Definition of “personal information”
Personal information is any information about an identifiable individual. Personal information (e.g. name, address, age, credit card information, banking information) does not include information that cannot be associated with or tracked back to a specific individual. An individual’s business title or business contact information or information that is publicly available, such as a telephone book listing, is also not considered to be personal information.
What information does HealthPartners collect?
The information HealthPartners collects is the minimum amount we need to establish and maintain a volunteer, event participant or donor relationship with an individual. This includes:
- Contact and identification information, such as name, address, telephone number and e-mail address
- Donation information such as date of gift, amount of gift, and name of spouse or partner if it was a joint gift
- Financial information such as payment methods and preferences, billing and banking information (credit card number and expiry date or chequing account transit numbers, in order to process a donation)
- Other personal information used for purposes that would be reasonably appropriate in the circumstances (e.g. if an individual has demonstrated an interest in participating as a volunteer in Speaker’s Bureau, we may send this person information regarding other volunteer opportunities)
HealthPartners observes the following practices when collecting, storing/maintaining, using and disposing of personal information:
1. Accountability: HealthPartners is responsible for personal information under its control and has designated a Chief Privacy Officer who is accountable for the organization’s compliance with the following principles:
2. Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information by HealthPartners. Consent can be either explicit or implicit and can be provided directly by the individual or by an authorized representative, such as a vendor who processes donations.
Implicit consent infers consent to all regular communications and uses of personal information, unless a provision provides for an opting out of specific use of personal information – for example, a check-off box to indicate that a donor does not wish to receive promotional materials from HealthPartners. HealthPartners will obtain explicit consent if personal information is used for media purposes. Explicit consent can be given orally, electronically or in writing. In addition, an individual’s consent is required before confidential information is released to outside or third parties. Some of the information HealthPartners collects is needed in order to satisfy the requirements of the Canada Revenue Agency (CRA) (e.g. income tax receipts). There are also circumstances where the use and/or disclosure of personal information is justified or permitted without consent. These circumstances may include:
- Where required by law or by order or requirement of a court, administrative agency or other governmental tribunal
- Where HealthPartners believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group
- Where the information is public
3. Identifying Purposes: The purpose for which personal information is collected is outlined below. Of note is that we require the consent of our constituents prior to using their personal information for any purpose other than that for which it was originally collected.
For what purposes does HealthPartners collect information?
HealthPartners collects personally identifying information about donors, volunteers and event participants to:
- Communicate in the regular course of business
- Establish, maintain and manage our relationship with an individual
- Keep an individual informed and up to date on the activities of HealthPartners and its Member organizations
- Process donations and issue tax receipts
- Acknowledge gifts
- Process applications to volunteer and to coordinate related activities
- Compile profiles on directors and members of committees
- Conduct fundraising activities
- Analyze its own internal fundraising and management performance
- For any other purpose to which consent is explicitly given
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary to our activities and fundraising efforts as described section 3 above, “What information does HealthPartners collect and for what purposes?” Information shall be collected by fair and lawful means.
5. Limiting Use, Disclosure and Retention of Personal Information: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
The length of time we retain information varies, depending on the nature of the information, for example we generally keep financial information for at least 6 years, in accordance with CRA rules and regulations. The retention period may extend beyond an individual’s relationship with us. When personal information is no longer required for HealthPartners’ purposes, the information is either physically destroyed or deleted.
When does HealthPartners disclose personal information?
HealthPartners shares personal information only with employees and/or volunteers, who require such information to establish, manage and maintain our relationship with an individual for the purposes described in section 3 above “For what purposes does HealthPartners collect information?” We do not sell, barter, trade or give away personal information to any third parties, unless authorized by an individual. For example, we do not provide any mailing lists to any other parties.
Links to other websites from HealthPartners.ca
HealthPartners provides links to other websites which HealthPartners believes may be of interest to an individual. As HealthPartners has no control over the content of any of these websites, these links may be updated or deleted as HealthPartners deems appropriate. Please be aware that HealthPartners is not responsible for the privacy practices of other websites that we link to. We encourage reading the privacy statements of each and every website that requests personal information.
6. Accuracy: Personal information shall be accurate, complete and as up to date as possible. To aid us in maintaining accuracy, we encourage individuals to review, correct, and update personal information by contacting our Chief Privacy Officer (see section 9 below).
7. Safeguards: Personal information gathered by HealthPartners shall be kept in confidence. HealthPartners staff is authorized to access personal information based only on their need to deal with the information for the reason(s) for which it was obtained. We also ensure that any of our employees who deal with personal information are properly trained and are aware of the necessary and appropriate measures required to protect personal information.
HealthPartners uses physical security measures such as locked cabinet storage for financial, payroll, employment, contractual tax, banking information, and similar confidential/sensitive documents. There is a shared network drive for general office information, password-restricted personal network drives for each user that are preserved/transferred upon the user’s departure. Employee confidentiality agreements are executed in all employment contracts and all consulting contracts, and are continually updated by legal counsel. HealthPartners shreds information when required to do so by law; for duplicate and working copies of any document that would be stored under lock and key and are not needed, and after information ceases to be needed for the purpose for which it was collected.
Website generated information:
Donors who request that their name and/or the amount of the gift not be publicly released shall remain anonymous.
9. Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. Individuals are encouraged to review the accuracy and completeness of the information and have it amended as appropriate.
Requests are to be forwarded in writing or via e-mail to our Chief Privacy Officer (see below).
Inquiries and requests for access
Didier Paultre, Chief Privacy Officer
HealthPartners National Office
150 Elgin Street, Suite 1051, Ottawa, Ontario K2P 1L4
Telephone: (613) 562-1469; extension 230
Toll free: 1 (877) 615-5792
10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the Chief Privacy Officer. If an individual wishes to be added or removed from any of the lists HealthPartners maintains, request to be written or emailed to the Chief Privacy Officer.