Skip to main content

Privacy Policy — ELF Meetup (British Columbia)

Effective date: November 10, 2025
Organization: ELF Meetup ("ELF", "we", "us"), a volunteer-run, not-for-profit private group based in British Columbia, Canada.
Website: https://elfmeetup.ca
Contact: elfmeetup@gmail.com

This policy explains how we collect, use, disclose and protect personal information under British Columbia’s Personal Information Protection Act (PIPA). It incorporates privacy-related items from our Event Waiver & Participation Agreement (the “Waiver”).

1) Who this policy covers

  • People who visit our website, RSVP, email or text us, or complete our interest form(s).
  • People who attend our meetups or related activities, including those held in private homes or public venues.
  • Volunteers, organizers and facilitators (limited additional rules apply; see Section 9).
  • Age: Our events are for adults (19+) only. We do not allow minors to attend.

2) What we collect (and why)

  • Identity & contact: full name, preferred name, email, phone.
  • Participation & logistics: RSVP details, availability, city/area, transportation preferences.
  • Incident reporting: if something concerning happens, we may document date/time, what occurred, location, people directly involved, action taken, and reporter contact details.
  • Website/technical: basic log information (e.g., IP address, device/browser) and cookies or similar technologies used for site security and analytics (see Section 7).
  • Signatures & timestamps: electronic signatures, form timestamps, and IP addresses associated with submissions to evidence consent history.

We will tell you which items are required and which are optional at the time of collection.

3) How we use personal information

  • Manage RSVPs, coordinate events, and communicate event details.
  • Maintain a safe environment (incident response, enforcing House Rules/Code of Conduct, venue sign-in).
  • Operate, secure, and improve our website (spam/bot prevention, load balancing, basic analytics).
  • Keep records necessary for basic legal risk management related to meetups held in private homes and public venues (Waiver and incident records).

4) Our legal basis under BC PIPA

We collect, use and disclose personal information with your consent and only for purposes a reasonable person would consider appropriate in the circumstances. Where permitted by law, we may use or disclose information without consent (e.g., urgent health/safety situations or to comply with legal processes). See Section 10 for examples of such disclosures.

5) Consent choices

  • Express consent: most forms ask you to agree to the Waiver and to specific uses (e.g., communications).
  • Withdraw consent: you may withdraw consent on reasonable notice; we will explain any consequences (for example, we may not be able to host you at events without basic contact info).

6) No photos or recordings

  • We do not take or allow photos, videos, or audio recordings at our events.
  • If this policy changes in the future, we will update this page before any photos/recordings occur.

7) Cookies, security tools and analytics

  • Website security: we may use anti-spam and bot-prevention services. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • Analytics: we use privacy-respecting analytics settings and aggregate reporting to improve the site. You can use your browser settings to limit cookies.

8) Where your information is stored (and cross-border transfers)

We may use reputable service providers that store or process data in Canada, the United States or other countries. Your data may be subject to the laws of those places. We take reasonable steps (contracts, technical safeguards) to protect your information wherever it is processed.

Typical processors we may use:

  • Google (Forms/Workspace, reCAPTCHA, basic analytics/website tools)
  • Web host / security CDN (e.g., DDoS protection, firewall, caching)
  • Email / messaging tools used to send event updates (when applicable)
  • Social media platforms (if you choose to interact with our pages)

We will update this page if we make material changes to our key processors.

9) Volunteers and organizers

  • We may collect limited volunteer information (e.g., availability and role notes, emergency contact, signed confidentiality/Code of Conduct acknowledgement).
  • Access to participant data is role-based and minimal (e.g., facilitators may see first/last name for their event; only designated admins can access Waivers/incident logs).
  • Volunteers must complete privacy and safety briefing and agree to keep participant information confidential and secure.

10) Disclosures without consent (examples)

  • To address a health or safety emergency.
  • To respond to lawful requests from authorities or to comply with a court order.
  • For fraud/security prevention.
  • As otherwise allowed by PIPA.

11) How long we keep information (retention)

  • We keep information only as long as reasonably necessary for the purposes described or to meet legal/business needs.
  • RSVPs / contact list: up to 24 months after your last interaction, unless you ask us to delete sooner (subject to legal holds).
  • Email consent records: retained as long as needed to prove compliance.
  • Waivers: normally at least 2 years after your last attended event.
  • Incident reports: typically 3 years from the event (longer if necessary).
  • Photos/media: not applicable (we do not take or allow photos/recordings).

12) Your rights

  • Access your personal information and request corrections.
  • Withdraw consent to future collection/use/disclosure (on reasonable notice).
  • Contact us with questions or concerns at elfmeetup@gmail.com.

13) Security

  • We use reasonable physical, organizational and technical safeguards appropriate to the sensitivity of the information.
  • Role-based access and least-privilege principles for volunteers.
  • Encrypted storage/transit where supported by our providers.
  • Secure deletion upon disposal.
  • Volunteer privacy/safety training and confidentiality undertakings.
  • Incident and breach response procedures.

14) Breach response

If we learn of a privacy incident involving your information, we will investigate promptly, take steps to reduce harm, and notify affected individuals where appropriate. We may also notify regulators or other authorities if circumstances warrant. We will keep records of incidents and our responses.

15) Third-party links and spaces

Our website or group posts may link to third-party sites (e.g., venue pages, social networks). Their privacy practices are their own. If we use a third-party event platform, your registration there is subject to that platform’s privacy policy.

16) Changes to this policy

We may update this policy from time to time. If changes are material, we will post a clear notice on this page. The “Effective date” at the top shows the latest version.