Created by Bonnie Bird, Peter Jedicke, Kim Hay

Approved by National Council 2004-03-06
Motion 04118

General Statement

Effective January 1, 2004, The Royal Astronomical Society of Canada is required to comply with federal legislation, governing the use, collection and disclosure of personal information in the course of our commercial activities. We have implemented a corporate Privacy Policy in order to do so. Our Privacy Policy addresses the collection, use and disclosure of personal information. Personal information is information about an identifiable individual and does not include information about corporations, partnerships, or other non-individuals. The personal information the RASC collects will depend on the service we provide to you.

The Royal Astronomical Society of Canada is committed to maintaining the accuracy, confidentiality, and security of our members' and customers' personal information.

The Royal Astronomical Society of Canada is following the Canadian Standards Association's Model Code for the Protection of Personal Information (CAN/CSA-Q830-96).

The Key articles of the Acts provisions are:

• organizations are required to seek the consent of individuals prior to collecting, using or disclosing their personal information; organizations must protect personal information with security safeguards appropriate to the sensitivity of the information; and
• individuals may access personal information about themselves held by an organization and have it corrected, if necessary.
• exemptions include journalistic, artistic or literary purposes.

We may collect, use and disclose personal information to respond to application for membership, to provide our services to you and/or to further the aims of the Royal Astronomical Society of Canada, which include the promotion and advancement of astronomy and allied sciences.

The Royal Astronomical Society of Canada ("RASC") is committed to maintaining the accuracy, confidentiality, and security of your personal information. As part of this commitment, the following Ten Privacy Principles govern our actions as they relate to the use of customer information. The principles have been built upon the values set by the Canadian Standards Association's Model Code for the Protection of Personal Information and Canada's Personal Information Protection and Electronic Documents Act.

Principle 1 - Accountability
Principle 2 - Identifying Purposes
Principle 3 - Consent
Principle 4 - Limiting Collection
Principle 5 - Limiting Use, Disclosure and Retention
Principle 6 - Accuracy
Principle 7 - Safeguarding Customer Information
Principle 8 - Openness
Principle 9 - Customer Access
Principle 10 - Handling Customer Complaints and Suggestions

Principle 1 - Accountability - Why we Collect Personal Information

The RASC is responsible for all Personal Information under its control and has designated a Privacy Officer who is accountable to the Executive for the RASC's compliance with this Privacy Policy, and its ten principles, as listed above.

The RASC, collects information from its members and customers to fulfill their expected obligation that the RASC has to them, and to ensure that the correct information is used to aid in the receiving and selling of saleable products and its membership and/or to further the aims of the RASC, which include the promotion and advancement of astronomy and allied sciences.

Who Sees the Data

The following individuals / committees see some or all of the membership and customer data: Executive Secretary , Membership and Publications Coordinator, MPA Computer Consultant, Estore Manager, National Executive, Webmaster, List Manager, Centre's executive (may be some or all of the Centre's Executive), the distributors (Canadian and US) responsible for mailings; and a mail-house (used for promotional mailings to non-members).

Personal and Customer information that is stored on the National Office is securely stored by passwords that are needed to access the MPA (Membership and Publication) database, and Estore Data. However, passwords are not required for data sent to the National Executive or Centres.

Principle 2 - Identifying Purposes - Types of Information Collected

At the RASC, we gather and use personal information to provide you with the member / customer services you have requested and/or to further the aims of the RASC, which include the promotion and advancement of astronomy and allied sciences. Providing us with your personal information is always your choice. Most of the information we collect comes to us directly from you, and only with your consent. For example, when you request products or enroll for a service online, by mail, by telephone, or in person, we will ask you to provide the information that enables us to complete your request or to provide you with better service. When you provide the information, it is presumed that you consent to the use of your personal information.

Personal Information (Including Membership & Sales)

Personal information is information that refers to you specifically. With your consent, we may gather personal information from you in person, over the telephone or by corresponding with you via mail, facsimile, or the Internet.

The RASC, collects information from its members and customers, to fulfill their expected obligation that the RASC has to them, to ensure that the correct information is used to aid in the mailing of publications to members and selling of saleable products to both members and non-members and/or to further the aims of the RASC, which include the promotion and advancement of astronomy and allied sciences.

The type of information we usually collect and maintain in your customer file may include your:

• Name/ Business Name
• Title
• Mailing Address
• Location Addresses
• E-mail Address
• Web Address
• Telephone Number
• Age

In addition, personal information related to our non-commercial activities may include your:

• membership history
• activities, interests, awards and participation details, including, but not limited to, information about your astronomical equipment, activities and accomplishments
• contributions to mailing lists, discussion forums, chats or other events, both offline and online

Anonymous/Non-Personal Information

The anonymous/non-personal information gathered from the RASC web site is used primarily for technical, research and analytical purposes like evaluating the various sections of the web site. This information does not include any personal information and it is only retained until its intended purpose is fulfilled.

When you visit the RASC web site or RASC Estore, information is not collected that could identify you. You are welcome to browse the Web site at any time anonymously and privately without revealing any personal information about yourself.

The choice to provide us with personal information is always yours. However, your decision to withhold particular details may limit our ability to provide you with some services.

If we are unable to accommodate your request based on the information that has been provided to us, we may ask for additional details in order to identify other ways to be of assistance.

Principle 3 - Consent

We are obliged to keep your personal information confidential except under the following special circumstances:

• When authorized by you
• When required by law
• When permitted by law

Personal information, such as name, address, phone, email and age, is collected and used with the individual's implied or explicit consent. Sensitive personal information (such as a credit card number) requires explicit consent (verbal, or written (email, estore, hard copy)).

The consent terms are implied when a person fills out an application form, either on paper, at the local level or on our Web Store website (http://www.store.rasc.ca), or when a person who is a member of the RASC participates in any activity of the RASC that is related to the goals of the RASC, including, but not limited to, meetings, public events organized by the RASC and/or its Centres, mailing lists, discussion forums, chats or other events, both offline and online, or any other activity where members may gather together, formally or informally, or any activity related to astronomy that a member pursues individually, whether in public or in private.

When Authorized by You

With respect to the matter of privacy, we use the personal information to respond to any application for our services and to provide our services to you, as well as in the following ways:

• to facilitate the provision of our services by sharing your information with our third party service providers such as our distributors who mail the Journal and Handbook to members and fulfill bulk orders.
• to investigate potentially fraudulent or questionable activities regarding the use of our services;

In addition we may also collect, use and disclose personal information when required or permitted by law.

In some cases, such as when you apply for membership or place an order over the telephone, your consent to the use and/or disclosure of your information will be obtained verbally. In other cases, your consent may be obtained in writing or electronically.

When Required by Law & Permitted by Law

The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances such as a legal proceeding or court order, we may also be required to disclose certain information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the request have legitimate grounds to do so.

Principle 4 - Limiting Collection and Retention of Personal Information

The personal information collected must be limited to those details necessary for the purposes identified by the RASC and/or to further the aims of the RASC, which include the promotion and advancement of astronomy and allied sciences.

The RASC will only collect, use, or disclose Personal Information that is necessary for the Identified Purposes (see "Why We Collect") or as required by law. If we require Personal Information for any other purpose, you will be notified of the new purpose, and subject to your consent, that new purpose will become an Identified Purpose. The RASC will only collect Personal Information by fair and lawful means. We will retain Personal Information only as long as necessary for the fulfillment of the Identified Purposes: Financial Information for 7 years, as per Accounting Practices, membership applications and other information related to astronomy, astronomical activities and the aims of the RASC, for as long as the RASC may from time to time determine is necessary. These are then shredded or deleted, as appropriate.

Information is collected by the Executive Secretary, Membership and Publications Coordinator, Centre Treasurers and/or Membership Coordinators, Estore, and other members in pursuit of the aims of the RASC, which include the promotion and advancement of astronomy and allied sciences.

Who Sees the Data

• The Master Membership data is seen by the following: Executive Secretary, Membership and Publications Coordinator , MPA Computer Consultant , National Executive, Webmaster and List Manager,
• Membership data pertaining to individual Centres is seen by the above plus some or all of the Centre's executive, but especially the Centre Treasurer and/or Membership Coordinator.
• Membership data pertaining to mailings to members is seen by the distributors (Canadian and US) plus the Executive Secretary and the MPA Computer Consultant if problems arise.
• Membership data pertaining to various activities of the RASC and its members may be seen by other members or the public.
• Membership data received on the Estore is seen by the Membership and Publications Coordinator, and may also be seen by the Executive Secretary as well as the Estore Manager.
• Membership data received on the GA program for the RASC Annual Meeting is seen by the GA Committee, and Program Manager; the information received is not of the whole membership database. The GA Committee changes yearly; information collected each year, is kept till the next year for emailing notice purposes.
• Non-member and subscriber data is seen by: Executive Secretary, Membership and Publications Coordinator, MPA Computer Consultant, National Executive, and a mail house when sending a promotional mailing.

Our Employees

In the course of daily operations, access to private, sensitive and confidential information is restricted to authorized employees (i.e. Executive Secretary and the Membership and Publications Coordinator) who have a legitimate business purpose and reason for accessing it. For example, when you call us, our designated employees will access your information to verify who you are and to assist you in fulfilling your requests.

As a condition of their employment, all employees of the RASC are required to abide by the privacy standards we have established. They are also required to work within the principles of ethical behaviour and must follow all applicable laws and regulations. Employees are informed about the importance of privacy and they are required to agree to a code of conduct that prohibits the disclosure of any customer information to unauthorized individuals or parties.

Unauthorized access to and/or disclosure of customer information by an employee of the RASC is strictly prohibited. All employees are expected to maintain the confidentiality of customer information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.

Outside Service Suppliers

At the RASC, we sometimes contract outside organizations to perform specialized services such the mailing/shipping of our publications. Our trusted service suppliers may at times be responsible for processing and handling some of the information we receive from you.

When we contract our suppliers to provide specialized services, they are given only the information necessary to perform those services. Additionally, they are prohibited from storing analyzing or using that information for purposes other than to carry out the service they have been contracted to provide. In fact, our suppliers are bound by strict contractual obligations that have been designed to protect the privacy and security of your information. Furthermore, as part of our contract agreements, our suppliers and their employees are required to protect your information in a manner that is consistent with the privacy policies and practices that we have established.

Publicity, Public Relations and Promotion

In pursuit of the aims of the RASC, which include the promotion and advancement of astronomy and allied sciences, members or employees or other authorized by members or employees of the RASC may discuss, reveal, present or otherwise disclose personal information related to the membership history, activities, interests, awards and participation details, including, but not limited to, information about members' astronomical equipment, opinions, intellectual property, activities and accomplishments, contributions to mailing lists, discussion forums, chats or other events, both offline and online, to other members or to the public, directly or through any communication medium.

Principle 5 - Limiting Use, Disclosure and Retention

Personal information may only be used or disclosed for the purpose for which it was collected unless you have otherwise consented, or when it is required or permitted by law. Personal information may only be retained for the period of time required to fulfill the purpose for which it was collected or as required by law.

This information is used for statistical analysis by the Executive, for use by Centre Executives and Centre Councils in the operation of the Centre, for security purposes by the Webmaster for Information restricted by the General Public, by the Society's List Keeper to maintain a closed list for members only, by the distributors for mailing purposes, and by the mail house for promotional mailing purposes.

Customer Files

Electronic customer files are kept in an environment with restricted access. Likewise hardcopy files are maintained with restricted access. Hard copy files of membership applications and customer orders are shredded after three years. Information relating to accounting is maintained for seven years as required by Revenue Canada. Other information related to astronomy, astronomical activities and the aims of the RASC, are maintained for as long as the RASC may from time to time determine is necessary.

Online Security

When you call our customer service centre you will be required to verify your identity by providing some personally identifying information.

Principle 6 - Accuracy

The RASC will maintain a member's or customer's' Personal Information as accurate, complete, and up-to-date as is necessary for the Identified Purposes.

Principle 7 - Safeguarding Customer Information

Personal information must be protected by security safeguards that are appropriate to the sensitivity level of the information.

What is Distributed and to Whom

Personal information is used:

• for statistical analysis by the Executive,
• for use by Centre Executives and Centre Councils in the operation of the Centre,
• for security purposes by the Webmaster for Information restricted by the General Public,
• by the Society's List Keeper to maintain a closed list for members only,
• by the distributors for mailing purposes,
• by the mail house for promotional mailing purposes, and
• for promotional, educational, scientific or other uses in pursuit of the aims of the RASC.

Principle 8 - Openness

The RASC will make information available to our members/customers concerning the policies and practices that apply to the management of their personal information.

Any member or Customer must contact the RASC National Office to have any information updated/corrected.

The RASC is responsible for all Personal Information under its control and has designated a Privacy Officer (National Secretary backed up by the Executive Secretary) who are accountable to the Executive for the RASC's compliance with this Privacy Policy.

Principle 9 - Customer Access

Upon request, a customer shall be informed of the existence, use and disclosure of their personal information, and shall be given access to it. Customers may verify the accuracy and completeness of their personal information, and may request that it be amended, if appropriate.

Accessing Your Information

You may access and verify any of your information by contacting the RASC, National Office at 136 Dupont Street, Toronto ON M5R 1V2. Phone: 416-924-7973 or outside of Toronto but within Canada: 1-888-924-7272.

Amending Your Information

To help us keep your personal information up-to-date, we encourage you to amend inaccuracies and make corrections as often as necessary. Despite our efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date information in your file(s), we will make the proper changes. Where appropriate, we will communicate these changes to other parties who may have unintentionally received incorrect information from us.

In each case, you will be required to verify your identity by providing some personally identifying information.

To update or change the information, please contact the Privacy Officer as indicated under Principle 10.

Principle 10 - Handling Customer Complaints and Suggestions

Customers may direct any questions or enquiries with respect to the privacy principles outlined above or about our practices by contacting:

Privacy Officer
Royal Astronomical Society of Canada
136 Dupont Street
Toronto ON M5R 1V2

416-924-7973 or 1-888-924-RASC (7272)

Before the RASC is able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will endeavor to respond within an appropriate timeframe. Specifically we will:

• We will record the date a complaint is received and the nature of the complaint (e.g. delays in responding to a request, incomplete or inaccurate responses, or improper collection, use, disclosure or retention).
• Acknowledge receipt of the complaint promptly.
• Contact the individual to clarify the complaint, if necessary.
• Assign the investigation to a person with the skills necessary to conduct it fairly and impartially.
• Give the investigator access to all relevant records, employees or others, who handled the personal information or access request.
• Notify individuals of the outcome of investigations clearly and promptly, informing them of any relevant steps taken.
• Correct any inaccurate personal information or modify policies and procedures based on the outcome of complaints

If you do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you should then contact the Privacy Commissioner's Office at:

http://www.privcom.gc.ca/ or

Privacy Commissioner of Canada
112 Kent Street
Ottawa, ON K1A 1H3

who will then serve as a liaison with the RASC to resolve your concerns.

Updating this Privacy Policy

Any changes to our privacy policy and information handling practices will be acknowledged in this policy in a timely manner. We may add, modify or remove portions of this policy when we feel it is appropriate to do so. You may determine when this policy was last updated by referring to the modification date found at the bottom of this privacy policy.