Privacy

At St. Paul's Hospital Foundation, we respect constituent privacy and we are committed to protecting the confidentiality of personal constituent information. We value the relationship and trust we have with our constituents and we acknowledge that, to keep this trust, we must be transparent and accountable in our treatment of the personal information that constituents choose to share with us.

We do not trade, rent or sell any personal information to third parties.

If, at any time, donors have questions regarding our Privacy Policy; wish to review their personal information; or be removed from, limit or opt-out of contact with St. Paul's Hospital Foundation, please email our Privacy Officer at info@sphfoundation.org, write to 1702 20^th St W Saskatoon SK S7M 0Z9 or call 655-5821, toll free 1-888-345-0330.

Please read our Privacy Policy below.

Privacy Policy

Preamble:

The Foundation respects the privacy of all of our constituents (donors, volunteers, employees, and other stakeholders) and has developed a Privacy Policy based on the Canadian Standards Association model.

The federal PIPEDA (Personal Information Protection and Personal Electronic Documents Act) ? which is also based on the Canadian Standards Association model ? does not apply to the Foundation since it specifically applies only to provincial organizations involved in ?commercial activities?. The Foundation is only deemed to be involved in commercial activities if it trades, rents or sells personal information (such as donor lists). The Foundation does not trade, rent or sell personal information.

The Saskatchewan HIPA (Health Information Privacy Act) also does not apply, since it applies to ?personal health information?. ?Personal health information? is defined as information about an individual's physical or mental health and/or information gathered in the course of providing a health service. The Foundation does not have access to such information.

Guiding Principles:

St. Paul's Hospital Foundation (the ?Foundation?) is committed to protecting the privacy of the personal information of its constituents (donors, volunteers, employees, and other stakeholders). The Foundation has taken the necessary actions to ensure that information in any format (paper or electronic) is protected so that the relationship of trust between the constituent and the Foundation is upheld. The Foundation recognizes, and adheres to, the Saskatoon Health Region (?SHR?) Privacy and Confidentiality Policy, IT Security Policy and associated IT policies.

?Personal information? for this purpose is defined as being any information that can be used to distinguish, identify, or contact a specific individual. Business contact information and certain publicly available information (such as names, addresses and telephone numbers as published in telephone directories ? including online public databases) are not considered personal information.

St. Paul's Hospital Foundation Privacy Policy serves to outline the rules for the collection, use, disclosure and retention of personal information. The Policy is based on ten (10) internationally recognized privacy principles as outlined in the Canadian Standards Association Model Code (?CSMAMC?) for the Protection of Personal Information.

1. Accountability for Personal Information.

The Foundation has a Privacy Officer who is accountable for the Foundation's overall compliance with its Privacy Policy and acts as the primary contact person on information privacy and security matters. The Privacy Officer reports to the CEO of the Foundation. Contact the Privacy Officer by calling 655-5821 or toll free 1-888-345-0330; or email to the attention of the Privacy Officer at info@sphfoundation.org.

The Foundation and St. Paul's Hospital (?SPH?) have signed a Memorandum of Understanding which articulates mutual accountabilities. SPH and Saskatoon Regional Health Authority do not share data related to patient records or patient information with the Foundation.

2. Identifying Purposes for the Collection of Personal Information.

When the Foundation collects personal information directly from its constituents, the Foundation will identify the purposes for which personal information is collected at or before the time of collection. These purposes include: donor, employee or volunteer recruitment and engagement; that which is necessary for the administration of the interests of a donor, employee or volunteer; and compliance with legal and regulatory requirements.

3. Obtaining Consent for the Collection, Use or Disclosure of Personal Information.

The knowledge and consent of a person is required for the direct collection, use or disclosure of personal information except where mandated by law.

This consent may be either express or implied. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual's action or inaction.

At any time, an individual may opt out of receiving communications (printed and/or electronic) from our Foundation. To opt out the individual must contact the Foundation.

4. Limiting Collection of Personal Information.

The Foundation will limit the collection of personal information to that which is

necessary for the purposes identified. Information will be collected by fair and lawful means. The Foundation does not collect any personal health information, other than that which is volunteered directly by the constituent to the Foundation.

5. Limiting Use, Disclosure, and Retention of Personal Information.

Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the person or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes. The Foundation does not trade, rent or sell any personal information to third parties.

The Foundation's web page contains online forms that allow visitors to make a donation. The personal and credit card information provided on these forms is used only to process these donations (although the donor name and address will be retained in our database). Online donations to the Foundation are processed through a third party, Moneris Solutions. Information about their privacy policy can be obtained on their website at http://www.moneris.com .

6. Ensuring Accuracy of Personal Information.

The Foundation ensures personal information is accurate, complete and as up-to-date as necessary for the purposes for which it is to be used. We encourage individuals to review, correct and update personal information previously provided to the Foundation, by contacting us by email at info@sphfoundation.org or by writing to St. Paul's Hospital Foundation Inc., 1702 20^th Street West, Saskatoon, SK, S7M 0Z9.

Donors who request that their name and/or amount of the gift not be publicly released shall remain anonymous.

7. Ensuring Safeguards for Personal Information.

Personal information is protected with security safeguards appropriate to the

sensitivity of the information. All Foundation employees, volunteers and directors must sign a Confidentiality Agreement. In addition, all independent contractors or vendors that have a working relationship with the Foundation's proprietary database must sign a Confidentiality Agreement.

8. Openness Concerning Policies and Practices.

The Foundation's Privacy Policy is available to view on its web site at www.sphfoundation.org . A print version of the Foundation's Privacy Policy can be requested from the Foundation at St. Paul's Hospital Foundation Inc., 1702 20^th Street West, Saskatoon, SK S7J 0Z9.

9. Access to Personal Information.

Upon request, a person will be informed of the existence, use, and disclosure of

personal information of the person and shall be given access to that information. A person can challenge the accuracy and completeness of the information and have it amended as appropriate.

10. Challenging Compliance.

A challenge concerning compliance with the above principles should be made to the attention of the Privacy Officer at info@sphfoundation.org.

If your concerns are not properly addressed, please contact the Foundation's CEO by email to the attention of the CEO at info@sphfoundation.org.

If you still do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you should then contact the Saskatchewan Privacy Commissioner's Office at www.oipc.sk.ca .