St. Joseph’s Healthcare Foundation is committed to protecting the privacy of the personal information of its donors, volunteers, employees, and other stakeholders. We value the trust of our supporters and of the public, and recognize that maintaining this trust requires that we be transparent and accountable in how we treat the information that is shared with us.
During the course of our various projects and activities, we frequently gather and use personal information. Anyone from whom we collect such information should expect that it will be carefully protected and that any use of or other dealing with this information is subject to consent. Our privacy practices are designed to achieve this.
DEFINING PERSONAL INFORMATION:
Personal information is any information that can be used to distinguish, identify or contact a specific individual. This information can include an individual’s opinions or beliefs, as well as facts about, or related to, the individual. Exceptions: business contact information and certain publicly available information, such as names, addresses and telephone numbers as published in telephone directories, are not considered personal information. Where an individual uses his or her home contact information as business contact information as well, we consider that the contact information provided is business contact information, and is not therefore subject to protection as personal information.
1.1.1 PRIVACY OFFICER
The Foundation’s Chief Privacy Officer (CPO) is the Director, Database, Donor Services & Annual Giving. The CPO works closely with the Chief Privacy Officer of St. Joseph’s Healthcare Hamilton, and in accordance with the principles and policies of the Imagine Canada Standards, and PIPEDA, PHIPA and FIPPA legislation to promote and protect the privacy of all benefactors of St. Joseph’s Healthcare Foundation.
1.1.2 THIRD PARTY USE OF PERSONAL INFORMATION
The Foundation uses third party vendors for services that would not be practical or cost-effective for us to perform ourselves. Services that employ a third vendor include but are not limited to:
- Mail processing
- National Change of Address (NCOA)
- Database analysis
- Affinity marketing programs
- Tele-fundraising programs
In all cases, the third party vendor is contractually bound to comply with the Foundation’s privacy and data protection requirements, and signs a confidentiality agreement promising that it will take every precaution to protect the personal information in its possession and to destroy it upon completion. (Appendix A)
Further, personal information sent between the Foundation and third party vendors will be transferred using secured password-protected file transfer protocols.
1.2 IDENTIFYING PURPOSES
Before personal information is collected, the Foundation must identify the purpose for which it is being collected. (Appendix B) Safeguards are in place to ensure that the information is not disclosed or shared more widely than is necessary to achieve the purpose for which it was gathered unless otherwise required by law. Should a new purpose be established, individuals must be notified of the change.
1.3.1 IMPLIED CONSENT
In the collection, use or disclosure of personal information, knowledge and consent of the individual is required. This consent must be meaningful and easily understood. The Foundation will consider a donation or event registration as implied consent to inform the donor of the impact of their gifts and include them in future communications to support St. Joseph’s Healthcare Foundation, unless otherwise indicated by the donor.
1.3.2 WITHDRAWAL OF CONSENT
The Foundation offers individuals the opportunity not to receive any or all communications from us. Such requests will be respected and acted on promptly. Opt-out clauses will be included in all direct mail pieces, e-newsletters, and e-solicitations. Opt-out contact information is prominently located on the Foundation website. To opt-out at any time, donors are invited to call our Foundation at 905-521-6036.
1.3.3 FORMER PATIENT SOLICITATION
The Foundation receives limited information on patients who have been discharged. Safeguards have been put in place to protect patient privacy and to eliminate inappropriate mailings.
The Foundation does not have direct access to patient information; the hospital prepares all data selections. All data received from the Hospital contains only the information necessary for our fundraising practices and adheres to PIPEDA and FIPPA legislation.
Only when an individual responds to a mailing does the Foundation enter their name & address into the secure donor database. All patient mailings include an opt-out clause and the Foundation maintains a list of individuals who have opted-out.
1.3.4 PUBLICATION OF DONOR LISTS
With respect to the publication of donor lists by gift category, donor requests for anonymity will be honoured.
1.4 LIMITING COLLECTION
Personal information collected is limited to that which is necessary to fulfill the purposes identified. Information will be collected only by lawful means without misleading or deceiving individuals as to the reason. The source of the data will be indicated on each file.
1.5 LIMITING USE, DISCLOSURE AND RETENTION
The Foundation collects, uses and discloses personal information only for the Foundation’s fundraising programs and initiatives, and to support ongoing administration of our authorized fundraising activities. When information is no longer needed it will be securely destroyed.
The Foundation only uses the information it collects for Foundation programs that support St. Joseph’s Healthcare Hamilton.
The Foundation will take reasonable steps to ensure that personal information is as accurate, complete, and up to date as possible.
The Foundation will ensure that steps are taken to protect personal information from theft and loss, as well as unauthorized access, disclosure, copying or use. The Foundation has established policies and procedures, as well as technical security to protect personal information.
Hard copies of records are kept in locked cabinets and are accessible by Foundation staff only on a need to know basis. All electronic information is stored on secure servers and only Foundation staff with confidential passwords may access electronic records.
Information obtained from donors or visitors to our website is protected by special electronic security measures. The Foundation only captures information from our website if a visitor chooses to make a donation, fill out a form or contact us.
Our Foundation publishes our personal information protection policies and practices and clearly indicates who serves as the Foundation’s Chief Privacy Officer. This information is posted on our website and available in print form.
1.9 INDIVIDUAL ACCESS
Upon request, individuals will be informed of the existence, use and disclosure of their own personal information and be given access to that information, as permitted or required by law. An individual has the right to challenge the accuracy and completeness of the information and have it amended if appropriate.
All requests for access will be responded within a reasonable time (not more than 30 days) and at minimal or no cost to the individual.
1.10 CHALLENGING COMPLIANCE
An individual can challenge the Foundation’s compliance with this policy. If so, the Foundation will follow the procedures outlined in its Complaints Policy (2003 ADM-2).
Policies and procedures will be amended if a complaint has validity.
This policy will be regularly reviewed and updated as required. Revisions will be posted on the Foundation’s website.
Attention: Chief Privacy Officer
224 James Street South
Hamilton, Ontario L8P 3A9
Further information on privacy and personal information may be found on the website of the Privacy Commissioner of Canada at www.privcom.gc.ca.