Our Commitment to Protect Personal
Information
The Rick Hansen Foundation (RHF) is fully committed to
protecting the privacy of anyone who provides us with their
personal information. We value your trust and understand that
upholding this trust requires us to be transparent to you in how we
collect, use and/or disclose your personal information. The RHF is
compliant with B.C.'s Personal Information Protection Act
(PIPA) and the federal Personal Information Protection and
Electronic Documents Act (PIPEDA).
Definition of Personal Information
Personal information is any information about an identifiable
individual such as (but not limited to) someone's name, home
address, home phone number, personal email address, social
insurance number, gender, income, or family status. Personal
information also includes donation information or personal health
information such as spinal cord injury (SCI) or mental health
information.
Personal information does not include a person's work contact
information or work product information that is created as a
contractor or employee on behalf of an organization.
Ten Principles of Privacy
In order to ensure adherence to the rules and regulations set
out in provincial and federal level privacy legislation the RHF has
adopted the "Ten Principles of Privacy" which can be found in the
Canadian Standards Organization "Model Code for the Protection of
Personal Information" as a guideline to achieve a "gold standard"
of privacy compliance.
Principle 1: Accountability
The RHF is responsible for all personal information under its
control. In order to protect your personal information, the RHF has
named Caroline Sanche as the Privacy Officer. If you have any
questions, complaints or concerns you may contact the Privacy
Officer directly at the following:
Phone: 778-296-1527
Email: csanche@rickhansen.com
- The Privacy Officer is responsible to ensure that all
departments and third party organizations/service providers [1]
that work in conjunction with the RHF on certain initiatives adhere
to proper practices in handling your personal information.
Principle 2: Identifying Purposes
At or before the time of collection, the RHF will identify how
your personal information will be used or disclosed. The RHF will
collect your information for the following purposes:
To share information about the foundation with you and others
who may be interested in our activities, events or initiatives.
- To track and Issue tax receipts for donations received in
accordance with Canada Revenue Agency requirements.
- To confirm information related to a donation or registration in
an event.
- To give you required information about events/activities you
have registered for, have expressed interest in, or are attending
(such as a change in location or time of the event).
To establish, build, and maintain relationships.
- To process financial transactions (including donations).
- To determine the eligibility of an individual or community to
receive a grant and/or to issue grants.
- To use photographs taken at events in future RHF publications
including: newsletters, registration forms, or on our or our
partner's websites.
- To establish, maintain, and manage employment relationships
between the RHF and an employee/volunteer.
• To share other peoples stories and photographs in relation to
Rick Hansen, the RHF, and SCI in general.
- To improve our ability to provide services in accordance with
our mission to inspire others to share in the achievement of big
dreams that accelerate improvements in the lives of people with
Spinal Cord Injuries (SCI).
Principle 3: Consent
RHF obtains express consent to collect, use, and/or disclose
personal information, subject to withdrawal at any time, provided
that reasonable notice is provided to RHF, subject to legal
exceptions. By withdrawing consent, the consequence may be the
inability of the RHF to provide certain services which require the
use of certain types of personal information.
The RHF will make every effort to notify an individual of the
purpose for collection, use, or disclosure of personal information
and give a reasonable chance to refuse consent and/or to withdraw
consent at a later date. For Wheels In Motion events, the RHF will
provide individuals with the opportunity to decline consent on the
registration form using an "opt-out" or "opt-in" check box as well
as a clear explanation as to what the information being collected
will be used for. Only extenuating circumstances which are in the
best interests of donors/participants will permit the contacting of
participants whom have opted out of being on our contact lists.
This form of contact will only be intended for administrative
purposes related to a donation or event such as a clarification of
a donation amount a confirmation of an address to send a tax
receipt to or a change in event location or time.
For photographs or information collected at school events, consent
to use this information will be acquired from the school in
accordance with its privacy policies and practices. For photographs
and film taken by the RHF (or on behalf of the RHF) at other
private events signs will be placed at the entrances and other
visually accessible places to notify people that this will be
taking place, what the photographs and film will be used for, and
that give the contact information for the privacy officer or
delegate should that person wish to not have their photo used or
disclosed. For photographs taken at Wheels In Motion events the RHF
will notify participants on the registration form that their
photograph may be taken and used in future RHF related
publications. Due to the fact that Wheels In Motion is an event
that is open to the public it is a reasonable expectation that
other individuals, organizations and media may also take
photographs. The RHF does not control or take responsibility for
the collection, use or disclosure of these photographs.
Principle 4: Limiting Collection
The RHF will only collect as much information as is necessary to
fulfill the intended purpose for which it will be used. All
personal information will be collected through fair and lawful
means.
The RHF collects the following types of information:
- Contact information including name, address, phone number, and
email.
- Financial Information required to process donations and issue
tax receipts
- Spinal cord injury information.
- Information regarding conversations that take place between RHF
staff/contractors and individuals in the context of the work of the
RHF.
- Photographs to use in future publications including:
newsletters, registration forms, and on our website.
- Personal stories and quotes (which are voluntarily
provided).
Principle 5: Limiting Use, Disclosure and
Retention
Personal information will not be used or disclosed by the RHF
for purposes other than which it was originally collected, unless
the individual is contacted and he/she gives consent or as is
permitted or required by law.
The RHF will not sell, barter, rent or lease personal information
to other organizations. The only time that personal information
will be disclosed to other organizations is when third party
organizations work jointly on initiatives that require certain
pieces of information to be shared in order to fulfill their
function or if a service provider is contracted to perform services
on our behalf such as the processing of event registration
information, processing credit card transactions, or for conducting
surveys. In the instance where a third party organization does
require a disclosure of personal information, they will sign a
confidentiality agreement that legally obligates them to strictly
adhere to our privacy policies and procedures.
As a general privacy principle, personal information collected by
RHF will only be kept as long as required to fulfill the purpose
for which it was collected and in the least identifiable form
possible (i.e. names, addresses, and other identifying information
will be removed once they are no longer required to serve the
purpose for which they were collected).
In keeping with the RHF's requirements under BC's PIPA the minimum
retention period for personal information used to render a decision
about an individual is one year after the decision has been made.
If information is not used to render a decision it may be discarded
immediately.
In keeping with the Canada Revenue Agency's (CRA) requirements on
financial information the RHF retains donor, tax receipting and
other personal financial information for a period of seven
years.
The RHF destroys or renders anonymous information that is no
longer required for the purpose for which it was collected in a
secure manner.
Requests for restrictions or limitations on use or disclosure of
this information can be made at any time by contacting the RHF
privacy officer.
The RHF takes appropriate security precautions to ensure that
any personal information, weather in electronic or paper format, is
destroyed in a secure manner so that it will not be disclosed to
any other individuals or organizations. These measures include
confidential on-site shredding, wiping old equipment clean of any
data prior to destruction or taking out of service, and
over-writing data on backup tapes on a scheduled basis.
Principle 6: Accuracy
The RHF takes reasonable steps to ensure that any personal
information in our custody is accurate and up to date for the
purposes for which the information is to be used. In most instances
we rely on individuals to notify us of any changes to their
information, such as a change in address, phone number, or to
consent for use of their own personal information.
Principle 7: Safeguards
The RHF maintains appropriate physical, administrative and
security measures to safeguard personal information depending upon
the sensitivity of the information, irrespective of the medium, to
include protection against loss or theft, unauthorized access,
disclosure, copying, use or modification.
Physical measures include locked cabinets and offices, restricted
access to certain records, the use of usernames, passwords and ID
badges, encryption for electronic data transmission and
storage.
Administrative safeguards include legally binding confidentiality
agreements with all staff members, as well as third party service
providers or organizations, signed at the start of their
employment, privacy and security training at the point of hire and
at intervals throughout the duration of employment. The RHF has a
comprehensive Privacy Program in place, which includes internal
privacy policies and procedures that all staff and third party
agents must adhere to and that meets or exceeds privacy best
practices.
The RHF also employs security measures that meet or exceed
industry best practices. These measures include virus scanning,
secured zones for electronic and paper records, regular backups of
information and proper multi-step procedures that must be followed
prior to anyone being granted access to Personal Information.
Our website has security measures in place to protect donors'
information. All credit card transactions performed on the RHF
website uses Secure Socket Layer (SSL) technology to ensure that
the data transferred from the website user to the RHF web server is
encrypted prior to transmission. SSL uses 128-bit encryption to
maintain the confidentiality and integrity of personal health
information while in storage or transit, which is the highest level
of encryption used in today's browsers.
Most RHF information is stored securely on site and only
authorized personnel have access to this information. Archival
documents are stored off site at facilities that exceed
requirements for the storage of personal information. These
facilities are not open to public, are self contained, access is
limited to only two authorized RHF staff members. Our units are
individually locked, alarmed and monitored 24 hours a day by video
surveillance.
RHF data backups are stored by a third party service provider
for purposes of data recovery in the event of a disaster. This
service provider provides access to only three authorized RHF staff
members and is contractually obligated to keep all information
confidential from unauthorized RHF staff and/or any other third
party. This service provider only stores the tape and does not keep
any information on their own servers. All tape is stored under lock
and key under 24 hour video surveillance.
Principle 8: Openness
The RHF will always make our privacy policy available to the
public, including on our website or by request over the phone or by
email. Our procedures are available upon request by phone or email
to the RHF privacy officer at the contact information listed under
"Principle 10" of this policy.
Principle 9: Individual Access
Upon written request [2], an individual shall be informed of the
existence, use and disclosure his or her personal information, and
shall be given access to that information. The RHF provides an
opportunity for individuals to challenge the accuracy and
completeness of the information and have it amended as
appropriate.
Principle 10: Challenging Compliance
The RHF has developed procedures for dealing with privacy. Any
individual may challenge the compliance of the RHF by contacting
our Privacy Officer directly at the following:
Phone: 778-296-1527
Email: csanche@rickhansen.com
If we are unable to resolve your issue you may want to contact
the Office of the Information and Privacy Commissioner of BC
directly.
[1] A third party
organization/service provider includes an organization or
contractor that may need to access certain types of personal
information in order to provide a service on behalf of the Rick
Hansen Foundation (RHF) or to an individual such as: processing
registration forms for Wheels In Motion events or performing
surveys; or may be an organization that the RHF works closely with
in order to achieve their mission such as the Spinal Cord Injury
Solutions Network (SCISN) which participates with RHF in the
management and administration of certain activities such as Wheels
In Motion, administering grant applications and awarding grants to
individuals and organizations.
[2] A written request must
come in writing on a form provided by the RHF. The completed and
signed form may be mailed, hand delivered, faxed, or scanned and
emailed to the RHF.