The Stollery Children’s Hospital Foundation (the “Foundation”) is committed to pro-tecting the privacy of our donors. We value our donors’ trust and recognize that maintaining this trust requires that we be open and accountable in our collection, use and disclosure of our Donors’ Personal Information and Confidential Information.
“Donor” means a person, company or organization that provides a voluntary transfer of property to the Foundation normally in the form of cash, cheque, credit card or publicly traded stocks or securities and where no advantage is accrued to the donor.
“Constituent” or “Constituents” means the Foundation’s staff members, volun-teers, Trustees, Board members and Donors.
1.3 Personal Information
“Personal Information” means information that can be used to distinguish, identify or contact a Constituent and includes a Constituent’s credit card or banking information. Personal Information also includes information with re-spect to an individual’s status as a Donor to the Foundation and the amount(s) an individual has donated or plans to donate to the Foundation.
1.4 Privacy Officer
“Privacy Officer” means the officer designated by the Foundation from time to time as primarily responsible for the Foundation’s collection, use and disclosure of Personal Information and Confidential Information, including compliance with privacy legislation. The Privacy Officer acts as the point of contact for all privacy questions and issues.
“Cookie” or “Cookies” means small data file(s) created by a web server and stored on a user’s computer. Cookies let websites identify users, keep track of users’ preferences and recognize users who are returning to the website. Cookies also let websites make custom pages for users. Some Cookies may also keep personal information, such as site passwords and account numbers. Web browsers may permit a user to accept or refuse all Cookies, third-party Cookies, or Cookies from certain websites.
2.0 Accountability for Personal Information
The Foundation collects and stores Personal Information in strict confidence. The Foundation’s Constituents (other than donors) are required to sign confidentiality agreements so that safeguards are in place to ensure that Personal Information is not accessed, disclosed or shared more widely than is necessary to achieve the purpose for which it was collected. The Foundation also takes measures to ensure that the integrity of Personal information is maintained and to prevent it from being lost or destroyed.
Where the Foundation chooses to retain a third party service provider to conduct activities on the Foundation’s behalf (including, but not limited to, fundraising, data-base creation and processing services), the selection of such third party service pro-vider is made with a view to professionalism and the protection of Personal Infor-mation. The Foundation takes all reasonable precautions to ensure that third party service providers are compliant with applicable privacy legislation [for example, Ca-nadian Anti-Spam Legislation (CASL), Freedom of Information and Protection of Pri-vacy Act (FOIPP), the Payment Card Industry Data Security Standard (PCIDSS)] in order to protect Personal Information.
Canadian Anti-Spam Legislation
Effective July 1, 2014, Canada’s Anti-Spam Legislation came into effect. For charitable organizations, there is implied consent for a period of 24 months with existing donors, volunteers and participants.
3.0 Collection of Personal Information
3.1 Purpose of Collection of Personal Information
When the Foundation collects Personal Information directly from a Constituent, the Foundation identifies the purposes for which it is collected at or before the time of collection. These purposes include: registration, fundraising, the administration of the donations, providing information about the activities of the Foundation and the Stollery Children’s Hospital, and compliance with legal and regulatory requirements. Personal Information will be collected only by fair and lawful means.
3.2 Consent to Collect, Use or Disclose Personal Information
The Foundation collects, uses and discloses Personal Information with Con-stituent permission. Permission may be expressed orally, in writing or may be implied, and collected orally, electronically or in writing.
A Constituent may limit or opt-out of future contact by the Foundation. It is clearly indicated how to do so on all electronic communications from the Foundation and on the Foundation’s website.
A Constituent has the right at any time to withdraw consent to the use of Per-sonal Information.
3.3 Limit of Use, Disclosure and Retention of Personal Information
Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with consent or as required by law. Personal Information will be retained only as long as necessary for the fulfill-ment of those purposes. The Foundation does not trade, rent or sell any Per-sonal Information to third parties.
4.0 On-line Collection of Personal Information
The Foundation’s web pages contain online forms that allow visitors to make dona-tions. The Personal Information provided on these forms is used only to process these donations. Credit card numbers and banking information, as applicable, are encrypted using the Geotrust Secure Socket Layer certificate for the protection of a Donor’s Personal Information and not held in hard copy.
Visitors to the Foundation’s web pages are not required to disclose Personal Information as a condition of using such web pages. When a visitor uses the Foundation’s web pages, data about such use is stored on third party servers. This data may include the name of the visitor’s internet service provider, the web site used to link to the Foundation’s web pages, the web sites that were visited from the Foundation’s web pages and the visitor’s IP-Address. The Foundation uses such data to administer the web pages more effectively, and to gather broad demographic information about what countries and domains visitors come from and their behavior on the Foundation’s web pages.
The Foundation’s website uses Google AdWords remarketing services to advertise on third-party websites, including Google, to its previous visitors. This includes advertisements on the Google search results page and in the Google Display Network.
5.0 Safeguarding Personal Information
Personal Information is protected with security safeguards appropriate to the sensi-tivity of the information. The Foundation uses password protocols and secure web-sites to protect Personal Information. The Foundation’s digital security software is routinely updated for the protection of Personal Information.
Personal Information held in hard copy, such as original gift agreements, are secured within the Foundation’s premises.
6.0 Accuracy of Personal Information
The Foundation relies on Constituents to provide accurate Personal Information. The Foundation strives to ensure that accuracy is maintained in all applicable Constituent databases. A Constituent may access his or her Personal Information to change or modify Personal Information for accuracy.
7.0 Children’s Personal Information
In light of the importance of protecting a child’s Personal Information, the Foundation does not collect, process or use on any of the Foundation’s web pages or in other Foundation publications, Personal Information of a child (who, within the Province of Alberta, is a person under the age of 18 years) without the prior, verifiable consent of his or her legal representative. Such legal representative has the right, upon request, to view the information provided by the child and/or to require that it be deleted.
8.0 Transparency Regarding Privacy Practices and Personal Information
The Foundation’s practices relating to the management of Personal Information are available to all Constituents on the Foundation’s web pages. Constituents who do not have access to electronic media may contact the Foundation to request a print version of this Policy.
Any person who is not a Constituent may inquire with the Foundation whether the Foundation holds any Personal Information with respect to that person. The Founda-tion’s Privacy Officer shall respond to all such inquiries and take steps in accordance with this Policy.
Any concerns about the Foundation’s compliance with this Policy and privacy legislation in general may be directed to the Foundation’s Privacy Officer. The Foundation will investigate all complaints, acting reasonably. In the event that a complaint identifies compliance issues, the Foundation shall take appropriate steps to achieve compliance, acting reasonably.