At Tofino Co-op, we are committed to providing our retail members, customers, and employees with exceptional service. As providing this service involves the collection, use and disclosure of some personal information about our members, customers and employees, protecting their personal information is one of our highest priorities.
We will inform our members, customers, and employees of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
Privacy – The freedom from intrusion into and exposure from personal affairs.
Personal Information – means information about an identifiable individual
- name, address, telephone number
- date of birth, social insurance number, financial status
- race, national or ethnic origin, colour, or religious or political beliefs or associations
- age, sex, marital status or family status
- an identifying number such as member number, employee number, or student number
- fingerprints, blood type, photograph
- health information
- educational, financial, criminal or employment status or history
- personal views or opinions
- job evaluation
Summary of Principals
Principle 1 – Accountability
Co-op is responsible for personal information under its control and has designated a person who has overall accountability for compliance with the following principles. However, each employee of Co-op is responsible for following Co-op Privacy Code and assisting Co-op in complying with applicable laws.
Principle 2 – Identifying Purposes for Collection of Personal Information
Co-op identifies the purposes for which personal information is collected at or before the time the information is collected. Co-op employees who collect personal information on behalf of Co-op must be prepared to explain the purposes for collection.
Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information
Meaningful, express consent (or, where reasonable, meaningful implied consent) of a customer or employee is required for the collection, use or disclosure of personal information, unless a legal exception applies.
Principle 4 – Limiting Collection of Personal Information
Personal information is collected only if it is necessary to achieve the purposes identified to the individual.
Principle 5 – Limiting Use, Disclosure and Retention of Personal Information
The fact that Co-op has personal information of a customer does not mean that the personal information can be used for any purpose, disclosed for any purpose or retained indefinitely. When employees use personal information, they should consider whether the use was one that was identified to the person from whom the information was collected. Personal information should not be disclosed without consent unless required by law. Personal information should not be retained for longer than is necessary to fulfill the purpose and to comply with regulatory requirements or to protect Co-op’s legal rights.
Principle 6 – Accuracy of Personal Information
Co-op employees should take care to keep personal information that they are responsible for maintaining as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 – Security Safeguards
Co-op uses administrative procedures, technical controls and physical security safeguards to protect personal information. Co-op employees must never circumvent or attempt to circumvent these safeguards. If a Co-op employee believes that there is a security breach or the safeguards are not being complied with, that employee must report the issue to his or her supervisor or, if necessary, to the General Manager.
Principle 8 – Openness Concerning Policies and Practices
The Co-op makes available to customers and employees specific information about its policies and practices relating to the management of personal information.
Principle 9 – Customer and Employee Access to Personal Information
Upon request, Co-op will inform a customer or employee of the existence, use and disclosure of his or her personal information and shall give the individual access to that information. A Co-op customer or employee shall be able to challenge the accuracy and completeness of the information and to have it amended as appropriate.
Principle 10 – Challenging Compliance
Mike Tomilin, General Manager
BC Personal Information Protection Act
Personal Information Protection and Electronic Documents Act
Privacy Breach Checklist