Principles of Fair Information Management
About this Policy
Glenlyon Norfolk School is committed to maintaining the security, confidentiality and privacy of your personal information and adhering to the privacy standards established by the British Columbia Personal Information Protection Act (PIPA) and other applicable legislation.
Definition of Information
This policy applies to personal information of individuals. When we say "personal information”, we mean personal data that identifies a particular natural person. This includes contact information, email address, IP address, and other such identifiable data.
Glenlyon Norfolk School (“GNS”, “we”, “our”) collects personal information about students applying to GNS and their families, current and former students and their families, individuals applying to teach or provide other services at GNS, our suppliers and individuals using our facilities or programs. GNS collects personal information through a variety of means, including through its website and electronic registration system, and uses personal information for multiple purposes related to school operations including:
- School administration, such as:
- administration of health services
- administration of family boarding, facilities and programs
- alumni communications, programs and services
- school records
- Business operations, such as:
- establishing, administering, managing and terminating employees, independent contractor, volunteer, service provider, client relationships
- managing post‑employment and post‑volunteer relationships
- accounting, insurance, procurement
- mandatory reporting, and record retention as required by law
- providing insights into our admission activities
- supporting our advancement efforts
- responding to requests for information or services
GNS is a not-for-profit, charitable organization and has voluntarily adopted the following principles to guide its personal information management:
- Individuals should have information about how their personal data will be used so as to be able to refuse a service for which the information is required.
- The collection, use and disclosure of personal information should be limited to that required for a particular purpose reasonable means should be employed to protect personal information against unauthorized use and disclosure.
- In general, if requested, individuals should be advised of the personal information about them on record and be able to request its correction.
- If there is a breach of privacy, we have an established privacy breach protocol, where we will stop the breach, alert the people involved, and report it to the British Columbia Office of the Privacy Commissioner.
Network: The GNS Network User Policy (“Acceptable Use Policy” or “AUP”) governs the use of our network by members of the GNS community, including students, parents, alumni, employees and guests.
Website: We collect the domain name (IP address) of visitors to our website, their operating system (Windows, Mac, other) and browser (Chrome, Safari, other) and information about the pages that are visited. We also collect the e-mail addresses of those who communicate with us via e-mail and other personal information volunteered by the user, such as information in response to a survey and/or provided for registration purposes. We aggregate the information we collect about traffic patterns on our website so that it does not identify individual users. We use the information we collect through the website, in the aggregate where possible, to evaluate our website, communications, services, and programs and improve the content of our website and make other changes where our information indicates they are warranted. We may use the personal information we collect to notify users about updates to our website.
Service Providers: We do not sell, rent, or lend personal information we collect, although we may share it with individuals and organizations we retain to assist us in providing our services and administering our operations, such as providers of information technology services. Some of our service providers are located in the United States and personal information transferred to those service providers may be accessed under U.S. law by a U.S. government or its agencies.
Disclosure: We may disclose personal information where required for the purposes for which we collect the information, to administer our operations, including to purchase insurance and file insurance claims and where required to comply with a subpoena or other lawful disclosure order. We may disclose personal information in the context of a business transaction or restructuring of GNS, including to carry out the due diligence required to decide whether to proceed with a transaction or restructuring.
Retention: Personal information will only be retained for the period of time required to fulfill the purpose for which it was collected. Once the personal information is no longer required to be retained to fulfill the purpose for which it was collected and is no longer required or permitted for legal or business purposes, it will be destroyed or made anonymous.
If you provide information about a person other than yourself, GNS will assume that you have the person's consent or are otherwise authorized to do so.
If you have provided us with your email or postal address and decide that you no longer want to receive e-mail or periodic mailings from us, or if you would like any additional information about our personal information management practices, please let us know by contacting us by email or post as indicated below.