Our Commitment to Protect Personal Information
The Rick Hansen Foundation (RHF) is fully committed to protecting the privacy of anyone who provides us with their personal information. We value your trust and understand that upholding this trust requires us to be transparent to you in how we collect, use and/or disclose your personal information. The RHF is compliant with B.C.'s Personal Information Protection Act (PIPA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
Definition of Personal Information
Personal information is any information about an identifiable individual such as (but not limited to) someone's name, home address, home phone number, personal email address, social insurance number, gender, income, or family status. Personal information also includes donation information or personal health information such as spinal cord injury (SCI) or mental health information.
Personal information does not include a person's work contact information or work product information that is created as a contractor or employee on behalf of an organization.
Ten Principles of Privacy
In order to ensure adherence to the rules and regulations set out in provincial and federal level privacy legislation the RHF has adopted the "Ten Principles of Privacy" which can be found in the Canadian Standards Organization "Model Code for the Protection of Personal Information" as a guideline to achieve a "gold standard" of privacy compliance.
Principle 1: Accountability
The RHF is responsible for all personal information under its control. In order to protect your personal information, the RHF has named Caroline Sanche as the Privacy Officer. If you have any questions, complaints or concerns you may contact the Privacy Officer directly at the following:
Phone: 778-296-1527
Email:
- The Privacy Officer is responsible to ensure that all departments and third party organizations/service providers [1] that work in conjunction with the RHF on certain initiatives adhere to proper practices in handling your personal information.
Principle 2: Identifying Purposes
At or before the time of collection, the RHF will identify how your personal information will be used or disclosed. The RHF will collect your information for the following purposes:
To share information about the foundation with you and others who may be interested in our activities, events or initiatives.
- To track and Issue tax receipts for donations received in accordance with Canada Revenue Agency requirements.
- To confirm information related to a donation or registration in an event.
- To give you required information about events/activities you have registered for, have expressed interest in, or are attending (such as a change in location or time of the event).
To establish, build, and maintain relationships.
- To process financial transactions (including donations).
- To determine the eligibility of an individual or community to receive a grant and/or to issue grants.
- To use photographs taken at events in future RHF publications including: newsletters, registration forms, or on our or our partner's websites.
- To establish, maintain, and manage employment relationships between the RHF and an employee/volunteer.
• To share other peoples stories and photographs in relation to Rick Hansen, the RHF, and SCI in general.
- To improve our ability to provide services in accordance with our mission to inspire others to share in the achievement of big dreams that accelerate improvements in the lives of people with Spinal Cord Injuries (SCI).
Principle 3: Consent
RHF obtains express consent to collect, use, and/or disclose personal information, subject to withdrawal at any time, provided that reasonable notice is provided to RHF, subject to legal exceptions. By withdrawing consent, the consequence may be the inability of the RHF to provide certain services which require the use of certain types of personal information.
The RHF will make every effort to notify an individual of the purpose for collection, use, or disclosure of personal information and give a reasonable chance to refuse consent and/or to withdraw consent at a later date. For Wheels In Motion events, the RHF will provide individuals with the opportunity to decline consent on the registration form using an "opt-out" or "opt-in" check box as well as a clear explanation as to what the information being collected will be used for. Only extenuating circumstances which are in the best interests of donors/participants will permit the contacting of participants whom have opted out of being on our contact lists. This form of contact will only be intended for administrative purposes related to a donation or event such as a clarification of a donation amount a confirmation of an address to send a tax receipt to or a change in event location or time.
For photographs or information collected at school events, consent to use this information will be acquired from the school in accordance with its privacy policies and practices. For photographs and film taken by the RHF (or on behalf of the RHF) at other private events signs will be placed at the entrances and other visually accessible places to notify people that this will be taking place, what the photographs and film will be used for, and that give the contact information for the privacy officer or delegate should that person wish to not have their photo used or disclosed. For photographs taken at Wheels In Motion events the RHF will notify participants on the registration form that their photograph may be taken and used in future RHF related publications. Due to the fact that Wheels In Motion is an event that is open to the public it is a reasonable expectation that other individuals, organizations and media may also take photographs. The RHF does not control or take responsibility for the collection, use or disclosure of these photographs.
Principle 4: Limiting Collection
The RHF will only collect as much information as is necessary to fulfill the intended purpose for which it will be used. All personal information will be collected through fair and lawful means.
The RHF collects the following types of information:
- Contact information including name, address, phone number, and email.
- Financial Information required to process donations and issue tax receipts
- Spinal cord injury information.
- Information regarding conversations that take place between RHF staff/contractors and individuals in the context of the work of the RHF.
- Photographs to use in future publications including: newsletters, registration forms, and on our website.
- Personal stories and quotes (which are voluntarily provided).
Principle 5: Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed by the RHF for purposes other than which it was originally collected, unless the individual is contacted and he/she gives consent or as is permitted or required by law.
The RHF will not sell, barter, rent or lease personal information to other organizations. The only time that personal information will be disclosed to other organizations is when third party organizations work jointly on initiatives that require certain pieces of information to be shared in order to fulfill their function or if a service provider is contracted to perform services on our behalf such as the processing of event registration information, processing credit card transactions, or for conducting surveys. In the instance where a third party organization does require a disclosure of personal information, they will sign a confidentiality agreement that legally obligates them to strictly adhere to our privacy policies and procedures.
As a general privacy principle, personal information collected by RHF will only be kept as long as required to fulfill the purpose for which it was collected and in the least identifiable form possible (i.e. names, addresses, and other identifying information will be removed once they are no longer required to serve the purpose for which they were collected).
In keeping with the RHF's requirements under BC's PIPA the minimum retention period for personal information used to render a decision about an individual is one year after the decision has been made. If information is not used to render a decision it may be discarded immediately.
In keeping with the Canada Revenue Agency's (CRA) requirements on financial information the RHF retains donor, tax receipting and other personal financial information for a period of seven years.
The RHF destroys or renders anonymous information that is no longer required for the purpose for which it was collected in a secure manner.
Requests for restrictions or limitations on use or disclosure of this information can be made at any time by contacting the RHF privacy officer.
The RHF takes appropriate security precautions to ensure that any personal information, weather in electronic or paper format, is destroyed in a secure manner so that it will not be disclosed to any other individuals or organizations. These measures include confidential on-site shredding, wiping old equipment clean of any data prior to destruction or taking out of service, and over-writing data on backup tapes on a scheduled basis.
Principle 6: Accuracy
The RHF takes reasonable steps to ensure that any personal information in our custody is accurate and up to date for the purposes for which the information is to be used. In most instances we rely on individuals to notify us of any changes to their information, such as a change in address, phone number, or to consent for use of their own personal information.
Principle 7: Safeguards
The RHF maintains appropriate physical, administrative and security measures to safeguard personal information depending upon the sensitivity of the information, irrespective of the medium, to include protection against loss or theft, unauthorized access, disclosure, copying, use or modification.
Physical measures include locked cabinets and offices, restricted access to certain records, the use of usernames, passwords and ID badges, encryption for electronic data transmission and storage.
Administrative safeguards include legally binding confidentiality agreements with all staff members, as well as third party service providers or organizations, signed at the start of their employment, privacy and security training at the point of hire and at intervals throughout the duration of employment. The RHF has a comprehensive Privacy Program in place, which includes internal privacy policies and procedures that all staff and third party agents must adhere to and that meets or exceeds privacy best practices.
The RHF also employs security measures that meet or exceed industry best practices. These measures include virus scanning, secured zones for electronic and paper records, regular backups of information and proper multi-step procedures that must be followed prior to anyone being granted access to Personal Information.
Our website has security measures in place to protect donors' information. All credit card transactions performed on the RHF website uses Secure Socket Layer (SSL) technology to ensure that the data transferred from the website user to the RHF web server is encrypted prior to transmission. SSL uses 128-bit encryption to maintain the confidentiality and integrity of personal health information while in storage or transit, which is the highest level of encryption used in today's browsers.
Most RHF information is stored securely on site and only authorized personnel have access to this information. Archival documents are stored off site at facilities that exceed requirements for the storage of personal information. These facilities are not open to public, are self contained, access is limited to only two authorized RHF staff members. Our units are individually locked, alarmed and monitored 24 hours a day by video surveillance.
RHF data backups are stored by a third party service provider for purposes of data recovery in the event of a disaster. This service provider provides access to only three authorized RHF staff members and is contractually obligated to keep all information confidential from unauthorized RHF staff and/or any other third party. This service provider only stores the tape and does not keep any information on their own servers. All tape is stored under lock and key under 24 hour video surveillance.
Principle 8: Openness
The RHF will always make our privacy policy available to the public, including on our website or by request over the phone or by email. Our procedures are available upon request by phone or email to the RHF privacy officer at the contact information listed under "Principle 10" of this policy.
Principle 9: Individual Access
Upon written request [2], an individual shall be informed of the existence, use and disclosure his or her personal information, and shall be given access to that information. The RHF provides an opportunity for individuals to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10: Challenging Compliance
The RHF has developed procedures for dealing with privacy. Any individual may challenge the compliance of the RHF by contacting our Privacy Officer directly at the following:
Phone: 778-296-1527
Email: If we are unable to resolve your issue you may want to contact the Office of the Information and Privacy Commissioner of BC directly.
[1] A third party organization/service provider includes an organization or contractor that may need to access certain types of personal information in order to provide a service on behalf of the Rick Hansen Foundation (RHF) or to an individual such as: processing registration forms for Wheels In Motion events or performing surveys; or may be an organization that the RHF works closely with in order to achieve their mission such as the Spinal Cord Injury Solutions Network (SCISN) which participates with RHF in the management and administration of certain activities such as Wheels In Motion, administering grant applications and awarding grants to individuals and organizations.
[2] A written request must come in writing on a form provided by the RHF. The completed and signed form may be mailed, hand delivered, faxed, or scanned and emailed to the RHF.