Privacy Policy

Our Commitment

Mennonite Economic Development Associates (MEDA) is committed to protecting the privacy of the personal information of its employees, members, donors, clients, contractors and other stakeholders.  We value your trust and recognize that maintaining this trust requires that we are transparent and accountable in how we treat the information that you choose to share with us. This policy applies to all MEDA activities. The policy will be updated periodically in order to maintain compliance with applicable legislation.

Definitions

Collection:  the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means

Consent:  voluntary agreement with the collection, use and disclosure of personal information for defined purposes.  Consent can be either expressed or implied and can be provided directly by the individual or by an authorized representative.  Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of MEDA. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.

Members/Donors:  an individual who supports the work of MEDA financially, subscribes to MEDA publications; or volunteers to work with MEDA board/committees/projects, etc.

Clients/Contractors:  an individual or organization with which MEDA signs a contract for goods and services or indirectly receives services or resources from MEDA.

Investors: an individual or organization who have direct or indirect investment in MEDA by way of loan, equity position, promissory note etc.

Disclosure:  making personal information available to a third party

Personal Information:   includes any factual or subjective information, recorded or not, about an identifiable individual.  For example: Name, age, birthday, ID numbers, income, ethnic origin, blood type, familial relationships Opinions, evaluations, comments, social status, or disciplinary actions Employee files, credit records, loan records, medical records, intentions (for example, to acquire goods or services, or change jobs).Personal information DOES NOT INCLUDE the name, job title, business address, business phone number or other information that would appear on a business card; or personal information that is available to the public (like information in a phone book).

Third Party:  an individual or organization outside of MEDA

Use:  the treatment, handling, and management of personal information by and within MEDA or by a third party with the knowledge and approval of MEDA

Privacy Practices

Consent for Identified Purposes

Personal information gathered by MEDA is kept in confidence and is used only for the purposes stated at the time of collection.  Where possible and appropriate, MEDA will endeavour to obtain express consent and state our intended use of your personal information either orally, electronically or in writing; in some cases, implied consent will be assumed.  In rare circumstances, such as detecting and preventing fraud, serious illness, or mental incapacitation, obtaining consent may be impossible or inappropriate. MEDA will ensure that your reasonable expectations for using your personal information are respected, and you have the choice to withdraw your consent at any time.

Limited Collection, Use, Disclosure and Retention

MEDA will limit our collection of personal information to that which is necessary to fulfill the purposes identified at the time of collection. If we would like to use your personal information for a reason other than its original purpose, we will contact you first to request permission.  Your personal information will be appropriately disposed of as soon as the purpose for which it was collected is no longer relevant, except as required by law or other industry record keeping standards.

We may share your Personal Information with third parties who perform services for us or on our behalf for any legitimate purpose allowed under the applicable laws and regulations including for technical support or security purposes. If we disclose your Personal Information in this manner, the third-party recipients of your Personal Information will be bound by the terms of this policy.

Safeguards

MEDA has security measures in place to protect your personal information from use or disclosure beyond its original intention.  We evaluate the sensitivity of the type of personal information we collect and take the appropriate level of security measures to ensure the integrity of your personal information and to prevent its loss or destruction.

MEDA’s data is hosted on Microsoft’s Azure Infrastructure as a Service Cloud (IaaS). By hosting on Azure, our staff, clients and beneficiaries benefit from world-class physical and network security, as well as active threat management. We also use a hosted Raiser’s Edge solution to protect our donor information. Our website uses SSL (Secure Sockets Layer) encryption and is regularly tested for PCI compliance.

MEDA will implement procedures to ensure compliance with the Privacy Policy including:

1. Regular privacy audit and procedure reviews.
2. Established procedures to receive and respond to inquiries and complaints
3. Training and communicating of employees and client/contractors about MEDA’s privacy policy and procedures.
4. Maintaining reasonable and systematic controls, schedules and practices for information and records retention and destruction to prevent unauthorized parties from gaining access to Personal Information
5. Obtain contractual agreements with third parties stipulating the confidentiality of the information and the purposes for which it is to be used.

Accuracy and Access

MEDA strives to keep your personal information accurate. If you would like access to your personal information we keep on file to verify its accuracy, please contact the Privacy Officer listed below. As further protection of your privacy and security we may take steps to verify your identity before granting access to your information. In certain situations, MEDA may not be able to provide access to all of the personal information it holds about a member/donor, client/contractor, investors and other stakeholders, in which case MEDA will provide the reasons for denying access upon request.

Website Usage and Security

The www.meda.org web site is operated by MEDA for the benefit of our members/donors, clients/contractors, investors and other stakeholders interested in supporting our organization’s vision and mission.

Cookies
MEDA uses cookies – small files containing information to track site visits for purposes of better understanding how our site is used, to make sure our information is served correctly and to improve the performance of our site for our users.  We do not use cookies to retain personal information about our users, and do not sell information about our traffic patterns. View our Cookie Policy to learn more and adjust your settings.

Analytics and logs
Our Public Site servers log every ip address and request and store these logs in files that are available to us for analysis. We also use analytics technologies in the browser to record traffic and usage. We use this data in aggregate to analyze trends of interest to MEDA.

Email Communications
On occasion, we may send out emails. You have the right to opt-out of these communications at any time by following the unsubscribe directions included in such emails.

Online Security
MEDA uses recognized industry-standard encryption software for all personal information submitted on our website.  Donations made on our website are linked to a secure payment service for credit card transactions.

External Links
There are links on the meda.org website that take you to other websites outside of our service.  Any links provided to third-party websites outside of meda.org are provided solely for your convenience.  The operation and content of such third-party websites is beyond our control, and we do not endorse in any manner whatsoever or accept responsibility for the content or other material that may be contained on such websites.

Transparency and Accountability

MEDA’s Privacy Policy will be posted to our website and will from time to time be updated to comply with changes in regulations.  Your continued use of our web site following the posting of changes to this policy implies acceptance of the changes.

MEDA seeks to maintain transparency and accountability for our management of personal information. Our Privacy Policy is published on our web site and is otherwise available upon request.  All MEDA staff receive a copy of this policy and are given appropriate training on how this policy affects their work. MEDA will make available to members/donors, clients/contractors, investors and other stakeholders specific information about its policies and procedures relating to its management of personal information.

The Privacy Officer is accountable for compliance to the Privacy Policy.  An audit of the personal information management practices of MEDA will be conducted regularly and presented to the Senior Management Team.

If you would like to register a complaint regarding our collection, retention, or use of personal information, please contact the Privacy Officer to file your complaint. Upon receiving your complaint in writing, the Privacy Officer will promptly investigate and inform you of the investigation results and MEDA’s response. If this does not satisfy the complaint, the issue will be taken to the MEDA Senior Management Team for further processing and action.