Policy Effective: April 11, 2023

Introduction

GDTA protects all information it collects over the internet, on its website, on the telephone, through our office, and at events. GDTA’s collection, use and disclosure of personal information is governed by Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). A copy of this Act can be obtained from the Office of the Privacy Commissioner Canada: Personal Information Protection and Electronic Documents Act.

Purpose

GDTA has developed this Policy and related procedures to guide the handling of personal information that GDTA collects, uses and discloses. This policy has been created to demonstrate GDTA’s commitment to protecting the personal information it collects, uses and discloses in conducting its business. This policy and related procedures are consistent with Canada’s legislation governing personal information protection.

Policy

Personal Information

This Policy deals only with personal information collected, used and disclosed by GDTA. Personal information means information about an identifiable individual, which includes an individual’s name, e-mail address, home address, phone number, and other identifiable information.

The Personal Information Protection and Electronic Documents Act does not apply to your business contact information if the collection, use or disclosure is to enable GDTA to contact you about your business responsibilities and for no other purpose.

Changes to the Privacy Policy

GDTA may change this policy from time to time. GDTA is not required to notify you of any change to the Policy. Any change to the Policy will be effective once the GDTA posts the updated Policy on its Website. The effective date appears under the heading. It is your responsibility to review the Policy regularly.

Consent

By voluntarily providing personal information, you are deemed to consent to the collection, use and disclosure of that information for the purposes for which it was provided. As required by the Personal Information Protection and Electronic Documents Act (PIPEDA), GDTA will not use personal information for any purpose other than that for which it was collected without your consent. Should GDTA wish to use your personal information for a new purpose, consent will be sought for that new use.

Purposes for Collection, Use and Disclosure of Personal Information

The purpose for which GDTA collects personal information will be for the purposes for which the information was provided. Personal information may be collected for such purposes as:

• Administering GDTA’s responsibilities under the Canada Not-for-Profit Corporations Act, BC Societies Act and Alberta Business Corporations Act regarding membership, Member services, nomination and election of Directors, and Director and Member meetings;
• Distributing newsletters to subscribers;
• Sending out notices and other relevant information;
• Informing and registering volunteers and members for GDTA events;
• Administering GDTA volunteer programs;
• Conducting volunteer training programs and trail days;
• Tracking volunteer hours for statistical and health and safety purposes: and
• Insuring volunteers with WCB and under GDTA insurance policies.

GDTA Members must provide their contact information for GDTA to comply with its obligations under the Canada Not-for-Profit Corporations Act and BC Societies Act. Members may, at their request, at any time, be removed from any GDTA mailing list except the Member list maintained under these Acts.

GDTA volunteers must provide their contact information for GDTA to comply with its obligations under the Occupational Health and Safety Act, the Workers Compensation Act, WorkSafe BC, GDTA’s Health and Safety Program and its operating agreements with Alberta Environment and Parks, Alberta Parks, Rec Sites and Trails BC, BC Parks and Parks Canada.

Limits for Collecting, Using, Disclosing and Keeping Personal Information

GDTA does not collect, use, or disclose the personal information of individuals except when individuals give their express consent or provide the information voluntarily (deemed consent). There may be occasions where more specific personal information is necessary for GDTA to proceed with a request for information, or provide a product or service, for example, in cases of membership or contracts. In such cases, GDTA will describe the information required. In all such cases, GDTA limits the amount and type of information collected to only the personal information necessary to provide the individual with the required information, product, or service.

GDTA will not collect, use or disclose information without an individual’s express or deemed consent except under the authority of Division 1, Section 7 (1) (Collection without consent), Division 1, Section 7 (2) (Use without consent) or Division 1, Section 7 (3) (Disclosure without consent) of the Personal Information Protection and Electronic Documents Act.

GDTA retains personal information only as long as it is necessary for the purposes for which it was collected. For example, if personal information is given to register for an event, the personal information will only be used for this event and will then be deleted or destroyed. In some cases, however, legal reporting or retention requirements necessitate that GDTA retain information for a specific time. In general, GDTA retains personal information for a period not longer than ten years, in secure virtual storage.

GDTA does not sell or trade any personal information with third parties. Information may be transferred to third parties where GDTA outsources information processing in the course of its activities or administrative procedures in specific cases. Some personal information collected by GDTA is transferred to our service providers for processing and storage. GDTA service providers are restricted from using or disclosing personal information transferred to them for any purpose other than the provision of services to GDTA.

Safeguarding Personal Information

Any personal information that GDTA retains is kept in such a manner as always to ensure that it is protected. GDTA protects the personal information it collects and safeguards that information from risks such as unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction. In its care of personal information, GDTA complies with the Personal Information Protection and Electronic Documents Act’s principles regarding limiting information use, disclosure and retention (Schedule 1, Clause 4.5), accuracy (Clause 4.6), and safeguards (Clause 4.7), and with the Act’s requirements regarding breaches of those safeguards (Division 1.1).

Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while GDTA strives to protect personal information, it cannot ensure or warrant the security of any information transmitted to or received from it electronically. This is especially true for information transmitted via email. GDTA has no way of protecting the information it sends by email. However, once the transmission is received, GDTA makes its best efforts to ensure security. Internally, access to personal information is restricted to employees and volunteers who need access to the information to do their jobs. These employees and volunteers are limited in number, knowledgeable about, and committed to our privacy policies.

Access and Correction of Personal Information

GDTA makes every effort to keep personal information as accurate, complete, current, and relevant as necessary for the identified purposes. GDTA does not routinely update personal information.
At an individual’s written request, they may access or ask that their personal information be corrected. Access and correction of personal information are dealt with under Part 3 of the Personal Information and Protection Act.

To make a request, please send a letter, or email addressed to our Privacy Officer at the address indicated below. In any written request, please include the following information:

• Name
• Contact details – phone, address, and email address
• Organization name (where applicable)
• Nature of the request – access or correction

The request must contain sufficient detail to enable GDTA, with a reasonable effort, to identify the record in its custody or control that is the subject of the information request. GDTA will reply to requests no later than thirty days after receipt of the request, or if it cannot respond within this time, the end of an extended period if the time is extended under Division 1, Section 8 (4) of the Personal Information Protection and Electronic Documents Act.

Links to other Websites

GDTA’s Website may contain links to other external (non GDTA administered) websites not covered by this Policy and may be subject to different Privacy standards. GDTA assumes no responsibility for the practices, policies, or actions of third parties which operate these websites. You should review the Privacy Policies of these websites before providing them with personal information.

Notice of Third-Party Service Providers Residing Outside of Canada

GDTA may use MailChimp to manage its email distribution services. Mailchimp operates exclusively in the United States and stores data for GDTA, including personal information, in its US based data centers. The Privacy Policy for MailChimp is available at: https://mailchimp.com/en-ca/about/security

GDTA may use Zoom to hold virtual meetings or online webinars. Zoom operates in the United States and stores data from GDTA, including personal information, in its US based data centers. Zoom’s Privacy Policy is available at: https://explore.zoom.us/en/privacy/

GDTA may use Eventbrite to distribute tickets for meetings and events. Eventbrite operates in the United States and stores data for the GDTA, including personal information, in its US based data centers. The privacy policy for Eventbrite is available at: https://www.eventbrite.ca/support/articles/en_CA/Troubleshooting/eventbrite-canada-data-protection?lg=en_CA

Payment Processing and e-Commerce

GDTA does not save credit card information. We use a third-party payment processor for e-commerce transactions made on our website. To the extent that you provide personal information to the provider when you make a purchase or payment, the collection, use and protection of such information will be governed by the third-party processor’s privacy policy and applicable law.

Accountability

Any questions about GDTA’s collection, use and disclosure of personal information should be directed to the Privacy Officer. In cases where the question concerns an access request, individuals must follow the request process described above under: Access and Correction of Personal Information.