The Heart and Stroke Foundation of Canada, its affiliates, including Heart and Stroke Foundation of B.C. and Yukon, Heart and Stroke Foundation of Alberta, NWT and Nunavut, Heart and Stroke Foundation of Ontario, Heart and Stroke Foundation of Quebec, Heart and Stroke Foundation of Nova Scotia and Heart and Stroke Foundation of Prince Edward Island Inc., and the Heart and Stroke Foundation of New Brunswick (collectively, “HSF” or “we” or “our”) is leading the way in eliminating heart disease and stroke and reducing their impact through the advancement of research and its application, the promotion of healthy living, and advocacy.
1. What Personal Information Do We Collect?
Personal information means any information about an identifiable individual. The types of personal information that we may collect include, but is not limited to, your:
- date of birth, age, gender, ethnicity, and weight;
- phone number;
- residential address;
- e-mail address;
- IP address; credit card information, money order or cheque;
- banking information for donors that give monthly through chequing account withdrawals;
- responses to program-specific registration questions;
- child’s name, grade, school and teacher’s name when participating in the Jump program;
- medical information, including but not limited to, your medical symptoms and conditions, your health screenings, your exercise habits and other health habits, and your family history of chronic illness; and
- personal information you give us that we did not request (such as personal information you voluntarily put into an email to us or in a comments box on our Site).
2. Purposes for Collecting Your Personal Information
HSF may use your personal information for the following purposes:
- to provide you with our Services;
- to manage our relationship with you and provide you with customer service;
- to identify you in our system;
- to manage our business and operations;
- to respond to your questions that you send through the Site, by email or by phone;
- to contact you for fundraising purposes;
- to facilitate and process your registration for certain courses, events and services;
- to authenticate you when you sign in to your account;
- to send you e-mails with mission-related content or about our programs and events;
- to grant you access to special features or areas of the Site (including without limitation, to any HSF forums, tools, or courses) where you have applied for access or have posted information to those special features or areas of the Site;
- to administer and provide you with eTools (through which we can provide you with a health assessment, and information to help you manage your health conditions and achieve your health goals, including support emails to encourage positive lifestyle changes);
- to deliver and evaluate programs for which you are registered;
- to receive your annual certification fees, certification card processing fees, certification card replacement fees, donations, online item purchases or purchases of a lottery ticket;
- to issue tax receipts where applicable;
- to track communications with you;
- to track the location of IP addresses to provide provincial content for users;
- to improve the Site and help us develop new services, tools and Site features that meet your needs;
- for marketing segmentation to identify target populations;
- for tracking purposes for the deployment of automated external defibrillators (“AED”); and
- as otherwise permitted or required by law
3. When Do We Collect Personal Information?
We may collect your personal information when you voluntarily provide it to us by using the Services. For example, we may ask you to provide personal information if you:
- use our Services;
- register for user accounts;
- sign into your account;
- make a donation to HSF;
- purchase an item from the Site (including without limitation, a ticket for one of HSF’s lotteries);
- pay your annual certification fees, certification card processing fees or certification card replacement fees;
- use our eTools features;
- send a question or comment to HSF by email, phone, fax or through our Site;
- communicate with HSF representatives by phone or in-person;
- participate in an event organized by or associated with HSF;
- post comments, messages or other content on our Site, including but not limited to, on our eTools, blog, contact us page or other features of the Site that permit you to provide your own comments, messages and content;
- register to receive electronic communications, such as our e-newsletter; and
- otherwise participate in features of our Site that ask for personal information.
- Limiting Collection of Personal Information
- Use, Disclosure and Retention of Personal Information
We retain your personal information only for as long as we need it to fulfill the purposes for which it was collected and to comply with our legal obligations.
We may also use and disclose your personal information to third parties under the following limited circumstances:
- Limiting Collection of Personal Information
- when necessary to protect the safety, property or other rights of HSF, its representatives, and users of the Services, including to detect and protect fraud;
- with other charities, through an exchange list brokerage, unless you have opted-out. Specifically, HSF may trade your name and mailing address, but never your email address, with other charities. You will always be given the opportunity to opt-out.
- with your consent; or
- when otherwise required or permitted by law.
If you voluntarily submit or post any information, photographs or other content to any HSF forums, eTools, Twitter pages, Facebook pages or other social networking pages/sites, your personal information may be automatically included in the posting, including without limitation, your user name and email address. This information may be collected and used by others.
- Data Processors in Other Countries
To provide you with Services, we may use service providers, data processors and other third parties (“Third Parties”) to perform services on our behalf. These Third Parties may store, process and transfer personal information on servers located outside of Canada in jurisdictions whose data protection laws may differ from those of Canada, which may include the United States of America. As a result, personal information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to the laws in those jurisdictions. For example, information may be shared in response to valid demands or requests from government authorities, courts and law enforcement officials in those countries. Subject to applicable laws in such other jurisdictions, we will use reasonable efforts to ensure that appropriate protections are in place to require our Third Parties to maintain protections on personal information that are equivalent to those that apply in Canada.
- Links to Other Sites
- Providing Credit Card Information on our Site
If you make a credit card payment through HSF, we request the information reasonably needed by us to complete the processing of the transaction. For one-time payments, when you provide payment information, such as credit card numbers, credit card security codes, name on your credit card and expiration dates, we transmit this data directly from you to the credit card processing company; HSF only stores the credit card type, the last four digits of the credit card number and the expiration date in the event an incorrect payment needs to be refunded. HSF will send you a confirmation email to confirm successful credit card charges. For pre-authorized debits for recurring payments, all information is stored by HSF or Third Parties acting on our behalf, in an encrypted manner (i.e., coded data) such that only those who require access to update financial information can see the credit card number. The encrypted data is provided at the appropriate intervals to the credit card processing company. We may also share your personal information with Third Parties including credit card processing companies in order to bill you, but we do not provide any more information than reasonably necessary for this purpose.
- Cookies, Web Beacons and Other Similar Technology
As you interact with the Services, we may use automatic data collection technology and services that record and collect information that identifies your computer, tracks your use of this Site and collects certain other information about you and your surfing habits. This data collection technology may include cookies, web beacons and other similar devices on this Site to enhance functionality and navigation for our visitors.
A cookie is a small data file that is placed on the hard drive of your computer so that your computer will “remember” information when you visit a site. Web beacons and tags are small strings of code that are used in conjunction with a cookie and allow us to record activity on our Site. Internet tags, graphic tags and similar web beacon type functions allow us to count the number of users who have visited a particular web page or to access certain cookies. We may use web beacons on this Site to count users and to recognize users by accessing our cookies. Being able to access our cookies allows us to personalize this Site and improve your experience at this Site. We may also include web beacons in HTML-formatted e-mail messages that we send to determine which e-mail messages were opened.
Information tracked through these mechanisms includes, but is not limited to: (i) your IP address; (ii) the type of web browser and operating system being used; (iii) the pages of the Site a user visits; and (iv) other sites a user visited before visiting this Site.
You can reject or disable cookies by managing your browser settings and following the directions provided in your Internet provider’s help file. Please note that if you disable cookies, you may be unable to access some customized features on this Site. Cookies and web beacons do not collect or contain your personal information.
- Google Analytics
Our Site uses Google Analytics, a web analytics service of Google, Inc. ("Google"), or comparable technology. Google Analytics uses "cookies", which are text files stored on your computer, to analyze how you use our Site. The information generated by the cookie about your use of our Site (including your IP address) is sent to a Google server in the U.S. and stored there. Google will use this information to evaluate your use of our Site, compile reports on Site activity for our Site operators and to provide other site activity related to internet services. Additionally, Google may transfer this information to a third party when required by law or in the case of a third-party processing information on Google's behalf. In no case will Google use your IP address in connection with any other information held by Google. You can set your internet browser to prohibit the installation of cookies, although we must point out that some features and functions of our Site will then be unusable. By using our Site, you consent to the processing of data about you collected by Google in the manner described and for the above mentioned purpose. The consent for collection and storage of data can be withdrawn at any time in the future by clicking on the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Given the debate concerning the use of analytical tools using full IP addresses, we wish to point out that our Site uses the "Anonymize IP" function of Google Analytics which works with a shortened form of IP addresses to avoid direct personal identification.
Furthermore, we use the cookies to carry out frequency assessments, page usage assessments and marketing assessments. For the aforementioned assessments, we utilize this cookie information without a link to your personal information, so it is completely anonymous.
You can set your Internet browser up so that you are notified when cookies are stored, you can decide in each individual case whether you want to accept cookies, or you can refuse to accept any cookies. However, if you do not accept cookies, you may be restricted in how you are able to use our Site. You can delete cookies which are already stored on your hard disk at any time. You will find more details on how to do this in the operating guide for your Internet browser program.
- Browsing Information
To help protect the confidentiality of your personal information, HSF employs security safeguards appropriate to the sensitivity of the information. We maintain reasonable technical, physical and administrative security safeguards to protect your personal information against loss, theft, and unauthorized access. Any personal information you provide to us is exchanged on a secure server. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we are committed to protecting your personal information, we cannot ensure or warrant the security of any information you provide to us.
We take reasonable steps to verify your identity before granting you access to your account on our Site, however, you are solely responsible for maintaining the secrecy of your username, password and any other account information. We also take reasonable steps to ensure that HSF employees and volunteers are aware of the importance of maintaining the confidentiality of personal information and that unauthorized persons do not gain access to personal information that we have disposed of or destroyed.
- Individual Access and Accuracy of Personal Information
You may request access to your personal information which we may hold by contacting us at the contact information set forth below, and we will respond within the time periods provided for under applicable laws. We will need to verify your identity before providing you with the personal information we hold about you. There is no cost for such access request unless you require copies of records. We may not be able to provide you with access to your personal information if the information cannot be separated from the personal information of others, cannot be disclosed for reasons of security or commercial confidentiality, or is protected by legal privilege. If we cannot provide you with access to your personal information, we will advise you of the reasons access is being denied, unless we are prohibited by law from doing so.
You may request to update and change your personal information at the contact information set forth below. We shall endeavor to correct or complete any personal information which you advise us is inaccurate or incomplete. Where appropriate, the amended information shall be transmitted to third parties having access to such information.
- Children’s Privacy
- E-mail Communications
HSF complies with Canada’s anti-spam legislation (CASL) and we will not send you electronic communications in contravention of this law.
We will ensure that each e-mail includes an opt-out feature and instructions on how to un-subscribe if you no longer wish to receive future e-mails from HSF. You can unsubscribe using the link included in the e-mail or by sending an e-mail to ON_privacyoffice@heartandstroke.ca or by telephoning us at 416-489-7111. If you do not expressly consent to receiving electronic communications, we will only communicate with you for the limited purposes permitted under CASL.
- User Content in Comments, Chat Rooms and Message Boards
- How to Contact Us
- Data Processors in Other Countries
- see your personal information that you have already sent us so that you can correct, update or delete it from our files;
- if your child under 13 has used this Site and sent us personal information, delete that personal information from our files;
- ask that we not send you electronic communications or otherwise contact you; or
Please contact us at ON_privacyoffice@heartandstroke.ca and we will try to get back to you as soon as possible.