Effective Date: January 1, 2025
St. Mary’s Hospital Foundation (“the Foundation”) values the privacy of its supporters, donors, employees, and stakeholders. We are committed to protecting personal information in compliance with Quebec’s Law 25, formerly known as Bill 64, and other applicable privacy laws. This policy explains how we collect, use, protect, and disclose personal information, and outlines your rights concerning your data.
1. Collection and Use of Personal Information
We collect personal information only for specific purposes, including:
- Processing donations and issuing tax receipts;
- Communicating updates, events, and campaigns;
- Responding to inquiries and requests;
- Managing donor and volunteer relationships;
- Compliance with legal and regulatory requirements.
Categories of Information:
- Contact information (name, address, phone, email);
- Donation history and payment details (e.g., credit card information);
- Communication preferences;
- Any other information provided voluntarily.
We will not collect more information than necessary for the stated purposes and will not use personal information for unrelated purposes without obtaining additional consent.
2. Consent
We obtain your explicit, informed consent for the collection, use, or disclosure of your personal information. Consent may be provided orally, in writing, electronically, or through an opt-in mechanism where applicable. You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting us.
For individuals under the age of 14, parental or legal guardian consent is required.
3. Privacy by Design and Default
The Foundation integrates privacy principles into the design and operation of our systems, processes, and activities. By default, we ensure the highest level of privacy protection, limiting data collection and retention to what is strictly necessary.
4. Retention and Destruction
We retain personal information only as long as necessary to fulfill the purposes for which it was collected or as required by law. Once no longer required, personal information is securely destroyed or anonymized.
5. Security Measures
We implement robust security measures to protect personal information, including:
- Encryption of sensitive data during transmission and storage;
- Restricted access based on job responsibilities;
- Firewalls, secure servers, and authentication protocols;
- Regular security audits and training for staff.
6. Individual Rights
Under Quebec’s Law 25, you have the following rights concerning your personal information:
- Access: Request access to your personal information;
- Correction: Request corrections to inaccurate or incomplete information;
- Deletion: Request the deletion of your personal information, subject to legal requirements;
- Portability: (Effective September 2024) Request a copy of your personal information in a structured, portable format;
- Withdraw Consent: Revoke your consent for data processing activities.
To exercise these rights, please contact us at [email protected]. We will respond within 30 days.
7. Website and Cookies
Our website uses cookies to improve functionality and user experience. Cookies are small files stored on your device to collect standard internet log information and visitor behavior information. You may disable cookies through your browser settings, but some features of our website may not function as intended.
We also collect aggregate data about website usage, such as page views and time spent on the site, for analytical purposes. This data is anonymized and cannot be used to identify individuals.
8. Association of Fundraising Professionals (AFP) Donor Bill of Rights
The Foundation adheres to the principles outlined in the Association of Fundraising Professionals’ Donor Bill of Rights. This ensures that our donors have full confidence in the ethical use of their contributions and the handling of their personal information. A full copy of the Donor Bill of Rights is available upon request or can be accessed through the AFP’s website.
9. Breach Notification
In the event of a data breach posing a “risk of serious injury,” we will:
- Notify the Commission d’accès à l’information (CAI) and affected individuals promptly;
- Provide details about the breach and recommended protective measures;
- Take immediate steps to mitigate risks and prevent recurrence;
- Maintain a register of all breaches for accountability.
10. Privacy Impact Assessments (PIAs)
We conduct PIAs for activities involving sensitive personal information or new technologies to assess and address potential privacy risks. These assessments ensure that our practices comply with privacy legislation and industry standards.
11. Third-Party Disclosures
We may share personal information with trusted third-party service providers for processing purposes (e.g., payment processing, email distribution). These providers are contractually obligated to protect personal information and use it solely for the purposes specified by the Foundation.
We do not sell, trade, or rent personal information to third parties.
12. Cross-Border Data Transfers
If personal information is transferred outside Quebec, we ensure that the receiving jurisdiction offers adequate data protection. This is assessed through Privacy Impact Assessments and appropriate contractual safeguards.
13. Changes to the Privacy Policy
We may update this Privacy Policy to reflect changes in legislation, organizational practices, or technological advancements. Any significant updates will be communicated on our website and through other appropriate channels.
14. Contact Information
For questions, concerns, or requests related to this Privacy Policy or your personal information, please contact:
Nathan Clinansmith, CFRE
Director of Operations
St. Mary’s Hospital Foundation
3830 Lacombe Ave. Suite 1510 Montréal, QC H3T 1M5
[email protected]
514-734-2694
