1. Accountability for Personal Information
2. Identifying Purposes for the Collection of Personal Information
3. Obtaining Consent for the Collection, Use or Disclosure of Personal Information
4. Limiting Collection of Personal Information
5. Limiting Use, Disclosure, and Retention of Personal Information
6. Ensuring Accuracy of Personal Information
7. Ensuring Safeguards for Personal Information
8. Openness Concerning Policies and Practices
9. Access to Personal Information
10. Compliance with Canada’s Anti-Spam Legislation (“CASL”)
11. Challenging Compliance
1. Accountability for Personal Information.
2. Identifying Purposes for the Collection of Personal Information.
When the Foundation collects personal information directly from its constituents, the Foundation will identify the purposes for which personal information is collected at or before the time of collection. These purposes include: donor recruitment, that which is necessary for the administration of a donor's interests and compliance with legal and regulatory requirements.
3. Obtaining Consent for the Collection, Use or Disclosure of Personal Information.
The knowledge and consent of a person is required for the direct collection, use or disclosure of personal information except where mandated by law.
4. Limiting Collection of Personal Information.
The Foundation will limit the collection of personal information to that which is necessary for the purposes identified. Information will be collected by fair and lawful means. The Foundation does not collect any personal health information, other than that which is volunteered directly by the constituent.
5. Limiting Use, Disclosure, and Retention of Personal Information.
6. Ensuring Accuracy of Personal Information.
The Foundation ensures personal information is accurate, complete and as up-to-date as necessary for the purposes for which it is to be used. To change or modify any personal information previously provided to the Foundation, contact the Privacy Officer at:
416.586.4800 ext. 5910 or firstname.lastname@example.org
7. Ensuring Safeguards for Personal Information.
Personal information is protected with security safeguards appropriate to the sensitivity of the information. All Foundation employees and directors must sign a Confidentiality Agreement. In addition, all independent contractors or vendors, that have a working relationship with the Foundation's proprietary database, must sign a Confidentiality Agreement.
8. Openness Concerning Policies and Practices.
9. Access to Personal Information.
Upon request, a person will be informed of the existence, use, and disclosure of personal information of the person and shall be given access to that information. A person can challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Compliance with Canada’s Anti-Spam Legislation (“CASL”).
The Foundation communicates electronically with its donors and volunteers to provide information about medical treatment and patient care advances, funding needs related to medical research and patient care, our programs, services, special events and opportunities to volunteer and/or donate. As a registered charity, recognized as such by CRA, the primary purpose of most of our electronic messages is to raise funds in support of Arthritis Research Foundation.
CASL concerns the sending of Commercial Electronic Messages or “CEMs”. In those cases where our CEMs do not fall under CASL’s charitable or other exemptions, the Foundation takes every reasonable step to ensure that it has active, express consent or implied consent in accordance with CASL legislation before sending the message. The Foundation provides the opportunity at the bottom of every electronic message for receivers to easily update their preferences or unsubscribe to receiving all electronic messages. Every electronic message identifies the Foundation as the sender and the mailing address is provided.
The Foundation always uses due diligence and takes reasonable steps to ensure that it is CASL compliant. The Foundation complies with policies and procedures ensuring that staff is trained on CASL regulations. Foundation governance bodies are briefed and updated on matters relating to CASL. Consent and unsubscribe requests are implemented system wide within the time limits provided by CASL and then saved.
Risk assessments are periodically conducted. The Foundation’s Human Resource policy identifies disciplinary action when a violation of the policy has occurred.
Complaints regarding the sending of CEMs and requests to opt-out of receiving CEMS should be made to the Privacy Officer at email@example.com or by writing c/o Sinai Health System Foundation, Joseph and Wolf Lebovic Health Complex, 522 University Avenue, Suite 1001, Toronto ON M5G 1W7.
For more information about CASL, please go to www.fightspam.gc.ca.
11. Challenging Compliance.
A challenge concerning compliance with the above principles should be made to the Privacy Officer at 416.586.4800 ext. 5910 or firstname.lastname@example.org