The Manitoba Museum (the Museum/TMM) is committed to protecting the privacy of the personal information of its volunteers, members, visitors, customers, donors, and other supporters (hereafter known as Supporters), and employees entrusted to us. The Museum values the trust of those we deal with, and of the public, and recognizes that maintaining this trust requires that TMM be transparent and accountable in how we treat the information that people choose to share with us. The Privacy Officer for the Museum is the Director of Human Resources (HR).
This operational procedure describes how TMM collects, uses, shares, and discloses the personal information of its Supporters and employees. This procedure applies to the Museum and to any other person providing services on our behalf. A copy of this procedure will be provided upon request.
The Museum complies with the requirements of the Personal Information Protection Act, Personal Information Protection and Electronic Documents Act (Canada), and we uphold the principles of the Donor Bill of Rights developed by the Association of Fundraising Professionals as applicable. The Museum is Payment Card Industry compliant.
2. PERSONAL INFORMATION
During the course of regular activities, TMM gathers and uses personal information. This information will be carefully guarded and any use of their information is subject to consent.
Personal information is any information that can be used to identify or contact a specific individual. There are exceptions with business contact information and certain publicly available information, such as names, addresses, and telephone numbers as published in telephone directories or online that are not considered personal information. The Museum’s Supporters and employees who use their personal contact information as business contact information, will be considered as providing business contact information, and are not therefore subject to protection as personal information.
Personal information is collected when a Supporter supplies it to us voluntarily; e.g. by purchasing tickets to an exhibition, becoming a member, registering for a program, donating, engaging with us on social media, entering a contest, subscribing to our e-newsletter, joining TMM as an employee, or enlisting as a volunteer.
The following are examples of the personal information that TMM collects from Supporters and employees:
a) contact information (including salutation, name, professional title, home and business address, phone number and email address);
b) the type of Museum membership purchased and the contact information for the primary and secondary cardholder for the membership;
c) the number and type of tickets purchased, including whether tickets were purchased for a specific attraction or special exhibition;
d) payment information (such as credit card number, expiry date and 3-digit CVV/CVC);
e) visiting history and program participation;
f) detailed medical information about participants in our camps and children’s programs;
g) value of any donation, sponsorship, grant, and membership dues;
h) volunteer status (active or inactive);
i) age or birth date, gender, marital or family status;
j) education; and
k) visual images such as photographs of employees, volunteers, program and event participants.
In addition to the above-specified personal information, the Museum collects images of visitors to TMM, which are taken by our security cameras.
The Museum does not disclose Supporter’s personal information without consent. The Museum abides by the following practices when collecting, maintaining, and using personal information.
To better understand our visitors and to improve the visitor experience on our website, the Museum’s website collects data using services including Google Analytics; no personal information is collected through these tools that would allow TMM to identify individuals. For more information about Google Analytics, please visit: www.google.com/policies/privacy/partners/. We also collect information about email open rates and click-through rates to determine whether TMM’s electronic communications are effective.
When individuals visit TMM’s website, we may store some data on their computer in the form of a “cookie”. A “cookie” is a small piece of text that a website places in the cookie file of a browser that allows our website to recognize their personal computer the next time they visit. Cookies by themselves do not tell us their email address or otherwise identify them personally. Cookies cannot be used to run programs or deliver viruses to their computer. Their web browser can be set to accept or reject cookies. Please note that disabling or deactivating cookies may result in a reduced availability of the functionality of our website or parts of our website may no longer function correctly.
The Museum may use third parties to collect data from our website anonymously for marketing purposes, e.g. advertisements. Users of our website will not be personally identified through this data and TMM does not see any data or contact information on an individual level. These third parties may include, but are not be limited to, Facebook and/or Twitter. Supporters and employees may tailor their privacy settings to limit the collection of personal information.
Children under the Age of 13
The Museum does not knowingly collect any personal information from children under the age of 13. If a parent or guardian learns that their child under the age of 13 has provided TMM with personal information without their consent, the parent or guardian should immediately contact our Privacy Officer (Director of HR), [email protected], 204-988-0667 and we will remove this personal information from our database.
3. PURPOSE OF PERSONAL INFORMATION COLLECTION
The Museum’s purpose for collecting personal information is to:
a) create a record of the Supporter’s involvement with TMM;
b) administer employee records to fulfill legal requirements and provide employee benefits and services;
c) keep Supporters and employees informed about and enhance our products, events and services offers, fundraising projects, other special initiatives, or employment and volunteer opportunities;
d) process admission, memberships, donations, sponsorships, grants, program registrations, rentals, tickets, and purchases;
e) include donor information with our collections (artifacts and specimens) to provide provenience and historical or scientific context for catalogue records;
f) communicate with visitors about their experience at TMM, or to plan and evaluate the Museum’s programs and events;
g) contact Supporters and employees to determine their interest in becoming members of TMM;
h) contact Supporters and employees to determine their interest in purchasing tickets to a fundraising event and completing any ticket purchases and related registrations;
i) contacting Supporters in connection with opportunities to become a volunteer with TMM and enrolling any interested individuals as volunteers;
j) invite volunteers to training sessions, recognition events and for volunteers’ scheduling purposes;
k) maintain a robust database of current and past members of the Museum;
l) any other reasonable purpose to which the Supporter provides consent.
A Supporter may opt out of receiving communications from us by contacting our Director of HR.
4. PROCESS OF PERSONAL INFORMATION COLLECTION
Collection of personal information may only take place for an authorized purpose, including those stated above and with proper notification. The Museum shall collect personal information about an individual only for a necessary purpose that is connected with an authorized function or activity of TMM.
Whenever possible, TMM shall collect personal information directly from the individual that it is about, either verbally or in writing. If the information is collected verbally, it must be recorded by the person who is taking the information.
Personal information shall be collected in a manner and location that ensures the security and confidentiality of such information, to the extent that it is reasonable to do so.
When personal information is collected directly, TMM shall notify the individual of the purpose for collection and with whom the information may be shared.
The Museum shall collect only as much personal information as is reasonably necessary to accomplish the purpose for which the information is collected.
5. USE AND DISCLOSURE OF PERSONAL INFORMATION
All personal information shared by TMM’s Supporters and employees with any department or division of the Museum is regarded as personal information shared with TMM as an organization for the Museum’s use as detailed above. The following statement will be incorporated into Museum forms (electronic and hard copy) for Supporters’ consent:
5.1 Museum’s Operational Use and Disclosure – Use and Disclosure of personal information by TMM:
a) are limited to the least amount that is necessary to accomplish an authorized purpose;
b) are limited to the fewest employees possible, that is, to only those who need it to accomplish an authorized purpose;
c) are only used or disclosed for the purpose for which it was collected, or for a closely related purpose or for certain other purposes allowed under PIPEDA;
d) shall be only in the discharge of work responsibilities and duties, and based on the need to know. This applies to all people (employees and volunteers) associated with TMM;
e) for a different purpose than for which it was collected is only undertaken with consent from the individual the information is about, or from someone who is authorized to act on behalf of the individual.
In order to provide a safe environment for visitors to TMM, as well as for the artifacts, specimens, dioramas, and exhibitry that we are entrusted to house, the Museum has installed security cameras throughout TMM. We use the footage from these cameras for security, damage, and loss prevention purposes and in connection with incident investigations. In addition, we may share this footage with law enforcement in connection with a criminal investigation.
5.2 Law Enforcement Disclosure:
a) Personal information collected and maintained by TMM shall only be disclosed to the Winnipeg Police Service, or other law enforcement agency;
b) Requests for access to personal information by law enforcement or security services, including surveillance camera recordings not relating to criminal investigations, are required to be processed as a formal access request facilitated by the Privacy Officer;
5.3 Disclosure to Third-Party Vendors – In some circumstances, TMM uses third-party vendors for services that would not be practical or cost-effective for us to perform ourselves. Some of the services that TMM retains a third vendor to perform include but are not limited to:
- credit card processing
- database analysis
- tele-fundraising programs
- updating our database
- mass mailings
The Museum does not sell or rent its list of Supporters and employees to any organization.
An individual’s consent is required regarding the collection and proposed use of personal information when information is collected. Consent can be either expressed orally, electronically, in writing, or implied and can be provided directly by the individual or by an authorized representative. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction. An individual’s consent is required before confidential information is released to outside parties.
“An individual is deemed to consent to the collection, use or disclosure of personal information about the individual by an organization for a particular purpose if:
a) the individual, without actually giving the consent referred to in subsection (1), voluntarily provides the information to the organization for that purpose; and
b) it is reasonable that a person would voluntarily provide that information.” The Personal Information Protection Act (Manitoba).
6.1 Implied Consent – Implied consent is consent that is inferred from signs, actions, or facts, or by inaction or silence. It is an unwritten consent to disclose confidential information because it is required by the professional relationship (e.g. disclosure to employees) or because the matter requires it (e.g. disclosure in pleadings and other documents filed with the court).
Implied consent differs from express consent, which is communicated by the spoken or written word. When a Supporter provides personal information to TMM, they are consenting to the Museum’s collection, use and disclosure of their personal information in accordance with this Privacy Procedure. A Supporter is able to refuse or withdraw their consent to the collection, use or disclosure of their personal information at any time by contacting our Director of HR. We will act on such requests promptly.
7. PROTECTION OF PERSONAL INFORMATION
Personal information shall be protected by TMM during its collection, access, use, disclosure, retention, storage, transportation, transmission, transfer, and during its destruction.
All TMM employees and volunteers are responsible for protecting personal information that is collected, heard, handled, viewed, or processed in the discharge of their duties and responsibilities with the Museum.
All TMM employees and volunteers who are dealing with personal information in any manner shall take all reasonable precautions to protect the personal information from fire, theft, vandalism, deterioration, accidental destruction or loss, and any other hazards.
Reasonable administrative, technical, and physical safeguards shall be taken by TMM to ensure the confidentiality, integrity, and security of personal information, and to prevent the unauthorized collection, access, use, disclosure, transport, transmission, transfer, and destruction of personal information.
a) Administrative safeguards include, but are not limited to, training, contracts containing appropriate protective clauses, security clearances, designated and restricted access to certain records, offices or areas, and sanctions.
b) Electronic safeguards include, but are not limited to, the use of passwords, defined and restricted electronic access, encryption, and firewalls.
c) Physical security safeguards include, but are not limited to, locked offices, locked filing cabinets, lock-boxes, and other barriers separating the personal information from those who do not need, and should not have, access to the information.
To protect the privacy of personal Information, TMM employees and volunteers should not discuss others’ personal information (in their absence) in the presence of those who are not entitled to such information. Personal information should not be discussed in public places such as staff lunchroom, volunteer lounge, elevators, lobbies, hallways, classrooms, and unsecured or open offices.
Personal information stored in electronic form on a fixed computer server or terminal shall be properly secured from unauthorized access. Personal information stored on electronic media and mobile devices shall be kept in a secured place at all times and shall be used only by authorized personnel having access to a protected system.
Personal information can only be removed from Museum premises/systems for an authorized and approved purpose.
If authorized to remove personal information from Museum premises, security precautions must be taken, including the following:
a) all personal information moved from a secure location shall be recorded in a tracking system;
b) only the least possible personal information necessary to accomplish the task may be removed, and
c) personal information should be secured according to these procedures.
8. RETENTION AND DISPOSAL OF PERSONAL INFORMATION
The Museum retains personal information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws.
When personal information is no longer:
a) necessary or relevant for the identified purposes;
b) required to be retained by applicable laws, or
c) required to enable TMM to maintain a robust database of current and past members of the Museum, TMM will take steps to have such personal information deleted, destroyed, erased, aggregated, or made anonymous.
The Museum uses reasonable business practices to ensure that we have appropriate processes relating to information security and policies with respect to records retention and destruction with respect to all personal information under our control.
All personal information collected or maintained by TMM will be retained only as long as reasonably required for authorized purposes. Personal information will be maintained in a secure environment and will be protected by administrative, technical, physical, and electronic safeguards that are appropriate to the sensitivity of the information.
The retention and destruction schedules for personal information are outlined in TMM’s Records Management Procedure. Control procedures will be used to segregate confidential information from non-confidential information. Confidential information will be disposed of by secure shredding or another confidential method of destruction.
The Museum takes reasonable steps to ensure that personal information that it maintains about Supporters and employees is accurate, complete, and up to date. If a Supporter becomes aware that any personal information under our control about them is not correct, they should contact our Director of HR.
9.1 Correction of Information – TMM shall ensure the right of individuals to request, and make corrections to their personal information. All requests for correction must be in writing. The request must include the following information:
c) email address
d) phone numbers
e) correction requested
f) signature, and
g) date of signing
When an individual makes a written request for correction of their personal information, TMM shall review the record and if the existing information is inaccurate or incomplete, make the correction. The written request shall be placed in the file and form part of the file. Verbal requests will be accepted when the individuals’ identity is fully verified by TMM. If the Museum employee is unsure or unable to make the correction, they shall direct the individual making the request to the Director of HR for resolution.
The Museum shall notify, where practicable, any other organization or Third-Party to whom the personal information has been disclosed within the past year that the correction was made or the request for correction has been added to the record.
No fees are charged for the correction of personal information.
Supporters and employees are entitled to a copy of the personal information that TMM has under our control about them; if they would like a copy of such information, they are required to contact the Director of HR.
The Museum will take reasonable steps to verify their identity before granting access or making corrections. In addition, their right to access or correct their personal information is subject to certain legal restrictions.
11. BREACH OF PRIVACY
A breach of privacy occurs when personal information is collected, accessed, used, disclosed, transported, transmitted, transferred or destroyed other than as authorized, or when the accuracy, confidentiality or integrity of the information is compromised. Breaches may include, but are not limited to, the viewing of confidential information by unauthorized individuals, the access, theft or loss of Museum records, and the unauthorized destruction of such information by deliberate means or by human or natural accident.
Any TMM employee or volunteer, who becomes aware of a possible or actual breach of privacy, shall immediately report the possible or actual breach of privacy to the Director of HR, who shall take immediate steps to contain the Breach.
The Director of HR shall report the possible or actual breach of privacy to the Chief Executive Officer (CEO).
All breaches of privacy will be investigated by the Director of HR.
The Director of HR will make recommendations for immediate and long-term corrective measures as necessary to protect the confidentiality, integrity and security of all personal information.
If it is determined that a breach of privacy has occurred, appropriate remedial action shall be taken by TMM. Such action may include disciplinary action, which will be implemented pursuant to and in accordance with the relevant collective agreement and Museum policies.
The Privacy Officer will act as a resource for all employees or volunteers of TMM regarding appropriate action to be taken following a breach of privacy.
If a Supporter has any questions about our privacy or security practices, if they would like to request access to or correction of their personal information, or if they would like to opt out of receiving communications from the Museum in the future, they should please contact our Privacy Officer by mail, telephone or email:
The Manitoba Museum
Attention: Director of Human Resources & Privacy Officer
190 Rupert Avenue
Winnipeg, MB R3B 0N2
CHANGES TO THIS POLICY
We may revise our privacy procedure from time to time. All Supporters and employees should review our privacy procedure periodically so that they keep up-to-date on our most current practices. We will note the effective date at the end of each version of our privacy procedure.
APPENDIX: COMPLIANCE WITH 10 PIPEDA GOVERNING PRINCIPLES
We will respect and protect the privacy of our donors’, customers’, and members’ personal information by ensuring compliance with the following ten PIPEDA governing principles. It should be noted that though PIPEDA does not apply to employees’ and volunteers’ information, TMM has chosen to be guided by PIPEDA’s governing principles in its handling of such information.
- The Privacy Officer (Director of HR) has the responsibility to ensure that all governing principles are followed with respect to members’, donors’, customers’, employees’, and volunteers’ personal information.
- The Director of HR will train Museum staff and keep them informed, so that they:
- can either respond to inquiries about TMM’s privacy policies and practices themselves or refer inquirers to the Privacy Officer or another authorized representative;
- can explain TMM’s purposes for collecting personal information;
- understand TMM’s policy and procedures on consent and can obtain consent as appropriate;
- explain to volunteers, members, donors, and customers when and how they may withdraw consent and what consequences if any may come of such withdrawal;
- can recognize and process requests for access to personal information;
- can refer complaints about privacy matters to the Director of HR; and
- are up to date on TMM’s ongoing activities and new initiatives relating to the protection of personal information.
- The Director of HR, in conjunction with other Museum departments, will develop and implement a system to monitor TMM’s compliance with PIPEDA with respect to information collected in the process of conducting commercial activities on an ongoing basis, and will keep Museum employees informed of new privacy issues raised by technological changes, internal reviews, public complaints, and decisions of the courts.
- We will verify that third-parties have privacy controls stated in any contractual agreements, and have implemented them accordingly.
2. Identifying purpose
- When collecting personal information from members, donors, customers, employees, and volunteers we will ensure that the purpose for collecting this information is clear, reasonable, and limited to only the information required.
- We will seek informed consent from members, donors, customers, employees, and volunteers for the collection of their personal information as required, by advising of the purposes for which their personal information will be used or disclosed.
- Individuals may withdraw their consent at any time, subject to legal or contractual restrictions and reasonable notice.
- Through the establishment of clear policies, procedures and training, we will ensure that all employees who collect personal information understand the process and can implement the procedures consistently.
4. Limiting collection
- We will collect the minimum information necessary for the identified purposes;
- Staff will be trained to understand and respect limitations on collecting personal information.
5. Limiting use, disclosure and retention
- We will ensure not to use or disclose the personal information of members, donors, customers, employees, or volunteers for purposes beyond those for which it was collected, except with the consent of the individual or as required by law. Any new purpose that is conceived after the collection of personal information will be documented and we will seek consent.
- We will take measures to ensure that the personal information collected from members, donors, customers, employees, and volunteers is accurate, complete and up-to-date and only being used for the purpose(s) for which it was collected.
- We will use the appropriate level of protection through physical, technical, and administrative safeguards to protect employee, volunteer, visitors, customers, donors and members’ personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification.
- The Director of HR will train staff so that all who collect personal information will be aware of the importance of maintaining the confidentiality of personal information, including during the process of disposal or destruction of information.
- Access to personal information will be on a “need to know basis” as required to perform defined job functions. Only those authorized to access and handle employee, volunteer, visitors, customers, donors and members’ personal information held by TMM will be allowed to do so.
- Employees will be subject to “Code of Ethics/Confidentiality Agreement.”
- We will implement and adhere to information security policies and procedure, including appropriate safeguards for all uses of personal information while teleworking outside of the office.
- Personal information will be transmitted through secure means.
- The Director of HR, will address questions or complaints from members, donors, customers, employees, and volunteers regarding the handling of their personal information.
9. Individual access
- On request, information will be provided at minimal to no cost to members, donors, customers, employees, and volunteers, and in a format, which is legible and will provide an explanation of abbreviations or codes.
- When the accuracy of personal information is challenged, we will amend the information when a member, donor, customer, employee, or volunteer demonstrates that it is inaccurate or incomplete.
10. Challenging compliance
- The Director of HR will investigate all complaints received from members, donors, customers, employees, and volunteers regarding the handling of their personal information.
- When complaints are substantiated the Director of HR will ensure that TMM’s actions are modified to minimize the likelihood of a reoccurrence.