Personal Information Protection Policy
The Graduate Student Society of UBC Vancouver (“Society”) is committed to meet its obligations under PIPA.
We will make a reasonable effort to ensure the accuracy, confidentiality, and security of personal information, and allow individuals to request access to, and correction of, their personal information.
- “personal contact information” includes an individual’s
- e-mail address,
- phone number,
- mailing address, and
- residential address;
- “personal identification information” includes an individual’s
- first name,
- last name,
- marital status,
- employment information,
- social insurance number, and
- demographic information;
- “subsidiaries” means constituencies, affiliate organizations, committees, departments, services, groups, offices, programs, and businesses of the Society;
- “UBC-affiliated information” includes an individual’s
- UBC student number,
- campus-wide login,
- year of study,
- credits related to study, and
- faculty, program, or department of study;
- “University of British Columbia Graduate Student Society Vancouver” means the society registered under the British Columbia Societies Act (“the Society” or “GSS” or “we”).
- business contact information;
- certain publicly available information listed in section 3(2) of PIPA; and
- personal information not subject to the requirements of PIPA.
We will obtain consent on or before the collection, use and disclosure of personal information except where PIPA authorizes otherwise.
We will inform an individual verbally or in writing, on or before collecting their personal information, of the purposes of collection. Upon request, we will provide the individual with the contact information of our Privacy Officer.
We may obtain consent explicitly, such as orally, in writing, or electronically; or implicitly by providing the individual with a notice and a reasonable opportunity to decline.
We will stop collecting, using or disclosing the personal information upon notice of withdrawal of consent unless the collection, use or disclosure is permitted without consent under PIPA.
An individual cannot withdraw consent if legally bound, or if doing so would frustrate the performance of a legal obligation of the Society.
Types of Information
We may collect, use and disclose the following types of personal information including but not limited to
- personal contact information;
- UBC-affiliated information;
- personal identification information;
- memberships in the Society’s clubs, affiliate organizations or subsidiaries;
- information provided for Society-sanctioned services or events;
- information obtained through Society initiated surveys;
- employment-related information; and
- financial information related to purchases of the Society’s services and products.
Purpose of Collection, Use and Disclosure
We will collect, use and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances.
We may collect, use, and disclose personal information for purposes not limited to
- authenticating identity;
- maintaining accurate membership records;
- communicating with users of the programs, services, initiatives, and products of the Society and its subsidiaries;
- processing any Society-affiliated promotions, awards or discounts;
- providing, administering, and improving the services, resources, programs, events, and products of the Society and its subsidiaries;
- planning, delivering, and evaluating programs, products, and services of the Society and its subsidiaries, and in association with third parties;
- conducting elections, petition campaigns, and surveys;
- processing, documenting, and handling service issues or complaints;
- processing, documenting, and handling billing, payment, or reimbursement;
- implementing, enforcing, and monitoring compliance with the bylaws, policies, procedures, agreements, and decisions of the Society and its subsidiaries;
- complying with legal and regulatory requirements;
- protecting the Society and its subsidiaries against fraud and error; and
- safeguarding the business interests of the Society and its subsidiaries.
We will not collect, use or disclose personal information beyond what is necessary for the purposes defined in Policy 18.7.2.
Subject to Policy 18.8.2, we will collect, use and disclose personal information about an individual only for the purposes consented to by the individual.
We may collect, use or disclose personal information about an individual without notice or consent as permitted under PIPA.
Access to Personal Information
Where requested by an individual, we will provide them with information about the Society’s policies, practices and processes respecting personal information.
Subject to Policy 18.9.3, upon request, we will provide an individual with
- their personal information under the control of the Society and its subsidiaries,
- information about the ways in which the Society has been and are using the personal information, and
- the names of individuals and organizations to whom their personal information has been disclosed to.
The Society may refuse to provide an individual with their personal information where such refusal is authorized under PIPA.
Where an access to information request is refused, the Society will
- notify the individual in writing the details of the refusal,
- provide the individual with information of our Privacy Officer, and
- internally document the reason for refusal.
Accuracy and Retention of Personal Information
The Society will make a reasonable effort to ensure that personal information collected, used and disclosed by or on our behalf is accurate and complete.
Subject to Policy 18.10.3, the Society will destroy all documents containing personal information or the means by which such information can be associated to an individual as soon as it is reasonable to assume that the purpose for which that information was collected is no longer being served and the retention is no longer necessary for business or legal purposes.
Where we use an individual’s personal information to make a decision that directly affects the individual, we will retain that information for at least one calendar year since the date of use to ensure the individual has a reasonable opportunity to obtain access to it.
Correction of Personal Information
Where requested by an individual, the Society will
- correct an individual’s personal information under our control, and
- send the corrected personal information to every third party to which the personal information was disclosed if it is satisfied on reasonable grounds that the request should be implemented.
Where we are not satisfied on reasonable grounds that the request should be implemented, we will annotate the personal information with the requested correction that was not made.
We will make every reasonable effort to assist an individual in accessing or correcting their personal information and to respond to them as accurately and completely as reasonably possible.
Requesting Access or Correction
An individual must make a written request, consistent with the Society’s request procedures, to access or correct their personal information under our control. The written request must include
- the individual’s contact information, and
- sufficient detail to enable us to identify the personal information or correction being sought.
Where a request for access or correction is made by an individual, we will generally fulfil the request within 30 days of receiving it. We will provide written notice to the individual where additional time is required to fulfil the request.
Where we are unable to provide the requested personal information that an individual has the right of access to under PIPA, we will provide the individual with a reasonable opportunity to examine such information.
We may share personal information with third parties for the purposes outlined in Policy
Personal information may be processed and stored in foreign jurisdictions with different privacy laws, and the government or regulatory agencies in those jurisdictions may be able to obtain disclosure of that personal information.
Where we disclose personal information third parties, we will take reasonable measures, through contractual or other means, to ensure that
- a comparable level of protection is implemented by such parties, and
- personal information is returned or destroyed once the purpose for which it was provided has been fulfilled.
Protection of Personal Information
Taking into account the volume and sensitivity of the personal information, we will ensure that personal information is secure by implementing reasonable physical, organizational, and technological security safeguards to prevent against loss, theft and unauthorized access, disclosure, copying, use, modification or similar risks to personal information.
In the case of a privacy breach, we will take reasonable measures for the protection of personal information. We will notify the affected individuals of the breach within a reasonable time.
Where requested by an individual, we will provide them with our complaints procedure.
All inquiries, questions, and complaints regarding personal information should be directed to our Privacy Officer.