Protecting Personal Information
A. Purpose: Greenpeace recognizes the right of an individual to the protection of their personal information and the need for information management practices that adhere to national standards. We will ensure that our policies and operational guidelines, directed by the principles of the CSA Code govern the management of personal information of our members, donors, staff and volunteers.
i) Personal Information - Information that can be used to identify, distinguish or contact a specific individual; including opinions, beliefs, financial information, birth date and other identifying data but does not include the name, title or business address or telephone number of an employee of an organization. ii) Commercial Activity - Any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists. iii) Consent - Voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.
D. The Privacy Principles: To guide us in protecting your privacy, Greenpeace follows these 10 principles which are based on those created by the CSA and rooted in the Personal Information and Electronic Documents Act.
1) Accountability - We recognize our responsibility for all personal information under our control.
In order to ensure compliance of this Privacy Code, we have designated a Chief Privacy Officer responsible for the implementation of policies and procedures, and adherence to the following principles. We will also include a privacy protection clause in contracts with any third parties we deal with.
2) Identifying Purposes - Greenpeace and those designated or contracted to act for or on our behalf, shall identify the purposes for which personal information is collected at or before the time the information is collected.
We will clearly define the purpose or purposes intended for personal data before we collect the information and we will make it available at the time of collection. Any personal information in our possession will only be used for the original purpose for which it was collected. Any secondary or optional uses of information by Greenpeace will be identified and individuals will be provided with an opportunity to reject or accept such uses.
3) Consent - We must have your knowledge and consent for the collection, use, or disclosure of your personal information
We will provide a clear explanation of the intended uses of your personal information. We also recognize your right to prevent your personal information from being provided to other organizations on a reciprocal basis for the purpose of fundraising. Hence, we will not disclose any personal information without providing an opportunity for our supporters to opt-out.
Greenpeace recognizes that individuals have the right to withdraw consent to personal information use at any time. We will provide our supporters with an opportunity to opt-out of name exchanges annually.
4) Limiting Collection - The collection of personal information shall be limited to the purposes we have identified to you.
We will not collect personal information in an indiscriminate manner, nor will we collect information from other individuals associated with you such as family members or friends without your consent and knowledge, and only in situations that are deemed to be most compelling.
5) Limiting Use, Disclosure and Retention - We will only use or disclose your personal information with your consent (or as required by law) for the purposes for which it was collected.
We will ensure that consent for personal information use is applied only to purposes agreed to initially by the individual. Greenpeace will only keep your information as long as needed for its identified purposes.
6) Accuracy - We will keep your personal information accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
We will provide our supporters the opportunity to update or correct their personal information, which is outdated or inaccurate.
7) Safeguards - We will protect your personal information by security safeguards appropriate to the sensitivity of information.
Greenpeace shall take all reasonable means necessary to ensure that all personal information under its care is protected against loss or theft, unauthorized access, disclosure, copying, use or modification. This includes but is not limited to physical, organizational and technological means.
8) Openness - We will make specific, understandable information readily available to your about our policies and practices relating to the management of your personal information.
We will ensure that our policies and procedures regarding your personal information are simple, clear and easily accessible in a variety of forms including electronically and in print.
9) Individual Access - Upon request, we will give you access to the existence, use, and disclosure of your personal information. You are entitled to question the accuracy and completeness of the information and have it amended as appropriate.
We will respond to your requests for access in a timely fashion. If, in certain circumstances, we are not able to provide certain information, we will provide you with a written explanation outlining the reasons.
10) Challenging Compliance - You have the right to question the Privacy Officer about our compliance with the above principles.
We will make every effort to respond openly to inquiries or complaints regarding our management, collection and disclosure of personal information. We will ensure that every complaint is investigated and that the appropriate actions required to rectify the situation is taken.