1. Accountability: We are responsible for all personal information under our control and will designate one or more individuals who will be accountable for the organization’s compliance with these policies and procedures.
2. Identifying Purposes: We will identify the purposes for which we collect personal information at or before the time the information is collected.
3. Consent: We will obtain the appropriate consent from individuals for the collection, use, or disclosure of their personal information, except where the law provides an exemption.
4. Limiting Collection: The personal information we collect will be limited to that which is necessary for the purposes we have identified.
5. Limiting Use, Disclosure, and Retention: Personal information will not be used or disclosed for purposes other than those for which is was collected, except with the consent of the individual or as required by law. We will only retain personal information as long as necessary for the fulfillment of those purposes and our other legal and accounting obligations.
6. Accuracy: The personal information we collect will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
7. Safeguards: We will safeguard the security of personal information under our control in a manner that is appropriate to the sensitivity of the information.
8. Openness: We will make available to individuals specific information about our policies and procedures relating to the management of personal information which is under our control.
9. Individual Access: Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information which is under our control.
10. Challenging Compliance: An individual may address a challenge concerning compliance with the above policies and procedures to our Privacy Officer.