RDR Learning Hub

BUILDING INCLUSIVE PRACTICES AND DEVELOPING ANTI-RACIST ANTI-OPPRESSIVE DIVERSITY EQUITY AND INCLUSION (BIPD ARAO-DEI) PROGRAM

RDR collects information, including personal and confidential information in accordance with the Freedom of Information and Protection of Privacy Act.

The purpose of collecting this information is to enhance the ways we deliver our programs and services.

Confidential Information is personal information per the Freedom of Information and Protection of Privacy Act (FIPPA) and personal health information as defined in the Personal Health Information Protection Act, 2004 (PHIPA).

This confidential information includes clients’ records, employees’ records, stakeholders' and financial information.

The RDR employees need access to personal and confidential information to perform their duties.  In some situations, it will be necessary for the RDR’s employees and stakeholders to access personal information in its original format to carry out their employment duties where anonymized personal information is not available or its use would unduly burden the performance of employment duties.

However, RDR strives to protect confidential information and limit the use of confidential information. RDR’s employees are encouraged to seek their supervisor's approval whenever using personal information is necessary to carry out employment duties before accessing it.

Noting that the non-RDR employee shall seek written approval and description, and purpose of requesting to access personal information.

A. What Personal Information Do We Collect?

 RDR collects personal information such as emails, addresses, phone numbers, age range, and income range whenever individuals communicate with us, apply directly to us, or fill out our forms to access the RDR’s resources.  

We also collect personal information from a third party whenever the individual provides consent.

We collect personal information for the following reasons:

● to communicate

● to audit and assess our programs and services;

● to create records for internal purposes.

B. WHO HAS ACCESS TO THE  RECORDS OF PERSONAL INFORMATION?

The RDR team has access to the user's personal information and utilizes it to perform their duties.  Note that the RDR team handles and uses the information required by utilising guidelines and practices for handling confidential information.  

We also disclose the information to our funders and stakeholders.

THE PERSONAL INFORMATION SHARED WITH OUR FUNDERS AND  STAKEHOLDERS INCLUDES: 

● Demographic information

● Registration information such as email, address and phone number

● Financial information such as honorarium.

● Accommodation information

● Our funders requested information.

● Statistics Canada: The Statistics Act provides the legal authority for Statistics Canada to obtain access to confidential information for statistical purposes.

The link to the Freedom of Information and Protection of Privacy Act : https://www.ontario.ca/laws/statute/90f31

We automatically collect information each time a user collects visits and uses our website using a cookie.

C. Cookie policy:

Cookies are small texts that are stored on the browser on the device whenever the user visits a web page.

There are two types of cookies- A "session cookie," which stores temporary information and  A "persistent cookie," which stores the information until you delete it and recognize the users whenever they  return to the website. 

RDR uses essential,  performance, customized, and advertising cookies to collect the information:

● Essential cookies enable the website user to fully experience the functionality of the RDR website and access the RDR services and materials.

● Performance cookies help the RDR team to understand how the website is being used and inform the RDR team on future improvement.

● Customized cookies allow RDR’s site to recognize the user’s preferences and therefore help the RDR to customize the users' experience.

● Advertising cookies allow the RDR team to deliver advertising content relevant to the user and are used to track the  programs' progress and also to understand the ads' effectiveness.
Note that the data collected through cookies are kept for a relatively short time and stored in an anonymized state or in accordance with Privacy Policy.

Please note that you can choose whether to accept, refuse or delete the cookies.

D. HOW DO WE USE E-MAIL AND OTHER ELECTRONIC ADDRESSES?

RDR complies with Canadian Anti-Spam Legislation.

RDR is committed to providing transparency to the organization’s electronic communication compliance with Canada’s Anti-Spam Legislation (CASL). Read more about CASL :https://fightspam-combattrelepourriel.ised-isde.canada.ca/site/canada-anti-spam-legislation/en

E. WHAT CAN YOU DO IF YOU NO LONGER WISH TO RECEIVE COMMUNICATION FROM RDR?

At RDR, we take the issues of privacy and respect for everyone seriously, and you may choose to unsubscribe and subscribe from the RDR communication list.  Please note that as long as you subscribe to the RDR communication list, you will continue to receive emails from RDR.

However, if you are receiving emails or communications that you seek to seize, please get in touch with us: We will remove you from our list within ten (10) business days.

Any electronic communication sent by RDR is governed by the rules, policies and standards procedures that are in accordance with the laws established by CASL and is enforced by the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Privacy Commissioner of Canada.

CRTC link : https://crtc.gc.ca/eng/home-accueil.htm

 Competition Act: https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/home

Privacy Commissioner https://www.priv.gc.ca/en/

F. RDR takes several initiatives to compile with the CALS.:

● Express consent agreement: Express consent means that the recipient of  RDR services and communication said “yes” (opted-in) to receiving the RDR content.

● Implied consent: RDR may infer your implied consent if the RDR has an existing relationship with the recipient.

● Periodically asked to provide updates on your consent and email address.

● Providing subscribe and unsubscribing options.

● Ask the users to provide contact information

G. IS AN ELECTRONIC MESSAGE EXEMPT UNDER CASL? The following conditions makes certain communication exempt under CASL

● As a recipient, you have a personal relationship with the RDR team member who contacted you.

● You have a family or business relationship with the RDR.

● RDR sends you a message in response to your request.

● RDR might send communications to the user in order to reinforce a legal obligation

In the above circumstances, RDR does not require  the recipient to give consent to be able to receive a particular message.

H. SOCIAL MEDIA

The RDR team may contact you through social media if you are connected through social networks and unless you choose to unsubscribe.

Non-authorization use of information

RDR takes the issues of privacy and confidential information seriously, and any RDR employee and contractor should abide by and adhere to these principles; any violations will result in legal and financial consequences, including but not limited to the termination of employment.

I. Data Protection

RDR has put into place a mechanism to ensure that the personal and confidential information in a secure manner such that this information shall not be stored on the personal device. RDR is committed to protecting the security and privacy of Confidential Information entrusted to it by its members, community, employees and stakeholders throughout the RDR services and programs.

Herein :

● RDR’s Confidential information, hosted by a third-party service provider, shall be stored in accordance with the established rules and regulations governed by the privacy and confidentiality provisions and laws.

● Any breach of the confidential information shall be subject to termination of the contract and legal consequences. .

● In some cases,  RDR might be compelled to provide personal information to third parties. In such cases, RDR will seek remedies that compile with the law but also uphold the confidentiality and privacy of the individuals.

● RDR will keep the information for a period of time, and personal information that RDR will no longer be required to perform the duties shall be destroyed by RDR  unless permitted by the law not to destroy.

J. TRANSMISSION

RDR materials, communication and personal information shall be transmitted securely to the authorized stakeholders.

K. DISPOSAL

● RDR team and external holders shall delete and destroy the non-physical information whenever this information is no longer required.

● The RDR team who resigns their duties shall provide all confidential information in their custody to the RDR management team so that the leadership team can secure or destroy the confidential information.

● Any confidential information stored on the IT equipment shall be deleted before the device is destroyed.

L. DATA ACCESS

● RDR has established a mechanism to ensure that only authorized personnel can access Confidential Information.  Non- authorized employees shall ask the management team to access the confidential information in the read-only format, and non shall copy or redistribute without the RDR consent.

● External parties should seek written approval from the Freedom of Information & Privacy Office to access the RDR's personal and confidential information.

M. DATA AUDIT

● RDR  has a system that maintains the trail of who and when the confidential information was created and accessed.  This audit trail is created and maintained to provide evidence about when Confidential Information is accessed, by whom and from where.

N. CONFIDENTIALITY AGREEMENT

● RDR’s team and its external consultant shall sign the confidentiality agreement before commencing any activity that entails the use of and access to personal information.

O. DATA BREACH

● The RDR team shall ensure that it reports any confidential information accessed by non-authorized personnel.

● RDR will take necessary legal and internal remedies to address the data breach.