Immanuel Christian Reformed Church Privacy Policy

Last Revised: Sept 16, 2019


Immanuel Christian Reformed Church (“ICRC”) is committed to respecting the privacy of member¹ and participant² personal information that is collected and maintained for ministry activities in compliance with British Columbia’s Personal Information Protection Act (“PIPA”). The following privacy policy (the “Policy”) has been created to demonstrate our commitment to the principles outlined in PIPA.

All directors, officers, employees and volunteers of ICRC and persons or organizations who act for, or on behalf of, ICRC are required to comply with the Policy.


This Policy covers the treatment of personal information collected from members and participants and outlines the purposes behind the collection and use of personal information. It also outlines policies concerning the collection, use, distribution and retention of this information as well as policies for addressing any concerns or complaints. Requests to add, change or delete personal information that is retained by ICRC should be made to ICRC’s Privacy Officer at:

Immanuel Christian Reformed Church
7600 No. 4 Road
Richmond, BC V6Y 2T5

¹ A “member” is an individual in good standing at the date the ICRC bylaws became effective, or a person who has attained the age of 19 and been granted membership by the Council in accordance with the Society’s regulations and has not ceased to be a member (Bylaw 3.1)

² A “participant” is an individual who utilizes the services and programs offered by ICRC

Privacy Officer

ICRC has appointed its current membership committee head as the Privacy Officer responsible for ICRC’s compliance with the Policy and any inquiries, requests or concerns relating to privacy. The Board of ICRC and each team, employee and volunteer is responsible for maintaining and protecting personal information under its/their control and is accountable to the Privacy Officer for such information.


ICRC is responsible for personal information collected, used or distributed by ICRC and personal information in our custody or under our control. In order to fulfill our responsibility and comply with current legislation, ICRC

  • has designated a Privacy Officer who is responsible for overseeing our privacy policy and ensuring routine compliance with it;
  • will provide the name or names of the Privacy Officer(s) and contact information upon request;
  • has developed procedures in accordance with this Policy to govern the handling of personal information and respond to complaints;
  • staff and volunteers are trained in accordance with this Policy and committed to ensuring that privacy is protected;
  • has made the Policy available to members and participants through the church office and ICRC’s website; and
  • will hold any contracted third party to whom personal information is made available, responsible for protecting the privacy of such personal information at a level comparable to that of ICRC

Identifying Purposes

ICRC is committed to ensuring that the purposes for which personal information is used are identified. ICRC will only collect personal information from members and participants as necessary to fulfill the following purposes:

  • ministerial purposes, such as, but not limited to, providing spiritual care and counselling, track member engagement, determining ministry effectiveness and following up on members and participants;
  • determining ministry programs needed at the church;
  • responding to information requests;
  • issuing official donation receipts according to CRA requirements;
  • mailing donation receipts;
  • sending out information to ICRC members;
  • communicating church announcements, news and events;
  • verifying identity;
  • delivering requested products and services;
  • ensuring a high standard of service to our church family members; and
  • meeting regulatory requirements.

ICRC will make this Policy known to individuals at the time personal information is collected whether such collection occurs orally, electronically, or in writing.
Except for purposes authorized by law, ICRC will notify and obtain the consent of an individual from whom personal information has been collected, before utilizing the collected information for a new purpose.


ICRC will obtain reasonably informed consent of a member/participant to collect, use or disclose personal information except where authorized to do so without consent.

Consent can be provided orally to an authorized representative of ICRC, or in writing, or electronically.

Consent can be implied where the purpose for collecting, using or disclosing the personal information would be considered obvious and the person voluntarily provides personal information for that purpose.

In general, the use of products and services by a member/participant constitutes implied consent for ICRC to collect, use and disclose personal information for all identified purposes.

Consent may also be implied where a member/participant is given notice and a reasonable opportunity to opt-out of the personal information being used for mailing lists and fundraising, and the member/participant does not opt-out.

Subject to certain exceptions, members/participants can withhold or withdraw their consent for ICRC to use their personal information in certain ways. In a situation where a member’s/participant’s decision to withhold or withdraw consent to certain uses of personal information may restrict ICRC’s ability to provide a particular service or product, ICRC will explain the consequences of withholding/withdrawing consent to assist the person in making the decision.

A member/participant may not be able to withhold consent when withdrawal of consent would frustrate the performance of a legal obligation.

ICRC will not require consent for the collection and use of personal information in certain situations. The following are examples of when ICRC may collect, use or disclose personal information of a member participant without their consent:

  • when the collection, use or disclosure of personal information is permitted or required by law;
  • in an emergency that threatens an individual’s life, health, or personal security;
  • when disclosure is required to comply with a court order;
  • when disclosure is required for archival purposes;
  • when the personal information is available from a public source (e.g., a phone directory, LinkedIn, etc.);
  • when the personal information is available through observation at a public event that the member/participant attended voluntarily;
  • when the collection, use or distribution is necessary to determine suitability to receive an honour, award or similar benefit, or to be selected for an athletic or artistic purpose;
  • when we require legal advice from a lawyer;
  • for the purposes of collecting a debt;
  • to protect ourselves from fraud; and
  • to investigate an anticipated breach of an agreement or a contravention of law.

Limiting Collection

ICRC will limit the collection of personal information for the purposes set out in this Policy and in compliance with our legal obligations.

ICRC will not collect personal information indiscriminately.

The purposes for collecting personal information will be reasonably clear at the time of collection and ICRC will not deceive or mislead our members/participants as to why information is being collected.

ICRC will collect personal information by fair and lawful means.

Limiting Use, Disclosure and Retention

ICRC will only use and disclose personal information where necessary to fulfill the purposes identified at the time of collection, or for a purpose reasonably related to those purposes except where we are authorized to do so (see “Consent” section above).

ICRC will not use or disclose member/participant personal information for any additional purposes unless required by law, or unless ICRC obtains consent to do so.

ICRC will not sell member/participant lists or personal information to and third parties without appropriate consent.

ICRC will only retain personal information as long as necessary for the purposes for which it was collected or consented to. ICRC will maintain reasonable schedules to ensure that personal information is reviewed on an ongoing basis for the purposes of determining relevance and retention.

When personal information that has been collected is no longer relevant to its purpose, ICRC will ensure that it is deleted, destroyed or anonymized, in accordance with applicable legislation. In general, all personal information will be deleted, destroyed or anonymized no later than seven years after the purpose for which it was collected has been completed unless otherwise required by law.

If ICRC uses personal information to make a decision that directly affects the member/participant, ICRC will retain that personal information for at least one year to give the individual a reasonable opportunity to request access to it.

ICRC will be utilizing an online church management software system to maintain personal information collected by ICRC in accordance with this Policy. In keeping with ICRC’s commitment to safeguarding personal information, the system will be password protected and access will be strictly limited.


ICRC is committed to ensuring the accuracy of its information and will make reasonable efforts to ensure that personal information is accurate and complete.

ICRC will update information when necessary or when an individual notifies us. Members may request a correction to their personal information in order to ensure accuracy and completeness. A request to correct personal information must be made in writing to the Privacy Officer and provide sufficient detail to identify the personal information and the correction being sought.


ICRC is concerned about the safety of personal information of our members and participants. In order to address security concerns, we
have developed the following safeguards:

  • physical security measures, including locked cabinets, restricted access to areas where sensitive personal information is kept, security alarm systems, etc.;
  • organizational security measures, including employee confidentiality agreements, restricting sensitive information on a need to know basis, etc.; and
  • technological security measures, including use of passwords, firewalls and security encryptions.

ICRC will protect personal information disclosed to third parties by contractual agreements that stipulate confidentiality and safeguard requirements, comparable to our own.

ICRC will use appropriate security measures when destroying personal information such as shredding documents and deleting electronic records.


ICRC is committed to making its privacy policies and procedures available to all interested parties. We will demonstrate our commitment to this openness by making the Policy easy to access and by making the contact information of our Privacy Officer readily available. Any questions or concerns regarding the Policy or procedures may be directed in writing to the Privacy Officer.

Individual Access

Individuals have a right to access their personal information, subject to limited exceptions including, but not limited to:

  • situations where disclosure may reveal the personal information of another individual; and
  • situations where the health or safety of an individual may be jeopardized.

A request to access personal information must be made in writing, provide sufficient detail to identify the personal information being sought and forwarded to the attention of the Privacy Officer. ICRC will make the requested information available within 30 business days, or provide written notice of an extension if additional time is required to fulfill the request. A reasonable fee may be charged for providing access to personal information, in which case we will inform the individual prior to proceeding.

ICRC will endeavour to make all information that it provides in response to a request, easy to understand and explain any acronyms, abbreviations, etc. that may be used.

ICRC reserves the right to confirm the identity of the individual seeking access to personal information before complying with any access requests. In this event, information related to the individual’s identity would be used exclusively for the purposes of confirming access.

In certain situations, it may not be possible to provide access to all the personal information that is held, and a request may be refused in whole or in part. For example, information may not be provided if to do so would reveal personal information about a third party or jeopardize the security of another.

If a request is refused in full or in part or if the information requested is not available, ICRC will notify the individual in writing and provide the reasons for refusal. This notification will be kept on file.

In the event that personal information is shown to be incomplete or inaccurate, ICRC will amend the personal information as appropriate. ICRC will also transmit the corrected information to third parties with access to this information, as may be required.


Complaints regarding this Policy or the use of personal information should be made to the Privacy Officer in writing. The Privacy Officer will receive and respond to all personal information requests including challenges or complaints.

It is ICRC’s policy that all complaints will be investigated. If a complaint is found to be justified, the Privacy Officer will take appropriate measures, including, if necessary, amending this Policy.

The Privacy Officer may seek external advice where appropriate before providing a final response to individual complaints. If the Privacy Officer is the subject of the complaint, then the Chair of the Council will address any complaints or concerns. If an individual feels that the matter is not resolved, the individual may also write to the Information and Privacy Commissioner of British Columbia.

ICRC’s procedure for dealing with complaints is as follows:

  • record the nature of the privacy complaint and the date it is received;
  • promptly acknowledge receipt of the complaint;
  • review the matter fairly and impartially;
  • notify the individual of the outcome of the investigation in a clear and timely way; and.
  • correct any inaccurate or incomplete information if necessary.

Revisions to this Policy

ICRC will review its personal information handling practices and policies on an ongoing and regular basis and will revise this Policy as necessary.

NEWS ALERT  COVID-19 Response Advisory