Mennonite Economic Development Associates (MEDA) is committed to protecting the privacy of the personal information of its employees, members, donors, clients, contractors and other stakeholders. We value your trust and recognize that maintaining this trust requires that we are transparent and accountable in how we treat the information that you choose to share with us. This policy applies to all MEDA activities. The policy will be updated periodically in order to maintain compliance with applicable legislation.
Collection: the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means
Consent: voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either expressed or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of MEDA. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
Members/Donors: an individual who supports the work of MEDA financially, subscribes to MEDA publications; or volunteers to work with MEDA board/committees/projects, etc.
Clients/Contractors: an individual or organization with which MEDA signs a contract for goods and services or indirectly receives services or resources from MEDA.
Investors: an individual or organization who have direct or indirect investment in MEDA by way of loan, equity position, promissory note etc.
Disclosure: making personal information available to a third party
Personal Information: includes any factual or subjective information, recorded or not, about an identifiable individual. For example: Name, age, birthday, ID numbers, income, ethnic origin, blood type, familial relationships Opinions, evaluations, comments, social status, or disciplinary actions Employee files, credit records, loan records, medical records, intentions (for example, to acquire goods or services, or change jobs).Personal information DOES NOT INCLUDE the name, job title, business address, business phone number or other information that would appear on a business card; or personal information that is available to the public (like information in a phone book).
Third Party: an individual or organization outside of MEDA
Use: the treatment, handling, and management of personal information by and within MEDA or by a third party with the knowledge and approval of MEDA
Consent for Identified Purposes
Personal information gathered by MEDA is kept in confidence and is used only for the purposes stated at the time of collection. Where possible and appropriate, MEDA will endeavour to obtain express consent and state our intended use of your personal information either orally, electronically or in writing; in some cases, implied consent will be assumed. In rare circumstances, such as detecting and preventing fraud, serious illness, or mental incapacitation, obtaining consent may be impossible or inappropriate. MEDA will ensure that your reasonable expectations for using your personal information are respected, and you have the choice to withdraw your consent at any time.
Limited Collection, Use, Disclosure and Retention
MEDA will limit our collection of personal information to that which is necessary to fulfill the purposes identified at the time of collection. If we would like to use your personal information for a reason other than its original purpose, we will contact you first to request permission. Your personal information will be appropriately disposed of as soon as the purpose for which it was collected is no longer relevant, except as required by law or other industry recordkeeping standards.
We may share your Personal Information with third parties who perform services for us or on our behalf for any legitimate purpose allowed under the applicable laws and regulations including for technical support or security purposes. If we disclose your Personal Information in this manner, the third-party recipients of your Personal Information will be bound by the terms of this policy.
MEDA has security measures in place to protect your personal information from use or disclosure beyond its original intention. We evaluate the sensitivity of the type of personal information we collect and take the appropriate level of security measures to ensure the integrity of your personal information and to prevent its loss or destruction.
MEDA’s data is hosted on Microsoft’s Azure Infrastructure as a Service Cloud (IaaS). By hosting on Azure, our staff, clients and beneficiaries benefit from world-class physical and network security, as well as active threat management. We also use a hosted Raiser’s Edge solution to protect our donor information. Our website uses SSL (Secure Sockets Layer) encryption and is regularly tested for PCI compliance.
- Regular privacy audit and procedure reviews.
- Established procedures to receive and respond to inquiries and complaints
- Maintaining reasonable and systematic controls, schedules and practices for information and records retention and destruction to prevent unauthorized parties from gaining access to Personal Information
- Obtain contractual agreements with third parties stipulating the confidentiality of the information and the purposes for which it is to be used.
Accuracy and Access
MEDA strives to keep your personal information accurate. If you would like access to your personal information we keep on file to verify its accuracy, please contact the Privacy Officer listed below. As further protection of your privacy and security we may take steps to verify your identity before granting access to your information. In certain situations, MEDA may not be able to provide access to all of the personal information it holds about a member/donor, client/contractor, investors and other stakeholders, in which case MEDA will provide the reasons for denying access upon request.
Website Usage and Security
The www.meda.org web site is operated by MEDA for the benefit of our members/donors, clients/contractors, investors and other stakeholders interested in supporting our organization’s vision and mission.
Analytics and logs
Our Public Site servers log every ip address and request and store these logs in files that are available to us for analysis. We also use analytics technologies in the browser to record traffic and usage. We use this data in aggregate to analyze trends of interest to MEDA.
On occasion, we may send out emails. You have the right to opt-out of these communications at any time by following the unsubscribe directions included in such emails.
MEDA uses recognized industry-standard encryption software for all personal information submitted on our web site. Donations made on our web site are linked to a secure payment service for credit card transactions.
There are links on the meda.org web site that take you to other web sites outside of our service. Any links provided to third party web sites outside of meda.org are provided solely for your convenience. The operation and content of such third-party web sites is beyond our control, and we do not endorse in any manner whatsoever or accept responsibility for the content or other material that may be contained on such web sites.
Transparency and Accountability
If you would like to register a complaint regarding our collection, retention, or use of personal information, please contact the Privacy Officer to file your complaint. Upon receiving your complaint in writing, the Privacy Officer will promptly investigate and inform you of the investigation results and MEDA’s response. If this does not satisfy the complaint, the issue will be taken to the MEDA Senior Management Team for further processing and action.
Director of Knowledge Management and IT
REVISED JUNE 1/18