The Alberta AdaptAbilities Association (“the Association”) is committed to protecting the privacy of our donors. We value our donors’ trust and recognize that maintaining this trust requires that we be open and accountable in our collection, use and disclosure of our Donors’ Personal Information and Confidential Information.
“Donor” means a person, company or organization that provides a voluntary transfer of property to the Association normally in the form of cash, cheque, credit card or publicly traded stocks or securities and where no advantage is accrued to the donor.
“Constituent” or “Constituents” means the Associations’ staff members, volunteers, Board members and Donors.
1.3 Personal Information
“Personal Information” means information that can be used to distinguish, identify or contact a Constituent and includes a Constituent’s credit card or banking information. Personal Information also includes information with respect to an individual’s status as a Donor to the Association and the amount(s) an individual has donated or plans to donate to the Association.
1.4 Privacy Officer
“Privacy Officer” means the officer designated by the Association from time to time as primarily responsible for the Association’s collection, use and disclosure of Personal Information and Confidential Information, including compliance with privacy legislation. The Privacy Officer acts as the point of contact for all privacy questions and issues.
“Cookie” or “Cookies” means small data file(s) created by a web server and stored on a user’s computer. Cookies let websites identify users, keep track of users’ preferences and recognize users who are returning to the website. Cookies also let websites make custom pages for users. Some Cookies may also keep personal information, such as site passwords and account numbers. Web browsers may permit a user to accept or refuse all Cookies, third-party Cookies, or Cookies from certain websites.
2.0 Accountability for Personal Information
The Association collects and stores Personal Information in strict confidence. The Association’s Constituents (other than donors) are required to sign confidentiality agreements so that safeguards are in place to ensure that Personal Information is not accessed, disclosed or shared more widely than is necessary to achieve the purpose for which it was collected. The Association also takes measures to ensure that the integrity of Personal information is maintained and to prevent it from being lost or destroyed.
Where the Association chooses to retain a third party service provider to conduct activities on the Association’s behalf (including, but not limited to, fundraising, data-base creation and processing services), the selection of such third party service providers is made with a view to professionalism and the protection of Personal Information. The Association takes all reasonable precautions to ensure that third party service providers are compliant with applicable privacy legislation [for example, Canadian Anti-Spam Legislation (CASL), Personal Information Protection Act (PIPA), the Payment Card Industry Data Security Standard (PCIDSS)] in order to protect Personal Information.
Canadian Anti-Spam Legislation
Effective July 1, 2014, Canada’s Anti-Spam Legislation came into effect. For charitable organizations, there is implied consent for a period of 24 months with existing donors, volunteers and participants.
3.0 Collection of Personal Information
3.1 Purpose of Collection of Personal Information
When the Association collects Personal Information directly from a Constituent, the Association identifies the purposes for which it is collected at or before the time of collection. These purposes include: registration, fundraising, the administration of the donations, providing information about the activities of the Association, and compliance with legal and regulatory requirements. Personal Information will be collected only by fair and lawful means.
3.2 Consent to Collect, Use or Disclose Personal Information
The Association collects, uses and discloses Personal Information with Constituent permission. Permission may be expressed orally, in writing or may be implied, and collected orally, electronically or in writing.
A Constituent may limit or opt-out of future contact by the Association. It is clearly indicated how to do so on all electronic communications from the Association and on the Association’s website.
A Constituent has the right at any time to withdraw consent to the use of Personal Information.
3.3 Limit of Use, Disclosure and Retention of Personal Information
Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with consent or as required by law. Personal Information will be retained only as long as necessary for the fulfillment of those purposes. The Association does not trade, rent or sell any Personal Information to third parties.
4.0 On-line Collection of Personal Information
The Association’s web pages contain online forms that allow visitors to make donations. The Personal Information provided on these forms is used only to process these donations. Credit card numbers and banking information, as applicable, are encrypted using the “Let’s Encrypt Authority” Secure Socket Layer certificate for the protection of a Donor’s Personal Information and not held in hard copy.
Visitors to the Association’s web pages are not required to disclose Personal Information as a condition of using such web pages. When a visitor uses the Association’s web pages, data about such use is stored on third party servers. This data may include the name of the visitor’s internet service provider, the web site used to link to the Association’s web pages, the web sites that were visited from the Association’s web pages and the visitor’s IP-Address. The Association uses such data to administer the web pages more effectively, and to gather broad demographic information about what countries and domains visitors come from and their behavior on the Association’s web pages.
The Association’s website uses Google AdWords remarketing services to advertise on third-party websites, including Google, to its previous visitors. This includes advertisements on the Google search results page and in the Google Display Network.
5.0 Safeguarding Personal Information
Personal Information is protected with security safeguards appropriate to the sensitivity of the information. The Association uses password protocols and secure web-sites to protect Personal Information.
Personal Information held in hard copy, such as original gift agreements, are secured within the Association’s premises.
6.0 Accuracy of Personal Information
The Association relies on Constituents to provide accurate Personal Information. The Association strives to ensure that accuracy is maintained in all applicable Constituent databases. A Constituent may access his or her Personal Information to change or modify Personal Information for accuracy.
7.0 Children’s Personal Information
In light of the importance of protecting a child’s Personal Information, the Association does not collect, process or use on any of the Association’s web pages or in other Association publications, Personal Information of a child (who, within the Province of Alberta, is a person under the age of 18 years) without the prior, verifiable consent of his or her legal representative. Such legal representative has the right, upon request, to view the information provided by the child and/or to require that it be deleted.
8.0 Transparency Regarding Privacy Practices and Personal Information
The Association’s practices relating to the management of Personal Information are available to all Constituents on the Association’s web pages. Constituents who do not have access to electronic media may contact the Association to request a print version of this Policy.
Any person who is not a Constituent may inquire with the Association whether the Association holds any Personal Information with respect to that person. The Association’s Privacy Officer shall respond to all such inquiries and take steps in accordance with this Policy.
Any concerns about the Association’s compliance with this Policy and privacy legislation in general may be directed to the Association’s Privacy Officer. The Association will investigate all complaints, acting reasonably. In the event that a complaint identifies compliance issues, the Association shall take appropriate steps to achieve compliance, acting reasonably.