PRIVACY AND INFORMATION SECURITY POLICY

Centraide Richelieu-Yamaska (“Centraide”) respects and protects your privacy. The information you provide to us is carefully stored, secure, and is not sold or disclosed to third parties, except as outlined in this policy. By using our Digital Applications (as defined below), you consent to the use and processing of your Data (as defined below) in accordance with this policy.

1 Purpose of the Policy

This Privacy Policy (“Policy”) outlines how Centraide collects, stores, uses, protects, and transfers Personal Information and Confidential Information. This Policy also addresses information about our use of cookies and similar tracking technologies. This policy applies to both our digital applications and services offered.

2 Policy Guidelines

Centraide ensures that it implements what is necessary to ensure the privacy and security of Personal Information and Confidential Information transmitted and their security, including limiting access to Data to authorized individuals who need it only, using a set of human, organizational, and technological measures. The organization recognizes the confidential nature of the Data and is committed to taking all reasonable measures to protect its confidentiality.

3 Definitions

3.1 Personal Information

This refers to information that concerns and identifies an individual, directly or indirectly. This information may include, but is not limited to, their name, postal address, email address, banking information, and phone number.

3.2 Confidential Information

This refers to information about an entity other than an individual (e.g., a business or organization) and whose owner, author, or a reasonable person in similar circumstances would consider confidential. This information may include, but is not limited to, financial, commercial, or strategic information, such as financial statements, financial projections, and strategic planning.

3.3 Digital Application

Refers to an online service offered by Centraide, such as, but not limited to, the Centraide website: https://www.centraidery.org/, the online donation form, the digital event participation form, a digital product like Clicdon, social media, newsletters, emails, or any other medium or digital platform that allows online interaction with Centraide.

3.4 User

Refers to a person who uses a digital application or service.

3.5 Clicdon

Refers to a digital application used to manage a fundraising campaign and collect donations.

3.6 Data

Refers collectively to Personal Information and Confidential Information.

4 Collection and Use of Information

Data collection occurs in several ways, including when a User uses a Centraide Digital Application, communicates with Centraide by phone, mail, or when submitting paper forms. Centraide only collects the Personal Information that is necessary to provide you with various services and allow you to interact with them. Whenever possible, mandatory fields and optional fields are indicated. Depending on the activities, Centraide may collect and store the following Data.

4.1 Collection of Personal or Confidential Information during a donation

When you make a donation, Centraide may collect the following Personal Information about you:

• First name and last name
• Postal address
• Email addresses
• Phone numbers
• Year of birth
• Employer’s name
• Donation history
• Spouse
• Gender¹

For stock donations, the necessary information is collected and retained: broker, brokerage account number, and number of shares.

For monthly check donations, a specimen check is required.

For credit card donations, the following information is collected: the name on the credit card, credit card number, CVC code, and expiration date.

For online credit card donations (one-time or monthly), Centraide does not have access to credit card numbers and does not store them on its servers. Payment is handled by recognized third-party providers. In the case of credit card donations, the Digital Application does not save sensitive credit card data. You can refer to Section 4.5 of this Policy for more details on the protection of your Data processed by third parties.

¹Gender has ceased to be a collected data, but rather retained, since September 15, 2023.

4.1.1 Workplace Campaign Information (Clicdon)

Clicdon stores additional information related to the User’s workplace, including:

• Number of payrolls per year
• Solicitor
• Groups (associated team, business location)
• Previous year’s donation
• Employee number

This information is necessary for the operation of the Digital Application.

Some Users need to use a password to log in to Clicdon. This information is stored and used to provide secure access to your account.

4.2 Collection of communication preferences, interests, and related data

With the User’s consent, certain other Personal Information is collected and retained, such as communication interests and preferences. Also, information about the source of the Data (e.g., participation in an activity) may be collected and retained for analysis purposes.

4.3 Collection of technical information

Certain technical information is collected when using a digital application. This information includes, but is not limited to, device, operating system, browser, IP address, geolocation, browsing behavior (pages viewed, interactions, etc.), clicked links, source (domain name from which the link to the digital application was established), form data, and downloads, visit duration, and other data, all using cookies or similar technologies (cookies, web beacons, invisible pixels, mobile device identifiers, and tracking URLs, for example). Third parties may also collect this data on our behalf. This information allows us to measure and improve digital applications. Digital communications sent by Centraide (emails, newsletters, etc.) may contain web beacons, invisible pixels, and URLs that allow tracking interactions for measurement and improvement purposes. When using Clicdon, interaction with digital communications is associated with the User.

4.3.1 Cookies

Cookies enable the storage of certain information about the use of a digital application. These cookies, by storing user interests and preferences, for example, allow Centraide to improve digital applications and the customer experience. Other cookies are used to assess the performance of our digital applications, enhance and enrich their content, assess the performance of our ads, monitor and analyze User activities to better understand their interests and needs, to offer a more personalized experience. Cookies are also required for security or technical constraints to enable the proper functioning of digital applications. They cannot be used to extract Personal Information. Modern browsers allow you to delete or block cookies. Users who refuse cookies will still be able to access digital applications, but some services may not be functional.

4.3.2 Remarketing

To re-engage with Users who have previously visited or interacted with a Centraide digital application, a “remarketing” strategy offered by third parties may be used. This strategy allows targeting Users with new ads that correspond to their previous actions. This strategy is possible in part due to a cookie placed in the User’s browser or by using invisible pixels.

4.3.3 Profiling and Identification Technologies

Centraide may use technologies that enable User identification and profiling, including for “remarketing” and tracking interactions with the digital applications described above. However, these technologies are not enabled by default, and we will provide instructions on how to enable them.

4.4 Use of Information

The information is used for the following purposes:

• Allowing the User to make a donation, register, participate, confirm registration for events, programs, services, or communications offered by Centraide;
• Issuing tax receipts;
• Verifying the User’s identity;
• Communicating with the User, including for donation solicitation and marketing purposes;
• Personalizing services and the customer experience;
• Understanding User needs and preferences;
• Enabling Centraide to comply with its legal, regulatory, or other insurance, audit, and security requirements;
• Preventing, detecting, and, if necessary, investigating fraud and security breaches, activities that may prove prohibited or illegal; and
• Evaluating, compiling statistics, understanding User needs and preferences to improve the services offered and the features of Centraide’s digital applications and communications.

Your Personal Information may also be used for other purposes by Centraide with your consent or as permitted by law.

4.5 Disclosure to Third Parties

Centraide shares Personal Information with third-party service providers (such as credit card processors, hosting partners, marketing companies, and other technology service providers) to the extent necessary for them to provide the hardware, software, networking, storage, and other services required to operate the service and maintain a high-quality user experience. Besides the uses mentioned above, Centraide does not sell or share the information collected with third parties. In all situations where Centraide discloses Personal Information to third parties, service providers, or others, Centraide requires the recipient to protect and use Personal Information only in accordance with this Policy. Without limiting the generality of the foregoing, Centraide will impose contractual obligations on these third parties to ensure that your Personal Information receives the same level of protection as provided by this Policy. Centraide does not allow its service providers to use Personal Information for marketing purposes unless required by Centraide. As mentioned in Section 4.3, third-party analytics tools are used to measure traffic, digital application usage trends, and marketing purposes. These tools collect information sent by the user’s browser during the use of Centraide’s digital applications.

4.5.1 List of Third-Party Providers Used