Privacy Policy - JDRF

JDRF Canada is committed to protecting the personal information entrusted to us by our donors, participants, volunteers, and employees. We manage your personal information in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable laws.

To ensure consistency with privacy policy best practices, the JDRF Privacy Policy is organized around ten internationally recognized privacy principles, which are codified into law in Schedule I of PIPEDA. It also outlines the principles and practices we follow in protecting your personal information.

This policy applies to JDRF and to any person providing services on our behalf.

What is personal information?

Personal information means information about an identifiable individual. This includes, for example, an individual’s name, home address, and phone number, financial information and donation history. JDRF may also collect a minimal amount of personal health information from you or your guardian directly, such as your connection to type 1 diabetes (T1D) and, if applicable, when you were diagnosed.

What is personal employee information?

Personal employee information is personal information about an employee or volunteer that is collected, used, or disclosed solely for the purposes of establishing, managing, or terminating an employment relationship or a volunteer work relationship. Personal employee information may, in some circumstances, include a Social Insurance Number or a performance review.

Accountability

At JDRF, we are responsible for personal information in our custody or control, including personal information that we share with persons operating on our behalf (e.g. information technology providers). We require all of our employees, volunteers and service providers to sign confidentiality agreements to ensure that they protect personal information in compliance with this Policy.

We have designated a Chief Privacy Officer who is ultimately responsible for ensuring our compliance to this Privacy Policy. Donors, participants, volunteers, and JDRF employees can contact the JDRF Chief Privacy Officer with questions, comments, or complaints by e-mail at privacy.officer@jdrf.ca, by phone at 1.800.287.3533, or by mail at 2550 Victoria Park Avenue Suite 800. Toronto, ON M2J 5A9. All correspondence should be directed to the attention of the Chief Privacy Officer.

Identifying Purposes

We inform our donors, participants, employees, and volunteers, before or at the time of collecting personal information, of the purposes for which we are collecting the information. We make this information available through this Privacy Policy, our website, and other informational materials available at JDRF events. The only time we don’t provide this notification is when an individual volunteers information for an obvious purpose (for example, producing a credit card to make a donation when the information will be used only to process the payment).

We do not collect, use, or disclose personal information for a new purpose that was not previously identified without explaining the new purpose and obtaining consent, unless otherwise permitted by law.

JDRF collects and uses personal information directly from donors and participants or from JDRF approved businesses (Organizations or persons with which JDRF has an alliance or arrangement to (1) provide information about products, services, events, or initiatives related to diabetes or diabetes research or (2) assist in developing, improving, or enhancing JDRF initiatives or programs. A list of these organizations is available on request by contacting the JDRF Chief Privacy Officer.) in order to:

JDRF may share donor or participant personal information to JDRF approved businesses/service providers in order to distribute our newsletters or support one of our direct mail campaigns. As well, JDRF may disclose donor or participant personal information to the public via a participants online fundraising page to recognize donors and participants for their efforts in supporting JDRF. JDRF obtains the consent of all donors and participants prior to disclosing their personal information.

JDRF may collect, use, and disclose personal employee information to meet the following purposes:

After an employee or volunteer relationship with us ends, we may be contacted by other organizations and asked to provide a reference. It is our policy not to disclose personal information about our employees and volunteers to other organizations who request references without consent. The personal information we normally provide in a reference includes:

Limiting Collection

We collect only the personal information that we need for the purposes of providing services to our donors and participants. For example, we limit the collection of financial and contact information by only collecting information deemed necessary to process a donation and for business development purposes.

We normally collect your personal information directly from you. We may collect your information from other persons with your consent or as authorized by law.

Consent

We ask for consent to collect, use, or disclose your personal information, except in specific circumstances where collection, use, or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.

We assume your consent to continue to use and, where applicable, disclose personal information that we have already collected, for the purpose for which the information was collected.

We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use, or disclosure of certain personal information. Where express consent is needed, we will normally ask you to provide consent in writing.

You can withdraw your consent to JDRF using or disclosing your personal information, at any time, for the following purposes:

You can opt out of these uses and disclosures by contacting the JDRF Chief Privacy Officer (see contact information above). Once we receive your opt-out request, we process it within 10 days.

We may collect, use, or disclose personal information without consent only as authorized by law. For example, we may not request consent when the collection, use, or disclosure is to determine suitability for an honour or award or in an emergency that threatens life, health, or safety.

JDRF can collect, use and, disclose personal employee information without consent only for the purposes of establishing, managing, or ending the employment or volunteer relationship. We will provide current employees and volunteers with prior notice about what information we collect, use, or disclose and our purpose for doing so.

We will obtain our employees or volunteers consent to collect, use, and disclose their personal information for purposes unrelated to the employment or volunteer relationship (e.g. such as providing you with information about our workplace charity program).

Limiting Use, Disclosure, and Retention

We use and disclose the personal information of donors, participants, employees, and volunteers only for the purpose for which the information was collected, except as authorized by law. For example, we may use financial information from donors to process donations.

Donors and participants may request a complete list of the organizations/services to which we share and/or disclose their personal information by contacting the JDRF Chief Privacy Officer (see contact information above).

If we wish to use or disclose your personal information for any new business purpose, we will ask for your consent. We may not seek consent if the law allows this (e.g. the law allows organizations to use personal information without consent for the purpose of collecting a debt).

We retain personal information only as long as is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes.

Use of Service Providers Outside Canada

At JDRF, there are organizations providing services on our behalf that may process or store personal information outside of Canada. These organizations include: Global Cloud and Soft Trek, both located in the United States of America. These organizations process or store personal information for the following purposes: to support our on-line fundraising tool, email marketing, customer relationship management, and processing of funds. You can contact the JDRF Chief Privacy Officer to obtain more information about our use of service providers outside Canada, including for example:

Accuracy

We make every reasonable effort to ensure that personal information is accurate and complete. We rely on individuals to notify us if there is a change to their personal information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible. In some cases we may ask for a written request for correction.

Safeguards

We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure, or modification of personal information, as well as any unauthorized access to personal information.

JDRF protects personal information in its custody and control through, for example:

Openness

We make available to our donors, participants, employees, and volunteers specific information about our policies and practices that relate to the management of personal information. We make this information available in this Privacy Policy and by contacting the JDRF Chief Privacy Officer.

This information describes, for example:

Individual Access

Individuals have a right to access their own personal information in a record that is in the custody or under the control of JDRF, subject to some exceptions. For example, organizations are required under provincial privacy laws (e.g. the Personal Information Protection Act) to refuse to provide access to information that would reveal personal information about another individual.

If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record.

You may make a request for access to your personal information by completing the JDRF Access and Correction Request Form and submitting it to the Chief Privacy Officer (see contact information above). You must provide sufficient information in your request to allow us to identify the information you are seeking.

You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization. In addition, you may request a correction of an error or omission in your personal information. We will record in your record details about your correction request and communicate this information to relevant third parties, where required and feasible.

We will respond to your request within 30 calendar days, unless an extension is granted. We may charge a reasonable fee to provide information, but not to make a correction. We do not charge fees when the request is for personal employee information. We will advise you of any fees that may apply before beginning to process your request.

Google AdWords

We use Google AdWords Remarketing to advertise JDRF across the Internet, in particular on the Google Display Network.​

AdWords remarketing will display ads to you based on what parts of the JDRF website you have viewed by placing a cookie on your web browser.

This cookie does not in any way identify you or give access to your computer or mobile device.

The cookie is used to indicate to other websites that  “This person visited a particular page, so display ads relating to that page.

Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

If you do not wish to see ads from JDRF you can opt out in several ways:
1. Opt out of Google’s use of cookies by visiting Google’s Ads Settings.
2. Opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page

Questions and Complaints

In the event of a discrepancy or error with your online transaction, please contact general@jdrf.ca. Please include your name, telephone number and the date and amount of your transaction. 

If you have a question or concern about any collection, use or disclosure of personal information by JDRF, or about a request for access to your own personal information, please contact the JDRF Chief Privacy Officer (see contact information above).

If you are not satisfied with the response you receive, you can contact the Office of the Privacy Commissioner of Canada by phone (1.800.282.1376) or by filling out a complaint form available at http://www.priv.gc.ca/I_I/form_e.cfm and submitting the completed form by mail to:

Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville, Tower B
3rd Floor
Ottawa, ON K1A 1H3

You may also contact the Office of the Information and Privacy Commissioner in the province in which you reside.