St. Joseph's Healthcare Foundation is committed to protecting the privacy of the personal information of its donors, volunteers, employees, and other stakeholders. We value the trust of our supporters and of the public, and recognize that maintaining this trust requires that we be transparent and accountable in how we treat the information that is shared with us.
During the course of our various projects and activities, we frequently gather and use personal information. Anyone from whom we collect such information should expect that it will be carefully protected and that any use of or other dealing with this information is subject to consent. Our privacy practices are designed to achieve this.
Defining Personal Information
Personal information is any information that can be used to distinguish, identify or contact a specific individual. This information can include an individual's opinions or beliefs, as well as facts about, or related to, the individual. Exceptions: business contact information and certain publicly available information, such as names, addresses and telephone numbers as published in telephone directories, are not considered personal information. Where an individual uses his or her home contact information as business contact information as well, we consider that the contact information provided is business contact information, and is not therefore subject to protection as personal information.
1.1.1 PRIVACY OFFICER
The Foundation's Chief Privacy Officer is the Director of Communications and Marketing. Working closely with the Chief Privacy Officer of St. Joseph's Healthcare Hamilton, this Officer ensures the consistent application of privacy legislation, policies and procedures.
The Chief Privacy Officer is responsible for understanding the broad impact of legislation, implementing policies and procedures, and handling complaints surrounding privacy. The Officer will communicate this policy and train all employees and volunteers who might be in a position to collect, retain or use personal information.
1.1.2 THIRD PARTY USE OF PERSONAL INFORMATION
The Foundation uses third party vendors for services that would not be practical or cost-effective for us to perform ourselves. In all cases, the third party vender signs a confidentiality agreement promising that it will take every precaution to protect the personal information in its possession and to destroy it upon completion.
Further, data sent between the Foundation and third party vendors will be encrypted to ensure protection.
1.1.3 MAIL PROCESSORS
The Foundation uses third parties to process mailings. This requires sending name, address, and sometimes last gift information, usually segmented into specific categories based on gift regency and frequency. The mailing house addresses, sorts, and co-ordinates the distribution of these mailings.
1.1.4 NATIONAL CHANGE OF ADDRESS
The Foundation uses a third party vendor licensed to use Canada Post's National Change of Address Service. This service helps us eliminate unwanted mailings to our donors' former addresses when they move.
1.1.5 AFFINITY MARKETING PROGRAMS
When the Foundation works with partners to administer its affinity marketing programs, donor names and address information is sent to a mailing house/telemarketing firm that works on our Foundation's behalf to market the program. Only if a donor decides to respond to an offer, is the name and address information passed on to the affinity partner. Any other information, including financial, collected to complete the transaction or necessary for the partner to administer the program is considered the property of marketing partner and not shared with the Foundation.
Further, the Foundation is not informed of the names of any individuals who choose to enroll in the programs if this is considered personal information.
All donors will have at least one opportunity to exclude themselves from our affinity marketing programs before being contacted for such an offer.
1.1.6 DATABASE ANALYSIS
The Foundation occasionally employs a third party to analyze our database to help us improve our fundraising practices. Only information necessary to the analysis is released.
1.2 IDENTIFYING PURPOSES
Before personal information is collected, the Foundation must identify the purpose for which it is being collected. Safeguards are in place to ensure that the information is not disclosed or shared more widely than is necessary to achieve the purpose for which it was gathered unless otherwise required by law. Should a new purpose be established, individuals must be notified of the change.
1.3.1 IMPLIED CONSENT
In the collection, use or disclosure of personal information, knowledge and consent of the individual is required. This consent must be meaningful and easily understood. The Foundation will consider a donation as implied consent to inform the donor of the impact of their gifts and include them in future communications to support St. Joseph's Healthcare Foundation, unless otherwise indicated by the donor.
1.3.2 WITHDRAWAL OF CONSENT
The Foundation offers individuals the opportunity not to receive any or all communications from us. Such requests will be respected and acted on promptly. Opt-out clauses will be included in all direct mail pieces. To opt out, please call our Foundation at 905.521.6036.
1.3.3 FORMER PATIENT SOLICITATION
The Foundation receives limited information on patients who have been discharged from St. Joseph's Healthcare Hamilton's Charlton, King & West 5th Campuses. Safeguards have been put in place to protect patient privacy and to eliminate inappropriate mailings.
The hospital prepares the patient data and then sends the data to a third party mailing house which prepares the mailing. Individuals whose records indicate that they meet the following criteria are excluded:
(2) neonatal death
(3) publicity flags
(4) 30 years of age and under
(5) discharged to a retirement home, hospital, care centre, group home
Only if an individual responds to a mailing does the Foundation know of their name & address. The Foundation does not receive patient codes attached to any individual record. The mailing house retains the former patient data for one year to remove individuals who are repeat users of the Hospital from future mailings. This mailing will include an opt-out clause.
1.3.4 PUBLICATION OF DONOR LISTS
With respect to the publication of donor lists by gift category, donor requests for anonymity will be honoured.
1.4 LIMITING COLLECTION
Personal information collected is limited to that which is necessary to fulfill the purposes identified.
Information will be collected only by lawful means without misleading or deceiving individuals as to the reason. The source of the data will be indicated on each file.
1.5 LIMITING USE, DISCLOSURE AND RETENTION
The Foundation collects, uses and discloses personal information only for purposes that a reasonable person would consider appropriate in light of the circumstances. When information is no longer needed it will be destroyed.
The Foundation only uses the information it collects for Foundation programs that support St. Joseph's Healthcare Hamilton.
The Foundation will ensure that personal information is as accurate, complete, and up to date as possible.
The Foundation will ensure that steps are taken to protect personal information from theft and loss, as well as unauthorized access, disclosure, copying or use.
Hard copies of records are kept in locked cabinets and are accessible by Foundation staff only on a need to know basis. Only Foundation staff with confidential passwords may access electronic records. Information obtained from donors or visitors to our website is protected by special electronic security measures. The Foundation only captures information from our website if a visitor chooses to make a donation, fill out a form or contact us.
Our Foundation publishes our personal information protection policies and practices and clearly indicates who serves as the Foundation's Chief Privacy Officer. This information is posted on our website and available in print form. Copies will be made available to the public.
1.9 INDIVIDUAL ACCESS
Upon request, individuals will be informed of the existence, use and disclosure of all of their personal information and be given access to that information. An individual has the right to challenge the accuracy and completeness of the information and have it amended if appropriate. An exception to this would be if information could not be disclosed for legal, security or other reasons.
If the information requested may contain personal information about another individual, the other individual's information must be removed before the request was honoured.
All requests for access will be responded within a reasonable time (not more than 30 days) and at minimal or no cost to the individual.
1.10 CHALLENGING COMPLIANCE
An individual can challenge the Foundation's compliance with this policy. If so, the Foundation will follow the procedures outlined in its Complaints Policy.
Policies and procedures will be amended if a complaint has validity.
This policy will be regularly reviewed and updated as required. Revisions will be posted on the Foundation's website.
Further information on privacy and personal information may be found on the website of the Privacy Commissioner of Canada.