PRIVACY AND INFORMATION SECURITY POLICY
Centraide Richelieu-Yamaska (“Centraide”) respects and protects your privacy. The information you provide to us is carefully stored, secure, and is not sold or disclosed to third parties, except as outlined in this policy. By using our Digital Applications (as defined below), you consent to the use and processing of your Data (as defined below) in accordance with this policy.
1 Purpose of the Policy
2 Policy Guidelines
Centraide ensures that it implements what is necessary to ensure the privacy and security of Personal Information and Confidential Information transmitted and their security, including limiting access to Data to authorized individuals who need it only, using a set of human, organizational, and technological measures. The organization recognizes the confidential nature of the Data and is committed to taking all reasonable measures to protect its confidentiality.
3.1 Personal Information
This refers to information that concerns and identifies an individual, directly or indirectly. This information may include, but is not limited to, their name, postal address, email address, banking information, and phone number.
3.2 Confidential Information
This refers to information about an entity other than an individual (e.g., a business or organization) and whose owner, author, or a reasonable person in similar circumstances would consider confidential. This information may include, but is not limited to, financial, commercial, or strategic information, such as financial statements, financial projections, and strategic planning.
3.3 Digital Application
Refers to an online service offered by Centraide, such as, but not limited to, the Centraide website: https://www.centraidery.org/, the online donation form, the digital event participation form, a digital product like Clicdon, social media, newsletters, emails, or any other medium or digital platform that allows online interaction with Centraide.
Refers to a person who uses a digital application or service.
Refers to a digital application used to manage a fundraising campaign and collect donations.
Refers collectively to Personal Information and Confidential Information.
4 Collection and Use of Information
Data collection occurs in several ways, including when a User uses a Centraide Digital Application, communicates with Centraide by phone, mail, or when submitting paper forms. Centraide only collects the Personal Information that is necessary to provide you with various services and allow you to interact with them. Whenever possible, mandatory fields and optional fields are indicated. Depending on the activities, Centraide may collect and store the following Data.
4.1 Collection of Personal or Confidential Information during a donation
When you make a donation, Centraide may collect the following Personal Information about you:
- First name and last name
- Postal address
- Email addresses
- Phone numbers
- Year of birth
- Employer’s name
- Donation history
For stock donations, the necessary information is collected and retained: broker, brokerage account number, and number of shares.
For monthly check donations, a specimen check is required.
For credit card donations, the following information is collected: the name on the credit card, credit card number, CVC code, and expiration date.
For online credit card donations (one-time or monthly), Centraide does not have access to credit card numbers and does not store them on its servers. Payment is handled by recognized third-party providers. In the case of credit card donations, the Digital Application does not save sensitive credit card data. You can refer to Section 4.5 of this Policy for more details on the protection of your Data processed by third parties.
¹Gender has ceased to be a collected data, but rather retained, since September 15, 2023.
4.1.1 Workplace Campaign Information (Clicdon)
Clicdon stores additional information related to the User’s workplace, including:
- Number of payrolls per year
- Groups (associated team, business location)
- Previous year’s donation
- Employee number
This information is necessary for the operation of the Digital Application.
Some Users need to use a password to log in to Clicdon. This information is stored and used to provide secure access to your account.
4.2 Collection of communication preferences, interests, and related data
With the User’s consent, certain other Personal Information is collected and retained, such as communication interests and preferences. Also, information about the source of the Data (e.g., participation in an activity) may be collected and retained for analysis purposes.
4.3 Collection of technical information
Certain technical information is collected when using a digital application. This information includes, but is not limited to, device, operating system, browser, IP address, geolocation, browsing behavior (pages viewed, interactions, etc.), clicked links, source (domain name from which the link to the digital application was established), form data, and downloads, visit duration, and other data, all using cookies or similar technologies (cookies, web beacons, invisible pixels, mobile device identifiers, and tracking URLs, for example). Third parties may also collect this data on our behalf. This information allows us to measure and improve digital applications. Digital communications sent by Centraide (emails, newsletters, etc.) may contain web beacons, invisible pixels, and URLs that allow tracking interactions for measurement and improvement purposes. When using Clicdon, interaction with digital communications is associated with the User.
To re-engage with Users who have previously visited or interacted with a Centraide digital application, a “remarketing” strategy offered by third parties may be used. This strategy allows targeting Users with new ads that correspond to their previous actions. This strategy is possible in part due to a cookie placed in the User’s browser or by using invisible pixels.
4.3.3 Profiling and Identification Technologies
Centraide may use technologies that enable User identification and profiling, including for “remarketing” and tracking interactions with the digital applications described above. However, these technologies are not enabled by default, and we will provide instructions on how to enable them.
4.4 Use of Information
The information is used for the following purposes:
- Allowing the User to make a donation, register, participate, confirm registration for events, programs, services, or communications offered by Centraide;
- Issuing tax receipts;
- Verifying the User’s identity;
- Communicating with the User, including for donation solicitation and marketing purposes;
- Personalizing services and the customer experience;
- Understanding User needs and preferences;
- Enabling Centraide to comply with its legal, regulatory, or other insurance, audit, and security requirements;
- Preventing, detecting, and, if necessary, investigating fraud and security breaches, activities that may prove prohibited or illegal; and
- Evaluating, compiling statistics, understanding User needs and preferences to improve the services offered and the features of Centraide’s digital applications and communications.
Your Personal Information may also be used for other purposes by Centraide with your consent or as permitted by law.
4.5 Disclosure to Third Parties
Centraide shares Personal Information with third-party service providers (such as credit card processors, hosting partners, marketing companies, and other technology service providers) to the extent necessary for them to provide the hardware, software, networking, storage, and other services required to operate the service and maintain a high-quality user experience. Besides the uses mentioned above, Centraide does not sell or share the information collected with third parties. In all situations where Centraide discloses Personal Information to third parties, service providers, or others, Centraide requires the recipient to protect and use Personal Information only in accordance with this Policy. Without limiting the generality of the foregoing, Centraide will impose contractual obligations on these third parties to ensure that your Personal Information receives the same level of protection as provided by this Policy. Centraide does not allow its service providers to use Personal Information for marketing purposes unless required by Centraide. As mentioned in Section 4.3, third-party analytics tools are used to measure traffic, digital application usage trends, and marketing purposes. These tools collect information sent by the user’s browser during the use of Centraide’s digital applications.
4.5.1 List of Third-Party Providers Used
5 Security Measures and Transfer of Your Information
We implement appropriate physical, technical, and organizational measures to protect your Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure, including the use of firewalls and encryption technologies. All personal or confidential information we collect will be stored on our secure servers or secure servers of third-party providers. Data collected, both digitally and physically (on a paper form, for example), is kept in secure environments. Multi-factor authentication is enabled, when available, in various Digital Applications. All electronic transactions conducted through our Digital Applications are protected by SSL encryption technology. If we need to transfer your Personal Information outside of Quebec, we will do so in accordance with applicable laws and ensure that our service providers outside of Quebec do the same. We will also implement contractual clauses to ensure the protection of Personal Information. By using our Digital Applications, you consent to such transfer of your Personal Information, as applicable.
Centraide takes reasonable steps to ensure that only its employees who actually need access to your Data can do so. Centraide’s employees, volunteers, collaborators, and agents are required to respect the confidentiality of Data and comply with the internal information technology usage policy. Employees’ devices are protected. Security and access management measures are implemented so that only individuals who need access to the information in the course of their duties can do so. Regular monitoring of access management is conducted.
6 Right to Rectify, Withdraw, and Describe
In accordance with the law, the User may request that their Personal Information be corrected, destroyed, or no longer used, unless required by legal obligations, or obtain a copy of it. They may also withdraw their consent to the collection and use of their Personal Information. If this applies to you, Centraide will inform you of the impact that your decision may have on your use of the Digital Applications. Before processing your request, Centraide may also request information to identify you. Centraide retains the Personal Information collected for a reasonable period to fulfill the purpose for which it was collected or to comply with legal requirements. After this time period, it is subsequently destroyed in accordance with legal requirements. In the case of electronic marketing or promotional communications, the user can unsubscribe using the unsubscribe link in the communications or by contacting Centraide.
7 User Responsibility
The User must ensure that the equipment with which they receive or transmit Data to/from Centraide is secure. Centraide cannot be held responsible for involuntary access to Data resulting from vulnerability or negligence on the User’s equipment. The User has a role to play in protecting their Data. The User is responsible for protecting their username and password, if applicable. This information can be used to access, for example, Clicdon. If the User believes that their password has been compromised, it is their responsibility to change it and notify Centraide as soon as possible.
8 External Links
Centraide’s Digital Applications may provide links to other websites and content. Centraide is not responsible for their content and cannot be held liable for any damages of any kind arising from the navigation and use of these sites.
This Policy is revised from time to time and filed with Centraide’s Board of Directors. By continuing to provide your Data and use Centraide’s Digital Applications after a modification of the Policy, you agree to these changes.
10 Policy Application
The Executive Director of Centraide is responsible for the implementation of this Policy, and the Board of Directors delegates the authority to take any action to ensure compliance. The Executive Director may be assisted by any member of Centraide’s staff by granting relevant mandates.
10.1 Personal Information Protection Officer
For any questions, concerns, or complaints regarding the application of this Policy and the processing of your Data, here are the contact details of the Personal Information Protection Officer:
Phone: 450 773-6679 ext. 212
11 For More Information
Contact Centraide for more details.
1443 rue des Cascades, suite 204 Saint-Hyacinthe (Quebec) J2S 3H6
Phone: 450 773-6679