Privacy Policy – Breakthrough T1D Canada
Breakthrough T1D Canada is committed to protecting the personal information entrusted to us by our donors, participants, volunteers, and employees. We manage your personal information in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable laws.
To ensure consistency with privacy policy best practices, the Breakthrough T1D Privacy Policy is organized around ten internationally recognized privacy principles, which are codified into law in Schedule I of PIPEDA. It also outlines the principles and practices we follow in protecting your personal information.
This policy applies to Breakthrough T1D and to any person providing services on our behalf.
What is personal information?
Personal information means information about an identifiable individual. This includes, for example, an individual’s name, home address, and phone number, financial information and donation history. Breakthrough T1D may also collect a minimal amount of personal health information from you or your guardian directly, such as your connection to type 1 diabetes (T1D) and, if applicable, when you were diagnosed.
What is personal employee information?
Personal employee information is personal information about an employee or volunteer that is collected, used, or disclosed solely for the purposes of establishing, managing, or terminating an employment relationship or a volunteer work relationship. Personal employee information may, in some circumstances, include a Social Insurance Number or a performance review.
Accountability
At Breakthrough T1D, we are responsible for personal information in our custody or control, including personal information that we share with persons operating on our behalf (e.g. information technology providers). We require all of our employees, volunteers and service providers to sign confidentiality agreements to ensure that they protect personal information in compliance with this Policy.
We have designated a Chief Privacy Officer who is ultimately responsible for ensuring our compliance to this Privacy Policy. Donors, participants, volunteers, and Breakthrough T1D employees can contact the Breakthrough T1D Chief Privacy Officer with questions, comments, or complaints by e-mail at privacy.officer@breakthroughT1D.ca, by phone at 1.800.287.3533, or by mail at 235 Yorkland Blvd Suite 1201 Toronto, Ontario M2J 4Y8. All correspondence should be directed to the attention of the Chief Privacy Officer.
Identifying purposes
We inform our donors, participants, employees, and volunteers, before or at the time of collecting personal information, of the purposes for which we are collecting the information. We make this information available through this Privacy Policy, our website, and other informational materials available at Breakthrough T1D events. The only time we don’t provide this notification is when an individual volunteers information for an obvious purpose (for example, producing a credit card to make a donation when the information will be used only to process the payment).
We do not collect, use, or disclose personal information for a new purpose that was not previously identified without explaining the new purpose and obtaining consent, unless otherwise permitted by law.
Breakthrough T1D collects and uses personal information directly from donors and participants or from Breakthrough T1D approved businesses (Organizations or persons with which Breakthrough T1D has an alliance or arrangement to (1) provide information about products, services, events, or initiatives related to diabetes or diabetes research or (2) assist in developing, improving, or enhancing Breakthrough T1D initiatives or programs. A list of these organizations is available on request by contacting the Breakthrough T1D Chief Privacy Officer.) in order to:
- Process donations;
- Track and issue tax receipts for donations received in accordance with Canada Revenue Agency requirements;
- Help individuals fundraise on behalf of Breakthrough T1D;
- Establish, build, and maintain relationships;
- Provide social and practical support and information to newly diagnosed families or anyone facing the challenges of living with diabetes;
- Promote organizational activities, conferences, or events to raise awareness about diabetes or diabetes-related research;
- Provide information about products, services, events, or activities for which you have registered or expressed an interest in (e.g. Bag of Hope for newly diagnosed patients or news on advocacy initiatives);
- Share information with the Breakthrough T1D head office, chapters, and site offices to administer Breakthrough T1D programs, functions, or initiatives;
- Share information with those who may be interested in Breakthrough T1D programs (e.g. Walk and Ride events), corporate functions (e.g. Government Relations) or other initiatives (e.g. Outreach activities); and
- Build a database of Canadians affected by T1D (if you agreed to participate in the Count Me In initiative).
Breakthrough T1D may share donor or participant personal information to Breakthrough T1D approved businesses/service providers in order to distribute our newsletters or support one of our direct mail campaigns. As well, Breakthrough T1D may disclose donor or participant personal information to the public via a participants online fundraising page to recognize donors and participants for their efforts in supporting Breakthrough T1D. Breakthrough T1D obtains the consent of all donors and participants prior to disclosing their personal information.
Breakthrough T1D may collect, use, and disclose personal employee information to meet the following purposes:
- Determining eligibility for employment or volunteer work, including verifying qualifications and references;
- Establishing training and development requirements;
- Assessing performance and managing performance issues if they arise;
- Administering pay and benefits (paid employees only);
- Processing employee work-related claims (e.g. benefits, workers compensation, insurance claims) (paid employees only); and
- Complying with applicable laws (e.g. Canada Income Tax Act, provincial Employment Standards Acts).
After an employee or volunteer relationship with us ends, we may be contacted by other organizations and asked to provide a reference. It is our policy not to disclose personal information about our employees and volunteers to other organizations who request references without consent. The personal information we normally provide in a reference includes:
- Confirmation that an individual was an employee or volunteer, including the position, and date range of the employment or volunteering; and
- General information about an individuals job duties and information about the employee or volunteers ability to perform job duties and success in the employment or volunteer relationship.
Limiting collection
We collect only the personal information that we need for the purposes of providing services to our donors and participants. For example, we limit the collection of financial and contact information by only collecting information deemed necessary to process a donation and for business development purposes.
We normally collect your personal information directly from you. We may collect your information from other persons with your consent or as authorized by law.
Consent
We ask for consent to collect, use, or disclose your personal information, except in specific circumstances where collection, use, or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
We assume your consent to continue to use and, where applicable, disclose personal information that we have already collected, for the purpose for which the information was collected.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use, or disclosure of certain personal information. Where express consent is needed, we will normally ask you to provide consent in writing.
You can withdraw your consent to Breakthrough T1D using or disclosing your personal information, at any time, for the following purposes:
- A marketing initiative and for providing information on special offers for diabetes related products, services, programs, or events offered by Breakthrough T1D or Breakthrough T1D approved businesses;
- Collecting your personal information from personal referrals;
- Providing information to an assigned mentor to facilitate the child mentorship program; or
- Contacting you directly or through an approved third party to administer a survey to improve Breakthrough T1D programs.
You can opt out of these uses and disclosures by contacting the Breakthrough T1D Chief Privacy Officer (see contact information above). Once we receive your opt-out request, we process it within 10 days.
We may collect, use, or disclose personal information without consent only as authorized by law. For example, we may not request consent when the collection, use, or disclosure is to determine suitability for an honour or award or in an emergency that threatens life, health, or safety.
Breakthrough T1D can collect, use and, disclose personal employee information without consent only for the purposes of establishing, managing, or ending the employment or volunteer relationship. We will provide current employees and volunteers with prior notice about what information we collect, use, or disclose and our purpose for doing so.
We will obtain our employees or volunteers consent to collect, use, and disclose their personal information for purposes unrelated to the employment or volunteer relationship (e.g. such as providing you with information about our workplace charity program).
Limiting use, disclosure, and retention
We use and disclose the personal information of donors, participants, employees, and volunteers only for the purpose for which the information was collected, except as authorized by law. For example, we may use financial information from donors to process donations.
Donors and participants may request a complete list of the organizations/services to which we share and/or disclose their personal information by contacting the Breakthrough T1D Chief Privacy Officer (see contact information above).
If we wish to use or disclose your personal information for any new business purpose, we will ask for your consent. We may not seek consent if the law allows this (e.g. the law allows organizations to use personal information without consent for the purpose of collecting a debt).
We retain personal information only as long as is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes.
Use of service providers outside Canada
At Breakthrough T1D, there are organizations providing services on our behalf that may process or store personal information outside of Canada. These organizations include: Global Cloud and Soft Trek, both located in the United States of America. These organizations process or store personal information for the following purposes: to support our on-line fundraising tool, email marketing, customer relationship management, and processing of funds. You can contact the Breakthrough T1D Chief Privacy Officer to obtain more information about our use of service providers outside Canada, including for example:
- The location of the service provider; and
- How personal information is collected, used, disclosed, stored and protected.
Accuracy
We make every reasonable effort to ensure that personal information is accurate and complete. We rely on individuals to notify us if there is a change to their personal information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible. In some cases we may ask for a written request for correction.
Safeguards
We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure, or modification of personal information, as well as any unauthorized access to personal information.
Breakthrough T1D protects personal information in its custody and control through, for example:
- Administrative Safeguards: We employ administrative safeguards, such as this Privacy Policy, our Information Technology Acceptable Use Policy and confidentiality agreements to ensure that all Breakthrough T1D employees, volunteers and service providers access personal information for authorized purposes only. We train our employees and volunteers to understand and follow the practices outlined in this Privacy Policy and the Information Technology Acceptable Use Policy, and regularly remind employees and volunteers of their privacy responsibilities through email bulletins, brochures, and/or annual privacy audits and training.
- Technical Safeguards: We employ technical safeguards, such as passwords, audit logging, encryption, and role-based access controls for information systems from which personal information may be accessed.
- Physical Safeguards: We employ physical safeguards to protect personal information by locking filing cabinets, restricting physical access to offices and data centres, and shredding paper records we no longer need.
Openness
We make available to our donors, participants, employees, and volunteers specific information about our policies and practices that relate to the management of personal information. We make this information available in this Privacy Policy and by contacting the Breakthrough T1D Chief Privacy Officer.
This information describes, for example:
- What personal information is in our custody or control;
- How we collect, use, and disclose personal information, and for what purposes;
- How we protect personal information in our custody and control;
- How you may gain access to and correct the personal information we have about you;
- How to opt out of specific uses and disclosures of personal information; and
- How to contact the Breakthrough T1D Canada Chief Privacy Officer with an inquiry or complaint.
Individual Access
Individuals have a right to access their own personal information in a record that is in the custody or under the control of Breakthrough T1D, subject to some exceptions. For example, organizations are required under provincial privacy laws (e.g. the Personal Information Protection Act) to refuse to provide access to information that would reveal personal information about another individual.
If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record.
You may make a request for access to your personal information by completing the Breakthrough T1D Access and Correction Request Form and submitting it to the Chief Privacy Officer (see contact information above). You must provide sufficient information in your request to allow us to identify the information you are seeking.
You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization. In addition, you may request a correction of an error or omission in your personal information. We will record in your record details about your correction request and communicate this information to relevant third parties, where required and feasible.
We will respond to your request within 30 calendar days, unless an extension is granted. We may charge a reasonable fee to provide information, but not to make a correction. We do not charge fees when the request is for personal employee information. We will advise you of any fees that may apply before beginning to process your request.
Google AdWords
We use Google AdWords Remarketing to advertise Breakthrough T1D across the Internet, in particular on the Google Display Network.
AdWords remarketing will display ads to you based on what parts of the Breakthrough T1D website you have viewed by placing a cookie on your web browser.
This cookie does not in any way identify you or give access to your computer or mobile device.
The cookie is used to indicate to other websites that “This person visited a particular page, so display ads relating to that page.”
Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
If you do not wish to see ads from Breakthrough T1D you can opt out in several ways:
1. Opt out of Google’s use of cookies by visiting Google’s Ads Settings.
2. Opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page
Questions and Complaints
In the event of a discrepancy or error with your online transaction, please contact info@breakthroughT1D.ca. Please include your name, telephone number and the date and amount of your transaction.
If you have a question or concern about any collection, use or disclosure of personal information by Breakthrough T1D, or about a request for access to your own personal information, please contact the Breakthrough T1D Chief Privacy Officer (see contact information above).
If you are not satisfied with the response you receive, you can contact the Office of the Privacy Commissioner of Canada by phone (1.800.282.1376) or by filling out a complaint form available at https://www.priv.gc.ca/en/report-a-concern/ and submitting the completed form by mail to:
Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville, Tower B
3rd Floor
Ottawa, ON K1A 1H3
You may also contact the Office of the Information and Privacy Commissioner in the province in which you reside.