Privacy policy

1.1. CCS accepts full responsibility for protecting personal information under its possession or control. Each individual subject to this policy is accountable for their own compliance with this policy.

1.2. The National Privacy Officer delegates responsibilities relating to privacy management, oversight and compliance to functional and regional privacy representatives on an as-needed basis. The functional and regional privacy representatives are the first point of contact for privacy inquiries, concerns or incidents, and escalate privacy matters to the National Privacy Officer in accordance with CCS internal privacy incident management procedure.

1.3. The duties of the National Privacy Officer, and those of the functional and regional privacy representatives, as delegated, include:

• developing and, on a regular basis, reviewing CCS policies and practices to ensure consistent implementation and compliance;
• ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
• ensuring that all inquiries and complaints relating to privacy are appropriately documented and handled;
• ensuring all third parties to whom CCS provides access to personal information are required to adhere to applicable laws and appropriate standards of care in managing that information; and
• informing the CEO and/or Board about significant privacy breaches that could potentially cause harm to CCS’s reputation.

2.1. Personal information is collected for purposes such as:

• providing cancer-related information and support services;
• responding to any concerns or inquiries about CCS’s activities;
• fundraising and promoting CCS events and services, including to contact existing donors about upcoming fundraising activities and campaigns;
• recruiting, screening, placing and managing relationships with volunteers;
• communicating with the community, including communications with donors, funders, partners, volunteers and individuals that participate in CCS events or use CCS services;
• determining an individual’s suitability to be in a position of trust, including the handling of cash or working with vulnerable persons;
• accounting and other financial purposes such as issuing tax receipts; and
• establishing, maintaining and managing an employment relationship with employees of CCS.

2.2. Should you choose or are required as part of our programs to provide us with your health information, CCS does not collect or use this information to provide you with opinions or endorse any particular treatment option or course of action, nor do we use this information to make decisions on your behalf or provide you with medical referrals or advice.

2.3. Aggregated information is used for service planning and delivery, health promotion, and the general administration of CCS’s business, including to assess the effectiveness of CCS programs and campaigns, improving donor experience and assisting in the developing new programs and channels. This information will be compiled and analyzed on an aggregate basis and, unless we have your specific consent to use identified information, does not identify any individual and therefore is not treated as personal information under this policy.

Each time an individual accesses a CCS website, we automatically receive and store certain types of non-personally identifiable information. Please refer to Website Practices on page 7 for more information.

3.1. Requirements for consent to the collection, use, or disclosure of personal information vary depending on circumstances and on the type of personal information collected. Consent can be obtained in person, by phone, by mail, or via the Internet.

3.2. Consent must be obvious, free of undue pressure, informed and specific in accordance with all applicable laws. In determining whether implied or explicit consent is required and, if so, which form of consent is appropriate, CCS will take into account the sensitivity of the personal information at issue, the purposes for which CCS will use the information and any legal requirements. In certain circumstances (and to the extent permitted by law), consent may be implied based upon the reasonable expectations of the individual.  In determining the appropriate form of consent, CCS will take into account the sensitivity of the personal information. Express consent will always be sought should the primary purpose of collection be to promote a corporate partner product or should we wish to disclose your personal information to a third party, such as another charity.

3.3. Your provision of personal information to CCS means that you agree and consent that we may collect, use and disclose your personal information in accordance with this privacy policy. If you do not agree with these terms, please do not provide any personal information to CCS. Failure to provide your personal information to CCS may prevent us from offering you the products or services you have requested, or to process an application for volunteering or employment on your behalf.

3.4. CCS will obtain your informed consent at the time that we collect your personal information. If your personal information will be used or disclosed for any additional purposes that are not outlined in this policy, CCS will advise you of these new purposes before such use or disclosure, and, when required by applicable law, obtain your consent to such additional uses, unless otherwise required by law.

3.5. Consent may be time-limited and may be revoked by the individual who gave it, subject to applicable law. Withdrawal of consent will not exclude an individual from service delivery, unless the information requested is required to provide the requested service or product or to process an application on that person’s behalf.

3.6. An individual has the right to unsubscribe from communications or withdraw their consent by contacting privacy@cancer.ca or calling 1-800-268-8874.

4.1. CCS only collects personal information for the purposes outlined in this policy under Principle 2.

4.2. Every CCS business unit or department, if applicable, is responsible for ensuring that all information collected is limited, both in amount and type, to what is needed to fulfill the identified purposes.

4.3. CCS usually collects personal information directly from the individual in the course of its business through various means including, but not limited to:

• registration and application forms;
• CCS programs and services;
• donor and fundraising forms;
• on-line applications, services and systems; and
• telephone conversations and instant messaging.

4.4.    CCS may also collect personal information from other sources (including personal references and family members), with the consent of the individual or where permitted or required by law (for example, when the information is about a minor) or is publicly available.

5.1. Personal information is only used and disclosed for the purposes for which it was originally collected (as outlined under Principle 2) unless specific consent has been obtained or if otherwise required or permitted by law. There are circumstances where a disclosure without consent is justified or permitted, for example in the context of a legal investigation or a request from law enforcement authorities, or where CCS believes, upon reasonable grounds, that the disclosure is necessary to protect the rights or safety of an identifiable person or group.

5.2. Also, note that your personal information may be shared with volunteers and service providers (collectively “Affiliates”).  Such Affiliates assist us in establishing, managing and maintaining our relationship with you and providing products and services to CCS, such as mailing and fulfillment organizations and third party fundraising agencies. Such Affiliates will only use your personal information for the purposes identified above and are bound by confidentiality agreements and commit to safeguarding your personal information. Note that in working with our service providers, your personal information may be transferred outside your province of residence or to a foreign jurisdiction to be processed or stored. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.

5.3. Personal information is only retained as long as it is necessary for the fulfillment of the purposes identified in this policy (under Principle 2) and as required by law. CCS has established retention timelines for staff to follow and also periodically reviews CCS’s retention needs.

5.4. The retention period may extend beyond your relationship with us. When your personal information is no longer required for CCS’s purposes, the information is either physically destroyed or deleted.

6.1. CCS makes reasonable efforts to keep personal information as accurate, complete and up-to-date as is necessary to fulfill the purposes for which the information is to be used.

6.2. We rely on our donors, fundraisers, event participants, individuals who use the services of CCS, volunteers and employees to provide us with accurate information and to notify us if their information needs to be updated.

7.1. CCS takes reasonable measures to ensure that personal information is kept safe from loss or theft, unauthorized access, use, copying, disclosure or modification. Safeguards include physical, organizational and technical measures, such as (but not limited to):

• security card access to premises;
• restriction of employee and volunteer access to files on a “need to know” basis;
• confidentiality undertakings by all employees and volunteers;
• locking up personal information and not leaving it unattended or in plain view;
• firewalls, anti-virus, strong passwords and software solutions for technical security (including secure, 128-bit encrypted Secure Socket Layer sessions on our website); and
• regular reviews of privacy compliance initiatives.

8.1. CCS always makes information available about our privacy practices. CCS also takes steps to ensure that all staff/volunteers can answer inquiries about our information-handling practices and appropriately refer unanswered questions or privacy complaints to the National Privacy Officer.

9.1. An individual has a right to request access to their personal information by contacting the National Privacy Officer in writing (contact information is set out at the end of this policy). The written request must provide sufficient detail so that the National Privacy Officer can properly and efficiently respond to the request.

9.2. In order to safeguard personal information, an individual may be required to provide sufficient identification information in order for CCS to authenticate the individual and to authorize access to the individual’s file.

9.3. CCS will respond to access requests in a timely manner, and in accordance with the timeframe prescribed by any relevant legislation.

9.4. An individual has the right to challenge the accuracy and completeness of the information obtained. Individuals can exercise this right by contacting the National Privacy Officer in writing. CCS shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, CCS shall transmit to third parties having access to the personal information in question, any amended information or information regarding the existence of any unresolved differences.

9.5. Individuals will be provided with any help needed to access their personal information, including clarifying exactly what they are looking for. Requested information will be provided in a timely manner, and in a form that is generally understandable. Depending on the amount of information requested, there may be a nominal fee charged to cover any costs associated with responding to the request.

9.6. If CCS does not have custody of the personal information requested or must decline to provide an individual with access to their personal information for legal, regulatory or other reasons, an explanation will be provided.

9.7. An individual has the right to request that CCS cease sharing their personal information or de-index any hyperlink attached to technological means if the dissemination contravenes a law or court order or causes serious harm to the reputation or privacy of the individual.

10.1. An individual has the right to challenge CCS’s compliance with the principles set out in this privacy policy to the National Privacy Officer. Complaints must be in writing and will be handled in a timely manner.

10.2. CCS has procedures in place to receive, investigate, respond to and track concerns or complaints about its management of personal information. By following these procedures, a remedy or corrective action will be undertaken to resolve the issue, including, if necessary, amending CCS’s policies and procedures.

10.3. Within a reasonable time of conclusion of the investigation, the National Privacy Officer will inform the complainant of:

• the results of the investigation; and
• any appropriate measures CCS will take to rectify the source of the complaint.

Our websites may automatically record some general information about your visit in order for CCS to engage in web statistical analysis using analytics. We want to make sure our sites are useful to visitors and make the most efficient use of donor dollars in our service delivery and marketing efforts through targeted advertising. This information may include the:

• internet domain for your internet service provider, such as “company.com” or “service.ca” and the IP address of the computer you are using to access CCS’s website;
• type of browser you are using, such as Internet Explorer, Firefox or Chrome;
• type of operating system you are using such as Windows or Macintosh;
• date and time of the visit to our site, the pages of our site that were visited, and the address of the previous website you were visiting if you linked to us from another website;
• age category, gender, and affinity interests as determined by demographic and interest reports available through analytics.

We make no effort to personally identify you based on your visit to our site. If you wish, you may refuse your consent to being tracked by analytics by disabling or refusing cookies if presented with the cookie consent option upon using the site for the first time; or anytime by clicking "Cookie Settings" link available in the footer section of the website; or by disabling JavaScript within your browser.

Data collected for web analytics purposes may be processed in another country and thus may be subject to the governing legislation of that country.

We also use "cookies" that identify you as a return visitor and which can help us tailor information to suit your individual preferences. A cookie is a small text file that a website can send to your browser, which may then store the cookie on your hard drive. The goal is to save you time next time you visit, provide you with a more meaningful visit, and measure website activity. Cookies in and of themselves cannot be used to reveal your identity. Many browsers, however, allow you to disable cookie collection if you wish, or inform you when a cookie is being stored on your hard drive.

As you interact with CCS’s websites, third party advertising partners may use cookies that we place on your computer, tracking pixels, web beacons and similar technologies to identify you as a visitor to our websites, and present you with targeted ads to help us promote CCS. You can refuse to consent to the use of your information for select ad targeting if presented with the cookie consent option upon using the site for the first time; or anytime by clicking the "Cookie settings" link in the footer section of the website; or by setting up “Do Not Track” options available through your browser. We also occasionally provide your personal information to trusted advertising partners for the purpose of presenting you with targeted ads on behalf of CCS. You can request that your personal information not be shared with our advertising partners by contacting privacy@cancer.ca.

External links

CCS also provides links to other websites which we believe may be of interest to you. CCS is not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of each and every website that requests personal information from you.

Third party social media

CCS’s use of social media serves as an extension of its presence on the internet. Social media account(s) are public and are not hosted on CCS’s servers. Users who choose to interact with CCS via social media should read the terms of service and privacy policies of these third-party service providers and those of any applications used to access them.