BC Children’s Hospital Foundation (BCCHF) recognizes the value of its relationships with donors, volunteers and employees, and is committed to respecting and protecting their personal information. We value the trust of those we deal with, and of the public, and recognize that maintaining this trust requires transparency and accountability in our treatment of the information that is entrusted to us. Accordingly, the Foundation complies with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the provincial Personal Information Protection Act (PIPA), and embraces ethical guidelines established by the Association of Fundraising Professionals, the Association of Healthcare Philanthropy and Imagine Canada.
With regard specifically to online privacy and security, BCCHF is in compliance with the provisions of the Canadian Anti-Spam Legislation (CASL) and the Canadian Code of Practice for Consumer Protection and Electronic Commerce.
1.0 - Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
1.1 Accountability for BC Children's Hospital Foundation's compliance with privacy legislation rests with the Director, Research & Prospect Management, who has been designated as the Foundation's Privacy Officer.
1.2 We are responsible for personal information in our possession, including information that has been transferred to a third party for processing. In cases where such transfers take place, we ensure that the third party has comparable privacy safeguards in place. The Foundation will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures will be easily accessible and simple to use.
2.0 - Identifying Purposes
The purposes for which personal information is collected shall be identified by BC Children's Hospital when or before the information is collected.
2.1 The purposes will be limited to those which are related to our business and which a reasonable person would consider to be appropriate in the circumstances. We collect personal information concerning our donors for the following reasons:
- To comply with Canada Revenue Agency requirements for gift processing
- To thank and publicly recognize donors
- To provide donors with information about how donated funds are used by the hospital
- To promote opportunities for donors and potential donors to support the Foundation
- To build and maintain relationships
The Foundation will specify the identified purposes, orally or in writing, to the individual from whom personal information is being collected either at the time of collection or after collection but prior to use or disclosure. We will state the identified purposes in such a manner that an individual can reasonably understand how the information will be used or disclosed.
3.0 - Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
3.1 The manner in which the Foundation obtains consent for the collection of personal Information varies with the sensitivity of the information being collected. PIPA makes provision for express, deemed or opt-out consent, depending on the situation. Because of the nature of the information we collect, in most cases we will operate on the basis of deemed consent at the time of collection.
Principle 3 requires “knowledge and consent”, and the Foundation will make a reasonable effort to ensure that individuals are aware of the purposes for which the information is collected at the time of collection.
Individuals can give consent:
(a) in writing, such as when completing a donation or registration form.
(b) through an opt-in process, either by checking off a box on a response form (online or hard copy) or by contacting the Foundation.
(c) orally, either in person or by telephone.
Individuals may withdraw consent at any time, by any means, with reasonable notice to the Foundation.
The Foundation may collect, use and disclose personal information without consent if that information is considered by law to be in the public domain. Sources of public information include published directories, newspapers, periodicals, public registries and related online sources.
4.0 - Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
4.1 BC Children's Hospital Foundation will not collect information indiscriminately. The Foundation will specify the types of information collected, limited to that which is necessary and reasonable to fulfil the purposes identified. The Foundation will collect personal information by lawful means and will not mislead individuals about the purposes for which information is being collected.
5.0 - Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
5.1 When the Foundation uses personal information for purposes other than those given at the time of collection, consent will be obtained for these purposes
5.2 The Foundation does not sell, rent or trade mailing lists. Personal information is only disclosed to third parties who have signed an agreement binding them to the Foundation's privacy policies. We communicate with our supporters via mail, email, and telephone notifications of events, news, bulletins, updates in addition to e-receipts, solicitations and acknowledgements of donations, where express or implied consent has been provided.
5.3 Personal information will be retained as long as the purpose for which the information was originally collected remains valid.
6.0 - Accuracy
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1 The Foundation will use its best efforts to ensure that information that is used on an ongoing basis, including information that is disclosed to third parties, and information that is used to make a decision about an individual (such as a giving recognition category), is accurate, complete and up to date.
7.0 - Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
7.1 The Foundation's safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
7.2 We will make our employees aware of the importance of maintaining the confidentiality of personal information, and we will exercise care in the disposal and destruction of personal information to prevent unauthorized parties from gaining access to it. All employees and volunteers having access to personal information are required to sign an oath of confidentiality.
7.3 Our methods of protection will include physical measures (e.g. locked filing cabinets, restricted access to offices), organizational measures (e.g. security clearances and limiting access on a "need-to-know" basis) and technological measures (e.g. the use of passwords and encryption).
7.4 Third parties are expected to safeguard personal information entrusted to them in a manner consistent with the policies of BC Children's Hospital Foundation, and are required to sign a confidentiality agreement as part of all contracts. Examples of third parties include mailing services and data analysis providers.
8.0 - Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
8.1 BC Children's Hospital Foundation will be open about privacy policies and procedures with respect to the management of personal information and will make them readily available in a form that is generally understandable.
8.2 The information made available will include:
(a) the name or title and contact information of the Privacy Officer who is accountable for compliance with BC Children's Hospital Foundation's policies and procedures, and to whom complaints or inquiries can be forwarded;
(b) the means of gaining access to personal information held by the Foundation;
(c) a description of the types of personal information held by the Foundation;
(d) a copy of any document that explains the Foundation's policies, procedures, standards or codes; and
(e) the types of information made available to third parties.
9.0 - Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 BC Children's Hospital Foundation will respond to an individual's request within a reasonable length of time, but no longer than one month. While our response will typically be provided at no cost to the individual, depending on the nature and amount of information involved, we reserve the right to impose a cost.
9.2 The requested information will be made available in a form that is generally understandable. For example, where the Foundation uses abbreviations or codes to record information, an explanation of those codes will be provided. Where possible, we will provide sources for the information.
9.3 For the Foundation to provide an account of the existence, use and disclosure of personal information, an individual may be asked to provide additional information to aid in the search. The additional information provided will only be used for this purpose.
9.4 Upon request, the Foundation will provide specific information about third parties to whom personal information has been disclosed.
9.5 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the Foundation will amend the information as required. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
10.0 - Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
10.1 The name of the Privacy Officer will be known to staff. Information on how to contact the Privacy Officer will be identified to other individuals periodically.
10.2 The Foundation will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures will be easily accessible and simple to use.
10.3 Individuals who make inquiries or lodge complaints will be informed by the Foundation of the existence of relevant complaint procedures.
10.4 If a complaint is found to be justified, the Foundation will take appropriate measures, including revision of the personal information and, if necessary, amendment of the Foundation's policies and practices.
How to contact the Privacy Officer
Inquiries, complaints or access requests, or requests to unsubscribe should be addressed in writing to:
BC Children's Hospital Foundation
938 W 28th Avenue
Vancouver, BC V5Z 4H4
11.0 - Online Privacy & Security
BC Children’s Hospital is in compliance with the Canadian Code of Practice for Consumer Protection in Electronic Commerce. Accordingly, when donations are made to BC Children’s Hospital Foundation online, a secure, SSL verified connection is established and personal information is encrypted to prevent interception during the transaction. This secure connection is maintained until the transaction is completed or terminated. The software that enables these processes is routinely updated to maximize protection of donor information.
Credit card transactions are processed through Level 1 PCI DSS (Payment Card Industry Data Security Standard) service providers and payment gateways. The Foundation’s credit card processing service providers and payment gateways are reviewed annually, or whenever a provider is changed.
The Canadian Anti-Spam Legislation, or CASL, places a variety of parameters on electronic messages that qualify as Commercial Electronic Messages, or CEM’s. As a registered charity, the vast majority of electronic messages generated by BCCHF do not qualify as CEM’s, however the Foundation has chosen to fully comply with the legislation to be consistent with corporate best practices. As such, we ensure our communications are consistent with the provisions outlined below:
- Express consent—When sending to those who have given express consent to receive email communications from BCCHF, we must identify the sender and include an option to unsubscribe;
- Implied consent—When sending to those who have given implied consent by making a transaction or who have a relationship with the BCCHF as a donor or volunteer, BCCHF may send communications for up to two years from the date of the last transaction, or the end of the relationship, as long as an option to unsubscribe is included;
- Easy access to unsubscribe—Every electronic publication we send our supporters has an unsubscribe feature. Recipients may ‘opt-out’ from receiving e-communications or update specific subscriptions at any time by utilizing the unsubscribe feature in any of these emails.
“Cookies” are bits of information sent from a website that speed up access to web pages and allow a server to recognize users as they move from page to page. If BCCHF website visitors choose not to accept cookies, some sections of our site may not be available to them.