Privacy policy
General
Preamble
The privacy of individuals must be balanced with the legitimate need of The Ronald Denis Foundation to collect, use, and disclose personal information for reasonable purposes related to filtering and diligent monitoring of activities. The very nature of the Foundation’s activities, such as supporting people suffering from severe obesity, voluntary action, and fundraising, involves the collection, use, disclosure, and retention of a lot of personal and sensitive information.
The legislation on Access to information and protection of privacy contains provisions to the effect that organizations or foundations must protect the personal information in their possession. Not only is such protection important for individuals whose personal information is at stake, it is also important for organizations or foundations that could be held responsible or have their reputation tarnished following improper access, use, retention, or disclosure of personal information.
In addition to privacy requirements, the law may grant individuals the right to view their own information, in whole or in part. They also have the right to ask for the correction or modification of any personal information that they consider to be inaccurate. Finally, legislation may grant individuals the right to file a complaint if they believe the organization is not fulfilling its legal obligations.
Misuse of personal information can have dire consequences, both for the organization or foundation and for the individuals involved. Good privacy practices are essential to good governance, accountability, and risk management.
Une mauvaise utilisation des renseignements personnels peut entrainer de graves conséquences, tant pour l’organisme ou fondation que pour les particuliers impliqués. De bonnes pratiques en matière de protection de la vie privée sont essentielles à la bonne gouvernance, à la responsabilisation et à la gestion du risque.
Objective
This policy aims to define the framework and responsibilities of each person in relation to the following:
- Obtaining consent from individuals regarding the collection, use and disclosure of their personal information;
- Importance of not collecting more information than necessary for filtering;
- Use of information for its intended purposes;
- Verification of the accuracy of the information and its retention for reasonable purposes;
- Access of individuals to information collected about them; and
- Protection of information from inappropriate access, use or disclosure.
Scope
This policy applies to all employees, volunteers or personnel associated with a partnership of the foundation in Canada.
People
People are those about whom the foundation collects, uses, and stores personal information for the proper functioning of its activities. “Individuals” in this context includes patients, volunteers, interns, donors, therapists, employees, and others who have provided their data to stay informed about the Foundation’s programs.
Personal Information
Personal information is defined as information that allows a person to be identified. Examples of personal information range from an individual’s name, address or telephone number, medical records, or criminal history. For privacy legislation to apply, the personal information in question must relate to an individual, identify an individual or enable the identification of an individual.
Express or Implied Consent
When collecting personal information from individuals, we must explain the purpose of this information collection and obtain their prior consent.
Implied (or tacit) consent is consent that is self-evident, without being formally expressed verbally or in writing. For example, if a potential volunteer completes a registration form, in which case they can expect that this information will be collected and used as part of his or her involvement in the organization. In such a case, the individual voluntarily provides their personal information.
Explicit (or express) consent is occasionally required, which means that the organization must clearly notify individuals (verbally or in writing) whether they have the option to consent or not and obtain formal acquiescence from the individual. Criminal background checks when recruiting a person require that they consent to it by signing a document, as well as if an individual’s photo is used in the organization’s publications.
Internal forms are usually available for these purposes.
Reference Principles
The organization collects personal information about its donors, partners, patients, volunteers, and event participants. This information is used for the purposes of funding, education and public awareness, delivery of services and programs, and to establish, maintain and manage relationships with these individuals.
Responsibility
The information collected is entrusted to the foundation and it is therefore responsible for the personal information it manages. The General Management is appointed to ensure compliance with the principles set out below.
The foundation is the owner and responsible for the information it has collected, and this responsibility extends to all employees, partners and volunteers who have access to it. All employees, partners and volunteers are therefore responsible for the personal information they collect, control, or have access to in the course of their duties. They also have the obligation of reserve and confidentiality, in accordance with this policy and the spirit of the Law; any breach of these may lead to disciplinary or administrative measures, which may include the dismissal of employees, the expulsion of volunteers in serious cases and the cancellation of any partnership or agreement with a third party.
Questions relating to the protection of privacy are integrated into agreements and orientation and training programs for employee volunteers and partners.
Determining the purposes of collecting information
Personal information is collected from and about individuals to ensure the effectiveness of programs or activities such as fundraising, recruiting volunteers, managing, and terminating relationships with volunteers and employees. The information can also be used to keep statistics or evaluate recruitment and management strategies.
.Proper information management ensures the availability of personal information for decision-making and protects the rights of the foundation and individuals. It provides evidence of an individual’s progress and history and can serve as a documented source of accurate information about them.
The organization only collects personal information necessary for the specified purposes and proceeds honestly and lawfully.
Consent
Every person is informed of any collection, use or communication of personal information concerning them and consents to it tacitly or explicitly, unless it is not appropriate to do so. To do this, the foundation:
- Clearly defines what information is mandatory and essential to its processes, and what information is optional;
- Describes how the information collected will be used during its activities;
- Be transparent about when personal information may be disclosed and whether it will be shared with other programs, external third parties or as required by law;
- Specifies whether the foundation intends to verify the personal information submitted;
- Ensures, to the extent possible, that the information provided by individuals is complete, accurate and true;
- Indicates administrative or other penalties may apply if an individual provides false information;
- Specifies the retention period for personal information; and
- Ensures that a third party has consented to the volunteer or partner staff providing their information, if a contact other than those mentioned above (e.g., emergency contact person) is mentioned on the form.
Use and Communication
Personal information is not used or disclosed for purposes other than those for which it was collected unless the individual concerned consents or it is required by law. The organization only retains personal information for as long as necessary to achieve the specified purposes.
Furthermore, the personal information of volunteers, donors, partners, and patients (including photographs and biography) may be collected, used and disclosed as part of the organization’s activities, in newsletters, websites and social media.
The disclosure of personal information is subject to the legislation applicable to the foundation; however personal information may be disclosed:
- For the purposes for which the information was collected or for use aligned with a particular need (e.g., determining or verifying an individual’s suitability to volunteer with the foundation);
- If an individual has consented in writing to the disclosure of their personal information (e.g., to communicate with the spouse, family member or friend of an injured or ill patient and/or donor); and
- If such disclosure is necessary to comply with any federal or provincial law.
Regardless of the circumstances, the foundation does not rent, sell, or trade individuals’ personal information.
Retention
Personal information, references, criminal checks, and other such personal information are stored in databases. A retention and disposal schedule specifies the length of time a record or file can be retained before being destroyed and identifies those that must be retained permanently. The organization retains personal and financial information for as long as necessary, and in accordance with relevant federal and provincial government regulations.
Security Measures
Personal information is protected using security measures appropriate to its sensitivity.
The foundation puts in place and ensures adequate protection measures so that access to personal information in the files of volunteer, patients and other people connected to the foundation is limited to the following people:
- Individuals authorized by the foundation, who need it as part of their duties;
- Individuals to whom individuals have given consent; and
- Individuals authorized by law.
The preparation and management of electronic and paper records ensures that their integrity and authenticity are maintained through the adoption of control mechanisms that allow their movements to be tracked and prevent any unauthorized access or use, or any modification or deletion. inappropriate and malicious.
The Ronald-Denis Foundation spares no reasonable effort for necessary protection measures against the loss, malicious use and alteration of personal information under its responsibility. Security policies are reviewed periodically.
Under certain limited circumstances, it may be necessary to share information with a service partner hired and associated with the Ronald-Denis Foundation. All our suppliers or service partners must maintain the confidentiality and security of personal information and only use it in compliance with applicable privacy laws. According to the stipulations of a confidentiality agreement signed by the said service providers and/or partners, they are also prohibited from using or communicating personal information for any other purposes whatsoever, except to provide services for which they were hired.
Secure data networks, protected by industry-standard firewalls and password protection systems, are used. Credit card information is processed using encryption systems and industry security standards and in compliance with Canadian commercial and banking laws. The use of computers and e-mail is regulated in accordance with the organization’s policies relating to computers, the Internet and e-mail.
Foundation staff, partner employees and board members demonstrate respect and dignity by maintaining the confidentiality of volunteer, patient and donor information and by not sharing any details of discussions with any individual who does not need to be informed of the facts.
Transparency and Access to Personal Information
The foundation ensures that specific information about its policies and practices regarding the management of personal information is easily accessible to anyone.
Any person may inquire, by making a written request to the General Management, about the existence of personal information concerning them, the use made of it and the fact that it has been communicated to third parties. It will also be possible to contest the accuracy and completeness of the information and have the appropriate corrections made.
Subject to legal and contractual requirements, an individual may, at any time, refuse or withdraw consent to certain of the purposes mentioned by contacting the foundation.
File a Complaint regarding Non-Compliance with the Principles
A person can complain about non-compliance with this policy or the generally recognized principles relating to the protection of privacy by communicating with the General Management via the contact form and have them respected within the foundation. If, at any time, a person wishes to remove their name from the distribution lists, they simply need to contact the organization to make the request.
Connection Cookies
A cookie is a piece of information sent to a WEB browser and stored on a computer. It allows the organization to improve its website by providing information on the interests of users who visit the different sections of it. Cookies do not contain personal data and can be deleted at any time by users.
Responsibilities
Board of Directors
The Board is responsible to:
- Approve this policy and its subsequent modifications;
- Ensure that adequate monitoring is done by one of its committees; and
- Monitor, on an annual basis, the application of this policy with General Management.
General Management
The General Management must ensure that:
- All staff, partners and their staff, and volunteers have the training and knowledge required to properly apply this policy and the principles of the Act;
- Measures and controls are in place to ensure the adequate collection and proper management of personal information;
- It has the means and resources required to ensure the proper application of this policy and raise, where applicable, issues related to this policy; and
- An assessment of the application of this policy be presented annually to the Board and that necessary modifications are recommended.