1.0 OBJECTIVE & SCOPE OF POLICY

The Royal Canadian Golf Association (RCGA) offers golf related member benefits and programs to the membership across Canada. Our mission, as the governing body of golf in Canada, is to promote participation in and a passion for the game while protecting its traditions and integrity. This Policy Statement has been prepared to inform you of our policy and practices concerning the collection, use and disclosure of Personal Information provided to the RCGA. To fully understand this Policy Statement, you should read the entire policy carefully through to the What You Consent and Agree To section near the end of this Policy Statement.

This Policy Statement applies to Personal Information collected from and about an individual:

1. Collected directly by RCGA as a result of a relationship between the individual or their member club and RCGA; or

2. Collected by a RCGA member club and provided to the RCGA by reason of that member club’s use of RCGA member benefit and program services.

This Policy does not govern Personal Information the RCGA collects from and about its employees. The RCGA has a separate policy regarding the protection of Personal Information of employees of the RCGA. This Policy Statement also does not cover aggregated data. The RCGA retains the right to use aggregated data in any way that it determines appropriate. However, list used for the delivery of Golf Canada magazine, (an RCGA member publication), will only be used for home delivery of said magazine.

All officers and employees of the RCGA, as a condition of their employment, must comply with this Policy Statement. All governors of the RCGA must comply with this Policy statement as a condition of their election as a governor of the RCGA. Using contractual or other arrangements, the RCGA will ensure that contractors and agents, who may receive Personal Information to assist the RCGA in its delivery of services to clients, will protect that Personal Information in a manner consistent with the principles articulated in this Policy Statement.
 

2.0 DEFINITIONS

For the purposes of this Policy Statement,

“Aggregated information” means any information, recorded in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred from the information.

“Organization” means a corporation, trust, joint venture or other association, a sole proprietor or any body forming a legal person under the laws of its incorporating jurisdiction.”

“Personal Information” means any information, recorded in any form, about an identified individual, or an individual whose identity may be inferred or determined from the information.

“Session cookie” means an element of data sent by a web sit to a browser for the purpose of tracking a user’s progression through web site(s) in a single visit. Session cookies are deleted as soon as the browser is closed.

“Web bug” means a file object, usually a graphic image, placed on a Web page or in an e-mail message to monitor user behavior. Unlike a cookie, which can be accepted or declined by a browser user, a Web bug arrives as a GIF on the Web page and is typically invisible to the user because it matches the color of the page background and takes up only a tiny amount of space.

“Member Benefit and Program Services” means all services provided by the RCGA to its membership including, but not limited to, amateur championships, rules and handicap seminars, participation in Future Links programs, sales of tickets, rules books and other RCGA merchandise.
 

3.0 THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION

3.1 THE COLLECTION OF PERSONAL INFORMATION

The RCGA collects information in the course of fulfilling its corporate mandate and some of this information is personal information. Such personal information is collected through a variety of means and from different sources, including from its website, through correspondence, and from third parties, such as clients.

3.2 THE USE OF PERSONAL INFORMATION

The RCGA’s use of Personal Information is limited to the purpose of fulfilling its corporate mandate or a purpose consistent with that purpose. This includes, but is not limited to, providing services to members; providing assistance to clients, preparing account statements and maintaining and developing software. The RCGA may also collect and use e-mail and mailing addresses when individuals request information from the RCGA. The RCGA uses the information collected through such requests to send individuals the information they have requested, and to send additional RCGA information that may be of interest. The RCGA does not sell, trade, barter or exchange for consideration any Personal Information it has obtained.

The RCGA uses Personal Information collected by clients using its customer relationship management services solely to perform its duties under a service agreement with that client and only in accordance with the rights granted under any such agreement.

The RCGA retains the right to use aggregated information in any way that it determines appropriate.

3.3 THE DISCLOSURE OF PERSONAL INFORMATION

Under applicable laws, there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted without consent or where RCGA is obliged to disclose information without consent. Such circumstances may include:

• Where required b y law or by order of a tribunal;

• Where RCGA believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;

• Where it is alleged that the individual concerned is guilty of a criminal offence or civilly liable in a legal action;

• Where it is necessary to establish or collect fees;

• Where it is necessary to permit us to pursue available remedies or limiting any damages that we may sustain; and

• Where the information is public.

As RCGA develops its business, it may acquire or sell assets, including ownership interests in Organization, and Organizations may acquire similar interests in RCGA. In such transactions, Personal Information may be among the transferred business assets. RCGA may disclose Personal Information to any Organization in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit but only if that Organization agrees to use the Personal Information solely for the purpose of making its acquisition decision and to act in a manner consistent with the relevant principles articulated in this Policy Statement.

In the event RCGA transfers assets to an Organization, RCGA will require that company to agree to observe the relevant provisions of this Policy Statement with respect to that Personal Information.

RCGA may disclose Personal Information to any individual or Organization that it retains to assist in the conduct of its corporate mandate. RCGA will only do so if the individual or Organization, with respect to the information in question, agrees

1. To use the Personal Information solely for the purposes of performing tasks on behalf of or as instructed by RCGA; and

2. To act in a manner consistent with the relevant principles articulated in this Policy Statement.

Where obliged or permitted to disclose information without consent, RCGA will not disclose more information than is required.
 

4.0 ACCURACY

RCGA endeavors to ensure that any Personal Information in its possession is as accurate, current and complete as necessary for the purposes for which the RCGA used that data. Information contained in files that have been closed is not actively updated or maintained.
 

5.0 RETENTION

The RCGA generally retains Personal Information as long as the RCGA believes it is necessary to fulfill the purpose for which it was collected. The RCGA has and adheres to internal policies and procedures for the retention and subsequent disposition of Personal Information.
 

6.0 SECURITY

The RCGA endeavors to maintain adequate physical, procedural and technical security with respect to its offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information.

As part of those precaution, the RCGA restricts access to Personal Information to those employees and agents that the RCGA determines need to know that information in order that the RCGA may carry out its corporate mandate and who have previously agreed to be bound by non-disclosure terms and conditions. The RCGA has a policy by which employee misuse of Personal Information is prohibited and for which serious consequences, including dismissal, may result.

In terms of communicating Personal Information, there is no method of transmitting or storing data that is completely secure. While the physical characteristics of each are different, mail, telephone calls, faxes and transmissions over the Internet are all susceptible to possible loss, misrouting, interception and misuse of the information being communicated or transmitted.

As do many Organizations, the RCGA attempts to strike a reasonable balance between security and convenience. In communicating with individuals, clients or other, the RCGA reserves the right to use a method of communication that is less secure than some of its less convenient alternatives. An example of this is e-mail. At this time, when the RCGA uses e-mail, it is sent as unencrypted plain text. This is done because the RCGA believes that many individuals and client Organizations cannot readily process encrypted e-mail. This is done for their convenience but has the security concern that, if misrouted or intercepted, it could be read more easily than encrypted e-mail.
 

7.0 ACCESSING AND UPDATING PERSONAL INFORMATION

Except with respect to Personal Information provided by a client pursuant to a services agreement, the RCGA permits the reasonable right of access and review of Personal Information held by the RCGA as set out in this policy. With respect to Personal Information held by the RCGA that has been provided by reason of a client’s use of RCGA customer relationship management services, The RCGA will provide the client with notice of an access request so as to permit the client to address the matter.

A request for access may be made by sending a request to the RCGA Privacy Officer, identified in Section 13 of this Policy Statement. The RCGA reserves the right not to change any Personal Information but will append reasonably alternative text that the individual concerned believes appropriate.

The RCGA reserves the right to decline to provide access to Personal Information where the information requested:

1. Would Disclose:

   1. The Personal Information of another individual or of a deceased individual; or
   2. Trade secrets or other business confidential information that may harm RCGA or competitive position of a client or third party;

2. Would interfere with contractual or other negotiations of RCGA or a third party or result in a significant financial loss or gain to RCGA or a third party, including but not limited to:

   1. Materials relating to the RCGA strategic or operational planning activities; or

   2. Any portion of a test document, except a cumulative total test score for either a section of or the entire test document;

3. Is subject to Solicitor-client or litigation privilege;

4. Is not readily retrievable and the burden or cost of providing would be disproportionate to the nature or value of the information;

5. Does not exist, is not held, or cannot be found by RCGA.

6. Could reasonably result in serious emotional harm to the individual or another individual, or serious bodily harm to another individual; or

7. May harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by statute to perform such functions.

Where RCGA will permit access to Personal Information held by it, RCGA will endeavor to provide the information in question within reasonable time and may charge a reasonable cost (e.g. photocopying, mail charges) to the individual making the request.

RCGA will not respond to repetitious or vexatious requests for access. In determining whether a request is repetitious or vexatious, it will consider such factors as the frequency with which information is updated, the purpose for which the information is used, and the nature of the information.

To guard against fraudulent requests for access, RCGA may require sufficient information to allow it to confirm the identity of the person making the request before granting access or making corrections.
 

8.0 VISITING AN RCGA WEB SITE

The RCGA web site uses session cookies to track web site usage. The RCGA does not use Web bugs. A visitor to an RCGA site is not required to reveal any individually identifiable information, such as name, address, or telephone number. Such information is also not collected passively by electronic means.

The RCGA web server tracks general information about visitors such as their domain name and time and duration of visit, pages viewed, referrals, etc. The RCGA web site also collects and aggregates information regarding which pages are being accessed. This information, only in aggregate form, is used internally to better serve visitors by helping us to:

• Manage our site;
• Diagnose any technical problems;
• Improve the navigation of our website; and
• Improve the content of our web site

Following its use, the information collected is not retained and is discarded in a secure manner.

Any other information provided via an RCGA web site is subject to this Policy statement. Questions about the collection of Personal Information via an RCGA web site should be addressed to privacy@rcga.org
 

9.0 AMENDMENT OF THIS POLICY STATEMENT AND RCGA PRACTICES

This statement is in effect as of June 1, 2004, the RCGA will from time to time review and revise its privacy practices and this Policy Statement. In the event of any amendment, an appropriate notice will be posted on this page and communicated to clients and others as appropriate. Policy changes will apply to the information collected from the date of posting of the revised Policy statement to the RCGA web site as well as to existing information held by the RCGA.
 

10.0 CO-ORDINATION WITH APPLICABLE LAW

The RCGA, in communicating with clients and providing its identity verification solution operates in a number of jurisdictions across Canada and interacts with others in different countries. Depending on the context, the RCGA’s collection and use of Personal Information may be governed by federal and provincial laws as well as the laws of other jurisdictions (e.g. Untied States, European Union Member States). Where applicable, the RCGA will comply with such laws regarding its collection, use and disclosure of Personal Information.
 

11.0 FORMER CLIENTS

The RCGA will only disclose Personal Information obtained from and about former clients or clients with inactive accounts in accordance with this Policy Statement.
 

12.0 CURRENT RCGA CLIENTS

When an individual provides the RCGA with Personal Information, other than information collected from clients who use RCGA’s member program and benefit services, you consent and agree to the following:

You consent to the collection and use of Personal Information from or about you as described in Section 3 above, and to your right to access and correct date as described in Section 7 above.

You acknowledge that you accept the risks concerning the transmission of information to the RCGA as described in Section 6 and agree to take the precautions to assist us in protecting your data, including but not limited to, protecting your User Id and password, when visiting the secure portion of an RCGA web site.

You agree that we may make amend this Policy Statement as described in Section 9.

An individual or Client may also be asked to execute a consent in writing.
 

13.0 QUESTIONS

Any inquiries about the collection and usage of personal information can be directed to the Privacy Officer of the RCGA at:

RCGA
1333 Dorval Drive, Suite 1
Oakville, ON L6M 4X7
Attn: Privacy Officer
905-849-9700, ext 367
privacy@rcga.org

In the event of questions about this Policy Statement or whether the RCGA is acting in a manner consistent with it, please contact:

RCGA
1333 Dorval Drive, Suite 1
Oakville, Ontario
L6M 4X7
Attn: President
905-849-9700, ext 201
905-845-7040 (Fax)
 

What is covered by the Privacy Act and the Personal Information Protection and Electronic Documents Act?

Canadians are protected by two federal privacy laws, the Privacy Act and the Personal Information Protection and Electronic Documents Act.

The Privacy Act took effect on July 1, 1983. This Act imposes obligations on some 150 federal government departments and agencies to respect the privacy rights of Canadians by placing limits on the collection, use and disclosure of personal information.

As of January 1, 2001, individuals are also protected by the Personal Information Protection and Electronic Documents Act which sets out ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities. The law gives individuals the right to see and ask for corrections to information an organization may have collected about them. Since the beginning of this year, the Act applies to personal information about customers or employees that are collected used or disclosed by the federally regulated sector in the course of commercial activities. In addition, the Act covers all business and organizations engaged in commercial activity in Yukon, the Northwest Territories and Nunavut as well as information sold across provincial and territorial boundaries. As of January 1, 2002, the personal health information collected, used or disclosed by these organizations is also covered.

As of January 1, 2004, the Act covers the collection, use or disclosure of personal information in the course of any commercial activity within provinces, including provincially regulated organizations. The Act also applies to all personal information in all inter-provincial and international transactions by all organizations subject to the Act. The federal government may exempt organizations or activities in provinces that have their own privacy laws if they are deemed to be substantially similar to the federal law. To assist in making that determination, the Privacy Commissioner is mandated, under the Act, to report to Parliament on the extent to which provinces have passed legislation that is in fact substantially similar.

Oversight of both Acts rests with the Privacy Commissioner of Canada who is also authorized to receive and investigate complaints.
 

What is the role of the Privacy Commissioner of Canada?

According to the Privacy Act and the Personal Information Protection and Electronic Documents Act, the Privacy Commissioner of Canada is responsible for ensuring that the federal government and companies in the private sector collect, use or disclose personal information in a manner that is responsible and transparent. These Acts governing personal information provide the Privacy Commissioner of Canada with the authority to ensure organizations and federal departments are held accountable for their information handling practices.

Within the federal public sector, the Privacy Commissioner of Canada can initiate audits of information practices randomly. In conducting an audit, the Commissioner has the power to summon any personal before him. He also has the authority to administer oaths, receive evidence and, enter the premises of an organization, after fulfilling security requirements. The Commissioner can also examine or obtain copies of any records found. The Commissioner is impartial and nonpartisan, which means he can act independently to investigate complaints from individuals. This mandate extends to both the federal public sector and the private sector. As such, the Privacy Commissioner of Canada can make recommendations to improve how personal information is handled. He can also publicize recommendations and reports. In some cases, the Commissioner can refer cases to the Federal Court. At this level, the Court can award damages to a complainant, including damages for humiliation.

As ombudsman, the Commissioner doesn’t issue orders or impose penalties, but rather arrives at impartiality and dedication to problem resolution.

However, it is a criminal offence to obstruct the Commissioner during an investigation or audit or to knowingly dispose of personal information that could be subject to a request. The legislation also makes it a criminal offence for employers to take retaliatory actions against employees. The Privacy Commissioner of Canada’s mandate also includes research, education and promotion of privacy issues in Canada. As an Officer of Parliament, the Privacy Commissioner of Canada reports directly to the House of Commons and to the Senate.
 

Under the Privacy Act, what is the federal government’s responsibility in handling Canadians’ personal information?

The Act establishes a fair information code to regulate government handling of personal records, which requires the federal government to:

• Limit its collection of personal information to the minimum details needed to operate programs or activities;

• Collect the information, whenever possible, directly from the person concerned;

• Tell the person why the information is being collected and how it will be used;

• Not use the information for purposes other than those specified, unless allowed by law;

• Keep the information for long enough to allow the person a reasonable opportunity to obtain access;

• Ensure the information is as accurate, up-to-date and complete as possible; and,

• Not disclose personal information unless specifically allowed by the Privacy Act or another law.

What is “personal information?”

Personal information is any factual or subjective information, recorded or not, about an identifiable individual. It includes:

• Age, name weight, height;

• Medical records;

• ID numbers, income, ethnic origin, or blood type;

• Opinions, evaluations, comments, social status, or disciplinary action; and, employee files, credit records, loan records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs.)

Personal information does not include your job title, telephone number or address, anything that might appear on your business card, or can be found through publicly available information such as the telephone book.
 

What kind of personal information held by the federal government does the Privacy Act cover?

It applies to the whole range of federal government records, for example:

• Pension and unemployment insurance files;

• Medical records;

• Tax records;

• Security clearances;

• Student loan applications; and,

• Military records.

The information may be recorded “in any form” and so includes video and audiotape, and any electronic information medium.

To find out how gain access to the personal information the federal government holds visit InfoSource at www.tbs-sct.gc.ca/infosource or call 1-800-635-7943.
 

How does the Personal Information Protection and Electronic Documents Act require businesses to deal with personal information?

The law requires organization to:

• Obtain your consent when they collect, use or disclose your personal information;*

• Supply you with a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless the information is essential to the transaction;*

• Collect information by fair and lawful means; and,

• Provide personal information policies that are clear, understandable and readily available.

Organizations should destroy, erase or make anonymous personal information about you that it no longer needs in order to fulfill the purpose for which it was collected.

*There are exceptions to these principles. For example; an organization may not need to obtain your consent if collecting the information clearly benefits you and your consent cannot be obtained in a timely way; or if the information is needed by a law enforcement agency for an investigation, and getting consent might compromise the information’s accuracy.
 

How does the Personal Information Protection and Electronic Documents Act protect my personal information?

Your ability to control your personal information is key to your right to privacy. The Act gives you control over your personal information by requiring organizations to obtain your consent to collect, use or disclose information about you.

The law gives you the right to:

• Know why an organization collects, uses or discloses your personal information;

• Expect an organization to collect, use or disclose your personal information reasonably and appropriately, and not use the information for any purpose other than that to which you have consented;

• Know who in the organization is responsible for protecting your personal information;

• Expect an organization to protect your personal information by taking appropriate security measures;

• Expect the personal information an organization holds about you to be accurate, complete and up-to-date;

• Obtain access to your personal information and ask for corrections; and,

• Complain about how an organization handles your personal information, confidentially if requested.

• The Collection, use or disclosure of personal information by federal government organizations listed in the Privacy Act;

• Provincial or territorial governments and their agents;

• An employee’s name, title business address or telephone number;

• An individual’s collection, use or disclosure of personal information strictly for personal purposes (e.g. personal greeting card list); and,

• The collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes.

For more information, see the Human Resources Development Canada’s discussion on SIN.