Our Commitment to Protect Personal Information
The Rick Hansen Foundation (RHF) is fully committed to protecting the privacy of anyone who provides us with their personal information. We value your trust and understand that upholding this trust requires us to be transparent to you in how we collect, use and/or disclose your personal information. RHF is compliant with B.C.’s Personal Information Protection Act (PIPA), the federal Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian Anti-Spam Law (CASL), and the Imagine Canada Standards Program best practices related to donor or supporter personal information.
Definition of Personal Information
Personal information is any information about an identifiable individual such as (but not limited to) someone’s name, home address, home phone number, personal email address, social insurance number, gender, income, or family status. Personal information also includes donation information or personal health information such as spinal cord injury (SCI) or mental health information.
Personal information does not include a person’s work contact information or work product information that is created as a contractor or employee on behalf of an organization.
Ten Principles of Privacy
In order to ensure adherence to the rules and regulations set out in provincial and federal level privacy legislation, RHF has adopted the “Ten Principles of Privacy” which can be found in the Canadian Standards Organization “Model Code for the Protection of Personal Information” as a guideline to achieve a “gold standard” of privacy compliance.
Principle 1: Accountability
RHF is responsible for all personal information under its control. In order to protect your personal information, the Foundation has named France Gagnon as the Privacy Officer. If you have any questions, complaints or concerns you may contact the Privacy Officer directly at email@example.com.
The Privacy Officer is responsible to ensure that all departments and third party organizations/service providers(1) (that work in conjunction with RHF on certain initiatives adhere to proper practices in handling your personal information.
Principle 2: Accountability
At or before the time of collection, RHF will identify how your personal information will be used or disclosed. RHF will collect your information for the following purposes:
- To share information about the Foundation with you and others who may be interested in our activities, events or initiatives.
- To track and issue tax receipts for donations received in accordance with Canada Revenue Agency requirements.
- To confirm information related to a donation or registration in an event.
- To give you required information about events and or activities you have registered for, have expressed interest in, or are attending (such as a change in location or time of the event).
- To establish, build, and maintain relationships.
- To process financial transactions (including donations).
- To determine the eligibility of an individual or community to receive a grant and/or to issue grants.
- To use photographs taken at events in future RHF print and online publications including newsletters, registration forms, annual reports and on our or our partner’s websites and social media.
- To use as video footage in future RHF videos.
- To establish, maintain, and manage employment relationships between the RHF and an employee/volunteer.
- To share other peoples’ stories and photographs in relation to Rick Hansen, the RHF, the RHI and people with disabilities in general.
- To improve our ability to provide services in accordance with our vision in order to inspire leaders, influencers and the public to join Rick Hansen in creating a global movement to remove barriers and liberate the amazing potential of people with disabilities.
Principle 3: Consent
RHF obtains express consent to collect, use, and/or disclose personal information, subject to withdrawal at any time, provided that reasonable notice is provided to RHF, subject to legal exceptions. By withdrawing consent, the consequence may be the inability of RHF to provide certain services which require the use of certain types of personal information.
RHF will make every effort to notify an individual of the purpose for collection, use, or disclosure of personal information and give a reasonable chance to refuse consent and/or to withdraw consent at a later date. For events, RHF will provide individuals with the opportunity to decline consent using an “opt-out” or “opt-in” check box as well as a clear explanation as to what the information being collected will be used for. Only extenuating circumstances which are in the best interests of donors/participants will permit the contacting of participants whom have opted out of being on our contact lists. This form of contact will only be intended for administrative purposes related to a donation or event such as a clarification of a donation amount a confirmation of an address to send a tax receipt to or a change in event location or time. Due to the fact that some events are open to the public it is a reasonable expectation that other individuals, organizations and media may also take photographs. RHF does not control or take responsibility for the collection, use or disclosure of these photographs.
For photographs or information collected at school events, consent to use this information will be acquired from the school in accordance with its privacy policies and practices. For photographs and film footage taken by RHF (or on behalf of RHF) at other private events signs will be placed at the entrances and other visually accessible places to notify people that this will be taking place, what the photographs and film will be used for, and that give the contact information for the privacy officer or delegate should that person wish to not have their photo used or disclosed.
Principle 4: Limiting Collection
RHF will only collect as much information as is necessary to fulfill the intended purpose for which it will be used. All personal information will be collected through fair and lawful means. RHF collects the following types of information:
- Contact information including name, address, phone number, email (this also includes the spouse when applicable).
- Financial Information required to process donations and issue tax or acknowledgement receipts.
- Answers to surveys and questionnaires which are treated as anonymous when results are publicly posted.
- Aggregate of research information from other entities does not include identifiable personal information.
- Spinal cord injury information.
- Information regarding conversations that take place between RHF staff/contractors and individuals in the context of the work of RHF.
- Photographs to use in future print and online publications including: newsletters, registration forms, annual reports and on our website or social media.
- Personal stories and quotes (which are voluntarily provided).
Principle 5: Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed by RHF for purposes other than which it was originally collected, unless the individual is contacted and he/she gives consent or as is permitted or required by law.
RHF will not sell, barter, rent or lease personal information to other organizations. The only time that personal information will be disclosed to other organizations is when third party organizations work jointly on initiatives that require certain pieces of information to be shared in order to fulfill their function or if a service provider is contracted to perform services on our behalf such as the processing of event registration information, processing credit card transactions, processing direct mail, online or telemarketing campaigns, appeals or transactions, or for conducting surveys. In the instance where a third party organization does require a disclosure of personal information, they will sign a confidentiality agreement that legally obligates them to strictly adhere to our privacy policies and procedures as well as those outlined in PIPEDA, PIPA and CASL .
As a general privacy principle, personal information collected by RHF will only be kept as long as required to fulfill the purpose for which it was collected and in the least identifiable form possible (e.g., names, addresses, and other identifying information will be removed once they are no longer required to serve the purpose for which they were collected).
In keeping with RHF’s requirements under BC’s PIPA the minimum retention period for personal information used to render a decision about an individual is one year after the decision has been made. If information is not used to render a decision it may be discarded immediately.
In keeping with the Canada Revenue Agency’s (CRA) requirements on financial information RHF retains donor tax receipting and other personal financial information for a period of two years.
RHF destroys or renders anonymous information that is no longer required for the purpose for which it was collected in a secure manner. Requests for restrictions or limitations on use or disclosure of this information can be made at any time by contacting the RHF Privacy Officer. In addition, prospective donors or existing donors and supporters can contact RHF's Community Giving team to expand, restrict or limit specific communications from the Foundation.
The Foundation takes appropriate security precautions to ensure that any personal information, whether in electronic or paper format, is destroyed in a secure manner so that it will not be disclosed to any other individuals or organizations. These measures include: confidential on-site shredding, wiping old equipment clean of any data prior to destruction or taking out of service, over-writing data on backup tapes on a scheduled basis, removing the results of database exports of donor information, and ensuring the security of our web site, emails, databases and other technology tools through the use of firewalls and other security measures.
Principle 6: Accuracy
RHF takes reasonable steps to ensure that any personal information in our custody is accurate and up to date for the purposes for which the information is to be used. In most instances we rely on individuals to notify us of any changes to their information, such as a change in address, phone number, or to consent for use of their own personal information.
Principle 7: Safeguards
RHF maintains appropriate physical, administrative and security measures to safeguard personal information depending upon the sensitivity of the information, irrespective of the medium, to include protection against loss or theft, unauthorized access, disclosure, copying, use or modification.
Physical measures include locked cabinets and offices, restricted access to certain records, the use of usernames, passwords and ID badges, encryption for electronic data transmission and storage.
Administrative safeguards include legally binding confidentiality agreements with all staff members, as well as third party service providers or organizations, signed at the start of their employment, privacy and security training at the point of hire and at intervals throughout the duration of employment. The RHF has a comprehensive Privacy Program in place, which includes internal privacy policies and procedures that all staff and third party agents must adhere to and that meets or exceeds privacy best practices.
RHF also employs security measures that meet or exceed industry best practices. These measures include virus scanning, secured zones for electronic and paper records, regular backups of information and proper multi-step procedures that must be followed prior to anyone being granted access to Personal Information.
Our website has security measures in place to protect donors' information. All credit card transactions performed on the RHF website uses Secure Socket Layer (SSL) technology to ensure that the data transferred from the website user to the RHF web server is encrypted prior to transmission. SSL uses 128-bit encryption to maintain the confidentiality and integrity of personal health information while in storage or transit, which is the highest level of encryption used in today's browsers.
Most RHF information is stored securely on site and only authorized personnel have access to this information. Archival documents are stored on site that exceed requirements for the storage of personal information. These facilities are not open to public, are self contained, access is limited to only authorized RHF staff members. Our units are individually locked and alarmed.
RHF data backups are stored by a third party service provider for purposes of data recovery in the event of a disaster. This service provider provides access to only three authorized RHF staff members and is contractually obligated to keep all information confidential from unauthorized RHF staff and/or any other third party. This service provider only stores the tape and does not keep any information on their own servers. All tape is stored under lock and key under 24 hour video surveillance.
Principle 8: Openness
Principle 9: Individual Access
Upon written request(2), an individual shall be informed of the existence, use and disclosure his or her personal information, and shall be given access to that information. RHF provides an opportunity for individuals to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10: Challenging Compliance
RHF has developed procedures for dealing with privacy. Any individual may challenge the compliance of the Foundation by contacting our Privacy Officer directly at firstname.lastname@example.org.
If we are unable to resolve your issue you may want to contact the Office of the Information and Privacy Commissioner of BC directly.
(1) A third party organization/service provider includes an organization or contractor that may need to access certain types of personal information in order to provide a service on behalf of the Rick Hansen Foundation (RHF) or to an individual such as: processing registration forms for Wheels In Motion events or performing surveys; or may be an organization that the RHF works closely with in order to achieve their mission such as the Spinal Cord Injury Solutions Network (SCISN) which participates with RHF in the management and administration of certain activities such as Wheels In Motion, administering grant applications and awarding grants to individuals and organizations.
(2) A written request must come in writing on a form provided by the RHF. The completed and signed form may be mailed, hand delivered, faxed, or scanned and emailed to the RHF.