If you have any questions about your privacy at Southlake Foundation, please contact our Chief Privacy Officer by e-mailing email@example.com or phoning 905-836-7333 ext. 5117.
The Foundation has taken a policy decision to align its privacy program with the ten privacy principles set out in the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information.
Our Privacy Standards
Principle 1 - Accountability
The Foundation accepts responsibility for protecting personal information under its control, including any personal information that it transfers to third party service providers acting on its behalf. The Foundation takes reasonable steps to protect personal information that it transfers to others (for example, by including privacy clauses in its contracts with third party service providers to ensure a comparable level of protection).
Principle 2 - Identifying Purposes
The Foundation identifies the purposes for which it collects, uses and discloses personal information. The Foundation only collects, uses and discloses personal information necessary for the identified purposes.
The Foundation collects, uses and discloses information to: - process donations and sponsorships and issue tax receipts, where applicable, - keep donors and sponsors informed about Foundation and Southlake Regional Health Centre activities, - ask individuals and organizations for their support, - process orders for promotional products, lottery tickets and special fundraising events and to provide the purchased products and services, - engage in donor and sponsor recognition activities such as stewardship reports, plaquing, printed articles, tours and events, - send an acknowledgement to the designated recipient of an in memoriam or in honour gift, - permit internal analysis to assist the Foundation with planning for future fundraising activities, and - comply with legal and regulatory requirements. The Foundation collects the following information to achieve its identified purposes: - name, - contact information, including telephone number, residential address or e-mail address, - demographic information including information about an individual’s gender and age that will help us communicate more effectively, - specific areas of interest in hospital activities, - publicly available information including personal information that appears in a publication such as a magazine or newspaper, and - history of charitable giving including charitable giving to the Foundation.
Principle 3 - Consent
The Foundation obtains consent from individuals for its collection, use and disclosure of their personal information for the identified purposes, except where otherwise permitted by law. The form of consent sought by the Foundation may vary depending on the circumstances and the sensitivity of the personal information that is collected.
Consent can be express, implied or given through an authorized representative. Before deciding what form of consent is appropriate, the Foundation will consider the type of personal information it needs, the reason for its use, and the type of customer contact that is involved. The Foundation will generally seek express consent when the information is likely to be considered sensitive.
Individuals may give express consent in writing, orally or electronically. They can also imply consent through action or inaction. For example: - by completing and signing a pledge form or other Foundation materials, or by registering for an event sponsored by the Foundation, - by voluntarily disclosing personal information, including personal health information, to an employee, volunteer or board member of the Foundation, - orally, at the time an individual uses a health service, makes a donation or when personal information is collected over the telephone, - by attending a fundraising or other Foundation event, - by not responding to the Foundation’s offer to have their personal information removed from a direct marketing list. In this case, the Foundation may assume that the individual consents to the use of their personal information for the identified purposes.
Individuals can also give consent through an authorized representative, such as a legal guardian or a person with a power of attorney. This is necessary, for example, if the Foundation cannot obtain express consent from an individual who is a minor, seriously ill, or mentally incapacitated. The Foundation receives potential donors’ and sponsors’ names and mailing addresses from the Southlake Regional Health Centre, and uses this information to contact these individuals through mailings. The Southlake Regional Health Centre provides notice to individuals of its intention to disclose the information to the Foundation for fundraising purposes, and provides individuals with the opportunity to opt-out of this process.
The Foundation also receives the names and contact information of potential donors’ and sponsors’ from individuals and organizations within the community including Newmarket and surrounding area for fundraising and information-sharing purposes, including for the purpose of providing tax receipts.
Principle 4 - Limiting Collection
The Foundation limits its collection of personal information to that which is necessary to fulfill its identified purposes. The Foundation collects personal information by fair and lawful means.
Principle 5 - Limiting Use, Disclosure and Retention
The Foundation does not use personal information, or sell, transfer or otherwise disclose personal information to any third party, for purposes other than those for which it was collected, except with the individual’s consent or as permitted or required by law. The Foundation retains personal information only as long as necessary to fulfill the identified purposes or as otherwise permitted or required by law.
Principle 6 - Accuracy
The Foundation keeps personal information as accurate, complete and up-to-date as is reasonably necessary for its identified purposes. Individuals may request corrections to inaccuracies in their personal information by contacting the Foundation’s Chief Privacy Officer (see contact information above).
Principle 7 - Safeguards
The Foundation is committed to protecting personal information in its control with security safeguards appropriate to the sensitivity of the information. Personal information is protected by safeguarding measures designed to prevent theft, loss and unauthorized access, copying, modification, use, disclosure and disposal. A higher level of protection is used to safeguard more sensitive personal information.
The Foundation takes steps to ensure that employees, volunteers and board members are aware of the importance of maintaining the security and confidentiality of donors’ and sponsors’ personal information and requires them to sign a Confidentiality Agreement. All independent contractors, vendors and suppliers that work with the Foundation’s personal information must also sign a Confidentiality Agreement.
Principle 8 - Openness
Principle 9 - Access
Upon written request, the Foundation will give individuals access to their personal information and an account of its use and disclosure. Individuals can challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 - Challenging Compliance
The Foundation has procedures in place to receive and respond to donor and sponsor inquiries and complaints about the handling of their personal information. Individuals who are not satisfied with the answer received about the subject of their inquiry may complain in writing to the Foundation’s Chief Privacy Officer (see contact information above). The Foundation’s Chief Privacy Officer will investigate all complaints.
Incident Recognition, Response, Reporting and Follow-Up
Routine Assessment of Systems and Procedures
The Foundation will routinely assess information systems and work processes to confirm that donor privacy is protected, and that only authorized individuals with a “need-to-know” have access to personal information. Whenever significant changes are proposed or undertaken for information systems or work processes, and whenever substantial external services and products are evaluated or contracted to assist with information management, the Foundation will conduct a privacy impact assessment.
Audits and Reviews
The Foundation’s management will report annually to the board of directors on matters concerning privacy compliance.