THE OSHAWA HOSPITAL FOUNDATION
PRIVACY PROTOCOL
The Oshawa Hospital Foundation realizes how important it is to you as a donor to have your privacy protected. We are committed to preserving your trust and undertake to safeguard the information you provide to us in a responsible manner and in compliance with S 39(2) of the Freedom of Information and Protection of Privacy Act.
Please note that names, addresses and telephone numbers as published in telephone/business directories are publicly available and not considered personal information.
What We Do With The Personal Information Collected By The Oshawa Hospital Foundation:
We do not rent, trade or sell our donor or Cash for Cancer Lottery lists. The personal information you do provide to us which could be used to distinguish and identify you specifically is collected, used and disclosed only for the purpose of processing donations, keeping you informed of our activities and seeking your support for our annual events and our on-going campaign to improve health care in the Durham Region.
We have implemented safeguards to ensure that your personal information is only accessed to the extent necessary to pursue our mission and you as a donor have the right to restrict our use of your personal information, for instance, limiting future contact. You also have the right to access your personal information at all reasonable times to ensure its accuracy and to edit the information where necessary.
Electronic Commerce and Website:
Secure websites and password protocols are what we use to protect your personal information when a donation is made on-line or an item purchased, such as a ticket for our Cash for Cancer Lottery.
How to Reach Us:
If you have any questions about our privacy protocol, you can call us and ask for our Privacy Officer, (905) 433-4339, e-mail us at jdavis@lakeridgehealth.on.ca, or write to us at:
The Oshawa Hospital Foundation,
1 Hospital Court, Room 1A-120
Oshawa, Ontario
L1G 2B9
Remember: Your donations and on-going support of our lottery and other fundraising activities allow us to fulfill our mission to provide the best healthcare possible to the residents of the Durham Region.
The Oshawa Hospital Foundation’s Freedom of Information and Protection of Privacy Policy:
TABLE OF CONTENTS
1. Preamble
a) Statement of Purpose
b) The Basic Principles
c) Scope of Policy
d) Nature of the Access Right
2. Protection of Personal Information
a) Consent
b) Collection of Personal Information
c) Use of Personal Information
d) Disclosure of Personal Information
e) Retention and Disposal of Personal Information
f) Access and Correction Rights
g) Exemptions from the Access Right
3. Policy Administration
a) The Privacy Protection and Freedom of Information Officer (Privacy Officer)
b) Complaints
c) Investigations and Recommendations
d) Procedures for Accessing Records
e) Fees
1. Statement of Purpose:
a) Our purpose is to maintain and enhance the relationship of trust we have established with our donors by protecting the “personal information” that is collected by The Oshawa Hospital Foundation.
“Personal information” means recorded information about an individual, including:
i. information related to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation, disability or marital or family status of the individual;
ii. information relating to the educational, medical, psychiatric, psychological, criminal, or employment history or remuneration of the individual or about financial transactions involving the individual;
iii. any photographic image, identifying number, symbol or other identifier assigned to the individual;
iv. the home address, personal e-mail or telephone number of the individual;
v. the individual’s personal opinions or views, except where they relate to someone else;
vi. correspondence or other communications received from the individual that is implicitly or explicitly confidential and replies to them that would reveal the contents of the originals;
vii. the views or opinions of another person about the individual;
viii. the individual’s name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual.
b) The Basic Principles:
We adhere to the following Basic Principles:
i. as set out at S. 39(2) of the Freedom of Information and Protection of Privacy Act;
ii. as set out in the Donor Bill of Rights;
iii. as set out in the Association of Fundraising Professionals Standards of Professional Practice and Code of Ethics;
iv. as set out in the ten principles of the Canadian Standards Association Model Code for the Protection of Personal Information (CAN/CSA – Q830-96).
c) Scope of Policy:
Our policy applies to all individuals involved with The Oshawa Hospital Foundation. This includes all staff, volunteers, Trustees and third party merchandise/service providers.
Our policy covers all personal information received by us relating to prospective donors, donors, prospective lottery ticket purchasers, lottery ticket purchasers and volunteers, which is in our possession and under our control without regard to the information format (ie. verbal, paper, or electronic).
d) Nature of the Access Right:
We will make available upon reasonable request all personal information we have in our possession and control with respect to the individual making the request. All requests should be made in writing and be directed to the Foundation’s Privacy Officer. Please note that the Foundation does not sell our donor or lottery purchaser lists.
2. Protection of Personal Information:
a) Consent:
In general, receipt of a donation by The Oshawa Hospital Foundation, or the use of products or services by a donor constitutes implied consent to collect, use and disclose personal information for all identified purposes.
Our identified purposes are as follows:
i. to process donations;
ii. to keep donors informed about Foundation activities;
iii. to request support for our mission to improve health care in Durham Region and bring cancer care closer to home;
iv. to promote the Cash for Cancer lottery;
v. to prepare and distribute newsletters, stewardship reports, etc;
vi. to promote public education, advocacy and donor cultivation.
The Oshawa Hospital Foundation reserves the right to expand its list of identified purposes upon notice to donors.
You have the right to withdraw your consent at any time and The Oshawa Hospital Foundation will comply with that request upon reasonable notice. There may be instances were The Oshawa Hospital Foundation cannot comply with such a request, ie. where the Foundation has been compelled to disclose personal information to comply with a subpoena, or court order, or as may otherwise be required or authorized by law.
b) Collection of Personal Information:
We only collect the personal information we need for the purposes identified. (See Paragraph 2(a)).
i. personal information will be collected from the individual directly to the extent possible;
ii. the nature of the information collected will be limited to the minimum required to satisfy the purpose;
iii. we may receive contact information name and address only on patients from Lakeridge Health Corporation (Oshawa site); You have the right to notify us that you do not wish Lakeridge Health Corporation to share this information with us and we shall communicate that directive to Lakeridge Health Corporation;
iv. we may also obtain personal information from any other source deemed necessary to advance our mission to improve health care in Durham and bring cancer care closer to home.
c) Use of Personal Information:
Except with your consent (or as required by law) personal information collected by The Oshawa Hospital Foundation with us will only be used or disclosed for the purposes for which it was collected as more specifically itemized at Paragraph 2(a).
d) Disclosure of Personal Information:
i. We do not barter, sell, rent or lease our donor or lottery purchaser lists;
ii. Only our employees with security clearance (user ID and password) and authorized agents are granted access to personal information about donors and lottery purchasers when the information is necessary for Foundation business and mission purposes;
iii. Such employees and authorized agents having access to such personal information are required to enter into confidentiality agreements to ensure the protection of the information you choose to share with us;
iv. An employee or agent who knowingly violates our privacy policy shall have their contract terminated. We take this obligation to you very seriously;
e) Retention and Disposal of Personal Information:
We only retain personal information for so long as a relationship is being maintained or cultivated between the Foundation and a potential donor, donor, potential lottery purchaser, lottery purchaser or it is necessary for our identified purposes.
Our Privacy Protection and Freedom of Information Officer (see Paragraph 3. a)) conducts an annual review and purge of personal information. If it is no longer relevant or necessary for the identified purposes it is deleted, destroyed, erased, shredded or de-personalized.
The Privacy Officer also establishes and monitors the security safeguards in place to protect personal information against the risks of theft, loss, unauthorized access and use, unauthorized disclosure, unauthorized modification or destruction. This includes, without limitation, the following:
i. provision of privacy training to employees, agents and any other individual granted access to personal information;
ii. review of security safeguards on an ongoing basis to ensure they are appropriate given the sensitivity of the information;
iii. ensuring contractual agreements (including employment contracts and agreements with third party product/service providers) include appropriate confidentiality clauses; iv. the implementation and enforcement of the following protection measures:
a. Physical – ie locked filing cabinets, restricted office access
b. Technological – user ID, encryption, firewalls, spot audits and passwords;
c. Organizational – access limited to individuals on a “needs – to –know” basis bearing in mind the purpose and our mission.
f) Access and Correction Rights:
The Privacy Officer acts as adjudicator on all information privacy and security matters. This Officer is authorized to assist in solving problems and implementing improvements with respect to the information privacy and security procedures of The Oshawa Hospital Foundation. This Officer is required to respond to all requests for access to information/correction of information within thirty (30) days. A request must be made in writing and can be completed on line by visiting www.theohf.com, or in person at our office located at 1 Hospital Court, Room 1A-120, Oshawa, Ontario. Every person who is given access to their personal information pursuant to such a request is entitled to:
i. request in writing for the removal of their personal information from the Foundation’s data base and that no further information be shared by Lakeridge Health with The Oshawa Hospital Foundation and we shall communicate this directive to Lakeridge Health (Oshawa site);
ii. where the person reasonably believes that there is misinformation or an omission has been made to request a correction of the personal information;
iii. require that a written explanation be attached to the information disclosed in the event any correction is requested but declined.
An appeal from the decision of the Privacy Officer lies to the Chief Executive Officer of The Oshawa Hospital Foundation. (See Paragraph 3.b))
If you are not satisfied with the manner in which our Privacy Officer, Chief Executive Officer, or The Oshawa Hospital Foundation has responded to your request, you have the right to contact the Privacy Commissioner of Canada at:
112 Kent Street
Place De Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Tel: 1-800-282-1376
Fax: 613-947-6850
g) Exemptions from the Right to Access:
The Oshawa Hospital Foundation shall not be required to disclose personal information:
i. if it is evaluator or opinion based and is used solely for the purpose of determining eligibility, suitability, or qualification for employment, promotion or the awarding of a contract with The Oshawa Hospital Foundation;
ii.bwhere the disclosure is likely to reveal the source of the information and the identity of which was assumed to be held in strict confidence;
iii.bthat is statistical or research information.
3. Policy Administration:
a) The Privacy Protection and Freedom of Information Officer: (Privacy Officer) The Board of Directors for The Oshawa Hospital Foundation shall appoint the Privacy Protection and Freedom of Information Officer. You can reach the Privacy Officer at (905) 433-4339, or online at jdavis@lakeridgehealth.on.ca.
i. This Officer shall be responsible for overseeing compliance by The Oshawa Hospital Foundation with the policies stipulated herein;
ii. This Officer shall receive requests for access to information and correction of personal information and shall respond to same within thirty (30) days of receipt of written request (which can be made on line).
iii. This Officer shall adjudicate each request and in the event of a refusal provide written reasons for such refusal to the person making the request along with a written explanation of the appeal procedure available.
b) Complaints, Investigations and Recommendations:
The decision of the Privacy Officer shall be appealable to the Chief Executive Officer of The Oshawa Hospital Foundation whose duty it shall be to complete an investigation of the complaint and determine whether there has been compliance with this policy. The decision and any recommendations with reasons of the Chief Executive Officer shall be in writing and a copy provided to both the Officer and the complainant.
If you are not satisfied with the manner in which our Privacy Officer, Chief Executive Officer, or The Oshawa Hospital Foundation has responded to your request, you have the right to contact the Privacy Commissioner of Canada at:
112 Kent Street
Place De Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Tel: 1-800-282-1376
Fax: 613-947-6850
c) Procedures for Accessing Records:
Persons seeking access to their personal information in the custody and control of The Oshawa Hospital Foundation shall make a request in writing to the Privacy Officer either in person at 1 Hospital Court, Room 1A-120, Oshawa, Ontario, or online to jdavis@lakeridgehealth.on.ca and provide sufficient information to the Officer to facilitate retrieval of said information.
The Officer shall respond to all written requests for access to personal information in a timely fashion and within thirty (30) days of receipt of said written request.
d) Fees – There Shall be No Fee:
The Oshawa Hospital Foundation shall not require any person who makes a request for access to their personal information or for correction of that information to pay any fee.
Every donor, potential donor, Cash for Cancer Lottery purchaser and potential purchaser shall be entitled to free access to their personal information within the care and control of The Oshawa Hospital Foundation.
This policy will be binding and survive any renamed organization.