Fighting Blindness Canada Policy for the Protection of Personal Information

Our Privacy Commitment

At Fighting Blindness Canada (FBC), your privacy is, and always has been, very important to us. We understand the importance of protecting personal information to our community, donors, employees, directors, members and volunteers and all others who entrust personal information to us (collectively, our “stakeholders”).

The Board of Directors has approved this Policy for the Protection of Personal Information (Privacy Policy) and a Privacy Officer has been appointed to ensure compliance.

Our Privacy Policy reflects the requirements of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) to limit the collection, use and disclosure of personal information to only that which is needed to manage our relationships with our stakeholders. While FBC is not a commercial organization, we have chosen to adopt the privacy principles contained in PIPEDA.

FBC may, on occasion, compile and use personal information and personal health information in an anonymous, aggregate form to produce statistical data for planning and research purposes and to meet reporting requirements of various funding bodies.

This Privacy Policy is effective August 1st, 2023, and is being applied prospectively. Personal information and personal health information collected before August 1st, 2023, was treated in accordance with FBC’s previous privacy policy.

How we DEFINE personal information

Personal information is any information recorded in any form that identifies or can identify an individual, other than an individual’s business contact information. Thus, personal information includes your name, gender, address, phone number, date of birth, credit card details or other financial information, personal health information and sensitive personal health information about you and your family members, donation amounts and dates, volunteer information such as availability and areas of interest, history of involvement with FBC, and information required to maintain an employment relationship with FBC.

Personal health information includes information about your vision related conditions, eye disease information, medical status (other non-vision related health concerns), superficial genetic information (e.g. only the gene on which the mutation occurs), information relating to treatment, and clinical trial participation.

Sensitive personal health information includes (but is not limited to) medical record number, primary care provider, detailed genetic information, records, or test results directly obtained from your doctor and data collection forms meant for the patient registry.

Personal information does not include anonymous or aggregate information that cannot be tracked back to you personally.

HOW WE SAFEGUARD PERSONAL INFORMATION

At FBC, we employ physical, organizational, and technical safeguards to our systems to protect personal information under our control against unauthorized access and use. Up-to-date anti-virus software is installed on all computers. Access to personal information is password protected and restricted to those employees, vendors and volunteers who need to use that information in the course of their duties. All employees and volunteers sign a confidentiality agreement which obligates them to protect personal information and personal health information and to keep personal information and personal health information confidential. Our agreements with vendors contain privacy and confidentiality restrictions.

Our ten privacy principles

FBC is committed to maintaining the accuracy, confidentiality, and security of your personal information. As part of this commitment, FBC has adopted the following ten principles set out in Schedule 1 of PIPEDA (the Canadian Standards Association’s Model Code for the Protection of Personal Information).

1. Accountability

1.1. FBC is responsible for maintaining and protecting the personal information under its control. We remain responsible when personal information is processed by vendors on our behalf. FBC has designated the Director of Finance and Operations as its Privacy Officer to be accountable for compliance with these principles.

1.2. The duties of the Privacy Officer consist of:

  • developing and, on a regular basis, reviewing FBC policies and practices to ensure consistent implementation and compliance;
  • ensuring all employees and volunteers are trained on our privacy principles and compliance requirements and are aware of the importance of safeguarding any personal information that they are privy to;
  • ensuring that all inquiries and complaints relating to privacy are appropriately handled;
  • ensuring all vendors to whom FBC provides access to personal information, or personal health information adhere to appropriate standards of care in managing that information; and
  • informing the CEO and/or Board about privacy breaches that could potentially cause harm to our stakeholders or to FBC’s reputation.

2. Identifying purposes

2.1. The purpose for which personal information is collected shall be identified before or at the time the information is collected.

Unless FBC expressly indicates otherwise, we may use the personal information and personal health information you choose to provide to us for any of these identified purposes, where reasonable and relevant. You may refuse or withdraw your consent in accordance with Principle 3.

2.2. FBC collects personal information for purposes such as:

  • providing vision related services and running FBC educational events;
  • fundraising and promoting FBC events and services;
  • communicating with stakeholders, including communications with donors, funders, partners, and individuals that participate in FBC events or use FBC services;
  • internal research purposes and statistical reporting;
  • advocacy and government relations;
  • public education;
  • determining an individual’s suitability to be in a position of trust, including the handling of cash or working with vulnerable persons;
  • accounting and other financial purposes such as issuing tax receipts;
  • maintaining an employment relationship with employees of FBC; and
  • responding to any concerns or inquiries about FBC’s activities.

2.3. FBC collects personal health information for purposes such as:

  • providing vision related services and running FBC educational events;
  • fundraising and promoting FBC events and services;
  • communicating with stakeholders, including communications with donors, funders, partners, and individuals that participate in FBC events or use FBC services;
  • internal research purposes and statistical reporting;
  • advocacy and government relations;
  • public education;
  • maintaining an employment relationship with employees of FBC; and
  • responding to any concerns or inquiries about FBC’s activities.

2.4. Should you choose, or if you are required as part of our programs, to provide us with your personal health information, FBC does not collect or use this information to provide you with opinions or endorse any treatment option or course of action, nor do we use your personal health information to make decisions on your behalf or provide you with medical referrals or advice.

2.5. Aggregated and anonymized personal information and personal health information is used for service planning and delivery, health promotion, internal research, advocacy and government relations, public education, and the general administration of FBC’s business, including to assess the effectiveness of FBC programs and campaigns, improving donor experience and assisting in the development of new programs and channels. This information will be compiled and analyzed on an aggregate basis and, unless we have your specific consent to use identified information, does not identify any individual and therefore is not treated as personal information under this Privacy Policy.

2.6. Where Canada’s Anti-Spam Legislation (CASL) applies to FBC communications with stakeholders, FBC is committed to complying with the CASL requirements for sending commercial electronic messages.

3. Consent

3.1. Requirements for consent to the collection, use, or disclosure of personal information and personal health information vary depending on circumstances and on the type of information. Consent can be obtained in person, by phone, by mail, or via the Internet. Consent may not be given on behalf of another person unless that person is the parent or legal guardian of a minor.

3.2. In determining whether implied or express (explicit) consent is required and, if so, which form of consent is appropriate, FBC will consider the nature and sensitivity of the information at issue, the purposes for which FBC will use the information and any legal requirements. As noted in section 3.3, express consent will always be sought before collecting and recording personal health information. Consent may be implied based upon the reasonable expectations of the individual. For example, if you provide personal information in response to a fundraising communication, consent may be implied for the purposes of using the information for fundraising, including being added to our contact database to receive news of our activities and to solicit donations. While fundraising FBC may share personal information and personal health information with vendors. While fundraising FBC may share personal information (name, mailing address, email) with other charities. Individuals may request that FBC not rely on their implied consent and that their personal information not be shared with and disclosed to vendors and other charities. Implied consent will generally be appropriate where the personal information does not include personal health information or sensitive personal health information. Express consent will always be sought, regardless of the type of information, should the primary purpose of collection be to promote a corporate partner’s product.

3.3. Express consent will always be sought before collecting, recording, or disclosing any personal health information. Personal health information provided by you can be used for any of the purposes described in section 2.3. If you do not consent to FBC collecting and recording your personal health information but would like access to our health information line service, we will only use your personal health information for the purpose of providing the health information service. As noted in sections 4.1 and 7.2, FBC does not collect or record sensitive personal health information.

3.4 Your provision of personal information to FBC means that you agree and consent that we may collect, use, and disclose your personal information in accordance with this Privacy Policy. If you do not agree with these terms, please do not provide any personal information to FBC. Failure to provide your personal information to FBC may prevent us from offering you the products or services you have requested, or official tax receipts for tax purposes. Donors may choose to be anonymous.

3.5. FBC will usually obtain your consent at the time that we collect your personal information. If your personal information will be used or disclosed for any additional purposes that are not outlined in this policy, FBC will advise you of these new purposes before such use or disclosure, unless otherwise required by law.

3.6. Consent may be time-limited and may be revoked by the individual who gave it, subject to legal restrictions, limited exceptions, and reasonable notice. Withdrawal of consent will not exclude an individual from service delivery unless the information requested is required to fulfill an explicitly specified and legitimate purpose.

4. Limiting collection

The personal information we collect shall be limited only to that which is necessary for the purposes identified.

4.1. FBC only collects personal information and personal health information as necessary for the purposes outlined under Principle 2. Information may be used for purposes other than those described in Principle 2, if the personal information was given voluntarily, and FBC has been given explicit consent to collect, use and disclose the information for the new specific purpose, as described in section 3.5. Sensitive personal health information will never be collected, saved, shared, used, disclosed or recorded. However, sensitive personal health information that is shared via email with FBC may be stored on a local server.

4.2. Every FBC department is responsible for ensuring that all personal information collected is limited, both in amount and type, to what is needed to fulfill the identified purposes.

4.3. FBC collects personal information, including personal health information, during its business directly from individuals through various means including, but not limited to:
a) registration and application forms;
b) FBC programs and services;
c) donor and fundraising conversations and correspondence;
d) donor and fundraising forms; and
e) on-line applications, phone, and mail correspondence.

4.4. FBC may also collect personal information, including personal health information, from other, indirect sources (including personal references and family members), with the consent of the individual providing the information or where permitted or required by law (for example, when the information is about a minor) or is publicly available. Information that is collected from other sources will be collected, stored and used only to communicate with the original source, unless express (explicit) consent is provided.

5. Limiting use, disclosure, and retention

5.1. Personal information and personal health information shall only be used or disclosed for the purposes for which it was collected unless an individual has otherwise consented or when it is required or permitted by law.

5.2. Also, note that your personal information and personal health information may be shared with volunteers and vendors. Vendors assist us in establishing, managing, and maintaining our relationship with you and provide products and services to FBC, such as mailing and fulfillment organizations and fundraising agencies. Our vendors will only use your personal information and personal health information for the purposes identified above and are bound by confidentiality agreements and commit to safeguarding your personal information and personal health information and only using your personal information and personal health information for the strict purpose for which they were retained. Note that in working with our vendors, your personal information may be transferred to a foreign jurisdiction to be processed or stored. In these circumstances, personal information may be available to law enforcement or national security authorities of that jurisdiction in accordance with foreign laws.

5.3 We dispose of personal information that we no longer require by shredding, in the case of paper records, and by deleting electronic files or otherwise destroying electronic media containing such records.

6. Accuracy

We take reasonable steps to ensure the personal information we hold is as accurate, complete and up to date as may be necessary to fulfill the purposes for which it is to be used. From time to time, we may contact stakeholders to update their personal information.

7. Safeguards

We will protect personal information using security safeguards that are appropriate to the nature of the personal information received.

7.1 FBC takes reasonable measures to ensure that personal information is kept safe from loss or theft and unauthorized access, use, copying, disclosure, or modification. Safeguards include physical, organizational, and technical measures, such as (but not limited to):

  • security card access to premises;
  • restriction of employee access to files on a “need to know” basis;
  • confidentiality agreement signed by all employees, volunteers, and vendors;
  • locking up personal information and not leaving it unattended or in plain view;
  • firewalls, anti-virus, passwords, and software solutions for technical security;
  • confidentiality protections in vendor agreements as required;
  • securely destroying and disposing of records of personal information; and
  • regular reviews of privacy compliance reviews of our vendors.

7.2 We take reasonable measures to ensure sensitive personal health information is not kept on file. We do not save or record any sensitive personal health information. If this information is emailed to an employee at FBC, we take appropriate measures to delete the sensitive personal health information. However, in some cases, a copy of this information may be left on our server.

8. Openness

FBC will provide information to individuals about our policies and procedures relating to the management of personal information that is under our control. A copy of this Privacy Policy is available on our organization’s website. Our Privacy Officer may be reached through our website.

9. Individual’s access

9.1. An individual should direct a request for access to their personal information and personal health information to the Privacy Officer in writing (contact information is set out at the end of this policy). The written request must provide sufficient detail so that the Privacy Officer can properly and efficiently respond to the request.

9.2. In order to safeguard personal information, an individual may be required to provide sufficient identification information in order for FBC to authenticate the individual and to authorize access to the individual’s file.

9.3. FBC will respond to access requests in a timely manner, and in accordance with the timeframe prescribed by any applicable legislation.

9.4. An individual may challenge the accuracy and completeness of the information obtained, if appropriate. FBC shall promptly correct or complete any personal information demonstrated to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, FBC shall transmit to third parties having access to the personal information in question any amended information or information regarding the existence of any unresolved differences.

9.5. Individuals will be provided with reasonable help needed to access their personal information, including clarifying exactly what they are looking for. Requested information will be provided in a timely manner, and in a form that is generally understandable and accessible. Depending on the amount of information requested, there may be a nominal fee charged to cover any costs associated with responding to the request.

9.6. If FBC does not have custody of the personal information requested or must decline to provide an individual with access to their personal information for legal, regulatory, or other reasons, an explanation will be provided.

10. Handling enquiries or complaints

10.1. An individual shall address a challenge concerning FBC’s compliance with the principles set out in this Privacy Policy to the Privacy Officer. Complaints must be in writing or by phone and will be handled in a timely manner.

10.2. FBC has procedures in place to receive, investigate, respond to and track concerns or complaints about its management of personal information. By following these procedures, a remedy or corrective action will be undertaken to resolve the issue, including, if necessary, amending FBC’s policies and procedures.

10.3. Within a reasonable time of conclusion of the investigation, the Privacy Officer will inform the complainant of:
a) the results of the investigation; and
b) any appropriate measures FBC will take to rectify the source of the complaint.

CONTACT INFORMATION

FBC’s Privacy Officer can be reached at 416-360-4200, Toll Free 1-800-461-3331 or by e-mail at privacy@fightingblindness.ca.

Join the Fight!

Learn how your support is helping to bring a future without blindness into focus! Be the first to learn about the latest breakthroughs in vision research and events in your community by subscribing to our e-newsletter that lands in inboxes the beginning of each month.

I have read and accepted the privacy policy