collection

6.1. Personal Information collected will be limited to that required for the purpose or purposes identified by the Church.  The Church is committed to collecting personal information in a fair, open and lawful manner.
7.  Limiting Use, Disclosure and Retention 

7.1. Personal Information shall not be used, disclosed or retained for purposes other than those for which it was collected, except with the consent of the Individual or as required by law. 
7.2. All collected Personal Information shall be destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as permitted by the law. 
8. Accuracy

8.1. Personal Information, whether in electronic or paper based format, shall be maintained in as accurate, complete and up-to-date a form as necessary in order to fulfill the purposes for which it was collected.

9. Safeguards
9.1. Personal information will be protected by security safeguards that are appropriate to the sensitivity of the Personal Information.  This safeguarding includes physical measures such as locked filing cabinets and premises security, organizational measures such as restricted access to files with Personal Information or technological measures such as Norton Antivirus Security software. Personal information collected includes:
1. Birth dates and family information including contact information.
2. Baptismal dates.
3. Profession of Faith dates (when adherents become members).
4. When children and young adults take part in the various activities of the church, registration forms are filled out for their health, welfare and safety. This information includes such items as allergies and other health concerns and contact information.
5. Police checks of all volunteers and paid staff.
6. Financial records of charitable donations for income tax purposes.
7. Members are officially visited by pastors, elders and deacons who may share the joys and concerns of these visits at elders and deacons meetings. While records are kept of visits made, information on these visits are not kept.
8. Membership data is generally received from other churches when members transfer to Hope CRC.
9.  When a member requests a transfer to another church, membership data may accompany the transfer.
Note: We do not collect personal identifiable information on the church website. We do not identify who our visitors are and we do not compile, buy, sell, rent or trade consumer mailing or e-mailing lists.
9.2. The Church shall ensure that any person having access to Personal Information entrusted to the Church is made aware of the importance of maintaining confidentiality of the information.
9.3. The Church shall ensure that care is taken when Personal Information is disposed of or destroyed to prevent unauthorized parties from gaining access to the information

10. Openness
10.1. The Church shall be open about the Policy, as well as any related practices or procedures with are not explicitly set out in the Policy.
10.2. Information that will be made available to Individuals upon request shall include:
  • The Name and contact information for the Privacy Officer;
  • The means of gaining access to Personal Information held by the Church;
  • A description of the type of Personal Information held by the Church, including a general account of its use;
  • A copy of any written information that explains the Church’s policies, standards or codes regarding Personal Information; and
  • What Personal Information is made available to related organizations.

11.  Access to Personal Information

11.1. The Church will grant an Individual access to Personal Information about themselves where the Church is legally required to release the information.
11.2. In order to access Personal Information, a written request must be made to the Privacy Officer. 
11.3. The Church shall comply with any request from an Individual to:
disclose whether the Church holds Personal Information about the Individual;
allow the Individual access to Personal Information about the Individual;
advise the Individual of the use that has been made or is being made of their Personal Information; and
provide an account of the third parties to which their Personal Information has been disclosed.
11.4. If the Church believes that access to Personal Information should be denied to an Individual, for any reason, the Church shall consult legal counsel before allowing access to any Personal Information.
11.5. When an Individual successfully demonstrates the inaccuracy or incompleteness of Personal Information, the Church shall ensure that the information is amended as required.

12. Challenging Compliance
12.1. Complaints or inquiries about the collection, use, disclosure or retention of Personal Information or the Church’s compliance with these policies should be directed to the Privacy Officer in writing.
12.2. Upon receipt of a complaint or inquiry from an Individual, the Privacy Officer shall deliver a copy of this Policy to the person.
12.3. Upon receiving a complaint or enquiry from an Individual, the Privacy Officer will investigate, ensure that appropriate measures are taken if necessary, and advise the Individual as to the Privacy Officer’s findings and any corrective actions taken.
12.4. Upon receiving the response from the Privacy Officer, the Individual who filed the complaint may, if he or she is not satisfied, appeal to the Council for an independent evaluation and response with respect to the complaint.
12.5. The determination of the Council shall be final and the Privacy Officer shall abide by and implement any of its recommendations.