This manual’s purpose is to provide guidance and advice to the Chief Privacy Officer at Dystonia Medical Research Foundation (DMRF) Canada on matters related to the implementation of privacy policies and procedures in accordance with federal legislation.
Covered under the Personal information Protection and Electronic Documents Act (PIPEDA), DMRF Canada is regulated under this federal legislation, in terms of the collection, storage and trading of donors’ personal information with any and all other organizations.
DMRF Canada will conduct itself, in all areas of ongoing business in a manner which will protect all personal information collected, stored and used in its business activities in a manner consistent with the mandate of PIPEDA.
DMRF Canada complies with Canada’s Anti-Spam Legislation (CASL) which limits on-line commercial messages.
________________________________________
PRIVACY POLICY
As a commercial entity in Canada, we will maintain your right to privacy. When you share with us your personal information, contact us in any way – whether through the mail, via the telephone, connecting to our web site, supporting our organization through donations, or being a part of our volunteer base, our commitment is to the protection of your personal information and your right to privacy.
To demonstrate our commitment to you and your rights, DMRF Canada has developed a plan in compliance with the National Standard of Canada covered within applicable legislation, based on the 10 Privacy Principles contained within the Canadian Standards Association Model Code for the Projection of Personal information.
________________________________________
PRINCIPLES OF PRIVACY
1. PROTECTION OF PERSONAL INFORMATION
The collection or transfer of your personal information is our responsibility when it is obtained by DMRF Canada. We accept this responsibility whenever we, or an agency on our behalf, handles your personal information.
Our plan to secure your personal information from disclosure includes a senior manager being assigned the responsibility for compliance to PIPEDA. We will, under this plan audit and maintain our privacy policy, our information systems and train all personnel accordingly. At any time, anyone having personal information in our possession may, according to our procedures, request and gain access to their own information for purposes of review.
2. IDENTIFICATION OF PURPOSES OF COLLECTION OF INFORMATION
We will identify the purpose for the collection of personal information, before we collect your personal information. DMRF Canada will use a “collection purpose” statement on documents and materials distributed by DMRF Canada when collecting any information which may be used to identify an individual.
3. KNOWLEDGE AND CONSENT
We will never collect your personal information without your knowledge and prior consent. Depending on the timing and/or purpose of the collection of information we may employ one of two methods of collection; one being an express consent option which requires you to provide information in a written manner indicating the purpose and your voluntary agreement to provide this information. DMRF Canada utilizes express consent wherever possible, and in all cases, when the personal information is considered sensitive.
Subject to legal requirements, DMRF Canada understands and will comply with your right to withdraw your consent to the collection, use or disclosure of personal information at any time.
4. LIMITING THE COLLECTION OF INFORMATION
Only that personal information which we have acknowledged as required for operational purposes will be collected by our organization. The collection of personal information will be gained directly from those persons conducting business with our organization, unless traded from third parties. Each individual will choose what information to share with DMRF Canada and for what purposes we may use this information. We only collect information fairly and lawfully, and directly from individuals. Each person has the right to provide as much or as little personal information as you choose to share.
In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In addition, if DMRF Canada does not have a direct relationship with the individual, it may not always be able to seek consent. For example, seeking consent may be impractical for a charity or a direct marketing firm that wishes to acquire a mailing list from another organization. In such cases, the organization providing the list would be expected to obtain consent before disclosing personal information.
5. LIMITING USE, DISCLOSURE AND RETENTION OF COLLECTED INFORMATION
Personal information will be retained as long as it is required to satisfy the intended purpose, and in compliance with any laws surrounding information retention. If all identified purposes for the use of personal information collected have been exhausted, we will destroy the information or render it unidentifiable to any specific person. All purposes for which we intend to use your personal information will be disclosed to you and should we identify a new situation requiring the use of your information, we will contact you prior to information being used with a view to gaining your consent.
6. ACCURACY OF YOUR PERSONAL INFORMATION
Aside from third party fund-raising lists collected by solicitors on our behalf, practically all personal information that we collect comes directly from individuals themselves, for example; on our donations forms or subscription request forms, in telephone conversations and through donor correspondence. Unless we are advised differently, we will generally assume this information to be accurate and complete. Although we do not regularly or routinely update personal information which has been provided to us, we do ensure opportunities exist for individuals to update their own personal information on an ongoing basis.
7. SAFEGUARDS FOR YOUR PERSONAL INFORMATION
All means possible are used to protect and guard personal information on file with DMRF Canada. Access to information is limited to those with a “need to know”, all employees and volunteers in the employ of DMRF Canada are trained on the issue of privacy – its meaning and importance, and as well, all files whether “soft” (meaning electronic) or “hard” (meaning paper) are maintained in locked filing cabinets in secure locations. Our Chief Privacy Officer will screen and verify access to personal information.
8. OPENNESS OF OUR PRIVACY POLICY AND PROCEDURES
Transparency is a way of doing business for DMRF Canada. Our policies and procedures are documented and open to all individuals. We will endeavour to communicate our Privacy Policy and Procedures, to the best of our ability, to all those individuals providing us with their personal information.
9. RIGHT TO ACCESS PERSONAL INFORMATION
At any time, you are entitled to view your personal information on file with DMRF Canada. Upon receiving a request from you, we will advise you of the purpose for which it was collected, the disposition of the information and, if it has been disposed, how we did this.
In order to access your any personal information, we may have on you, please send your written request to DMRF Canada ’s Chief Privacy Officer at PO BOX 1009 STN TORONTO DOM, TORONTO ON M5K 1P2. We will only allow access to personal information we have on file for that person who is requesting access upon receipt of this written request.
10. YOUR RIGHT TO CHALLENGE
As our goal is to fund a cure for dystonia, we are very committed to transparency and openness. Our Chief Privacy Officer can be contacted at any time should you be concerned about our not complying with our stated Privacy Policy.