The Victoria Hospitals Foundation is committed to protecting the privacy and confidentiality of personal information. The following principles reflect our pledge to safeguard personal information:
We are responsible for all personal information in our possession or our control.
All VHF employees, agents and service providers are required to protect the confidentiality of personal information. We take reasonable precautions to ensure confidentiality of personal information. The information that an individual provides to us is used only for VHF purposes as outlined in this policy.
2. Collection, Use and Disclosure
We collect, use and disclose personal information for a variety of purposes, including the following:
- To manage business operations, including personnel and employment matters
- To establish and maintain relations with donors, potential donors, partner organizations and individuals
- To develop comprehensive strategies and programs
- To solicit donations from donors to meet VHF’s program needs
- To meet legal and regulatory requirements (i.e. Canada Revenue Agency)
- To administer donations and contact donors about VHF activities
- To respond to information requests
We obtain personal information lawfully and fairly. Personal information collected will be limited to that required for lawful purposes necessary and required to conduct the business of VHF. Information is collected through the following means:
- Gift/Pledge information forms
- Donor correspondence
- Donor questionnaires and market research
- Personal visits and communications with individuals and organizations
- Hiring documentation
- Publicly available resources such as newspapers and magazines
- VHF social media platforms
- Online donation web form submissions
4. Notice and Consent for Donors (including Volunteers & Prospective Donors)
We collect, use or disclose personal information with permission. The way we seek consent may vary depending on the sensitivity of the information and the reasonable expectations of the individual. Permission may be expressed in writing or it may be implied and may be given to us verbally or electronically.
With respect to obtaining an individual’s consent, we primarily rely on implicit consent pursuant to PIPA (also referred to as implied or deemed consent). Implicit consent is appropriate when a person voluntarily shares their information for a purpose that is obvious and agreeable to them at the time the information is supplied.
Individuals can choose to opt out of or limit consent at a later date by specifying certain information they do not wish to have used or shared, subject to the law (for example, tax and charitable reporting purposes) and fulfilling the individual’s requests.
We respect a donor’s right to be removed from our mailing list. Donors always have the opportunity to decline receiving further communication from us by contacting our Privacy Officer, Heather Crow at 250-519-1750 or by email Heather.Crow@viha.ca.
4. Employee Personal Information
We collect, use and disclose employee personal information to help us establish, manage and conclude our employment relationships. We will provide notice, either express or implied (in some cases it is obvious in the circumstances), of the purposes for using or disclosing employee personal information. In such cases, consent is not required.
In certain circumstances, the law allows us to collect, use or disclose employee personal information without notice or consent. For example, where it is clearly in the employee’s interests and we cannot obtain timely consent, where it is reasonable to expect that the use with the consent of the individual would compromise an investigation or proceeding, and for tax and other regulatory reporting purposes. We will consider the importance of our employee’s privacy, however, we reserve the right to do so where permitted to do so by law.
5. Limiting Collection, Use, Disclosure and Retention of Personal Information
We will limit the amount and type of personal information collected to that which is necessary for our identified purposes.
We will keep personal information only as long as it is necessary to satisfy the purposes for which it was obtained or as required by law. Where personal information is no longer required to fulfill the identified purposes, it will be securely destroyed, and erased according to industry requirements and standards.
6. Openness, Access, Accuracy and Compliance
We will use our best efforts to ensure that personal information is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. Individuals are entitled to seek a correction of their personal information if the information in our possession is not correct.
We will protect personal information with safeguards appropriate to the sensitivity of the information. Our safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
When making an online donation, a secure connection is established and information is encrypted to prevent interception during the transaction. This secure connection is maintained until the transaction is completed or terminated. The software that enables these processes is routinely updated to maximize protection of your information. For credit card transactions, we use an industry-standard secure service. We presently use Blackbaud Merchant Services a Level 1 PCI service provider and payment gateway for nonprofit organizations. Blackbaud is headquartered in Charleston, South Carolina and has operations in the United States, Australia, Canada and the United Kingdom. In making an online donation through our service providers, you are providing the information directly to Blackbaud and we cannot take direct responsibility over those transmissions.
We will make readily available to the public specific information about our policies and practices relating to the management of personal information. Upon written request, we will inform an individual of the existence, use, and disclosure of their personal information and we will provide access to that personal information subject to exceptions permitted by law. We will respond to an individual’s written request within a reasonable time (generally within 30 days).
VHF takes any complaint about its privacy practices seriously. VHF will investigate any complaint and will take all reasonable steps to resolve it.
Privacy-related complaints may be registered by contacting VHF’s Privacy Officer. We will explain our procedure and provide information about other complaint procedures available. If we find a complaint to be justified, we will take all appropriate measures, including if necessary, amending our policies and practices.
For more information, please contact our Privacy Officer, Heather Crow at 250-519-1750 or by email at Heather.Crow@viha.ca.
8. Other Contacts
In the event that someone is not satisfied with our handling of a complaint, they may seek assistance of the BC Privacy Commissioner.
To contact our President & CEO, Melanie Mahlman, please call 250-519-1750 or email Melanie.Mahlman@viha.ca. Heather Crow, as Privacy Officer, is obligated to notify the President & CEO of any and all complaints.