The Trillium Health Partners Foundation (the “Foundation”) is committed to protecting the privacy of our past, current and prospective individual donors, sponsors, volunteers and qualified donees and the confidentiality of our institutional and corporate donors and sponsors (collectively referred to as “supporters”). To this end, the Foundation has implemented practices for our management of personal and confidential information we receive regarding supporters (“Personal and Confidential Information”). For the purposes of this Policy:
“personal information” is any information that identifies an individual supporter including information about the nature and amount of any support he or she is considering providing or has actually provided to the Foundation including discussions and other communications regarding support, but does not include business contact information as it identifies a supporter in his or her professional rather than personal capacity; and
“confidential information” means any information received about a corporate/institutional supporter that is not in the public domain and is protected as confidential information by the supporter, including information about the nature and amount of any support that the supporter is considering providing or has actually provided to the Foundation including discussions and other communications regarding support.
Changes to this Policy
The Foundation may update this Policy from time to time without further notice. The most current version of the Policy will always be posted online with the date on which it was last revised at the bottom of the Policy. Unless supporters (and Foundation website users) advise the Foundation otherwise, the Foundation will assume that it has their consent to collect, use and disclose their personal and confidential information in accordance with the updated Policy.
Privacy Officer, Contact, Access and Correction, Inquiries and Complaints
The Foundation has implemented and reviews, amends and supplements from time to time if necessary, practices to ensure that personal and confidential sponsor information is handled in accordance with this Policy.
The Foundation’s Chief Privacy Officer (CPO) has been assigned the responsibility of overseeing the implementation of this Policy, including following up and responding to inquiries and any complaints about the Foundation’s collection, use, disclosure, and retention of personal and confidential information. The CPO is also responsible for processing requests for access to personal and confidential information and to correct such information. Requests for access by a supporter to supporter information must be made in writing, to prevent against the inadvertent disclosure of supporter information to anyone except the supporter or an authorized representative of the supporter.
The Foundation reviews and updates its privacy practices as needed. Supporters and Foundation website users who are concerned about the Foundation’s compliance with this Policy are encouraged to contact the CPO.
The Foundation will investigate privacy-related complaints. Should a complaint identify a gap in our compliance with this Policy, the Foundation will take appropriate steps to remedy the situation, including making changes to our practices where necessary. Unless it would involve disclosing personal information of someone other than the person making the complaint or confidential or privileged information, the Foundation will advise the person of the outcome of its investigation.
The CPO can be contacted at:
Phone: (905) 848-7575
Post: Trillium Health Partners Foundation, Chief Privacy Officer
100 Queensway West, Clinical & Administration Building, 5th Floor
Mississauga, ON L5B 1B8
Collection and Use of Personal/Confidential Information
The Foundation collects and uses personal and confidential information of supporters for purposes connected with its fundraising activities, including to:
- get to know our supporters, including their interests, and understand their expectations so as to bettertailor our activities to our supporters and to attract new supporters
- solicit financial and volunteer support for our mission
- process donations and issue official income tax receipts, where applicable
- process business receipts, where applicable
- acknowledge and thank our supporters for their contributions
- acknowledge the recipient of an In Memorial or In Honour gift
- engage our supporters in recognition activities such as stewardship reports, acknowledgment thorough aplaque, printed articles, tours and events
- keep supporters informed about the Foundation and Trillium Health Partners (Hospital) services andactivities
- conduct internal analysis to assist the Foundation with planning for future fundraising activities
- comply with legal and regulatory requirements
From time to time the Foundation may collect personal information from publicly available sources.
Disclosure & Transfers of Personal/Confidential Information
We respect supporter requests that a gift be anonymous or that the amount of a gift not be publicly released. We will only disclose the identity of the supporter and amount of a gift in such circumstances if required by law.
The Foundation may transfer Personal/Confidential Information to external service providers, such as providers of information technology support services, some of which may operate outside of Canada. Where service providers operate outside of Canada, Personal/Confidential Information to which they have access to provide their services will be subject to the domestic laws applicable to the service provider, including any law authorizing a disclosure order or otherwise requiring disclosure, for example, to a government, government agency, law enforcement agency, court, or regulator.
The Foundation obtains consent from its supporters for the collection, use, and disclosure of their personal or confidential information, except as required or permitted by law. Consent may be express or implied, provided directly by the supporter or by an authorized representative of the supporter. Express consent may be given orally or in writing and through electronic means. Implied consent is consent that we can reasonably infer from a supporter’s action or inaction. Examples of circumstances in which we have implied supporter consent include where a supporter provides his, her or its name and address to receive a publication or makes an inquiry to which we respond. Examples of circumstances in which we obtain supporter express consent to the collection, use and disclosure of supporter personal or confidential information include:
- in a gift agreement
- in connection with a donation
- for registration or attendance at a fundraising and/or Foundation event
- in connection with the identification of a supporter’s legal guardian or person with power of attorney(this is necessary, for example, if the Foundation is unable to obtain express consent from an individual asa result of his or her being a minor, seriously ill, or mentally incapacitated.
By voluntarily providing us with personal or confidential information, supporters are deemed to have consented to be added to the Foundation’s donor database. The database may be used for communications with supporters, including communications the primary purpose of which is fundraising for the Foundation. Any instructions in relation to the manner in which the Foundation communicates with a supporter, for example regarding the use of email, should be directed to the CPO as indicated above.
Contact information of patients, used in our “Direct Mail Grateful Patient” program for fundraising, is obtained from the Hospital and forwarded to the third party service provider that we have retained to manage the program on the Foundation’s behalf. A patient’s contact information is only added to the Foundation’s donor database in the event that he or she chooses to make a gift. The Hospital provides patients with the opportunity to opt out of the disclosure and use of their information for fundraising purposes.
Subject to reasonable notice, supporters may withdraw their consent at any time to the use of their personal or confidential information in connection with Foundation activities. The Foundation will implement any such withdrawal of consent as quickly as possible, however there may be a period between notice and the actual termination of the Foundation’s use of a supporter’s information. Supporters who wish to withdraw their consent to the use of their information for Foundation activities should contact the Foundation’s CPO through one of the means set out above.
Limited Use and Disclosure of Supporter Information
The Foundation will not use or disclose personal or confidential Supporter information other than for the purposes for which it was collected, except with consent or as required by law. The Foundation does not trade, rent or sell any personal information to third parties.
Keeping Supporter Information Current
The Foundation attempts to update supporter information in its records as it changes. The Foundation relies on supporters to ensure that changes in their contact and other relevant information are reported to the Foundation by telephone, email or mail as soon as possible. In addition, the Foundation undertakes periodic reviews of its supporter database through Canada Post’s National Change of Address (NCOA) Mover Data service or through outreach to our supporters requesting that they validate their information.
The Foundation uses various physical, electronic and procedural means to safeguard supporter personal and confidential information. We limit access to supporter personal and confidential information to authorized staff and other individuals who require the information for their work or activities on behalf of the Foundation. The Foundation provides training to its staff and volunteers on their responsibility to protect supporter information, and has implemented guidelines to assist in applying this Policy. In addition, the Foundation uses:
- administrative safeguards such as reference checks of prospective employees;
- technical safeguards such as passwords, firewalls and logging of access to supporter information;
- physical safeguards such as locked filing cabinets, restricted access to offices and other areas where supporter personal and confidential information is stored, and controlled entry to its premises;
The Foundation takes reasonable steps to limit and protect Personal and Confidential Information to which its third party service providers are granted access, including through contractual means such as privacy and confidentiality obligations imposed under services and non-disclosure agreements.
Privacy Practices Related to the Foundation Website
While the Foundation strives to protect the personal information of visitors to our website, we cannot ensure or warrant the security of information transmitted over the Internet, including email which is vulnerable to interception and impersonation.
This section of the Policy identifies privacy practices applicable to the Foundation’s website only.
Visitor personal and confidential information is collected when visitors elect to provide the information to us. Visitor Personal and Confidential Information is used to respond to requests for information or services.
Electronic Collection of Information
The Foundation also uses Google Analytics to gather information about traffic on our website for the purposes of performing statistical analysis of visitor behavior and identifying trends to better understand our visitors, which will allow us to enhance the design and improve the content of our website, and more generally to better provide the information and services that would be helpful to our visitors in deciding whether and how to support the Foundation in its work on behalf of the Hospital.
For our visitor’s convenience, the Foundation may provide links to other websites and web pages that are not under the Foundation’s control. Upon entering other sites, visitors are subject to the privacy and security policies of those sites and should accordingly take care to review them prior to using the site. The Foundation will not be responsible or liable for any claims or damages received, incurred or suffered in connection with the use of a third party website or any products or services obtained from such websites.
The Foundation will also not be responsible for any claims or damages received, incurred or suffered by supporters, website visitors or third parties connected with or arising out of the transmission of personal or confidential information through email or other electronic means, including any modification or distortion of such information. Users of electronic information (on-line) resources have a significant role in protecting their information, including by not using it to send sensitive information, unless encryption or other security is available, and by reading the policies and terms and conditions of use applicable to such resources.