1. Accountability for Personal Information.
The Privacy Officer has established a cross-departmental Privacy Committee thatmeets on an ongoing basis to discuss privacy issues as they occur.
A Privacy Impact Assessment is required for the creation of new personal informationsystems and for significant changes to existing information systems at the Foundation toidentify potential risks for privacy.
2. Identifying Purposes for the Collection of Personal Information.
When the Foundation collects personal information directly from its constituents, theFoundation will identify the purposes for which personal information is collected at orbefore the time of collection. These purposes include: donor recruitment, that which isnecessary for the administration of a donor’s interests and compliance with legal andregulatory requirements.
3. Obtaining Consent for the Collection, Use or Disclosure of Personal Information.
The knowledge and consent of a person is required for the direct collection, use ordisclosure of personal information except where mandated by law.
4. Limiting Collection of Personal Information.
The Foundation will limit the collection of personal information to that which isnecessary for the purposes identified. Information will be collected by fair and lawfulmeans. The Foundation does not collect any personal health information, other thanthat which is volunteered directly by the constituent.
5. Limiting Use, Disclosure, and Retention of Personal Information.
Personal information will not be used or disclosed for purposes other than those forwhich it was collected, except with the consent of the person or as required by law.Personal information will be retained only as long as necessary for the fulfillment ofthose purposes. The Foundation does not trade, rent or sell any personal information tothird parties. The Foundation’s web page contains online forms that allow visitors tomake a donation. The personal and credit card information provided on these forms isused only to process these donations. Online donations to the Foundation areprocessed through a third party. The security and privacy policies of this third party areavailable by clicking on the “Security and Privacy” icon on the online donation form.
6. Ensuring Accuracy of Personal Information.
The Foundation ensures personal information is accurate, complete and as up-to-dateas necessary for the purposes for which it is to be used. To change or modify anypersonal information previously provided to the Foundation, write to the Privacy Officer at: The Princess Margaret Cancer Foundation, 610 University Avenue, Toronto, ONM5G 2M9 or send an email to firstname.lastname@example.org.
7. Ensuring Safeguards for Personal Information.
Personal information is protected with security safeguards appropriate to the sensitivity of the information. All Foundation employees and directors must sign a Confidentiality Agreement. In addition, all independent contractors or vendors, that have a workingrelationship with the Foundation’s proprietary database, must sign a ConfidentialityAgreement.
8. Openness Concerning Policies and Practices.
9. Access to Personal Information.
Upon request, a person will be informed of the existence, use, and disclosure ofpersonal information of the person and shall be given access to that information. A person can challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance.
A challenge concerning compliance with the above principles should be made to the Privacy Officer at: 416-946-6560, or email@example.com.
If you have any questions, please contact the Privacy Officer, 416-946-6560, or firstname.lastname@example.org