Kanyini Connections Ltd (KCL) is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
The purpose of this policy is to provide a framework for KCL in dealing with privacy considerations.
KCL collects and administers a range of personal information for the purposes of recruiting staff and volunteers and conducting its programs and is committed to protecting the privacy of personal information it collects, holds and administers.
KCL is bound by laws which impose specific obligations when it comes to handling information. The organisation has adopted the following principles contained as minimum standards in relation to handling personal information.
- Collect only information which the organisation requires for its primary function;
- Ensure that stakeholders are informed as to why KCL collects the information and how it administers the information gathered;
- Use and disclose personal information only for KCL primary functions or a directly related purpose, or for another purpose with the person’s consent;
- Store personal information securely, protecting it from unauthorised access; and
- Provide stakeholders with access to their own information, and the right to seek its correction.
- Only collect information that is necessary for the performance and primary function of KCL.
- Notify stakeholders about why information is collected and how it is administered.
- Notify stakeholders that this information is accessible to them.
- Collect personal information from the person themselves wherever possible.
- If collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected.
- Collect Sensitive information only with the person’s consent. (Sensitive information includes health information and information about religious beliefs, race, gender and others).
- Determine, where unsolicited information is received, whether the personal information could have been collected in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information).
Use and Disclosure
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
- For other uses, KCL will obtain consent from the affected person.
- In relation to a secondary purpose, use or disclose the personal information only where:
- a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
- the person has consented; or
- certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.
- In relation to personal information which has been collected from a person, use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose, and KCL has provided an opt-out and the opt-out has not been taken up.
- In relation to personal information which has been collected other than from the person themselves, only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out).
- No information will be sent overseas.
- Provide all individuals access to personal information except where it is a threat to life or health or it is authorised by law to refuse and, if a person is able to establish that the personal information is not accurate, then KCL must take steps to correct it. KCL may allow a person to attach a statement to their information if KCL disagrees it is inaccurate.
- Where for a legal or other reason KCL is not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties.
- Make no charge for making a request for personal information, correcting the information or associating a statement regarding accuracy with the personal information.
- Implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorised access, interference, unauthorised modification or disclosure.
- Ensure that data is up to date, accurate and complete.
Destruction and de-identification
- Destroy personal information once is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones.
- Change information to a pseudonym or treat it anonymously if required by the person whose information KCL holds and will not use any government related identifiers unless they are reasonably necessary for our functions.
- Take reasonable steps to ensure the information it collects is accurate, complete, up to date, and relevant to the functions it performs.
Data Security and Retention
- Ensure all paper-based information is shredded when no longer required
- Ensure all electronic information is deleted from all devices when no longer required
- Ensure all electronic information stored in cloud-based platforms is stored by reputable service providers only
- Make this information freely available in relevant publications and on the organisation’s website.
Access and Correction
- Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.
- Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.
Making information available to other Organisations
- Release information to third parties where it is requested by the person concerned.
- Release information to a third party where the person concerned has consented to that release.
- Release information to a third party where it is required or authorised by law.
- Release information without your consent where a permitted general situation exists (for example; in emergency situations to lessen or prevent a threat to your health or safety or that of other individuals.
If you have a query about any aspect of this policy, believe that there has been a breach of this policy in relation to your personal information, need to update your information, or would like to request access to your personal information, please contact us by email to firstname.lastname@example.org