BC Children's Hospital Foundation recognizes the value of its relationships with donors, volunteers and employees, and is committed to respecting and protecting their personal information. We value the trust of those we deal with, and of the public, and recognize that maintaining this trust requires transparency and accountability in our treatment of the information that is entrusted to us. Accordingly, the Foundation complies with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the provincial Personal Information Protection Act (PIPA), and embraces ethical guidelines established by the Association of Fundraising Professionals, the Association of Healthcare Philanthropy and Canadian Centre for Philanthropy.
Principle 1 - Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
1.1 Accountability for BC Children's Hospital Foundation's compliance with privacy legislation rests with the Director, Research & Prospect Management, who has been designated as the Foundation's Privacy Officer.
1.2 We are responsible for personal information in our possession, including information that has been transferred to a third party for processing. In cases where such transfers take place we ensure that the third party has comparable privacy safeguards in place.
Principle 2 - Identifying Purposes
The purposes for which personal information is collected shall be identified by BC Children's Hospital when or before the information is collected.
2.1 The purposes will be limited to those which are related to our business and which a reasonable person would consider to be appropriate in the circumstances. We collect personal information concerning our donors for the following reasons:
- To comply with CCRA requirements for gift processing
- To thank and publicly recognize donors
- To provide donors with information about how donated funds are used by the hospital
- To keep donors informed about the Foundation's activities
- To promote opportunities for donors and potential donors to support the Foundation
- To build and maintain relationships
The Foundation will specify the identified purposes, orally or in writing, to the individual from whom personal information is being collected either at the time of collection or after collection but prior to use or disclosure. We will state the identified purposes in such a manner that an individual can reasonably understand how the information will be used or disclosed.
Principle 3 - Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. The manner in which the Foundation obtains consent for the collection of personal information varies with the sensitivity of the information being collected. PIPA makes provision for express, implied or deemed consent, depending on the situation. Because of the nature of the information we collect, in most cases we will obtain implied consent at the time of collection.
The principle requires "knowledge and consent", and the Foundation will make a reasonable effort to ensure that individuals are aware of the purposes for which information the information is collected at the time of collection.
Individuals can give consent:
(a) in writing, such as when completing a donation or registration form.
(b) through an opt-out process, either by checking off a box on a response form or by contacting the Foundation.
(c) orally, either in person or by telephone. Individuals may withdraw consent at any time, by any means, with reasonable notice to the Foundation.
The Foundation may collect, use and disclose personal information without consent if that information is considered by law to be in the public domain. Sources of public information include telephone and professional directories, newspapers, periodicals and public registries. Other circumstances in which consent is not required by law are set forth in PIPA, but do not represent common situations for BC Children's Hospital Foundation.
Principle 4 - Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. BC Children's Hospital Foundation will not collect information indiscriminately. The Foundation will specify the types of information collected, limited to that which is necessary and reasonable to fulfil the purposes identified. The Foundation will collect personal information by lawful means and will not mislead individuals about the purposes for which information is being collected.
Principle 5 - Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
5.1 When the Foundation uses personal information for purposes other than those given at the time of collection, consent will be obtained for these purposes
5.2 The Foundation does not sell, rent or trade mailing lists. Personal information is only disclosed to third parties who have signed an agreement binding them to the Foundation's privacy policies.
5.3 Personal information will be retained as long as the purpose for which the information was originally collected remains valid.
Principle 6 - Accuracy
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1 The Foundation will use its best efforts to ensure that information that is used on an ongoing basis, including information that is disclosed to third parties, and information that is used to make a decision about an individual (such as a giving recognition category), is accurate, complete and up to date.
Principle 7 - Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
7.1 The Foundation's safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
7.2 We will make our employees aware of the importance of maintaining the confidentiality of personal information, and we will exercise care in the disposal and destruction of personal information to prevent unauthorized parties from gaining access to it. All employees and volunteers having access to personal information are required to sign an oath of confidentiality.
7.3 Our methods of protection will include physical measures (e.g. locked filing cabinets, restricted access to offices), organizational measures (e.g. security clearances and limiting access on a "need-to-know" basis) and technological measures (e.g. the use of passwords and encryption).
7.4 Third parties are expected to safeguard personal information entrusted to them in a manner consistent with the policies of BC Children's Hospital Foundation, and are required to sign a confidentiality agreement as part of all contracts. Examples of third parties include mailing services and data analysis providers.
Principle 8 - Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
8.1 BC Children's Hospital Foundation will be open about privacy policies and procedures with respect to the management of personal information and will make them readily available in a form that is generally understandable.
8.2 The information made available will include:
(a) the name or title and contact information of the Privacy Officer who is accountable for compliance with BC Children's Hospital Foundation's policies and procedures, and to whom complaints or inquiries can be forwarded;
(b) the means of gaining access to personal information held by the Foundation;
(c) a description of the types of personal information held by the Foundation;
(d) a copy of any document that explains the Foundation's policies, procedures, standards or codes; and
(e) the types of information made available to third parties.
Principle 9 - Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 BC Children's Hospital Foundation will respond to an individual's request within a reasonable length of time, but no longer than one month. While our response will typically be provided at no cost to the individual, depending on the nature and amount of information involved, we reserve the right to impose a cost.
9.2 The requested information will be made available in a form that is generally understandable. For example, where the Foundation uses abbreviations or codes to record information, an explanation of those codes will be provided. Where possible, we will provide sources for the information.
9.3 For the Foundation to provide an account of the existence, use and disclosure of personal information, an individual may be asked to provide additional information to aid in the search. The additional information provided will only be used for this purpose.
9.4 Upon request, the Foundation will provide specific information about third parties to whom personal information has been disclosed.
9.5 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the Foundation will amend the information as required. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
Principle 10 - Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
10.1 The name of the Privacy Officer will be known to staff. Information on how to contact the Privacy Officer will be identified to other individuals periodically.
10.2 The Foundation will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures will be easily accessible and simple to use.
10.3 Individuals who make inquiries or lodge complaints will be informed by the Foundation of the existence of relevant complaint procedures.
10.4 If a complaint is found to be justified, the Foundation will take appropriate measures, including revision of the personal information and, if necessary, amendment of the Foundation's policies and practices.
How to contact the Privacy Officer
Inquiries, complaints or access requests should be addressed to: Privacy Officer, BC Children's Hospital Foundation, 938 West 28th Avenue, Vancouver, BC V5Z 4H4. E-mail: email@example.com.
When you make a donation to BC Children's Hospital Foundation online, a secure connection is established and your information is encrypted to prevent interception during the transaction. This secure connection is maintained until the transaction is completed or terminated. The software that enables these processes is routinely updated to maximize protection of your information.
If you provide us with your postal address, email address or telephone number, you may receive periodic communication regarding the Foundation's services or upcoming events, or responding to any request you may have made.
If you prefer not to be contacted by the Foundation please let us know by sending an e-mail to firstname.lastname@example.org or by calling 604-875-2444 . Our web site may contain links to web sites of other organizations that maintain their own privacy and security policies. This policy describes the privacy practices of the BC Children's Hospital Foundation site only.
For more information about our online security practices, contact email@example.com.