This section of the policy sets out the Foundation’s policy on privacy matters, particularly in respect of personal information of donors.
At the Foundation the privacy of the personal information of our donors, prospective donors, employees, and other stakeholders has always been an important aspect of how we conduct our business. We value the trust of those with whom we deal as well as with the public at large and we recognize that maintaining this trust requires that we be open and accountable in how we treat information entrusted to us. As a result, the Foundation has developed this policy both to ensure compliance with privacy legislation as well as to inform our stakeholders of our continuing commitment to the protection of their personal information.
All of the Foundation personnel are authorized to access personal information in our files only as required for the conducting of legitimate and appropriate Foundation business. In addition, we have instituted safeguards to ensure that the information retrieved is not disclosed or shared beyond its immediate requirements.
This policy adheres to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
Personal informationincludes any factual or subjective information, recorded or not, that could be used to distinguish, identify, or contact an individual. This includes information in any form such as personal e-mail address, credit card numbers, home addresses, and so on. It does not include certain publicly available information such as that normally found on a business card, such as name, title, company, business address, business e-mail address, business telephone or fax number. Also not deemed to be personal information are certain publicly available data such as names, addresses, and telephone numbers as published in telephone directories.
During their orientation to their various responsibilities to the Foundation, all individuals who have or may have access to confidential donor information (including personal, fiscal and geographical information) are required to acknowledge that they have read and will agree to adhereto this Policy.
Before, or at the time of the collection of personal data, the Foundation must identify the purposes for which personal information is being collected. Information collected will be used only for the original purpose for which it was collected, unless required otherwise by law:
In the collection, use or disclosure of personal information, knowledge and consent of the individual so involved is required. This consent must be meaningful and easily understood. Nonetheless, in certain circumstances, such as an emergency or as required by law, the Foundation may disclose personal information without the interested individual’s knowledge or consent.
Donor names shall be held in strict confidence, unless a donor consents to the publication of his, her or its name. Requests by a donor for anonymity shall be honoured.
The Foundation receives contact information of volunteers and clients and their families from Grandview Children’s Centre. Formal requests from individuals to be excluded from mailings or other communications will be respected and acted on promptly.
The Foundation, from time to time, may use third parties to process mailings. This requires sending name and address information, usually segmented into specific gift level categories, to a mail house that addresses, prints, sorts, and co-ordinates distribution of these mailings. In all cases, the third party vendor must sign a confidentiality agreement promising that it will take every precaution to protect personal information in its possession and to destroy it upon completion.
Further, data sent by the Foundation to a third party vendor will be encrypted to ensure protection. The vendor will be required to act likewise in sending data to the Foundation.
Personal information collected is limited to the purpose for which it was collected, except with the consent of the individual and as permitted by law. Should there be an additional use for which the information may be employed, individuals affected must be notified and their concurrence formally secured.
Personal information will be used only for the purpose for which it was collected except with the consent of the individual or as required by law. The Foundation shall retain personal information only as long as necessary for the fulfillment of those original purposes. When personal information is no longer required for the fulfilling of those purposes it will be permanently erased from the electronic records or shredded if it exists in hard copy.
The Foundation shall take steps to ensure that personal information is accurate, complete, and as up-to-date as possible. To ensure the up-to-date accuracy of the personal information held in the Foundation’s files, it is the responsibility of the donor to advise the Foundation of any changes to their personal information.
The Foundation shall protect personal information by security safeguards appropriate to the sensitivity of the information and the means by which it is stored.
11.1. The Foundation shall establish appropriate safeguards to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction. Employees shall be made aware of the importance of maintaining the confidentiality of personal information.
11.2. The Foundation shall establish appropriate safeguards to protect personal information disclosed to third parties, for example by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.