Privacy Policy (Updated October 3, 2024)

River Valley School is committed to protecting your privacy and ensuring your personal information is handled responsibly. This policy outlines how we collect, use, and safeguard personal data in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA)* and the Freedom of Information and Protection of Privacy Act (FOIP)**.

1. Information Collection and Use

We collect personal information such as names, contact details, and student data through online forms, applications, and surveys. The information is used solely for educational, administrative, and communication purposes.

2. Consent

In accordance with PIPEDA, we obtain explicit consent from individuals before collecting, using, or disclosing personal information. For minors, parental or guardian consent is required. Consent may be given explicitly or implied, depending on the context of data collection and use.

3. Data Retention and Disposal

We comply with FOIP in retaining personal information only for as long as necessary to fulfill the purpose for which it was collected. After that, data is securely disposed of, through shredding physical documents or permanently deleting digital files.

4. Third-Party Sharing

Personal data will not be shared with third parties without explicit consent unless required by law or for school operations. Any third parties must follow strict data protection protocols.

5. Security Measures

We employ multiple security measures to protect your personal information, including encryption, secure data storage, and role-based access control. We continuously monitor for vulnerabilities and implement updates to keep data safe.

6. Children’s Privacy

Parental consent is required for the collection of information on minors. All student data is securely managed and used exclusively for educational and administrative functions, with strict access controls in place.

7. Breach Notification

Under PIPEDA, we are required to notify affected individuals and authorities of any significant data breaches. In the event of a breach, we will immediately act to contain the incident and communicate with those affected.

8. Access to Information

In compliance with FOIP, individuals have the right to access, correct, or request the deletion of their personal information. All requests will be handled promptly, in line with legal obligations.

9. Cloud Storage

We use Google Drive for secure data storage. Google Drive’s robust encryption and access control features help protect personal data. Only authorized staff have access to this information, and multi-factor authentication is in place. Google complies with PIPEDA and FOIP, ensuring data security and privacy standards are met.

10. Updates to the Policy

This policy will be updated as needed to reflect changes in privacy laws or our practices. Any major updates will be communicated to stakeholders.

 

*PIPEDA governs how organizations collect, use, and disclose personal information in the course of commercial activities. It requires organizations to obtain consent before collecting personal information, allow individuals access to their data, and report breaches when personal information is exposed.

**FOIP applies to public bodies, ensuring the protection of personal information and providing individuals the right to access their records. It governs how personal information is collected, stored, used, and disposed of, requiring organizations to uphold privacy standards and data retention limits.