Committed to Protecting Your Privacy Under BC PIPA

1) Scope and Application

This policy applies to IDSBC’s collection, use, and disclosure of personal information relating to: (a) the individuals we support and their families; (b) donors and community partners; (c) volunteers and applicants; and (d) employees and prospective employees. PIPA applies to private‑sector and not‑for‑profit organizations operating in B.C. and requires reasonable purposes, consent (subject to limited exceptions), safeguards, access and correction rights, and accountability. [www2.gov.bc.ca], [bclaws.gov.bc.ca]

Definitions (summary):

• Personal information means information about an identifiable individual (other than business contact information used to contact the individual at work).
• Employee personal information is information reasonably required to establish, manage, or terminate an employment relationship.

2) Accountability and Privacy Governance

IDSBC is responsible for personal information under its control and has designated a Privacy Officer to ensure compliance with PIPA, oversee practices, and respond to requests and inquiries. We maintain privacy policies, staff training, access controls, and procedures to address privacy complaints.

Privacy Officer: Gulzar Tejpar
Email: GulzarT@idsbc.org | Phone: 604‑984‑9321
Address: 1070 Roosevelt Cres, North Vancouver, BC V7P 1M3

3) What We Collect

We collect only the personal information necessary for identified, reasonable purposes, including: contact details; program and support information; communication preferences; donation records; volunteer and employment application details; and limited website analytics data (non‑identifiable where feasible). We limit collection to what a reasonable person would consider appropriate in the circumstances.

4) Identifying Purposes

We identify the purposes for collection at or before the time of collection. Typical purposes include:

• Service delivery: assessment, planning, and provision of programs/supports; coordination with authorized caregivers or approved partners.
• Administration: scheduling, billing, membership, donations and receipting, reporting to funders as required.
• Employment & volunteer management: recruitment, screening, onboarding, training, payroll/benefits, health and safety, performance.
• Communications & engagement: responding to inquiries, event management, donor stewardship (with opt‑out options).
• Legal, regulatory, and risk management: compliance with applicable laws and funder requirements (e.g., CLBC), security, and audit.

5) Consent

We obtain knowledge and consent for the collection, use, and disclosure of personal information, except where PIPA permits otherwise (e.g., legal, security, or health/safety circumstances; investigations; or where consent is not required under the Act). Consent may be express or implied, depending on sensitivity and context. Individuals may withdraw consent subject to legal or contractual restrictions and reasonable notice. We will explain the implications of such withdrawal.

Employee personal information: We provide advance notice and collect/use employee personal information as reasonably required to establish, manage, or terminate employment.

6) Limiting Collection, Use, and Disclosure

We collect personal information directly from individuals wherever possible. We limit use and disclosure to the purposes identified, or for purposes reasonably related to those purposes, or as permitted/required by law. Examples of disclosures include:

• To authorized caregivers or support persons involved in service delivery (with appropriate consent/authority).
• To service providers (e.g., IT, payroll, secure records storage) bound by contractual privacy and security obligations.
• To funding bodies where required (e.g., Community Living BC) and in compliance with PIPA.
• To regulators or law enforcement where legally authorized or required.

7) Accuracy

We make reasonable efforts to ensure personal information is accurate and complete for the purposes for which it is used or disclosed. Individuals are encouraged to provide updates to keep their information current.

8) Safeguards

We protect personal information by reasonable security arrangements appropriate to the sensitivity of the information, including physical, technical, and administrative safeguards (e.g., restricted access, encryption in transit where applicable, secure disposal, confidentiality undertakings, staff training, and need‑to‑know permissions).

9) Retention and Disposal

We retain personal information only as long as necessary to fulfill identified purposes, meet legal and contractual requirements, and to allow individuals a reasonable opportunity to request access. When no longer needed, we securely destroy, erase, or anonymize records in accordance with our retention schedule and safeguards.

10) Openness

This policy describes our privacy practices and is available on request and on our website. Additional procedures and guidelines may be available from our Privacy Officer.

11) Individual Access and Correction

Upon written request, and subject to limited exceptions in PIPA, we will inform an individual of the existence, use, and disclosure of their personal information and provide access. We will also correct or annotate information where inaccurate or incomplete. We respond within the timelines set out in PIPA (generally within 30 days, subject to permissible extensions) and may charge minimal fees where authorized and reasonable. If we refuse access (in whole or in part), we will provide reasons and information on further recourse.

How to make a request: Contact the Privacy Officer (see Section 2).

12) Complaints and Inquiries

Questions about our privacy practices, or complaints about our compliance with PIPA, may be directed to our Privacy Officer. If your concern is not resolved, you may contact the Office of the Information and Privacy Commissioner for British Columbia (OIPC) for review.

• OIPC (for private organizations) resources: oipc.bc.ca/for-private-organizations

13) Service Providers and Cross‑Border Transfers

We may transfer personal information to service providers for processing or storage. We require service providers to protect personal information with comparable security and confidentiality and to use it only for authorized purposes. If personal information is stored or accessed outside B.C. or Canada, it may be subject to the laws of those jurisdictions. We assess risks and implement contractual and technical safeguards consistent with PIPA and OIPC guidance (e.g., vendor due diligence, contractual clauses, access controls).

14) Privacy Breaches

If we become aware of a privacy breach, we will act promptly to contain and assess the incident, mitigate risks, and determine notification. While PIPA does not currently impose universal mandatory breach notification, the OIPC encourages organizations to adopt breach response programs and to notify affected individuals and/or the OIPC where there is a real risk of significant harm. IDSBC follows this guidance and applicable legal requirements, including record‑keeping.

15) Children and Substitute Decision‑Makers

Where consent is required for individuals who are minors or for those with substitute decision‑makers, we obtain consent from a parent, guardian, or other authorized representative, consistent with law and program requirements. We will verify authority where appropriate.

16) Website, Cookies, and Analytics

Our website may use cookies or analytics to understand traffic patterns and improve functionality. Where feasible, this data is de‑identified or aggregated. You may manage cookies through your browser. Website data handling complies with PIPA’s requirements for reasonable purposes and transparency.

17) Changes to This Policy

We may revise this policy to reflect changes in law or our practices. The “Last updated” date indicates the most recent revision. Material changes will be communicated in a reasonable manner.

Contact — Privacy Officer

Intellectual Disabilities Society (IDSBC)
Email: GulzarT@idsbc.org
Phone: 604‑984‑9321
Address: 1070 Roosevelt Cres, North Vancouver, BC V7P 1M3