The Canadian Breast Cancer Foundation (“CBCF” or “Foundation”) is committed to protecting the privacy and security of personal information under its control about, donors, event participants, volunteers and staff.
In an effort to maintain appropriate standards of care in managing personal information, CBCF commits to the following ten principles, as outlined in the Canadian Standards Association’s Model Code for the Protection of Personal Information:
2. Identifying Purposes
4. Limiting Collection
5. Limiting Use, Disclosure and Retention
9. Individual Access
10. Challenging Compliance
This policy is subject to change due to changes in organizational practices or legal and regulatory requirements. We encourage you to periodically check our website for updates to this policy.
Definition of Personal Information
Personal information is any information about an identifiable individual, other than an individual’s business contact information. Thus, personal information includes your name, address, phone number, date of birth, credit card details or other financial information, donation amounts and dates, volunteer information such as availability and areas of interest, history of involvement with CBCF, and information required to maintain an employment relationship with CBCF.
Personal information does not include anonymous or aggregate information that cannot be tracked back to you personally.
Principle 1: Accountability
CBCF accepts full responsibility for protecting personal information under its possession or control. CBCF’s Associate VP, Human Resources & Organizational Effectiveness is appointed as Privacy Officer and is accountable for the organization’s compliance with this policy.
The Privacy Officer:
• Develops and, on a regular basis, reviews CBCF policies and practices to ensure
consistent implementation and compliance;
• Ensures all staff are trained on privacy best practices and are aware of the importance of
safeguarding any personal information that they are privy to;
• Ensures that all inquiries and complaints relating to privacy are appropriately handled;
• Ensures all third parties to whom CBCF provides access to personal information adhere
to appropriate standards of care in managing that information.
Principle 2: Identifying Purposes
Personal information is collected to process donations and issue tax receipts; fundraise; promote and run CBCF events; deliver programs and services to you; as well as to establish and manage our relationship with you (for example, respond to your inquiries or concerns, and keep you informed about the Foundation’s activities).
Anonymous information is used for service planning and delivery, health promotion, and the general administration of the Foundation’s business, unless we have your specific consent to use identified information.
Principle 3: Consent
CBCF will usually obtain your informed consent at the time that we collect your personal information. If your personal information will be used or disclosed for any additional purposes that are not outlined in this policy, the Foundation will advise you of these new purposes before such use or disclosure, unless otherwise required by law.
Consent can be obtained in person, by phone, by mail, or via the Internet. Consent is only implied or assumed if it is obvious based on your actions or inactions, and the personal information is non-sensitive in nature and context.
Consent may be time-limited and may be revoked by the individual who gave it, subject to legal restrictions, limited exceptions and reasonable notice. Withdrawal of consent will not exclude an individual from service delivery, unless the information requested is required to fulfill an explicitly specified and legitimate purpose.
Principle 4: Limiting Collection
CBCF only collects personal information about donors, volunteers, event participants and staff for the purposes outlined under Principle 2.
Every CBCF department or business unit is responsible for ensuring that all information collected is limited, both in amount and type, to what is needed to fulfill the identified purposes.
CBCF usually collects personal information directly from the individual, but may also collect personal information from other sources (including personal references and family members), with the consent of the individual or where permitted or required by law (for example, when the information is about a minor).
Principle 5: Limiting Use, Disclosure and Retention
a. Use and Disclosure: Personal information is only used and disclosed for the purposes for which it was originally collected (as outlined under Principle 2) unless specific consent has been obtained or if otherwise required by law. There are circumstances where a disclosure without consent is justified or permitted, for example in the context of a legal investigation or a request from law enforcement authorities.
Also, note that your information may be shared with volunteers and service providers who assist us in establishing, managing and maintaining our relationship with you. These individuals and organizations are bound by confidentiality agreements and commit to safeguarding your personal information. Note that in working with our service providers, your personal information may be transferred to a foreign jurisdiction to be processed or stored. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.
b. Retention: Personal information is only retained as long as it is necessary for the fulfillment of the purposes identified in this policy (under Principle 2) and as required by law. CBCF has established retention timelines for staff to follow and also periodically reviews the Foundation’s retention needs.
The retention period may extend beyond your relationship with us. When your personal information is no longer required for the Foundation’s purposes, the information is either physically destroyed or deleted.
Principle 6: Accuracy
CBCF makes reasonable efforts to keep personal information as accurate, complete and up-to-date as is necessary to fulfill the purposes for which the information is to be used.
We rely on our donors, volunteers, event participants and employees to provide us with accurate information and to notify us if their information needs to be updated.
Principle 7: Safeguards
CBCF takes reasonable measures to ensure that personal information is kept safe from loss or theft, unauthorized access, use, copying, disclosure or modification. Safeguards include physical, organizational and technical measures, including but not limited to:
• Security card access to premises;
• Restriction of employee access to files on a “need to know” basis;
• Confidentiality undertakings by all employees;
• Locking up personal information and never leaving it unattended and in plain view;
• Firewalls, anti-virus, strong passwords and software solutions for technical security
(including ensuring that donor information is only collected on our website via a secure,
128-bit encrypted Secure Socket Layer session); and
• Regular reviews of privacy compliance initiatives.
Principle 8: Openness
CBCF will always make information available about our privacy practices upon request. The Foundation also takes steps to ensure that all staff/volunteers can answer inquiries about our information-handling practices and appropriately refer unanswered questions or privacy complaints to CBCF’s Privacy Officer.
Principle 9: Individual Access
An individual may direct a request for access to their personal information to the Privacy Officer (contact information is set out at the end of this policy). Upon request, CBCF will:
• Inform individuals of personal information held by the Foundation or its partners about
• Explain how this information has been used;
• Provide a list of any organizations to which their personal information has been disclosed;
• Give individuals access to their information.
An individual may challenge the accuracy and completeness of the information and have it amended as appropriate.
In order to safeguard personal information, an individual may be required to provide sufficient identification information in order for CBCF to authenticate the individual as an event participant, donor, or volunteer and to authorize access to the individual’s file.
CBCF shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, CBCF shall transmit to third parties having access to the personal information in question, any amended information or information regarding the existence of any unresolved differences.
Individuals will be provided with any help needed to access their personal information, including clarifying exactly what they are looking for. Requested information will be provided in a timely manner, and in a form that is generally understandable. Depending on the amount of information requested, there may be a nominal fee charged to cover any costs associated with responding to the request.
If CBCF must decline to provide an individual with access to their personal information, an explanation will be provided.
Principle 10: Challenging Compliance
The Foundation has procedures in place to receive, respond to and track concerns or complaints about its management of personal information. The expectation is that by following these procedures, a remedy or corrective action will be undertaken to resolve the issue, including, if necessary, amending the Foundation’s policies and procedures.
Website Practices on cbcf.org
Our websites may automatically record some general information about your visit in order for the Foundation to engage in web statistical analysis using Google Analytics. We want to make sure our sites are useful to visitors and make the most efficient use of donor dollars in our marketing efforts through targeted advertising. This information may include the:• Internet domain for your Internet service provider, such as “company.com” or “service.ca”
and the IP address of the computer you are using to access the Foundation’s website;
• Type of browser you are using, such as Internet Explorer, Firefox or Chrome;
• Type of operating system you are using such as Windows or Macintosh;
• Date and time of the visit to our site, the pages of our site that were visited, and the
address of the previous website you were visiting if you linked to us from another website
• Age category, gender, and affinity interests as determined by demographic and interest
reports available through Google Analytics.
Data collected for web analytics purposes may be processed in any country where Google operates servers, and thus may be subject to the governing legislation of that country.
We also use “cookies” that identify you as a return visitor and which can help us tailor information to suit your individual preferences. A cookie is a small text file that a website can send to your browser, which may then store the cookie on your hard drive. The goal is to save you time next time you visit, provide you with a more meaningful visit, and measure website activity. Cookies in and of themselves cannot be used to reveal your identity. Many browsers, however, allow you to disable cookie collection if you wish, or inform you when a cookie is being stored on your hard drive.
When you are not on the Foundation’s Site
This policy outlines the privacy practices of cbcf.org. CBCF also provides links to other websites which we believe may be of interest to you. The Foundation is not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of each and every website that requests personal information from you.
THIRD PARTY SOCIAL MEDIA
CBCF’s use of social media serves as an extension of its presence on the Internet. Social media account(s) are public and are not hosted on the Foundation’s servers. Users who choose to interact with CBCF via social media should read the terms of service and privacy policies of these third-party service providers and those of any applications used to access them.
Privacy Officer Contact Information:
If you have any questions about this policy, CBCF’s privacy practices, or would like to access your personal information, please contact:
Canadian Breast Cancer Foundation
375 University Avenue, Suite 301
Toronto, ON M5G 2J5
Phone Number: 416-263-7990
* NOTE: WE cannot guarantee the security of e-mail communications over the Internet.