Privacy Policy

The Burgundy Legacy Foundation (the “Foundation”) is a registered Canadian charity located in Toronto, Canada. In Canada, privacy legislation has been enacted at both the federal and provincial levels, and the Foundation is subject to these laws. The Foundation is committed to protecting the privacy and confidentiality of the Personal Information of our donors, prospective donors, board members, staff, and other stakeholders that is in our possession. Additionally, we are committed to ensuring that anyone who accesses our website understands what data may be collected, how we may use it, and how to opt out of sharing any information. Here are the ways we fulfill these commitments.

We only ask for necessary Personal Information

The Foundation collects, uses and discloses Personal Information from our donors to identify and help them meet their philanthropic needs, process their donations, provide tax receipts, direct their gifts in the manner in which they choose, keep them informed about gift giving opportunities and the Foundation activities, and comply with federal and provincial legal and regulatory guidelines.

Where donors make gifts to a Donor Advised Fund, unless donor anonymity is requested, the Foundation may disclose donation-related information. All donors have the right to request anonymity. The personal information disclosed to the Foundation includes the donor’s name, mailing and/or email address and the donation amount. The information received will be used solely for the purpose of acknowledging donors and stewarding donations and will not be shared or used for any other purpose.

The Foundation also collects, uses and discloses Personal Information from our donors, board members, staff and other volunteers to keep them informed about our activities, assist them in performing their roles in the organization, supporting their ongoing training and development, and comply with federal and provincial guidelines and reporting requirements.

To help us keep our records accurate and complete, we obtain your consent for collecting, using and disclosing Personal Information for the identified purposes before such information is collected for the first time. We also seek the explicit consent of our donors to disclose their name or the name of their personal/family fund in Burgundy Legacy Foundation publications and reports. Once this consent has been obtained, we do not seek consent again, unless the purpose, use or disclosure of your personal information changes. Donors may decline to share certain Personal Information with us, in which case we may not be able to provide you with services. At any time, you may object to the processing of your Personal Information on legitimate grounds (except if otherwise permitted by applicable law), or withdraw consent to its usage.

We safeguard and limit access to Personal Information

We keep Personal Information in our computer system, which can only be accessed by authorized employees using secure passwords. We have installed anti-hacking hardware to prevent unauthorized access to the computer system. For disaster recovery purposes, we maintain a duplicate computer system in an offsite location. This system has the same privacy and security measures as are in our main offices. We may also keep paper copies of Personal Information in filing cabinets in our office, which premises are only accessible to employees, visitors who are accompanied while in our offices, and limited service providers under contract with us who are required to adhere to our privacy and security measures

For Donors in Quebec, your personal information will be communicated outside of the province as our servers and our back office operational functions are located in Ontario. In addition, employees in our B.C. office may have access to your records via their access to our computer systems. Finally, certain service providers located outside of Quebec may have access to your personal information, as described in more detail below under “We share necessary information with outside service providers.”

We prevent unauthorized disclosure of Personal Information

All Foundation personnel are trained to keep Personal Information private and confidential. We require our board members, staff, and any other people working with the Foundation to sign confidentiality agreements, which contractually obliges them to respect and protect Donors’ Personal Information. We prohibit disclosure of any Donors’ Personal Information to a third-party who is not a contracted service provider without the Donor’s explicit consent, or unless the Foundation is, by law, required or permitted to do so. We shred paper documents containing Donors’ Personal Information before discarding such documents. When electronically stored Personal Information is no longer required for contractual or regulatory purposes, we delete the information from our computer systems.

We honour requests for access to Personal Information

Upon request by a Donor, the Foundation will provide Donors with the Personal Information we hold or process on their behalf. To protect our Donors’ Personal Information, we follow strict storage and disclosure procedures prior to disclosing such information. If the Foundation receives a notification from a Donor requesting correction, deletion or return of Personal Information, to the extent permitted by law, the Foundation will correct such data or remove such data from our records and evidence its removal or return of information in a manner consistent with regulatory requirements. Our retention periods for Personal Information are based on business needs and legal requirements. We retain Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose.

We share necessary information with outside service suppliers

We do not provide directly all the services related to your relationship with us. We may use service providers to perform specialized services on our behalf including, but not limited to, issuing your tax receipts, storing of Personal Information including cloud services, processing transactions or other data processing. Our service providers may at times be responsible for handling and processing your Personal Information and as such, are considered to be data processors. Some of these third parties may be located outside of Quebec (for Quebec residents), Canada, or the U.S. and/or may house some of the Personal Information outside of Quebec (for Quebec residents), Canada, or the U.S. As a result, your Personal Information may be accessible to foreign regulatory authorities and subject to foreign laws. However, our service providers are given only the information necessary to perform the required services and are subject to regulatory requirements imposing data security obligations on the ways in which they process Personal Information. In addition, we require our service providers and data processors to protect the information in a manner that is consistent with our Privacy Policy as well as the security practices and regulations applicable in their province or country of jurisdiction.

We collect information via cookies on our Website

If you access our website, certain information about your computer or device will automatically be generated, collected and logged by technological means such as cookies and related technologies like pixel, tags or beacons (collectively referred to as “cookies”). This information may include the type of browser you are using, your general geographic location, device models, iOs version, click rates, and web pages visited. Note that these cookies by themselves do not identify you personally or tell us your email address, and your Internet Protocol (IP) Address is anonymized by default. The data collected is aggregated and used to analyze the number of unique visitors to our site and geographic origin trends, but not to identify individual site visitors.

A notification banner will appear on our website allowing you to manage your consent to collect cookies. Below are the types of cookies we collect and how withholding your consent would affect certain features of the site:

  • Strictly necessary and functional cookies: these are essential to enable users to navigate the website and use its features. They must be enabled and cannot be blocked, or the site will not function properly.
  • Analytics and performance cookies: these gather data to enhance performance of the site. You can manage your consent for performance cookies by using the cookie banner or by updating your browser’s setting (generally under the Tools or Preferences menu) to decline cookies.

We may, from time to time, use cookies and the information they generate to:

  • Improve your user experience – for example, make certain content or pages more readily accessible.
  • Enable certain website functions – for example, set your language preferences.

If you would like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Note that if you delete or refuse to accept cookies, you might not be able to use all of our website features or to store your preferences, and some of our site pages may not display properly.

Website usage

The Internet is not a secure medium and complete privacy, security and confidentiality cannot always be assured. While the Foundation implements reasonable and effective security controls to protect its data assets, you acknowledge that any improper use of the website may lead to unauthorized disclosure of your Personal Information. The Foundation shall not be responsible or liable for any harm that you or any other person may suffer in connection with any such breach of confidentiality or security.

We have implemented security measures

The Foundation has implemented security measures and processes to help protect against the loss, misuse, theft and unauthorized access of the Personal Information under our control. Only the Foundation employees and authorized third parties who have a legitimate business need or legal requirement to access and/or process your Personal Information will be permitted to do so. General entry to our offices is secured and cannot be accessed by unauthorized personnel.

Please exercise care and judgement whenever sending Personal Information to us or any other parties via email. Because of the inherent risks associated with the electronic transmission of information on the internet or otherwise, the Foundation does not guarantee the security and integrity of any electronic communications sent or received in relation to the services provided to you.

We may report privacy breaches

A privacy breach is the loss of, unauthorized access to, or disclosure of, Personal Information resulting from a breach of an organization’s security safeguards. Upon the occurrence of a privacy breach or a potential privacy breach, the Foundation will investigate and evaluate the implications of the breach of security safeguards. The Foundation will report the breach to the appropriate regulatory body and/or applicable organization as soon as feasible after we have determined the breach occurred and such reporting will occur within the prescribed timelines for certain jurisdictions. We will also notify affected individuals if the breach creates a real risk of significant harm to an individual as soon as feasible after the organization determines that the breach has occurred and is reportable, unless giving notice is otherwise prohibited by law. The Foundation will take immediate steps to prevent future breaches after taking all necessary steps to mitigate the risks associated with a breach of security safeguards.

We may disclose information to regulators and agencies only when required by law

We may be required to disclose your Personal Information to domestic and international governments, government agencies, tax authorities, law enforcement agencies, securities regulators and other regulators, and will only do so when required by law.

Raising a complaint about how we have handled your Personal Information

If you wish to raise a complaint on how we have handled your Personal Information, you can contact us directly and we will investigate the matter. If you are not satisfied with our response or believe we are not processing your Personal Information in accordance with applicable law, you may make a complaint to your local Privacy Commissioner’s Office.