FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY POLICY

Similar documents
Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

Policy To Protect Personal Information

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

2.16 Freedom of Information and Protection of Privacy Act

PERSONAL INFORMATION PROTECTION ACT

3RD SESSION, 41ST LEGISLATURE, ONTARIO 67 ELIZABETH II, Bill 14. An Act with respect to the custody, use and disclosure of personal information

Saskatoon Zoo Foundation Inc. Ticket Purchase Policies, Donation Policies and Privacy Policies

The Freedom of Information and Protection of Privacy Act

The Health Information Protection Act

The Local Authority Freedom of Information and Protection of Privacy Act

ACCESS TO INFORMATION ACT

Green Freight Asia Privacy Policy

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

PIPEDA and Your Practice

GUIDELINES FOR THE USE OF ELECTORAL PRODUCTS

2017 REVIEW OF THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT (FIPPA) COMMENTS FROM MANITOBA OMBUDSMAN

SPONSORSHIP AGREEMENT

Presentation Outline

PERSONAL INFORMATION PROTECTION ACT REVIEW QUESTIONNAIRE

ACCESS AND PRIVACY POLICY

HEALTH INFORMATION ACT

Privacy Law Template. Prepared for The Alberta First Nations Information Governance Centre. By Krista Yao

AMENDED BYLAWS OF SECURITIES AND EXCHANGE COMMISSION HISTORICAL SOCIETY (a District of Columbia nonprofit corporation) SECTION 1 NAME AND OFFICES

BILL NO. 42. Health Information Act

1) ICC ADR proceedings are flexible and party-controlled to the greatest extent possible.

UNIVERSITY WOMEN AMERCAN ASSOCIATION OF UNIVERSITY WOMEN GREATER NAPLES, FLORIDA BRANCH

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

GAMING SECURITY PROFESSIONALS OF CANADA PROFESSIONNELS EN SÉCURITÉ DU JEU DU CANADA

Canadian Anti-Doping Program Privacy and Personal Information Policy. processed by the CCES in the course of administrating and implementing the CADP.

The Municipality of Chatham-Kent Code of Conduct for Members of Council

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

The New Mandatory Data Breach Requirements under Canada s Federal Privacy Act

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL

Point of Contact (POC): District s contact person when SDDCI sends out Audit information, the contact person when an onsite Audit is scheduled.

CODE OF CONDUCT FOR MEMBERS OF SASKATOON CITY COUNCIL

Fraser Health INVITATION TO TENDER

CALGARY POLICE COMMISSION POLICY AND PROCEDURE MANUAL

INTERSTATE COMPACT FOR THE SUPERVISION OF ADULT OFFENDERS PREAMBLE

THE INTERSTATE COMPACT FOR JUVENILES ARTICLE I PURPOSE

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000

AIA Australia Limited

ACCESSING GOVERNMENT INFORMATION IN. British Columbia

Outline. David T.S. Fraser (

WASHINGTON COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

New England Participating Transmission Owner (PTO) Procedure for Disclosure of Critical Energy Infrastructure Information (CEII)

Fragomen Privacy Notice

Access to Information and Protection of Privacy Act

PIC MOBERT FIRST NATION

This publication is also available electronically online at the following address:

Ontario Swimming Coaches Committee Disciplinary and Complaints Procedures

AISGW Corporate Relations Policy

DATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

889 (05/04) Auditor s Guide. Province of British Columbia

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

Ontario PC Party Leadership 2018 Election Rules 2018 LEADERSHIP ELECTION RULES

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

The Health Information Protection Regulations

7112. Authority to execute compact. The Governor of Pennsylvania, on behalf of this State, is hereby authorized to execute a compact in substantially

REGISTRANT AGREEMENT Version 1.5

FUJITSU Cloud Service K5: Data Protection Addendum

OFFICE OF THE INFORMATION & PRIVACY COMMISSIONER for Prince Edward Island. Order No. PP Re: Elections PEI. March 15, 2019

A C T I O N. Donna Clark, Manager, Strategic Coordination on behalf of Patrick Gauch, Chair, Governance and Audit Committee

CANADIAN ANTI-SPAM LAW [FEDERAL]

TRANSITIONAL OPERATING AGREEMENT BETWEEN:

Port Glasgow St Andrew s Data Protection Policy

Whistle Blower Policy & Vigil Mechanism JASH Engineering Limited

ASLA Code of Professional Ethics

City of Toronto Public Appointments Policy

TEXAS DEPARTMENT OF PUBLIC SAFETY 5805 NORTH LAMAR BOULEVARD POST OFFICE BOX 4087, AUSTIN, TX /

BOARD BY-LAWS and TRUSTEE POLICY

Telecom Notice of Consultation CRTC

Five questions about blowing the whistle

Attachment 2. Protected Information Practices and Procedures (PIPP) [SEE ATTACHED]

PRIVACY MANAGEMENT PLAN

Chapter 36 Mediation and Arbitration 2013 EDITION Declaration of purpose of ORS to

HONG KONG DEALER ELECTRONIC SERVICE AGREEMENT

PHILADELPHIA AREA COMPUTER SOCIETY

March 2016 INVESTOR TERMS OF SERVICE

EXHIBIT G PRIVACY AND INFORMATION SECURITY PROVISIONS

SAMPLE FORMS - CONTRACTS DATA REQUEST AND RELEASE PROCESS NON-DISCLOSURE AGREEMENT, Form (See Attached Form)

BY-LAWS OF SKAGIT LAND TRUST. Article I MEMBERSHIP. Article III ANNUAL MEETING

MTS SICKLE CELL FOUNDATION, INC. BYLAWS

The Lost Dogs Home Board Charter

HIPAA DATA USE AGREEMENT

PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

Template Commission pursuant to Section 11 BDSG

DOLPHIN SOFTWARE LICENSE AGREEMENT

Policy Framework for the Regional Biometric Data Exchange Solution

PONSORSHIP PPORTUNITIES

DATA SHARING AGREEMENT

INTESI GROUP S.p.A. Via Torino, Milano, Italia - Tel: P.IVA e C.F

South Carolina Department of Motor Vehicles

Site Access Agreement. (hereinafter referred to as the

CONSTITUTION OF THE SASKATCHEWAN PARTY

ETHICS POLICY OF THE ARIZONA COMMERCE AUTHORITY

Case AT Cross-border access to pay-tv. Paramount Commitments

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

Transcription:

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY POLICY Subject: Information & Privacy Policy No.: 8 Responsibility: Operations New Revised ( X ) January 20, 2015 ( X ) January 27, 2015 ( X ) December 30, 2015 Reviewed by: Management Team Date Revised: Approved by: Chief Executive Officer Date Approved: July 13, 2016 CEO Dated: December 30, 2015 CEO Signature: Rationale Lakeridge Health Foundation (the Foundation) realizes how important it is to our donors to have their privacy protected. We are committed to preserving donor trust and undertake to safeguard the information provided to us in a responsible manner and in compliance with S 39(2) of the Freedom of Information and Protection of Privacy Act. Please note that names, addresses and telephone numbers as published in printed and online telephone/business directories are publicly available and not considered personal information. What We Do With The Personal Information Collected by the Foundation: We do not rent, trade or sell our donor lists. The personal information provided to us (used to distinguish and identify donors specifically) is collected, used and disclosed for the purposes of: processing donations, keeping donors informed of our activities, and seeking donor support to improve health care in Durham Region. We have implemented safeguards to ensure that donor personal information is only accessed to the extent necessary to pursue our mission and donors have the right to restrict our use of said personal information; for instance, limiting future contact. Donors also have the right to access their personal information at all reasonable times to ensure its accuracy and to edit the information where necessary. Electronic Commerce and Website: Secure websites and password protocols are used to protect personal information when a donation is made on-line or an item, ticket or sponsorship purchased on-line. How to Reach Us: If donors have any questions about our privacy protocol, or would like to learn more about our privacy policy, contact the Privacy Officer, (905) 433-4339, e-mail us at foundation@lakeridgehealth.on.ca, or write to us at: Lakeridge Health Foundation, 1 Hospital Court, Room A1-120 Oshawa, Ontario L1G 2B9 1 P a g e

TABLE OF CONTENTS 1. Preamble a) Statement of Purpose b) The Basic Principles c) Scope of Policy d) Nature of the Access Right 2. Protection of Personal Information a) Consent b) Collection of Personal Information c) Use of Personal Information d) Disclosure of Personal Information e) Security of Personal Information f) Access and Correction Rights g) Exemptions from the Access Right 3. Policy Administration a) The Privacy Protection and Freedom of Information Officer (Privacy Officer) b) Complaints, Investigations and Recommendations c) Procedures for Accessing Records d) Fees 1. Preamble: 1a. Statement of Purpose: Our purpose is to maintain and enhance the relationship of trust we have established with our donors by protecting the personal information that is collected by the Foundation. Personal information means recorded information about an individual, including any information that can be used to distinguish, identify or contact a specific individual. This can include: i. age, gender, marital or family status of the individual; ii. information related to the educational, employment or financial (e.g., donation) transactions involving the individual; iii. photographic image, correspondence or other identifier concerning the individual; iv. home/business address, personal/business e-mail and telephone numbers of the individual; v. correspondence or other communications received from the individual that is implicitly or explicitly confidential and replies to them would reveal the contents of the originals; vi. the individual s name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual.

1b. The Basic Principles: We adhere to the following Basic Principles: i. as set out at S. 39(2) of the Freedom of Information and Protection of Privacy Act; ii. as set out in the Donor Bill of Rights; iii. as set out in the Association of Fundraising Professionals Standards of Professional Practice and Code of Ethics; iv. as set out in the ethical standards of Imagine Canada; v. as set out in the ten principles of the Canadian Standards Association Model Code for the Protection of Personal Information (CAN/CSA Q830-96). 1c. Scope of Policy: Our policy applies to all individuals involved with Lakeridge Health Foundation. This includes all staff, volunteers, Trustees and third party merchandise/service providers. Our policy covers all personal information received by us relating to: current donors, prospective donors, ticket purchasers, and volunteers, which is in our possession and under our control, without regard to the information format (ie. verbal, paper, or electronic). 1d. Nature of the Access Right: We will make available upon reasonable request all personal information we have in our possession and control with respect to the individual making the request. All requests should be made in writing and be directed to the Foundation s Privacy Officer. 2. Protection of Personal Information: 2a. Consent: In general, receipt of a donation by the Foundation, or the use of products or services by a donor constitutes implied consent to collect, use and disclose personal information for all identified purposes. Our identified purposes are as follows: i. to process donations; ii. to keep donors informed about Foundation activities; iii. to request support for our mission to improve health care in Durham Region, to prepare and distribute newsletters, stewardship reports, etc; iv. to promote public education, advocacy and donor cultivation. Donors have the right to withdraw consent at any time and the Foundation will comply with that request upon reasonable notice. Donors have the right to anonymity. Donors can request to have the amount of their donations confidential from external viewership. Donors may also request to keep their names from being publically released as a supporter of the Foundation. There may be instances where the Foundation cannot comply with such a request, ie. where the Foundation has been compelled to disclose personal information to comply with a subpoena, or court order, or as may otherwise be required or authorized by law.

2b. Collection of Personal Information: We only collect the personal information we need for the purposes identified. (See Paragraph 2(a)). i. personal information will be collected from the individual directly to the extent possible; ii. the nature of the information collected will be limited to the minimum required to satisfy the purpose; iii. we may receive contact information name and address only on patients from Lakeridge Health; iv. Patients have the right to notify us that they do not wish Lakeridge Health to share this information with us and we shall communicate that directive to Lakeridge Health; v. we may also obtain personal information from any other source deemed necessary to advance our mission to improve health care in Durham Region. 2c. Use of Personal Information: Except with consent (or as required by law) personal information collected by the Foundation will only be used or disclosed for the purposes for which it was collected as more specifically itemized at Paragraph 2(a). 2d. Disclosure of Personal Information: i. We do not barter, sell, rent or lease our donor or ticket purchaser lists; ii. Only our employees with security clearance (user ID and password) and authorized agents are granted access to personal information about donors and ticket purchasers when the information is necessary for Foundation business and mission purposes; iii. Such employees and authorized agents having access to such personal information are required to enter into confidentiality agreements to ensure the protection of the information you choose to share with us; iv. An employee or agent who knowingly violates our privacy policy shall have their employment terminated. We take this obligation to donors very seriously; 2e. Security of Personal Information The Privacy Officer also establishes and monitors the security safeguards in place to protect personal information against the risks of theft, loss, unauthorized access and use, unauthorized disclosure, unauthorized modification or destruction. This includes, without limitation, the following: i. provision of privacy training to employees, agents and any other individual granted access to personal information; ii. review of security safeguards on an ongoing basis to ensure they are appropriate given the sensitivity of the information; iii. ensuring contractual agreements (including employment contracts and agreements with third party product/service providers) include appropriate confidentiality clauses; iv. the implementation and enforcement of the following protection measures: a. Physical ie locked filing cabinets, restricted office access b. Technological user ID, encryption, firewalls, spot audits and passwords; c. Organizational access limited to individuals on a needs to know basis bearing in mind the purpose and our mission.

2f. Access and Correction Rights: The Privacy Officer acts as adjudicator on all information privacy and security matters. This Officer is authorized to assist in solving problems and implementing improvements with respect to the information privacy and security procedures of the Foundation. This Officer is required to respond to all requests for access to information/correction of information within thirty (30) days. A request must be made in writing and can be completed on line by visiting www.lakeridgehealthfoundation.com, or in person at our office located at 1 Hospital Court, Room A1-120, Oshawa, Ontario. Every person who is given access to their personal information pursuant to such a request is entitled to: i. request in writing for the removal of their personal information from the Foundation s data base and that no further information be shared by Lakeridge Health with the Foundation and we shall communicate this directive to Lakeridge Health; ii. where the person reasonably believes that there is misinformation or an omission has been made to request a correction of the personal information; iii. require that a written explanation be attached to the information disclosed in the event any correction is requested but declined. An appeal from the decision of the Privacy Officer will be forwarded to the Chief Executive Officer of the Foundation. (See Paragraph 3.b)) If not satisfied with the manner in which our Privacy Officer, Chief Executive Officer, or the Foundation has responded to a request, individuals have the right to contact the Privacy Commissioner of Canada at: 112 Kent Street Place De Ville Tower B, 3 rd Floor Ottawa, Ontario K1A 1H3 Tel: 1-800-282-1376 Fax: 613-947-6850 2g. Exemptions from the Right to Access: The Foundation shall not be required to disclose personal information: i. if it is evaluator or opinion based and is used solely for the purpose of determining eligibility, suitability, or qualification for employment, promotion or the awarding of a contract with the Foundation; ii. where the disclosure is likely to reveal the source of the information and the identity of which was assumed to be held in strict confidence; iii. that is statistical or research information.

3. Policy Administration: 3a. The Privacy Protection and Freedom of Information Officer: (Privacy Officer) The CEO of Lakeridge Health Foundation shall appoint the Privacy Protection and Freedom of Information Officer. You can reach the Privacy Officer at (905) 433-4339, or online at foundation@lakeridgehealth.on.ca. i. This Officer shall be responsible for overseeing compliance by the Foundation with the policies stipulated herein; ii. This Officer shall receive requests for access to information and correction of personal information and shall respond to same within thirty (30) days of receipt of written request (which can be made on line). iii. This Officer shall adjudicate each request and in the event of a refusal provide written reasons for such refusal to the person making the request along with a written explanation of the appeal procedure available. 3b. Complaints, Investigations and Recommendations: The decision of the Privacy Officer shall be appealable to the Chief Executive Officer of the Foundation whose duty it shall be to complete an investigation of the complaint and determine whether there has been compliance with this Policy. The decision and any recommendations with reasons of the Chief Executive Officer shall be in writing and a copy provided to both the Officer and the complainant. If not satisfied with the manner in which our Privacy Officer, Chief Executive Officer, or the Foundation has responded to a request, individuals have the right to contact the Privacy Commissioner of Canada at: 112 Kent Street Place De Ville Tower B, 3 rd Floor Ottawa, Ontario K1A 1H3 Tel: 1-800-282-1376 Fax: 613-947-6850 3c. Procedures for Accessing Records: Persons seeking access to their personal information in the custody and control of the Foundation shall make a request in writing to the Privacy Officer either in person at 1 Hospital Court, Room A1-120, Oshawa, Ontario, or online to foundation@lakeridgehealth.on.ca and provide sufficient information to the Officer to facilitate retrieval of said information. The Officer shall respond to all written requests for access to personal information in a timely fashion and within thirty (30) days of receipt of said written request. 3d. Fees There Shall be No Fee: The Foundation shall not require any person who makes a request for access to their personal information or for correction of that information to pay any fee. Every donor, potential donor, ticket purchaser and potential purchaser shall be entitled to free access to their personal information within the care and control of the Foundation. This policy will be binding and survive any renamed organization.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback