The Cancer Research Society (the Society) bases its privacy practices on the federal government’s Personal Information Protection and Electronic Documents Act (PIPEDA), which is considered to be the standard in respect to the protection of personal information in Canada.
The Society also complies with the Code of Ethics (Appendix 1) and the Donor’s Bill of Rights (Appendix 2) published by the Association of Fundraising Professionals. As an organization accredited by Imagine Canada’s Standards Program, the Society demonstrates its high standards in matters of confidentiality and the privacy of its donors.
Definition of Personal Information
The Society defines “personal information” as any information that can be used to distinguish, identify, or contact a specific individual. Exceptions include business contact information and publicly available information such as name, address, and telephone numbers as published in telephone directories. When an individual uses his/her home contact information as business contact information, the Society considers that such information is not subject to protection to the same extent as personal information.
The Society recognizes the importance of protecting the personal information of its members, partners, and donors. To this end, the Society commits to:
- Maintain the highest level of confidentiality with respect to the collection, use, and disclosure of personal information;
- Collect or use that information only after having informed its members, partners and donors, and for the sole purpose sought by them;
- Obtain their authorization before disclosing any personal information to a third party; Recognize their right to access their personal information;
- Be available to respond to their questions and concerns about the way the Society protects the confidentiality of their personal information.
Methods of Collecting Personal Information
There are no obligations to provide any personal information on the Society’s website unless an individual chooses to do so. If an individual wishes to make an anonymous donation, they are invited to check the box provided at the beginning of the electronic donation form.
The Society asks for personal information on its “Donate Online” page. The Society asks for the same information when a donation is made by mail or by phone. The Society uses this information to process a donation and to write back to acknowledge a gift and to send a receipt for tax purposes. Note that names and other information will appear on the Society’s mailing lists and be used for the following purposes:
- Correspondence (by post or electronic) and/or phone calls to request support from individuals;
- Correspondence (by post or electronic) and/or phone calls to invite supporters to special events;
- Electronic mailings to alert individuals on updated information and interesting features on the Society’s website. Any email issued by the Society includes the possibility of withholding one’s name from electronic mailing lists.
If a person does not wish their personal information to appear on the Society’s solicitation list, they are invited to contact the Society as follows to advise them:
By e-mail at: email@example.com
By phone at 1-888-766-2262
By mail to P.O. Box 4613, Station E, Ottawa ON K1S 1P7, or
625 President-Kennedy Avenue, Suite 402, Montreal QC H3A 3S5.
It is possible to withdraw consent at any time.
Should a person wish to make a donation in honour or in memory of someone, the Society will not use the information provided about that person for any other purposes.
Disclosure to Third Parties
The Society may transfer the name of a donor to other non-profit organizations to enable them to contact the donor for the purpose of soliciting donations. If a donor does not want this information to be shared, he or she must check the box at the end of the donation form (paper format). It is also possible to inform the Society, by e-mail at firstname.lastname@example.org or by dialing 1-888-766-2262, listing name, postal or e-mail address, and telephone number, and mentioning that sharing their personal information is not permitted. When the Society uses other organizations to carry out functions on its behalf, they are required to use personal information only for the purpose of the functions they are providing and only in compliance with privacy laws.
Information from Other Sources
The Society occasionally uses mailing lists received from other organizations. In such cases, the Society requires that the organization provide only the names of individuals who have consented to the sharing of their information. If a person is contacted from one of these lists, it will be possible for that person to express their desire to receive further communications from the Society.
The Society commits to using the personal information in its possession only for the purposes explained in advance to the parties concerned. It will not use or communicate the information for any other reason without first obtaining the concerned party’s informed consent.
Principle 1- Accountability
Principle 2 – Identifying the Purpose of the Collection of Information
The Society will identify and state the purposes for which personal information is collected at or before the time the information is collected.
Principle 3 – Consent
The Society will obtain the informed consent of the individuals concerned at or before the time it collects, uses, or discloses personal information, unless specifically authorized by law.
Individuals can give consent in many ways and the form of the consent sought by the Society may vary, depending upon the circumstances and the type of information. In determining which form of consent it will require, the Society will take into account the nature of the personal information.
An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The Society will inform the individual of the implications of such withdrawal of consent.
Principle 4 – Limits of Collection
The Society will collect only the personal information necessary for the purposes stated by the Society. Information shall be collected only by fair and lawful means.
Principle 5 – Limits of Use, Disclosure, and Retention
The Society will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law or regulations. Personal information will be retained only as long as necessary for the fulfillment of those purposes.
Principle 6 – Accuracy
The Society ensures that the personal information in its possession is as accurate, complete, and upto-date as is necessary for the purposes for which it was collected.
Principle 7 – Safeguards
The Society will protect the security of personal information whatever its format. The Society’s employees, volunteers, and authorized third parties who are granted access to personal information and data must respect the confidentiality of the information and data, and must use methods of protection, including:
- Physical measures, such as locked filing cabinets;
- Organizational measures, such as limiting access to personal information on a “need-to-know” basis;
- Technological measures, such as the use of passwords, encryption, and verification procedures.
Information Collected from the Society’s Website
A. Credit Card Security
The Society is grateful to its donors for the donations it receives and that make it possible to continue its valuable work. It is important to the Society that the information provided by a donor when making an online donation remains secure. A donor’s credit card information is therefore secured by a reputable security company. The information is used only for that particular transaction and is not stored.
Note: To ensure that payment information is secure, the Society uses the Blackbaud Merchant Services payment solutions gateway (BBMS). BBMS processes credit card information securely, in real time, using the latest available encryption technology. This means the donor’s payment information cannot be read as it travels over the Internet to his credit-issuing institution. BBMS Payment Solutions is accredited by all financial institutions in North America.
B. Domain Name
The Society’s web server automatically recognizes, but does not collect or use, the donor’s domain name (IP address). The Society tracks the donor’s visit anonymously in order to compile statistical information about the use of its website. The Society does not collect individual information about the donor or his/her use of this site.
C. Cookie Use
D. E-mail Addresses
The Society’s website does not perform automatic recognition of an individual’s e-mail address. The Society collects the e-mail address of those who communicate with it by e-mail and asks for their e-mail address on its “Donate Online” page. If you communicate with the Society by e-mail, where your e-mail address is provided, The Society will send you regular e-mail updates. If you do not want to receive regular e-mail updates, you can either uncheck the box following the sections where you have provided your e-mail address, e-mail the Society at the address previously indicated, mail a letter at one of the addresses below, or follow the instructions at the bottom of any e-mail update you may receive.
P.O. Box 4613, Station E, Ottawa ON K1S 1P7
402–625 President Kennedy Avenue, Montreal QC H3A 3S5
E. E-mails to the Society
The Society uses e-mail links to allow you to contact it directly with questions or comments. This information is used to respond directly to your questions or comments. The Society may use your comments to improve its website and programs and may also file the e-mails you send to follow up on your comments.
F. Links to Other Sites
Principle 8 – Transparency
The Society willingly provides, to the people who request it, specific information about its policies and practices relating to the management of personal information.
Principle 9 – Individual Access to Personal Information
Upon written request, and except for exemptions stipulated by law, the Society will inform an individual of the personal information contained in his/her file, of the specific purpose that the information is used for, and will provide a list of the third parties to whom the information has been communicated. Also upon written request, and except for exemptions stipulated by law, the Society will allow the person to be given access to that information. An individual may challenge the accuracy and completeness of the information and have it amended as appropriate.
Reasons for barring an individual’s access to the information will be limited and specific. Examples include:
- The cost of providing the information is prohibitive;
- The information contains references to other individuals;
- The information cannot be disclosed for legal reasons, or because of security or commercial proprietary issues;
- The information is subject to lawyer-client confidentiality or to the protection of the information relating to a lawsuit or litigation.
Principle 10 – For Complaints
All complaints or requests for information should be addressed to email@example.com. This e-mail message box will be the subject of periodic follow-ups. Each question or complaint will be forwarded to the person responsible for the file at the appropriate administrative level, and that individual will be responsible for performing the required action and follow-up.