JDRF Canada is committed to protecting the personal information entrusted to us by our donors, participants, volunteers, and employees. We manage your personal information in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable laws.
This policy applies to JDRF and to any person providing services on our behalf.
What is personal information?
Personal information means information about an identifiable individual. This includes, for example, an individual’s name, home address, and phone number, financial information and donation history. JDRF may also collect a minimal amount of personal health information from you or your guardian directly, such as your connection to type 1 diabetes (T1D) and, if applicable, when you were diagnosed.
What is personal employee information?
Personal employee information is personal information about an employee or volunteer that is collected, used, or disclosed solely for the purposes of establishing, managing, or terminating an employment relationship or a volunteer work relationship. Personal employee information may, in some circumstances, include a Social Insurance Number or a performance review.
At JDRF, we are responsible for personal information in our custody or control, including personal information that we share with persons operating on our behalf (e.g., information technology providers). We require all of our employees, volunteers and service providers to sign confidentiality agreements to ensure that they protect personal information in compliance with this Policy.
We do not collect, use, or disclose personal information for a new purpose that was not previously identified without explaining the new purpose and obtaining consent, unless otherwise permitted by law.
JDRF collects and uses personal information directly from donors and participants or from JDRF-approved businesses (organizations or persons with which JDRF has an alliance or arrangement to (1) provide information about products, services, events, or initiatives related to diabetes or diabetes research or (2) assist in developing, improving, or enhancing JDRF initiatives or programs; a list of these organizations is available on request by contacting the JDRF Chief Privacy Officer) in order to:
- Process donations;
- Track and issue tax receipts for donations received in accordance with Canada Revenue Agency requirements;
- Help individuals fundraise on behalf of JDRF;
- Establish, build, and maintain relationships;
- Provide social and practical support and information to newly diagnosed families or anyone facing the challenges of living with diabetes;
- Promote organizational activities, conferences, or events to raise awareness about diabetes or diabetes-related research;
- Provide information about products, services, events, or activities for which you have registered or expressed an interest (e.g., Bag of Hope for newly diagnosed patients or news on advocacy initiatives);
- Share information with the JDRF head office, chapters, and site offices to administer JDRF programs, functions, or initiatives;
- Share information with those who may be interested in JDRF programs (e.g., Walk and Ride events), corporate functions (e.g., Government Relations) or other initiatives (e.g., Outreach activities).
JDRF may share donor or participant personal information to JDRF-approved businesses/service providers in order to distribute our newsletters or support one of our direct mail campaigns. As well, JDRF may disclose donor or participant personal information to the public via a participants’ online fundraising page to recognize donors and participants for their efforts in supporting JDRF. JDRF obtains the consent of all donors and participants prior to disclosing their personal information.
JDRF may collect, use, and disclose personal employee information to meet the following purposes:
- Determining eligibility for employment or volunteer work, including verifying qualifications and references;
- Establishing training and development requirements;
- Assessing performance and managing performance issues if they arise;
- Administering pay and benefits (paid employees only);
- Processing employee work-related claims (e.g., benefits, workers compensation, insurance claims) (paid employees only); and
- Complying with applicable laws (e.g., Canada Income Tax Act, provincial Employment Standards Acts).
After an employee or volunteer relationship with us ends, we may be contacted by other organizations and asked to provide a reference. It is our policy not to disclose personal information about our employees and volunteers to other organizations who request references without consent. The personal information we normally provide in a reference includes:
- Confirmation that an individual was an employee or volunteer, including the position and date range of the employment or volunteering; and
- General information about an individual’s job duties and information about the employee or volunteer's ability to perform job duties and success in the employment or volunteer relationship.
We collect only the personal information that we need for the purposes of providing services to our donors and participants. For example, we limit the collection of financial and contact information by only collecting information deemed necessary to process a donation and for business development purposes.
We normally collect your personal information directly from you. We may collect your information from other persons with your consent or as authorized by law.
We ask for consent to collect, use, or disclose your personal information, except in specific circumstances where collection, use, or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
We assume your consent to continue to use and, where applicable, disclose personal information that we have already collected, for the purpose for which the information was collected.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use, or disclosure of certain personal information. Where express consent is needed, we will normally ask you to provide consent in writing.
You can withdraw your consent to JDRF using or disclosing your personal information, at any time, for the following purposes:
- A marketing initiative and for providing information on special offers for diabetes-related products, services, programs, or events offered by JDRF or JDRF-approved businesses;
- Collecting your personal information from personal referrals;
- Providing information to an assigned mentor to facilitate the child mentorship program; or
- Contacting you directly or through an approved third party to administer a survey to improve JDRF programs.
You can opt out of these uses and disclosures by contacting the JDRF Chief Privacy Officer (see contact information above). Once we receive your opt-out request, we will process it within 10 days.
We may collect, use, or disclose personal information without consent only as authorized by law. For example, we may not request consent when the collection, use, or disclosure is to determine suitability for an honour or award or in an emergency that threatens life, health, or safety.
JDRF can collect, use and, disclose personal employee information without consent only for the purposes of establishing, managing, or ending the employment or volunteer relationship. We will provide current employees and volunteers with prior notice about what information we collect, use, or disclose and our purpose for doing so.
We will obtain our employees’ or volunteers’ consent to collect, use, and disclose their personal information for purposes unrelated to the employment or volunteer relationship (e.g., such as providing you with information about our workplace charity program).
Limiting Use, Disclosure, and Retention
We use and disclose the personal information of donors, participants, employees, and volunteers only for the purpose for which the information was collected, except as authorized by law. For example, we may use financial information from donors to process donations.
Donors and participants may request a complete list of the organizations/services to which we share and/or disclose their personal information by contacting the JDRF Chief Privacy Officer (see contact information above).
If we wish to use or disclose your personal information for any new business purpose, we will ask for your consent. We may not seek consent if the law allows this (e.g., the law allows organizations to use personal information without consent for the purpose of collecting a debt).
We retain personal information only as long as is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes.
Use of Service Providers Outside Canada
At JDRF, there are organizations providing services on our behalf that may process or store personal information outside of Canada. These organizations include: Global Cloud and Soft Trek, both located in the United States of America. These organizations process or store personal information for the following purposes: to support our online fundraising tool, email marketing, customer relationship management, and processing of funds. You can contact the JDRF Chief Privacy Officer to obtain more information about our use of service providers outside Canada, including for example:
- The location of the service provider; and
- How personal information is collected, used, disclosed, stored and protected.
We make every reasonable effort to ensure that personal information is accurate and complete. We rely on individuals to notify us if there is a change to their personal information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible. In some cases we may ask for a written request for correction.
We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure, or modification of personal information, as well as any unauthorized access to personal information.
JDRF protects personal information in its custody and control through, for example:
- Technical Safeguards: We employ technical safeguards, such as passwords, audit logging, encryption, and role-based access controls for information systems from which personal information may be accessed.
- Physical Safeguards: We employ physical safeguards to protect personal information by locking filing cabinets, restricting physical access to offices and data centres, and shredding paper records we no longer need.
This information describes, for example:
- What personal information is in our custody or control;
- How we collect, use, and disclose personal information, and for what purposes;
- How we protect personal information in our custody and control;
- How you may gain access to and correct the personal information we have about you;
- How to opt out of specific uses and disclosures of personal information; and
- How to contact the JDRF Chief Privacy Officer with an inquiry or complaint.
Individuals have a right to access their own personal information in a record that is in the custody or under the control of JDRF, subject to some exceptions. For example, organizations are required under provincial privacy laws (e.g., the Personal Information Protection Act) to refuse to provide access to information that would reveal personal information about another individual.
If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record.
You may make a request for access to your personal information by completing the JDRF Access and Correction Request Form and submitting it to the Chief Privacy Officer (see contact information above). You must provide sufficient information in your request to allow us to identify the information you are seeking.
You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization. In addition, you may request a correction of an error or omission in your personal information.
We will record in your record details about your correction request and communicate this information to relevant third parties, where required and feasible.
We will respond to your request within 30 calendar days, unless an extension is granted. We may charge a reasonable fee to provide information, but not to make a correction. We do not charge fees when the request is for personal employee information. We will advise you of any fees that may apply before beginning to process your request.
We use Google AdWords Remarketing to advertise JDRF across the Internet, in particular on the Google Display Network.
AdWords Remarketing will display ads to you based on what parts of the JDRF website you have viewed by placing a cookie on your web browser.
This cookie does not in any way identify you or give access to your computer or mobile device.
The cookie is used to indicate to other websites that “This person visited a particular page, so display ads relating to that page.”
Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
If you do not wish to see ads from JDRF, you can opt out in several ways:
Questions and Complaints
In the event of a discrepancy or error with your online transaction, please contact firstname.lastname@example.org. Please include your name, telephone number and the date and amount of your transaction.
If you have a question or concern about any collection, use or disclosure of personal information by JDRF, or about a request for access to your own personal information, please contact the JDRF Chief Privacy Officer (see contact information above).
If you are not satisfied with the response you receive, you can contact the Office of the Privacy Commissioner of Canada by phone (1.800.282.1376) or by filling out a complaint form available at https://www.priv.gc.ca/en/contact-the-opc/ and submitting the completed form by mail to:
Office of the Privacy Commissioner of Canada
30, Victoria Street
You may also contact the Office of the Information and Privacy Commissioner in the province in which you reside.