You have a right to know the types of information CRCVC collects and how and why we collect and use it. You also have a right to choose whether you wish to provide us with Personal Information or have it collected by us.
This policy also complies with the requirements of Canada’s Anti-Spam Legislation (CASL) to ensure that appropriate consent has been obtained prior to sending electronic communications subject to CASL and that required unsubscribe mechanisms are readily available.
We are required to have written website privacy statements in accordance with our obligations under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and other applicable privacy legislation. We have posted visible links to this Policy on various pages of our website and have made a reasonable effort to ensure that you are advised of the purposes and terms under which your Personal Information will be used.
Please read this Policy carefully to make sure you understand how your Personal Information will be treated as you make use of our website.
By using our website, you agree to and are aware of the terms of this Policy.
What is Personal Information? Personal information is any information, in any form, about an identified individual or an individual whose identity may be inferred or determined from such information (such as your name, residential and e-mail addresses, telephone and fax numbers, membership, subscription and conference information, credit information and billing records) (“Personal Information”). Publicly available information such as the name, address, telephone and fax numbers of a business are not considered personal information.
Please note that this Policy does not cover business contact information (e.g. name, title, business address, business telephone and fax numbers, business e-mail addresses, etc.), anonymous aggregate information or data from which the identity of an individual cannot be determined. Subject to any agreement between CRCVC and you otherwise, we retain the right to use and disclose such information and data in any way that we determine appropriate.
Application. This Policy applies to all Personal Information collected by us including Personal Information we collect from you through our website (when you subscribe to our newsletter, make a donation, or visit anonymously), any portals we may have, as well as Personal Information provided to us by individuals who are, represent or work for our clients, contractors, service providers, agents, partners, and affiliated entities.
What Personal Information Do We Collect? As a general policy, we do not automatically collect personally identifiable information, such as your name, address, or e-mail address when you visit our website. However, certain non-Personal Information is recorded by the standard operation of our internet servers. Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.
Our various mailing lists, downloads, special offers, contests, registration forms, and surveys may request that you give us contact information such as your name, mailing and/or email address, demographic information such as your age and gender, and personal preference information such as your preferred software and interests. Any information you provide to us will be used by us only as necessary for our legitimate business interests, including without limitation the improvement of our products, services and the contents of our website. We will take all reasonable steps to document the purposes for which Personal Information is collected on our website.
We do not store any credit card information we may receive in regard to a specific transaction and/or billing arrangement except as necessary to complete and satisfy our rights and obligations with regard to such transaction, billing arrangement, and/or as otherwise authorized by you.
How Do We Collect Your Personal Information? We collect Personal Information from individuals who subscribe to our newsletter, make a charitable donation to us, volunteer with us, or request information from us.
We also collect Personal Information from individuals who respond to online or email surveys, or provide information to us in person, in writing, by fax or over the telephone when asked for such information.
We use only fair and lawful methods to collect Personal Information.
What Do We Use Your Personal Information For? We use Personal Information for the following purposes:
- to inform you of what we are doing and what we need, such as: donation opportunities, fundraising initiatives, opportunities for you to volunteer, advising you of special and third-party events, and to inform you of other activities and developments that might be of interest to you;
- or the performance and delivery of our services;
- – for the performance and delivery of education and training sessions and webinars;
- to process transactions for the purchase of goods and services;
- to improve our products and services;
- to improve our website;
- to comply with our statutory obligations or any judicial order or judiciary rule of procedure;
- to generate statistical data that, to the extent that anonymized data ceases to be personal data, we may use for a variety of purposes.
Unless permitted or required by the applicable laws, or as otherwise set out in this Policy, we do not use Personal Information for other purposes.
How Do We Use Your Data for Fundraising? We may, occasionally, send you information by electronic means (this includes email, telephone, text message (SMS) or automated calls) about our charitable programs which may be of interest to you.
We will also regularly send you information via email/SMS/other automated means to ask about your fundraising preferences. We will also ask you to confirm whether you would like us to send you fundraising messages when you tick the relevant boxes when you, for instance, complete a survey or application online.
If you have consented to receive emails, telephone, text message (SMS) or automated calls from us, you can opt out at any time.
How We Disclose Personal Information. We do not sell or rent or trade Personal Information. We do share your Personal Information with trusted entities, including affiliated third parties, as outlined below.
We share Personal Information with other CRCVC affiliated entities in order to provide our services and products and for internal administration purposes;
We also share Personal Information with a limited number of our service providers, such as the providers who host our website, complete data analysis, information technology and related infrastructure, customer service, email delivery, direct mail programs, auditing services and the publisher of our newsletter. These service providers may need to access Personal Information to perform their services. We authorize such service providers to use or disclose the Personal Information only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Information they process on our behalf. Our service providers are predominantly located in Canada and the United States of America.
In the event that we enter into, or intend to enter into, a transaction that alters the structure of our organization, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our organization, we may share Personal Information with third parties for the purpose of facilitating and completing the transaction.
When disclosing Personal Information to a third party (subject to the conditions outlined above), we will require, through contractual or other reasonable means, that the third party follows a standard or policy comparable to this Policy to protect the Personal Information.
In addition to the above circumstances of disclosure set out above, in certain circumstances, Personal Information subject to PIPEDA or other privacy legislation that applies to us, may be used or disclosed without the knowledge or consent of the individual concerned. Such circumstances include, but are not limited to:
- the purpose for which the information was obtained or compiled by us, or for a use consistent with that purpose;
- complying with a subpoena, warrant or order issued by a court, person or body with authority to require that the information be produced; or complying with rules of the court relating to producing the information;
- an investigative body specified in the regulations for enforcing laws or carrying out a lawful investigation;
- our directors, officers or employees for internal audit purposes;
- a situation where disclosure would clearly benefit the individual to whom the information relates.
How Long Do We Keep Personal Information? We keep your Personal information only as long as we believe it is required to be used and kept in view of the reasons for which it was collected and purposes for which it will be used. The length of time we will retain Personal Information varies depending on the purpose(s) for which it was collected and the nature of the Personal Information. This period may extend beyond the end of your relationship with us but it will be only for so long as we believe it to be necessary for us to have sufficient Personal Information to respond to any issues that may arise at a later date.
Accuracy of Personal Information. We will take all reasonable steps to ensure that Personal Information is as accurate, up-to-date and complete as possible.
When Will We Dispose of Personal Information? We will dispose of Personal Information under our control in accordance with PIPEDA or other privacy legislation that applies to us relating to the disposal of such information.
Responsibility. All of our employees and volunteers who collect, maintain and/or use Personal Information are responsible for ensuring that the collection, use and disclosure of this information is carried out in accordance with this Policy and relevant procedures.
Our Privacy Officer is responsible for ensuring compliance with the law and for initiating the development of procedures, guidelines and schedules to bring this policy into effect.
Internet Security. Our website uses encryption, firewall and other technologies to ensure the security of Personal Information. Although we will make every reasonable effort to protect Personal Information from loss, misuse or alteration by third parties, Internet users should be aware that there is always some risk involved in transmitting Personal Information over the Internet.
Embedded Scripts. An embedded script is a programming code that is designed to collect information about your interactions with our website, such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third-party service provider. The code is active only while you are connected to our website, and is deactivated or deleted once you disconnect from the website.
Malware/Spyware/Viruses. We do not knowingly permit the use of malware, spyware, viruses, and/or other similar types of software.
Choice/Opt-Out. Our website may provide you the opportunity to opt-in to receive communications from us at the point where we request information about you. You always have the option of unsubscribing from any e-mail list in order to discontinue any such future communications. In order to ensure immediate removal from any list, please follow the specific instructions set forth within the communications you receive from us which you no longer wish to receive. If you are unsuccessful in completing the instructions specified in any such communication, please e-mail us at email@example.com, including a copy of the undesired email attached to the request, and state you wish to be removed from the mailing list.
Transfer of Information Across International Borders. Hard copies of some Personal Information is stored by us in Ontario, Canada. Electronic copies of your Personal Information are stored on servers and/or operated by or for us in Ontario, Canada. Personal Information collected from or about you offline may also be stored in Canada.
However, in certain circumstances, unless prohibited by applicable privacy legislation, Personal Information may also be accessed, transferred and stored outside of Canada by our contractors, service providers and affiliates. Where Personal Information is accessed, transferred or stored outside of Canada where privacy laws may offer different levels of protection from those in Canada, your Personal Information may be subject to access by and disclosure to law enforcement agencies under the applicable foreign legislation.
How Do We Protect Your Personal Information? We employ a variety of physical, technical and organizational security measures to maintain the safety of Personal Information. We offer the use of a secure server. All sensitive financial (e.g. credit card) information, any information provided via our website or portals is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database, where it is only accessible by those authorized with special access rights to such systems, and who are required to keep the information confidential.
What Do We Do in Case of a Security Breach? A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of Personal Information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving Personal Information under our control, we will notify you and the appropriate federal or provincial Privacy Commissioners in Canada if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm. We will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach.
Contact Information for Complaints or Concerns. In the event of questions about: (i) our collection, use, disclosure or storage of Personal Information; or (ii) this Policy; please contact CRCVC’s Privacy Officer by sending an e-mail to firstname.lastname@example.org, or by regular mail at:
Canadian Resource Centre for Victims of Crime
Centre canadien de ressources pour les victimes de crimes
Attn: Privacy Officer
100 – 141 rue Catherine Street
Ottawa, Ontario. K2P 1C3
For more general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at:
Information and Privacy Commissioner
112 Kent Street
Ottawa, Ontario K1A 1H3
If you do not agree to the terms of this Policy, you should exit the website or any portal you may have entered, and cease use of all CRCVC services immediately, or contact us to withdraw your consent where applicable. Your continued use of our website, or any portal we may have made available or any of our services following the posting of any changes to this Policy means you agree to be bound by the terms of this Policy to the greatest extent permitted by law.
Last Updated: April 21, 2020