At St. Paul's Hospital Foundation, we respect constituent privacy and we are committed to protecting the confidentiality of personal constituent information. We value the relationship and trust we have with our constituents and we acknowledge that, to keep this trust, we must be transparent and accountable in our treatment of the personal information that constituents choose to share with us.
We do not trade, rent or sell any personal information to third parties.
The federal PIPEDA (Personal Information Protection and Personal Electronic Documents Act) ? which is also based on the Canadian Standards Association model ? does not apply to the Foundation since it specifically applies only to provincial organizations involved in ?commercial activities?. The Foundation is only deemed to be involved in commercial activities if it trades, rents or sells personal information (such as donor lists). The Foundation does not trade, rent or sell personal information.
The Saskatchewan HIPA (Health Information Privacy Act) also does not apply, since it applies to ?personal health information?. ?Personal health information? is defined as information about an individual's physical or mental health and/or information gathered in the course of providing a health service. The Foundation does not have access to such information.
St. Paul's Hospital Foundation (the ?Foundation?) is committed to protecting the privacy of the personal information of its constituents (donors, volunteers, employees, and other stakeholders). The Foundation has taken the necessary actions to ensure that information in any format (paper or electronic) is protected so that the relationship of trust between the constituent and the Foundation is upheld. The Foundation recognizes, and adheres to, the Saskatoon Health Region (?SHR?) Privacy and Confidentiality Policy, IT Security Policy and associated IT policies.
?Personal information? for this purpose is defined as being any information that can be used to distinguish, identify, or contact a specific individual. Business contact information and certain publicly available information (such as names, addresses and telephone numbers as published in telephone directories ? including online public databases) are not considered personal information.
1. Accountability for Personal Information.
The Foundation and St. Paul's Hospital (?SPH?) have signed a Memorandum of Understanding which articulates mutual accountabilities. SPH and Saskatoon Regional Health Authority do not share data related to patient records or patient information with the Foundation.
2. Identifying Purposes for the Collection of Personal Information.
When the Foundation collects personal information directly from its constituents, the Foundation will identify the purposes for which personal information is collected at or before the time of collection. These purposes include: donor, employee or volunteer recruitment and engagement; that which is necessary for the administration of the interests of a donor, employee or volunteer; and compliance with legal and regulatory requirements.
3. Obtaining Consent for the Collection, Use or Disclosure of Personal Information.
The knowledge and consent of a person is required for the direct collection, use or disclosure of personal information except where mandated by law.
This consent may be either express or implied. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual's action or inaction.
At any time, an individual may opt out of receiving communications (printed and/or electronic) from our Foundation. To opt out the individual must contact the Foundation.
4. Limiting Collection of Personal Information.
The Foundation will limit the collection of personal information to that which is
necessary for the purposes identified. Information will be collected by fair and lawful means. The Foundation does not collect any personal health information, other than that which is volunteered directly by the constituent to the Foundation.
5. Limiting Use, Disclosure, and Retention of Personal Information.
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the person or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes. The Foundation does not trade, rent or sell any personal information to third parties.
6. Ensuring Accuracy of Personal Information.
The Foundation ensures personal information is accurate, complete and as up-to-date as necessary for the purposes for which it is to be used. We encourage individuals to review, correct and update personal information previously provided to the Foundation, by contacting us by email at firstname.lastname@example.org or by writing to St. Paul's Hospital Foundation Inc., 1702 20th Street West, Saskatoon, SK, S7M 0Z9.
Donors who request that their name and/or amount of the gift not be publicly released shall remain anonymous.
7. Ensuring Safeguards for Personal Information.
Personal information is protected with security safeguards appropriate to the
sensitivity of the information. All Foundation employees, volunteers and directors must sign a Confidentiality Agreement. In addition, all independent contractors or vendors that have a working relationship with the Foundation's proprietary database must sign a Confidentiality Agreement.
8. Openness Concerning Policies and Practices.
9. Access to Personal Information.
Upon request, a person will be informed of the existence, use, and disclosure of
personal information of the person and shall be given access to that information. A person can challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance.
A challenge concerning compliance with the above principles should be made to the attention of the Privacy Officer at email@example.com.
If your concerns are not properly addressed, please contact the Foundation's CEO by email to the attention of the CEO at firstname.lastname@example.org.
If you still do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you should then contact the Saskatchewan Privacy Commissioner's Office at www.oipc.sk.ca .