Privacy Policy
Policy Objective
The Crohn’s and Colitis Canada Privacy policy outlines the organization’s principles, practices, and commitment regarding the collection, protection, management, and disclosure of personal information we collect over the course of our business operations. This policy is based on the federal Personal Information Protection and Electronics Documents Act (PIPEDA), Canada’s anti-spam legislation (CASL), and provincial laws when applicable.
Policy Application
The Crohn’s and Colitis Canada Privacy policy applies to employees, contractors, donors, volunteers, stakeholders, and any individual or third party who provides, collects, uses, or discloses personal information to, and on behalf of the organization. The policy applies to all Crohn’s and Colitis Canada information assets including personal information and/or personal health information, system administration and security data, that is transmitted, processed, or stored on information systems controlled by Crohn’s and Colitis Canada or its suppliers, contractors, or vendors. The policy applies to all activities associated with the operation of Crohn’s and Colitis Canada information systems and business operations.
Policy Details
Crohn’s and Colitis Canada follows the principles set by the Office of the Privacy Commissioner of Canada under PIPEDA and CASL. Our organization recognizes the importance of protecting the privacy of personal information provided to us from our employees, donors, volunteers, partners, and other stakeholders, and respects an individual’s right to privacy. We value the trust placed in us and recognize that this trust requires transparency and accountability in terms of how we treat personal information.
Many Canadian provinces have implemented privacy legislation that is similar in nature to PIPEDA with respect to custodians of health information. Crohn’s and Colitis Canada considers information relating to Crohn’s, colitis, and inflammatory bowel disease (IBD) to be personal health information. While Crohn’s and Colitis Canada is not a health care custodian by law, it has willingly embraced the fundamentals of personal health information legislation.
Accountability
Crohn’s and Colitis Canada is responsible for personal information under our possession and control. We have designated a Privacy Officer to be responsible for our compliance with this Privacy policy and applicable privacy legislation. Crohn’s and Colitis Canada will make known, upon request, the title of the person or persons designated to oversee our compliance with this Privacy policy.
Crohn’s and Colitis Canada is responsible for personal information in our possession or custody, including information that has been transferred to a third party for processing and shall use contractual or other means to ensure that such third parties protect all personal information to the same level as Crohn’s and Colitis Canada protects your personal information.
Crohn’s and Colitis Canada has implemented policies and practices to give effect to these principles, including:
- implementing procedures to protect personal information
- implementing an internal process to receive and respond to complaints and inquiries relating to this Privacy policy; and
- training staff and communicating staff information about our policies and practices.
Collection of Information
Personal information and personal health information is obtained by Crohn’s and Colitis Canada through various methods, including but not limited to direct interactions, website interactions, third parties, or publicly available sources. Crohn’s and Colitis Canada collects the minimum amount of personal and personal health information needed to effectively implement our programs, services, events, process donations and payroll, comply with legislative requirements, communicate, and conduct any other activities related to fulfilling our Promise. Crohn’s and Colitis Canada is committed to protecting the privacy of children. We do not knowingly solicit personal information for children under the age of 14 without parental or guardian consent. If a child has provided us with personal information without parental or guardian consent, his or her parent or guardian may contact us for the purposes of deleting this information.
Individuals have the right to check what information Crohn’s and Colitis has collected to verify, correct, and to remove obsolete information.
Personal and Personal Health Information Collected:
- contact information
- date of birth, gender, weight, age, ethnicity
- Crohn’s, colitis or IBD diagnosis and medical information
- donation information
- financial and banking information
- event and advocacy participation information
- details required to process employment applications, benefits and payroll
- Internet Protocol (IP) address
- other personal or personal health information voluntarily provided to us
Crohn’s and Colitis Canada may collect certain information required to meet our obligations to the Canada Revenue Agency (CRA) such as income tax receipts. In addition, there may be situations where the use and/or disclosure of personal information is necessary or permissible without consent.
Such circumstances may include:
- where required by law or by order or requirement of a court administrative agency or other governmental tribunal;
- where Crohn’s and Colitis Canada believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group; and
- where the information is public.
Purposes for Collecting Personal and Personal Health Information
- to maintain membership records of our supporters, including contact details and payment of membership fees;
- to provide information to people affected by Crohn’s, colitis, or IBD and their families;
- to assist and improve our programs, events, and services to meet the needs and expectations of our community;
- to fund and facilitate research, education, awareness, and advocacy initiatives that advance the understanding, treatment, and prevention of Crohn's, colitis, and IBD;
- to conduct internal research and analysis to evaluate and improve our programs, services, and operations;
- for fundraising purposes, which may include donor information management;
- to report on the impact and outcomes of our donations, programs, and services to our donors, supporters, and the public; to communicate and market our programs, services, and events that may be of interest to our donors, supporters, and the public;
- website use and analytics;
- to send newsletters, updates, and other communications to our supporters, and contractors;
- employee recruitment and processes; and
- as otherwise required by law.
Google Analytics and Website
Crohn’s and Colitis Canada uses “Google Analytics” to collect information about the use of its website. Google Analytics is a web analysis service that use cookies to track information about the use of our website including how often users visit the website, what pages they visit and what other websites they use prior to coming to the Crohn’s and Colitis Canada website.
Google Analytics only collects the IP addresses assigned to you on the date you visit the website. Your name or other identifying information is not captured. Information collected using Google Analytics is not combined with personally identifiable information. Information stored by Google Analytics and its use is restricted by the Google Analytics Terms of Use and the Google Privacy policy.
The information generated by the cookie about your use of our website (including your IP address) is stored in Google’s servers in the United States. You can prevent Google Analytics from recognizing you on return visits to the Crohn’s and Colitis Canada website by disabling cookies on your browser. For more information on Google Analytics, please visit: https://marketingplatform.google.com/about/analytics/
Limiting Use, Disclosure and Retention
Unless an individual consents otherwise or as required by law, personal information is only used or disclosed for the purposes outlined in this policy and retained as required to serve those purposes and meet regulatory and legal requirements. Personal information that is deemed no longer required will be destroyed, erased, or made securely anonymous. In instances where Crohn’s and Colitis Canada should disclose personal information to a third-party with whom we have a contractual relationship, access to personal information will only be granted as required to meet the specific contractual deliverables and may not be used for any other purpose.
Safeguards
Crohn’s and Colitis Canada will safeguard personal information appropriate to the sensitivity of the information. This includes using secure technology, authorized access protocols, encryption, and limiting physical access to those who need the information to perform work-related tasks.
Where Crohn’s and Colitis Canada uses a third party to process personal information, strict security and confidentiality clauses are included in the contractual arrangements. The third party is also required to comply with this policy and use encryption processes when collecting or using personal information.
Our employees and volunteers are required to sign a code-of-conduct agreement which includes a confidentiality clause and are given access to personal information only as required to perform position-related tasks.
Consent
Crohn’s and Colitis Canada is committed to protecting the privacy of personal information and personal health information that you provide to us or that we collect from other sources. We will only collect, use, or disclose your information in accordance with our Privacy policy and applicable laws, and we will obtain your consent for such purposes, unless otherwise required by law. Your consent may be express or implied, depending on the nature and sensitivity of the information and the context in which it is collected, used, or disclosed. Express consent is required for sensitive personal information, such as personal health information, or for new or additional purposes or initiatives that are not covered by our Privacy policy. Implied consent may be considered when information is less sensitive or when the purpose is reasonably expected by you.
You have the right to withdraw your consent to Crohn’s and Colitis Canada to retain or use your personal information for purposes other than required by law or regulatory purposes by contacting us through our website or calling our Toronto office at 1-800-387-1479. However, please note that withdrawing your consent may affect our ability to deliver programs and/or services that you are seeking or have registered for. We will inform you of the implications of withdrawing your consent and discuss the options available to you.
Depending on the nature and sensitivity and nature of the personal information or personal health information that you provide to Crohn’s and Colitis Canada, we will ask that you review our Privacy policy and indicate your consent and agreement to how we may collect, use, and disclose your information for the purposes outlined in this policy. In other circumstances where information is less sensitive, we may consider it implied consent.
When we ask for your express consent, we will provide you with the following information in clear and simplified language:
- the specific purpose for which we are collecting, using or disclosing your information; the names of third parties with whom we may share your personal information, if any;
- the categories of people within our organization who have access to personal information (i.e. HR Managers and Specialists, etc.), if relevant;
- the duration of data retention;
- contact information of our Privacy Officer;
- whether the request is mandatory or optional; and
- your right to withdraw consent and the implications for declining to reply or withdrawing consent.
If we do not specifically seek your express consent and rely on your implied consent, this means that you are giving us your implied consent to collect, use and disclose your personal information for the purposes outlined in our Privacy policy. If you do not agree with these terms, please do not share your personal information with us, this may affect our ability to provide you with the programs and/or services you request.
In addition, before collecting, using, or disclosing personal information about a minor under the age of 14, Crohn’s and Colitis Canada will obtain the written consent of the person with parental authority.
Email Communications
We comply with Canada’s anti-spam legislation (CASL) and will not send you electronic communications in contravention of this law.
We will ensure that each email includes an opt-out feature and instructions on how to unsubscribe if you no longer wish to receive future emails from us. You can unsubscribe using the link included in the email or by using the contact information in the Privacy Officer contact information set out below. If you do not expressly consent to receiving commercial electronic communications, we will only communicate with you for the limited purposes permitted under CASL.
Sharing of Personal Information
Crohn’s and Colitis Canada will maintain the strict confidentiality of all personal information collected and will not rent or sell personal information to other parties. We may share your personal information in the following ways:
- banking information shared with Crohn’s and Colitis Canada banking institutions to process donations, payroll, and other financial transactions;
- with external auditors for our annual audit;
- with contracted third-party organizations for:
- fundraising campaigns
- data hosting, management, and storage services
- donation processing and tax receipting services; and
- marketing analysis and retention services.
- through exchange lists (name and address only) with other charities; and
- otherwise required by law.
Personal information voluntarily disclosed through social media interactions can be collected and used by other internet users. Crohn’s and Colitis Canada undertakes no obligations as to the security of information voluntarily posted on social media.
Any information voluntarily submitted such as photographs or other content posted to any public social media pages or websites may be collected, used, and shared by others who use or access those same services.
We will disclose personal information without your knowledge or consent if we receive an order, subpoena, warrant or other legal requirement issued by a court, tribunal, regulator, or other person with jurisdiction to compel disclosure of your personal information.
Both employees and volunteers, and any individual or third party acting or providing services on our behalf, are required to maintain the privacy and confidentiality of all records containing personal information in all formats including after they leave or conclude their work with Crohn’s and Colitis Canada.
Accuracy and Access
Crohn’s and Colitis Canada relies on our donors, partners, stakeholders, and employees to provide us with accurate personal information and will take reasonable steps to ensure that the personal information in its custody is accurate, complete, and up to date as is necessary for the purposes for which it is to be used.
Upon request, Crohn’s and Colitis Canada will provide you with information regarding the existence, use and disclosure of personal information that we may hold. We will need to verify your identity before providing you with the personal information we hold about you and we will respond within the time periods provided for under applicable laws. There is no cost for such access request unless you require copies of records. Please contact us through our website or by calling our Toronto office at 1-800-387-1479 to access or update your personal information.
Transparency
Crohn’s and Colitis Canada will be transparent regarding the use of personal information by making information about its policies and practices respecting the collection and maintenance of personal information available to all interested parties. We are pleased to answer any questions that you may have regarding the collection and maintenance of Personal Information.
Challenging Compliance
Individuals are welcome to challenge Crohn’s and Colitis Canada’s compliance with PIPEDA’s fair information principles and provincial laws by providing specific information by calling our Toronto office or submitting information through our website. Our Privacy Officer should respond to requests within 30 days of receipt.
Non-Compliance
Any violation of this policy by employees or volunteers of Crohn’s and Colitis Canada is subject to disciplinary sanctions, as determined by Crohn’s and Colitis Canada, up to and including dismissal.
Any violation of this policy by a supplier, vendor or contactor or their respective employees and agents, is subject to remedies identified in the agreement or contract. Crohn’s and Colitis Canada may request the removal of a supplier, vendor or contractor employee who has violated this policy.
Breach Notifications
Should there be an incidence of unlawful access of personal information, Crohn’s and Colitis will notify the appropriate regulatory bodies as well as affected persons if the incident is deemed to pose a risk of serious harm as determined by the Privacy Officer, unless it could potentially hinder an investigation conducted by the lawfully responsible party. Crohn’s and Colitis Canada will maintain a record of all security incidents and take reasonable measures to limit the risk to the persons concerned, and to prevent new incidents of the same nature from occurring. A copy of the Security Incident register will be sent to the appropriate regulatory bodies if requested.
Privacy Impact Assessment (PIA)
As required, Crohn’s and Colitis Canada will conduct a Privacy Impact Assessments (PIA’s) as it relates to the introduction, development, or enhancement of technology systems involving the collection, use, release, storage, and/or destruction of personal information. The conduct of the PIA will be proportionate to the sensitivity of the personal information concerned, the purposes for which it is to be used, the protection measures of the personal information, and the quantity and distribution of the information and the medium on which it is stored.
Privacy Notices
Should we collect personal information using technology that identifies, locates, or profiles an individual, or utilize personal information to make a decision only grounded on automated processing, Crohn’s and Colitis will provide certain information to individuals as required.
Crohn’s and Colitis Canada Privacy Officer Contact Information
Privacy Officer
Crohn’s and Colitis Canada
439 University Avenue, Suite 2110
Toronto, ON M5G 1Y8
Email: privacy...crohnsandcolitis...ca
Phone: 416-920-5035
Monitoring and Compliance
The Board of Directors of Crohn’s and Colitis Canada is responsible for ensuring that Crohn’s and Colitis Canada is in compliance with applicable laws, regulations and rules, and with the security and privacy policies.
The Privacy Officer is responsible for leading the monitoring of the application and compliance of this policy direction and any related procedures in conjunction with other members of the Strategic Leadership Team (SLT). SLT is responsible for reviewing this policy every 3 years. On an annual basis, board members, employees and volunteers must acknowledge compliance with this policy direction and the related procedures.
Crohn’s and Colitis Canada may amend this policy from time to time at its’ sole discretion and without prior notice to accommodate legal and regulatory requirements, introduction of new technologies, business practices and stakeholder needs. The collection, use and disclosure of personal information will be governed by the version of this Privacy policy in effect at the time.
Related Policies, Legislation
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- Canada Anti-Spam legislation (CASL)
- Quebec Law 25
- Fair Information Principles-Office of the Privacy Commissioner of Canada
- Resolving Community Member’s Concerns
- Whistleblower
- Code of Conduct
- Information Technology
Definitions
Canada’s Anti-Spam Legislation (CASL) - federal law dealing with spam and other electronic threats aimed to protect consumers and businesses from the misuse of digital technology, including spam and other electronic threats.
Privacy – the fundamental right of an individual to control information about ourselves (including the collection, use and disclosure of and access to that information).
Confidentiality – an obligation to protect personal information, to maintain its secrecy and not misuse or wrongfully disclose it.
Record - any information or document in any format (paper, electronic or video), received or collected to conduct business.
Personal Information - any information that can be used to distinguish, identify, or contact a specific individual. This includes information as to whether an individual has donated to Crohn’s and Colitis Canada, how much has been donated and an individual’s private contact information. Business contact information and certain publicly available information, such as name, address and telephone numbers that are published in telephone and online directories are not considered personal information.
Personal Health Information – with respect to an individual, whether living or deceased:
- the physical or mental health of the person
- any health service provided to the person
- any body part or any bodily substance donated by the person or information resulting from the testing or examination
- information that is obtained through the provision of services to the person, or obtained incidentally while providing such health services to the person
PIPEDA - The Federal Personal Information Protection and Electronic Documents Act
Strategic Leadership Team (SLT) - the most senior level of leadership within Crohn’s and Colitis Canada comprised of the President and Chief Executive Officer and Vice Presidents.
Policy: Privacy |
Applies To: Employees, contractors, donors, volunteers, stakeholders, and any individual or third party who provides, collects, uses, or discloses personal information to, and on behalf of the organization. |
Executive Champion: VP Finance and Administration |
Frequency of Review: Every 3 years |
Approved By: Board of Directors |
Last Reviewed: April 2024 |
Issue Date: October 19, 2008 |
Next Scheduled Review: April 2027 |