Privacy Policy


Policies Regarding Personal Information


HIV/AIDS Resources & Community Health (ARCH) & the Privacy Officer

ARCH is committed to protecting the privacy of individual personal information and recognizes its responsibility to ensure the security of said information.

The Privacy Officer (PO) is ARCH’s designate to oversee, and be accountable for, privacy within the agency, ensuring ARCH's compliance with government legislation. The PO also administers the interpretation of privacy law and the creation of privacy programs that ensure the protection of personal data. The current PO is Tom Hammond, Executive Director.

ARCH is responsible for personal information within its safekeeping, which includes information transferred to a third party for processing. ARCH will ensure that all third party interactions, as well as third party participants, are compliant with privacy protocols.

ARCH’s commitment to implementing privacy policies includes the following:

Development of procedures to protect personal information.

  • Establishment of a complaint process, including receiving and responding to inquiries
  • Staff training and education regarding privacy policies and procedures
  • Agency communications to members, clients, volunteers, donors, stakeholders and public regarding privacy


Identifying Purpose

ARCH collects personal information for delivery of client services, statistics, fundraising and to meet legal and regulatory requirements. ARCH will identify the purpose for which the information is collected, at or before the time when said collection takes place.

The purpose of the collection of the personal information can be done orally and/or in writing. For example, when donating to ARCH over the phone, individuals will be informed as to the purpose for the collection of information at that time. Any time that the information collected is to be used for a purpose not previously identified, the individual will be consulted prior to use to gain approval for said use. ARCH representatives will be able to clearly articulate and explain the purpose/s for potential use of information collected.

Purpose Statement 

HIV/AIDS Resources & Community Health (ARCH) respects your privacy. We protect your personal information and adhere to all legislative requirements with respect to protecting privacy. The information you provide will be used to deliver services and to keep you informed and up-to-date on the activities of ARCH, including programs, services, special events, funding needs, opportunities to volunteer or to give, open houses and other periodic contacts. If at any time you wish to be removed from any of these contacts, simply contact 519-763-2255 or email director [at]

 and we will gladly accommodate your request.


Knowledge and consent of the individual is required for any collection, use or disclosure of personal information. ARCH will seek consent prior to sharing this information.

Privacy legislation requires ‘knowledge and consent’. ARCH will make reasonable efforts to ensure that the individual is advised of the purpose/s for which any information is to be used. The purpose will be clear and understandable at all times, confirming that the individual understands the intent.

ARCH will utilize both express and implied consent, dependent on the type of information collected and the specific circumstances.

Individual consent options:

  • Admission form - by completing and signing the form, the individual gives consent to the collection and specific uses.
  • Check-off box - allows individuals to request that their names and addresses not be given to other organizations and individuals who do not check the box are ‘assumed’ to consent to the transfer of information to third parties.
  • Orally - when information is obtained over the telephone.

 Consent maybe withdrawn at any time.


Personal information will be as accurate, complete and up-to-date as reasonably possible. This could depend on both ARCH’s data processing capabilities and individuals’ specific interests.

Personal information that is used on an ongoing basis will generally be up-to-date and accurate.


Security safeguards will protect personal information against loss or theft, unauthorized access, disclosure, copying, use or modification, regardless of what format the information is held in.

Methods of protection include:

  • Physical Methods - locked file cabinets and restriced access to specific offices.
  • Organization methods – limiting access on a ‘need-to-know’ basis.
  • Technological measures – passwords and audits.

ARCH utilizes existing confidentiality protocols within the agency, which underscore the importance of maintaining the confidentiality of personal information. All ARCH employees and volunteers sign a confidentiality agreement prior to any access to personal information.

ARCH uses care in the disposal and/or destruction of personal information, such as shredders and bonded companies for the removal of paper, to ensure unauthorized parties have no access to said information.

Limiting Collection

Personal information is limited to that which is necessary for purposes as determined by ARCH. All information will be collected by fair and lawful means. Personal information will not be collected indiscriminately.

Limiting Use, Disclosure and Retention

Collection of information will be limited to that which is necessary to fulfil the purpose/s identified.

ARCH will not be misleading and/or deceiving regarding the collection of personal information. Consent will not be obtained through deception.

Information collected will only be used for the reason it is collected, unless ARCH has consent of the individual to do otherwise.

Guidelines and implementation procedures will be developed regarding the retention of personal information and these guidelines will include both minimum and maximum retention periods. ARCH will follow legislative requirements with respect to retention periods.

ARCH will develop guidelines and implementation procedures to govern the destruction of personal information.


ARCH will make readily available to individuals specific information about its policies and practices relating to the management of personal information.

Clients, donors, volunteers, members and other stakeholders will be able to acquire information regarding ARCH’s privacy policies in accessible forms.

Available information includes:

  • Name, title and contact information regarding designated Privacy Officer (PO) within ARCH, who is accountable for privacy policies and to whom complaints and/or inquiries should be forwarded
  • Means of gaining access to individual personal information
  • Description of type of personal information held by ARCH, including a general account of its use
  • Copies of any communication used regarding privacy policies – Policy and Procedures Manual on website for example
  • Information used for the trading of lists

Information regarding privacy policies will be made in a variety of ways – website and email, for example.


Upon request, an individual will be informed of the existence, use and disclosure of their personal information and will be given access to said information. ARCH will provide personal information to the specific individual only. Individuals may challenge the accuracy of the information and have it changed when appropriate.

Exceptions to access will be limited and specific. Reasons for denying access could include information that cannot be disclosed for legal and security issues, for example.

ARCH will attempt to be as specific as possible in providing an account of third parties to which it has disclosed personal information about an individual.

ARCH will respond to an individual’s request for information in a timely manner, at no cost to the individual, and in an accessible format.

Challenging Compliance

Individuals will be able to address issues concerning compliance with this policy to the Privacy Officer (PO).

ARCH will have a complaint policy in place to receive and respond to complaints or inquiries about its policies relating to the privacy of personal information. The complaint process will be accessible and easy to use.

The PO will investigate all complaints and will take appropriate measures when necessary.

Complaints Process

  • Individual with concern and/or complaint will contact the Privacy Officer (PO), whose contact information will be readily provided by ARCH.
  • Individual will inform PO the specifics of the complaint, either in person, by phone, mail and/or email.
  • PO will investigate complaint and determine correct action to be taken, if any.
  • Within a reasonable timeframe, PO will inform complainant of decision made regarding complaint and measures taken to comply with privacy legislation. PO will amend policies and procedures if the complaint has validity.
  • If individual is not satisfied with outcome of complaint measures, either they and/or the PO may include the Executive Director at that time, or at any time during the complaint process.
  • At any time, the individual may contact the Privacy Commissioner of Canada to file a formal complaint against ARCH for failing to comply with privacy legislation.