The Burgundy Legacy Foundation (the “Foundation”) is a registered Canadian charity located in Toronto, Canada. In Canada, privacy legislation has been enacted at both the federal and provincial levels, and the Foundation is subject to these laws. The Foundation is committed to protecting the privacy and confidentiality of the Personal Information of our donors, prospective donors, board members, staff, and other stakeholders that is in our possession. Here are the ways we fulfill these commitments.
We only ask for necessary Personal Information
The Foundation collects, uses and discloses Personal Information from our donors to identify and help them meet their philanthropic needs, process their donations, provide tax receipts, direct their gifts in the manner in which they choose, keep them informed about gift giving opportunities and the Foundation activities, and comply with federal and provincial legal and regulatory guidelines.
Where donors make gifts to a Donor Advised Fund, unless donor anonymity is requested, the Foundation may disclose donation-related information. All donors have the right to request anonymity. The personal information disclosed to the Foundation includes the donor’s name, mailing and/or email address and the donation amount. The information received will be used solely for the purpose of acknowledging donors and stewarding donations and will not be shared or used for any other purpose.
The Foundation also collects, uses and discloses Personal Information from our donors, board members, staff and other volunteers to keep them informed about our activities, assist them in performing their roles in the organization, supporting their ongoing training and development, and comply with federal and provincial guidelines and reporting requirements.
To help us keep our records accurate and complete, we obtain your consent for collecting, using and disclosing Personal Information for the identified purposes before such information is collected for the first time. We also seek the consent of our donors to disclose their name or the name of their personal/family fund in Burgundy Legacy Foundation publications and reports. Once this consent has been obtained, we do not seek consent again, unless the purpose, use or disclosure of your personal information changes. Donors may decline to share certain Personal Information with us, in which case we may not be able to provide you with services. At any time, you may object to the processing of your Personal Information, on legitimate grounds, except if otherwise permitted by applicable law.
We safeguard and limit access to Personal Information
We keep Personal Information in a computer system, which can only be accessed by authorized employees using secure passwords. We have installed anti-hacking hardware to prevent unauthorized access to the computer system. For disaster recovery purposes, we maintain a duplicate computer system in an offsite location. This system has the same privacy and security measures as are in our main offices. We may also keep paper copies of Personal Information in filing cabinets in our office.
We prevent unauthorized disclosure of Personal Information
All Foundation personnel are trained to keep Personal Information private and confidential. We require our board members, staff, and any other people working with the Foundation to sign confidentiality agreements, which contractually obliges them to respect and protect Donors’ Personal Information. We prohibit disclosure of any Donors’ Personal Information to a third-party without the Donor’s explicit consent, or unless the Foundation is, by law, required or permitted to do so. We shred paper documents containing Donors’ Personal Information before discarding such documents. When electronically stored Personal Information is no longer required for contractual or regulatory purposes, we delete the information from our computer systems.
Requests for access to Personal Information
Upon request, the Foundation will provide Donors with the Personal Information we hold or process on their behalf. To protect our Donors’ Personal Information, we follow strict storage and disclosure procedures prior to disclosing such information. If the Foundation receives a notification from a Donor requesting deletion or return of Personal Information, to the extent permitted by law, the Foundation will remove such data from our records and evidence its removal or return of information in a manner consistent with regulatory requirements. Our retention periods for Personal Information are based on business needs and legal requirements. We retain Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose.
Outside Service Suppliers
Use of information collected via the Internet
If you use the internet to communicate with us or access our website, certain information about your computer or device may automatically be generated, collected and logged by Web servers. This information may include the Internet Protocol (IP) Address assigned to your computer by your Internet Service Provider (ISP), the type of browser you are using, the general location of your computer, click rates, manufacture and Web pages visited. We may, from time to time, use this information to monitor website usage, resolve technical issues, improve functionality and evaluate website or application popularity.
The Internet is not a secure medium and complete privacy, security and confidentiality cannot always be assured. While the Foundation implements reasonable and effective security controls to protect its data assets, you acknowledge that any improper use of the website may lead to unauthorized disclosure of your Personal Information. The Foundation shall not be responsible or liable for any harm that you or any other person may suffer in connection with any such breach of confidentiality or security.
The Foundation has implemented security measures and processes to help protect against the loss, misuse, theft and unauthorized access of the Personal Information under our control. Only the Foundation employees and authorized third parties who have a legitimate business need or legal requirement to access and/or process your Personal Information will be permitted to do so. General entry to our offices is secured and cannot be accessed by unauthorized personnel.
Please exercise care and judgement whenever sending Personal Information to us or any other parties via email. Because of the inherent risks associated with the electronic transmission of information on the internet or otherwise, the Foundation does not guarantee the security and integrity of any electronic communications sent or received in relation to the services provided to you.
Reporting privacy breaches
A privacy breach is the loss of, unauthorized access to, or disclosure of, Personal Information resulting from a breach of an organization’s security safeguards. Upon the occurrence of a privacy breach or a potential privacy breach, the Foundation will investigate and evaluate the implications of the breach of security safeguards. The Foundation will report the breach to the appropriate regulatory body and/or applicable organization as soon as feasible after we have determined the breach occurred and such reporting will occur within the prescribed timelines for certain jurisdictions. We will also notify affected individuals if the breach creates a real risk of significant harm to an individual as soon as feasible after the organization determines that the breach has occurred, unless giving notice is otherwise prohibited by law. The Foundation will take immediate steps to prevent future breaches after taking all necessary steps to mitigate the risks associated with a breach of security safeguards.
We may disclose information to regulators, government agencies only when required
We may be required to disclose your Personal Information to domestic and international governments, government agencies, tax authorities, law enforcement agencies, securities regulators and other regulators, and will only do so when required by law.
Raising a complaint about how we have handled your Personal Information
If you wish to raise a complaint on how we have handled your Personal Information, you can contact us directly and we will investigate the matter. If you are not satisfied with our response or believe we are not processing your Personal Information in accordance with applicable law, you may make a complaint to your local Privacy Commissioner’s Office.