Our accountability

Privacy Policy

Introduction

Protecting your privacy is important to The Montreal Children’s Foundation. For this reason, we have implemented safeguards and sound management practices to maintain the confidentiality and security of your personal information in accordance with applicable laws.

This privacy, which should be read in conjunction with our Terms and Conditions and the applicable Service agreements entered into by the Foundation, describes our practices regarding the collection, use, processing, disclosure, and retention of Personal Information (as defined below) of our clients, visitors and users.

We comply with the most stringent laws and ethical standards applicable to the Foundation when handling all information, particularly personal information.

Donations from legal persons

It is important to note that the protections afforded by the Act respecting the protection of personal information in the private sector apply only to the personal information of natural persons, i.e., human beings. Thus, information concerning any legal entity (organization, company, partnership, etc.) is not protected by the provisions of this law.

The Foundation wishes to point out that regardless of the source of the donation, the related information will be treated with the same level of protection and confidentiality. However, the consent requirements for the collection, use and communication of information concerning legal entities will be adjusted accordingly.

Data Protection Officer

At any time you may contact our Data Protection Officer (DPO) at the following address:

Email:                       confidentialite@MCHF.com

Address:                  DPO, 5002 Boul. Maisonneuve Ouest, Montreal (Qc) H4A 0B6

 

Processing of Personal Information

Collection of Personal Information

Personal identifiable information (PII) is defined as any information concerning a natural person from which this person may be identified either directly or indirectly.

The Foundation can collect, conserve, use, and transfer different types of PII concerning you. They are as follows

Category

Examples

Identifying PII

First and last name, username or other similar identiying pseudonym, date of birth, gender.

Contact PII

Billing address (for tax receipts), email address, telephone number.

Payment PII

Details concerning payment methods (credit or debit card number), details of previous donations done by and/or for you, details regarding donations to us or other services rendered to you by us.

Technical PII

Your Internet Protocol address (IP), connection data, the type and version of web browser, your time zone settings and location, the types of plug-ins installed and their version, your operating system and other technological data found on the devices you use to access our website.

Use of Service PII

Information regarding the way you use our website and our services.

Marketing and Communication PII

Includes your preferences regarding marketing materials from us and from our third-party partners as well as related information. This includes that we may take notes of conversations we may have with you in person and/or communications you have sent to the Foundation. This allows us to better manage our relationship with you and to ensure that you only receive relevant communications from us that are adapted to your preferences.

Candidacy PII

Your academic background, professional work-experience history, fields of interest, and any other information you choose to share with us when you contact us regarding an application for a position within the Foundation.

PII of a Sensitive Nature

We do not collect any personal information about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, health information or genetic and biometric information.

However, we do collect certain information that, depending on the context, may be considered sensitive information, including:

  • Your situation or the medical follow-up you receive from the hospital in order to redirect your donation to a particular department you wish to support;
  • Your bank details, credit and/or debit card number, so that we can deduct the amount you choose to donate to the Foundation;
  • Details of any corporate shares you wish to donate to the Foundation.

Methods of Collecting Personal Information

The Foundation collects your PII through a number of ways:

  • Identifying, Contact and Payment PII
    • When you donate an amount over the telephone, by mail, by email, in person, or via our website;
    • When you subscribe to our newsletter or to an event;
    • When you interact with organizations that collect PII on our behalf;
    • When you applpy for a position or as a volunteer to our Foundation.
  • Technical and Use PII
    • When you use our website
  • Marketing and Communication PII
    • Publicly available information concerning you;
    • Analysis providers and ad networks.


We keep track of your donations and, in some cases, your communications with us so that we can properly follow up on them.

Use of Information Collected

We will only use your PII where we are permitted to do so by law. Most commonly, we use your PII in the following circumstances:

  • To develop and maintain our relationship with you
    • To register you as a donor;
    • To answer your questions;
    • To establish and update your profile with us, ncluding your contact details, expectations and philanthropic interests;
    • To process your donations and issue you a tax receipt;
    • To solicit you to make a donation;
    • To manage our relationship with you;
    • To invite you to events organized by the Foundation;
    • To process your registration for a Foundation activity or event;
    • To obtain your opinion on the Foundation’s services;
    • To thank you for your commitment and donations to the Foundation;
    • To recognize you for your commitment to the Foundation, notably by publishing your name and donation level (in certain cases) in the Foundation’s public donor lists.
  • When we must comply with a governmental, legal or regulatory obligation;
  • To administrer and protect our Foundation and its websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting);
  • To offer you relevant content on social networks, our websites or newsletters, and to measure or understand the effectiveness of our communications;
  • To use information analysis to improve our websites, services, marketing and communications with you, our relationships and experiences with donors;
  • To provide you with suggestions and recommendations for donations, service and events that may be of interest to you;
  • To receive and analyze your job application.

Disclosure of your PII to Third Parties

While we try to avoid sharing your PII with third parties, we may use Service Providers or other trusted third parties to perform various services on our behalf, such as IT management and security, marketing, data analysis, hosting and storage. We have defined below the instances in which such sharing may occur:

  • To our employees, contractors, consultants, agents, service providers, partners and other trusted third parties with whom we conduct solicitation activities who process information on our behalf and at our direction. We require all third parties to respect the confidentiality of your personal information and to treat it in accordance with the law. We do not authorize our third-party service providers to use your personal information for their own purposes and only allow them to process it for specific purposes and in accordance with our instructions;
  • When we are required to disclose your PII in order to comply with any legal obligation (for example, to government agencies and law enforcement agencies);
  • To protect our business, our rights, our privacy, our security, yours and those of third parties;
  • To enable us to pursue available remedies or limit the damages we may suffer;
  • In accordance with applicable laws, including laws outside your country of residence.


Donor and volunteer PII will not be used or disclosed for purposes other than those for which it was collected, except with the consent of our donors and volunteers or as required by law.

In the course of our operations, the Foundation may share your PII only with third parties who have signed an agreement containing an obligation to implement the Foundation’s Privacy Policy and whose privacy policy is similar to that of the Foundation’s. This is done only as necessary for our legitimate interests.

Please note that some of our third party business partners are located outside the province of Quebec, and as such, your information may be communicated outside the borders of the province of Quebec.

At not time do we ever sell PII to third parties or exchange donor lists.

Protection of your PII

The Foundation has the appropriate and necessary safeguards in place to ensure that your PII is as secure as possible. We ensure that any third parties we use to process your PII do the same, and that they only process your PII on our instructions. Third parties will also be subject to a duty of confidentiality.

When you use your credit or debit card to make a donation with us, we ensure that this transaction is secure and compliant wirth the Payment Card Industry Data Security Standard (PCI-DSS). We do not store any credit or debit card numbers or your 3 or 4-digit security code in our systems.

Links to Third Party Websites

From time to time, we may include on our website references or links to websites, products or services provided by third parties (“Third Party Services”). The Third Party Services, which are not operated or controlled by the Foundation, are governed by privacy policies entirely separate from and independent of our own. We therefore assume no responsibility for the content and activities of these sites. This Policy applies solely to the Foundation’s website and the activities we carry out. This Policy does not extend to Third Party Services or sites.

Limitation of Liability

The Foundation undertakes to take all reasonable steps to ensure a high level of confidentiality and security of PII in accordance with technological standards appropriate to its sector of activity.

Notwithstanding the foregoing, you declare that you understand and acknowledge that no computer system offers absolute security and that there is always a degree of risk involved in transmitting personal information over the public network that is the Internet.

You therefore agree that the Foundation cannot be held responsible for any breach of confidentiality, hacking, virus, loss, theft, misuse or alteration of your PII transmitted or hosted on its systems or those of a third party. You also waive any claim in this regard, except in the case of gross negligence or wilful misconduct on the part of the Foundation. Accordingly, you agree to indemnify and hold harmless the Foundation and its officers, directors, affiliates and business partners from and against any and all damages of any kind, whether direct or indirect, incidental, special or consequential, arising out of on in connection with the use of your PII.

In the event of a breach of confidetiality or security of your PII that presents a high risk to your rights and freedom, you will be notified of the breach as soon as possible, and the Foundation will take the necessary steps to preserve the confidentiality and security of your PII.

PII of Minors Under the Age of 14

We are committed to protecting the privacy of children and do not knowingly solicit personal information from children under the age of 14 without parental or guardian consent. Some areas of our Site provide services and programs for children, for which we may collect personal information about a child, but only with the consent of the child's parent or guardian in accordance with this Privacy Policy. If a child provides personal information without a parent's or guardian's consent, the parent or guardian may contact us and request that we delete that information.

Information Retention

Information collected by the Foundation is stored in various ways. Some PII is stored physically or electronically at the Foundation.

Other information in digital format is hosted or communicated to data hosting service providers, some of which are located outisde of Quebec.

We retain your PII only as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting or reporting requirements.

In determining the appropriate retention perio for PII, we take into account the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your PII, the purposes for which we process your PII and the possibility of achieving those purposes by other means, as well as applicable legal requirements.

Legal Rights

The Foundation offers its donors and volunteers the opportunity to limit or cancel communications they receive from the Foundation. To change or withdraw your consent, or to verify, change or modify the PII you have provided us, please contact our DPO at the coordinates indicated in Section 1.3 of this Policy.

Your Legal Rights under the Law

As a data subject, you may exercise the rights set out below by communicating with our DPO in writing. At all times, you reserve the right to:

  • Request access to the PII that the Foundation has collected from you;
  • Request that PII concerning you be corrected;
  • Request that your PII be deleted*;
  • Voice your opposition to the processing of your PII;
  • Request various restrictions to the processing of your PII;
  • Withdraw your consent to any portion of the use, processing, communication or stocking of your PII by the Foundation;
  • File a complaint with the Commission d’accès à l’information regarding the protection of your PII by the Foundation.


* Please note, however, that certain legal and/or ethical obligations may require us to retain your PII for a predetermined period of time. The Foundation has no control over the retention duration and is legally obligated to comply with these laws. Once the retention period has expired, the Foundation will proceed with the deletion of your PII as soon as possible in response to your request.

What We May Need From You

We may ask you for specific information to help us confirm your identity and guarantee your right of access to your PII (or to exercise one of your rights). This is a security measure to ensure that PII is not disclosed to anyone who is not entitled to receive it. We may also contact you to request further information in relation to your request in order to speed up our response.

To limit or cancel the communications you receive from the Foundation, or to change or withdraw your consent, or to verify, change or correct the PII you have provided us, please contact our DPO at the coordinates indicated in Section 1.3 of this Policy.

Complaint for Breach of Policy

If you have any questions, comments or concerns about this Privacy Policy, or if you choose any of the following options:

  • Request that we stop sending electronic communications or other methods to contact you;
  • Report any violation of this Privacy Policy


You can reach our DPO at the coordinates indicated in the first page of this Policy and the Foundation undertakes to respond within a delay of 30 days upon receipt of your message.