Privacy Policy

Steveston Winemakers is subject to the BC Personal Information Protection Act with respect to their collection, use, disclosure and retention of personal information.

Steveston Winemakers collects, uses, and discloses personal information about individuals to:
• provide and administer services to its clients
• develop, manage, protect, and improve its services
• conduct customer satisfaction surveys
• comply with legal requirements and
• manage its operations

Privacy Principles

Ten interrelated principles form the basis of the Privacy Policy.

1. Accountability for Personal Information

The organization is responsible for personal information under its control and has designated an individual or individuals who are accountable for its compliance with the following principles.

2. Identifying Purposes for Personal Information

The organization identifies the purposes for which personal information is collected at or before the time the information is collected.

3. Consent for Personal Information

The organization requires the knowledge and consent of the individual for its collection, use, or disclosure of personal information, except where inappropriate or not required by law.

4. Limiting Collection of Personal Information

The organization limits its collection of personal information to that which is necessary for the purposes it has identified. It collects information by fair and lawful means.

5. Limiting Use, Disclosure and Retention of Personal Information

The organization does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information is retained only as long as necessary for the fulfillment of those purposes.

6. Ensuring Accuracy of Personal Information

The organization ensures that personal information is as accurate, complete, and as up-to-date as is necessary for the purposes for which it is to be used.

7. Openness about Personal Information Policies and Practices

The organization makes readily available to individuals specific information about its policies and practices relating to the management of personal information.

8. Safeguards for Personal Information

The organization protects personal information using security safeguards appropriate to the sensitivity of the information.

9. Individual Access to Personal Information

Upon request, the organization will inform an individual of the existence, use, and disclosure of his or her personal information and will give access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

10. Challenging Compliance with the Privacy Policy

An individual is able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance and to the Office of the BC Information and Privacy Commissioner.

Breach Reporting

A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. The most common privacy breach happens when personal information of customers or employees is stolen, lost or mistakenly disclosed. Examples include when a computer containing personal information is stolen or personal information is mistakenly emailed to the wrong person.

Any staff member or contractor that becomes aware of a privacy breach is responsible for notifying the Privacy Officer or their manager immediately.

The Privacy Officer will:

  • identify the information, cause and extent of the breach
  • determine the number of individuals affected
  • contain the breach
  • evaluate risks and determine whether harm could come to affected parties
  • collaborate with management on notification to affected parties
  • report to the Office of the Privacy Commissioner for BC on the prescribed form
  • determine if any other parties should be notified
  • cooperate with authorities during breach investigations

Questions about this Privacy Policy can be directed to the Privacy Officer at info@stevestonwinemakers.ca.

This privacy policy is based on Schedule 1 of the federal Personal Information Protection and Electronic Documents Act (PIPEDA), which is, in turn, based on the Canadian Standards Association’s Model Code for the Protection of Personal Information. The organization is subject to British Columbia’s Personal Information Protection Act (PIPA), which the federal government has deemed to be substantially similar to PIPEDA. It is also subject to independent oversight by the BC Information and Privacy Commissioner www.oipc.bc.ca.