The Canadian Red Cross Privacy Policy
-
Key Points
-
Privacy Policy
-
Our Mission
-
Personal Information Collection
-
Why We Collect Personal Information and How We Use It
-
Cookies & Online Tracking Tools
-
Sharing and Disclosure of Personal Information
-
Protection of Personal Information
-
Consent to Collect, Use and Disclose
-
Accuracy and Individual Access to Personal Information
-
Contact Us
-
Changes to this Privacy Policy
1. Key Points
The Canadian Red Cross Society (referred to below as “CRCS”, “we”, or “us”) understands that your time is valuable. Therefore, below we have set out some important key points of our Privacy Policy. You can obtain more information about how we collect, use, disclose and protect your personal information by reviewing our full Privacy Policy or clicking on the links provided below. We encourage you to read our full Privacy Policy, as it contains important information for you.
What personal information do we collect and how do we collect it?- The type of personal information we collect depends on the type client you are – Services Recipient, Donors/Prospective Donor (“Donor”), Registered Trainee, Volunteer/Employee Applicant (“Applicant”) or General Contact (collectively, “Client(s)”).
- Service Recipients: We collect personal information directly from Services Recipients, including name, date of birth, address, phone number, email, emergency address, gender and name(s) of partners, children, and/or household members. We may collect additional personal information through needs assessment, case management and evaluation, including through surveys. We may also collect additional information through third parties in the course of evaluations. Services Recipients may also provide additional information by choosing to fill out free-text fields on Our OnlinePlatforms.
- Donors: We collect personal information directly from Donors, including name, contact information and payment information necessary to process a donation. We may also collect a Donor’s personal information from Donor Lists that we rent from other organizations.
- Registered Trainees: We collect personal information directly from Registered Trainees, including name, date of birth, contact information and details regarding the type of training received.
- Applicants: We collect personal information directly from Applicants, including name, date of birth, contact information and details of employment or volunteer history.
- General Contacts: We collect personal information directly from General Contacts, including name, phone number, inquiry type and postal code.
- We also use Cookies and Google Analytics on our online platforms.
Why do we collect personal information and how do we use it?
- The reason that we collect your personal information depends on the type of Client you are- Services Recipient, Donor, Registered Trainee, Applicant or General Contact.
- We collect Services Recipient personal information to facilitate the use of our Services. We may use personal information about Services Recipients for research purposes, program evaluation and optimizing the quantity and quality of our Services.
- We collect Donor personal information for the purposes of fundraising and marketing, to facilitate donations and to report to you on how we are using your donation.
- We collect Registered Trainee personal information to facilitate CRCS training activities, such as online courses and in-person classes.
- We collect Applicant personal information to process inquiries and applications related to career and volunteer opportunities at CRCS.
- We collect General Contact personal information in order to facilitate communication with us. Additionally, we use email addresses and phone numbers to contact Clients to resolve inquiries and reply to questions.
- Personal information that we collect about devices and use of Our Online Platforms through Cookies and other online trackers is used in aggregate and de-identified form to evaluate and improve our services.
How do we share or disclose personal information?
- We will never sell or rent Client personal information to otherorganizations.
- We may share Services Recipient personal information with government for the purposes of assessment, assistance, funding, advocacy or humanitarian diplomacy.
- We use Third Party Service Providers who may require access to Client personal information in order to perform services for us, such as back-office support functions and website administration services on Our OnlinePlatforms.
- We may disclose or share Client personal information for fraud prevention or as otherwise permitted or required by applicable law, including to law enforcement, courts and regulatory authorities.
- We may share Applicant personal information with third parties, such as employers, for the purpose of verifying credentials, providing evaluation or assessment of our training programs.
- We may share limited Applicant personal information with third party background check services with the Applicant’s express consent at the time of collection.
- We have implemented Safeguards to protect personal information under our control. We regularly review our practices to ensure they align with reasonable practices appropriate to the level of sensitivity of the information, in order to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
- Although we take steps to safeguard the personal information under our control, "perfect security" does not exist online or elsewhere. In particular, we cannot guarantee the security of information posted or transmitted using Our Online Platforms or via email. It is possible that third parties may unlawfully intercept or access such information.
- Clients may request access to and review of their personal information in our possession, subject to certain limitations.
- Clients may also request that we change or delete their personal information in our possession, which we will make best efforts to comply with, subject to certain limitations.
- Although we generally endeavor to store personal information in Canada, we sometimes use cloud services provided by Third Party Service Providers to store personal information that we collect, including Third Party Service Providers located outside Canada. This means that your personal information may be transferred to, or stored in, another country and accessible to foreign courts, law enforcement and national security authorities. A structured review process and additional revisions are completed as dictated by legal and legislativerequirements, and we will provide transparency regarding any transfer or storage of your information outside Canada.
- We may amend our Privacy Policy from time-to-time. Please check Our Online Platforms regularly for updates.
- You can contact us any time with questions, complaints or requests to access, amend or rectify your personal information.
2. The CRCS Privacy Policy
At the Canadian Red Cross Society (referred to below as “CRCS”, “we” or “us), we believe that you should understand the way in which we collect, use, disclose and protect your personal information.
We operate on several electronic platforms and domains, including redcross.ca, and service portals such as our Emergency Management Information System (“EMIS”), MyRC, eShop, Taleo (collectively referred to as, “Our Online Platforms”).
“Personal information” is any information that directly or indirectly identifies you. However, this Policy does not apply to information that is publicly available, as defined by applicable laws.
3. Our Mission
Our mission is to help people and communities in Canada and around the world in times of need and support them in strengthening their resilience.
4. What Personal Information Do We Collect and How Do We Collect It?
The personal information we collect depends upon the type of CRCS client you are – Services Recipient, Donor, Registered Trainee, Volunteer/Employee Applicant (“Applicant”) or General Contact (collectively, our “Clients”).
A “Services Recipient” either uses or has requested to use CRCS services or has provided their information in connection with a request for an assessment of needs.
A “Donor” makes a donation of money, securities or gifts-in-kind to the CRCS or has indicated to the CRCS or to its agents an intention to make a donation. A Donor also includes prospective donors whose contact information is included on the Donor Lists that CRCS has rented from other organizations.
A “Registered Trainee” has registered for CRCS training other than in their capacity as a CRCS employee, volunteer, student or contractor.
An “Applicant” has inquired about or applied for a career or volunteer opportunity with CRCS.
Finally, a “General Contact” is an individual other than those described above, who contacts the CRCS for any reason, either via Our Online Platforms, email, telephone, fax, in person or otherwise.
1. Personal Information about Services Recipients
When Services Recipients apply or register for our Services, they are generally required to provide personal information including their name, date of birth, address, phone number, email, emergency address, gender, language preference or similar information regarding their partner and/or children or other household members. We may need to collect additional service-specific information and/or documents, depending on the situation.
We collect personal information from Services Recipients in the following ways:
- Our Online Platforms: Services Recipients can sign up to receive access to the Services through the Our Online Platforms, such as EMIS.
- In person through a CRCS representative: Services Recipients can sign up to receive access to the Services in person at a designated CRCS location, such as a CRCS office.
- Over the phone: Service Recipients can provide personal information to CRCS representatives over the phone, including through our call centres and other personnel.
- Social Media: Services Recipients can provide personal information to CRCS representatives through our social media accounts, such as Facebook and Instagram. In these situations, we attempt to collect as little personal information as possible (full name and phone number), and redirect the Service Recipient to one of Our Online Platforms.
Some Services Recipients may choose to provide additional information. For example, in the “General Information Box” free-form field on Our Online Platforms, Services Recipients may provide any other information that they consider relevant to their application for Services. In order to prevent Services Recipients from disclosing sensitive information unnecessarily, we note next to the General Information Box that Services Recipients should not provide sensitive information such as medical or financial information.
2. Personal Information about Donors
When Donors provide donations or an intention to donate, they are generally required to provide certain personal information including name, contact information and payment information required to process their donation.
The following is a list of the specific ways we collect Donor personal information:
- Donor Lists: CRCS rents donor lists containing contact information for Donors from other organizations (“Donor Lists”). We use a Third-Party Service Provider to facilitate rental of Donor Lists.
- Mail Solicitation: We collect the name, contact information and payment information of a Donor who responds to solicitations through the mail (“CRCS Mail Solicitation”).
- Electronic Donations: We collect the name, contact information and payment information of a Donor who donates electronically via Our OnlinePlatforms.
- Face-to-Face and Telemarketing: We collect the name, contact information and payment information of a Donor who donates via face-to-face canvassers or through a telemarketing campaign.
- Text-to-Donate: We only receive the cell phone number of a Donor who donates via a text message sent from their cell phone. The management of these donations is handled via a regulated telecommunications body and the CRCS only receives limited donor information, such as cell phone carrier and date, time and amount of the transaction.
- Donations made directly to a CRCS Office or through a third party fundraiser: We collect the name, contact information and payment information of a Donor who makes a donation directly at a CRCS location, or a Donor who makes a donation through a third party fundraiser that collected donations and performed fundraising on the CRCS’ behalf.
3. Personal Information about Registered Trainees
When Registered Trainees sign up for courses, they are required to provide personal information including name, date of birth and contact information.
4. Personal Information about Applicants
When Applicants inquire or apply for opportunities with CRCS, we collect personal information including name, contact information, information contained in resumes and application forms, information provided during interviews and the content of Applicants’ written and electronic communications.
5. Personal Information about General Contacts
When General Contacts reach out to the CRCS for any number of reasons, including to submit general inquires or requests to sign up for our mailing list, they may provide us with personal information, typically name and contact information.
6. Usage and Device Information
We may collect IP (Internet protocol) addresses from visitors to Our Online Platforms and other related information such as page requests, location, browser type, operating system 6 and average time spent on Our Online Platforms. This information is used to help us understand your activity on Our Online Platforms activity and to monitor and improve Our Online Platforms. For more detailed information on these practices, please see the sections on Cookies and Google Analytics, below.
5. Why Do We Collect Personal Information and How Do We Use It?
Please note that, in order to facilitate the purposes outlined below, we may share Client personal information with Third Party Service Providers. For more information on these practices, please go to How Do We Share or Disclose Personal Information?
1. Services Recipient personal information
We use the personal information provided by Services Recipients for purposes related to the provision of our Services, including:
- health and personal care services and programs;
- emergency preparedness, relief, recovery and risk reduction services and programs;
- violence, abuse, neglect and injury prevention services andprograms;
- tracing and reunion services;
- immigration and detention monitoring;
- first aid services and programs;
- water safety services and programs; and
- training and awareness courses or programs in connection with any of theabove.
(collectively, the “Services”).
We may also use Service Recipient personal information for research purposes and to respond to incidents, investigations and complaints.
We also use certain personal information provided by Services Recipients to authenticate or verify their identity. This authentication is done by checking the information provided by the Services Recipient against publicly available databases, and/or information held by government bodies and credit check agencies.
We may also communicate with Services Recipients via their email address, phone number and mailing address. Services Recipient email addresses will also be used to send service-related notices such as security and fraud notices.
2. Donor personal information
We collect and use Donor personal information for the purpose of allowing Donors to contribute money, Gifts in Kind or securities to the CRCS or to express their intention to make a donation to the CRCS. Donor personal information may also be collected to report back on how their donation was used and to solicit further donations. We use software from a Third-Party Service Provider to internally track a Donor’s donation pattern and other donation-related activity within the CRCS (e.g., CRCS tracks when it receives a donation from a Donor, or when a Donor calls to request a donation receipt).
Without limiting the above, we use the Donor information contained on Donor Lists that we rent from third parties to contact Donors by mail for the purposes of providing information about CRCS and its programs and Services, and to solicit donations. We use a Third-Party Service Provider to facilitate rental of Donor Lists, and Donors may contact us at any time to opt-out of receiving our mailers.
We may also communicate with Donors via their email address. Donors can choose not to receive such emails by opting out at any time by “unsubscribing” or contacting us at WeCare@redcross.ca or at 1-800-418-1111. We may also use Donor email addresses to send service-related notices such as security and fraud notices.
3. Registered Trainee personal information
We use Registered Trainee personal information for the purpose of providing coursework and training programs to interested individuals, and to confirm eligibility to register for a course (e.g., minimum age requirements).
We may also communicate with Registered Trainees via their email address to provide information about training at CRCS. Registered Trainee email addresses will also be used to send service-related notices such as security and fraud notices, or to inform a Registered Trainee when their certification(s) will expire. We may also contact Registered Trainees to provide CRCS marketing communications.
4. Applicant personal information
We use Applicant personal information to process inquiries and applications related to career and volunteer opportunities at CRCS. In particular, we use Applicant personal information for the purposes of assessing Applicants’ suitability for career opportunities with CRCS, communicating with Applicants and completing the hiring or onboarding process for successful candidates.
We may also communicate with Applicants via their email address or phone number. Applicant email addresses will also be used to send service-related notices such as security and fraud notices.
5. General Contact personal information
We use General Contact personal information for the purpose of facilitating communications between the CRCS and the individual, and responding to enquiries from individuals who have reached out to us. We may also communicate with General Contacts via their email address. General Contact email addresses will also be used to send service-related notices such as security and fraud notices
6. Cookies & Online Tracking Tools
We use Cookies and other online tracking tools on Our Online Platforms.
Cookies are downloaded by your internet browser the first time you visit Our Online Platforms. The next time you visit Our Online Platforms from the same device, the Cookie and the information stored in it is either sent back to the site that generated it (first-party cookie) or to a different website to which it belongs (third-party cookie). Session Cookies expire once you close your web browser and Persistent Cookies remain on your computer until you manually remove them or set your browser to remove them after a certain period. Both types of Cookies are used to provide you with a more personalized and interactive user experience on Our Online Platforms. Persistent Cookies can be removed by following the help directions for your browser.
We use Cookies to help us understand how you use Our Online Platforms and enable us to personalize your experience. Using Cookies on Our Online Platforms provides benefits to you, such as displaying content relevant to you and/or content you have not previously seen and allowing you to maintain your last visit activity for saved products or community pages as well as previously selected preferences (e.g., language, location). The use of Cookies also allows us to measure Our Online Platforms activity to provide a better user experience.
Cookies and other tools may also be used to collect your IP (Internet Protocol) address to track your activity and tell us additional information about the use of Our Online Platforms, including, without limitation, the time and length of your visit, the device type, geolocation, the pages you look at on Our Online Platforms, the website you visited just before coming to ours, and the name of your Internet browser.
Please note that we have no control over the Cookie settings of websites you visited before visiting Our Online Platforms. However, if you do not want information collected through the use of Cookies, most browsers allow you to reject or disable Cookies.
Google Analytics
We use third parties, such as Google Analytics, to collect such data. To learn more about how Google collects and processes data and the choices Google may offer to control these activities, you may visit:
• https://www.google.com/intl/en/policies/privacy/partners/
• https://policies.google.com/technologies/partner-sites
• https://support.google.com/analytics/topic/2919631
7. How Do We Share or Disclose Personal Information?
Your personal information is only accessed or disclosed to CRCS personnel who have a need to know such information to perform their job duties. These CRCS personnel will vary depending on the type of Client you are and the nature of the Services you are receiving.
We do not sell personal information provided to us by Clients, or disclose it to any third party marketers. However, information may be shared or disclosed to third parties in the following circumstances:
1. Third Party Service Providers
There are certain services supplied to us by third parties (“Third Party Service Providers”).
These Third Party Service Providers use your personal information to provide their services to us Third Party Service Providers may assist us with a variety of functions including with research, information storage, mail and delivery, fundraising, security, insurance, professional advisory (including legal, accounting and auditing advice), Donor List rentals, banking, payment processing, credit reporting or technology services.
We have selected Third Party Service Providers who meet our standards for privacy and data security, but they may also have their own specific policies regarding the collection, use and disclosure of personal information. If you would like to contact any Third Party Service Provider for more information regarding their policies, you may contact CRC as described below for information regarding the identity of the relevant third.
Although we generally endeavor to store personal information in Canada, we sometimes use cloud services provided by Third Party Service Providers to store personal information that we collect, including Third Party Service Providers located outside Canada. Please note that, given the nature of cloud services, personal information of Clients may be stored outside Canada, anywhere in the world, and may be accessible to foreign courts, law enforcement and national security authorities in the jurisdiction(s) where it is transferred or stored. We will provide appropriate notices regarding transfer or storage of personal information outside Canada, in accordance with applicable laws and regulatory guidance.
2. Third Party Links
Our Online Platforms may contain links to other websites or Internet resources which are provided solely for your convenience and information. When you click on one of those links you are contacting another website or Internet resource. We have no responsibility or liability for, or control over, those other websites or Internet resources or their collection, use and disclosure of your personal information. We encourage you to read the privacy policies of those other websites to learn how they collect and use your personal information.
3. Legal Requirements
There are circumstances where we may use or disclose personal information without notice or consent when required by law or lawful authority. For example, from time to time, we may be compelled by legal action to release information (e.g., statutory reporting obligation, search warrant, court order, bankruptcy or insolvency proceedings etc.).
In certain circumstances, we may also be permitted by law to collect, use or disclose information without the consent of the individual concerned. For example, we may disclose personal information without consent to investigate a potential breach of law or contract, to collect on a debt, or in certain emergency situations that threaten the life, health or security of an individual.
4. Donor Lists (Donor-Specific)
We rent Donor Lists from other organizations. Donor Lists contain the name and mailing address of Donors. We may send a limited number of mailers to such Donors containing information about CRCS and its programs and Services, and requesting donations. This is an important way for us to find other Donors who will support our work.
Organizations that share Donor Lists with CRCS are responsible for ensuring that they have consent from relevant individuals before doing so, and for otherwise ensuring that their practices comply with applicable privacy laws. We require the Third Party Service Provider that facilitates our rental of Donor Lists to take appropriate steps to confirm that required notices have been provided to, and consents have been obtained from, the relevant individuals In addition, Donors may choose to have their personal information removed from the Donor Lists in CRCS’s possession by contacting us at WeCare@redcross.ca or at 1-800-418-1111.
Exceptions to this Privacy Policy
- Government Entities: In some circumstances, we are contracted by government entities to provide assistance to individuals on behalf of these entities. Separate policies and public privacy laws, as applicable, may govern these activities. In these circumstances, individuals will be provided with access to such policies and this Privacy Policy may not apply.
- Community Health Services: We provide certain community health services to individuals, such as home care and health equipment loans. This Privacy Policy does not apply to a recipient of CRCS community health services. In those circumstances, CRCS will secure a community health recipient’s express consent for the collection, use, disclosure of information related to thatprograming.
- Warm Referrals: Depending on a Service Recipient’s needs, we may offer that individual the option to pursue referrals to other third party agencies or organizations. In these circumstances, we will ask the Service Recipient if they wish to participate and, if they do, CRCS will secure the Service Recipient’s express consent for the collection, use, disclosure of personal information related to sharing information with that specific agency. Depending on the program, separate policies and privacy laws, as applicable, may govern these activities, and this Privacy Policy may not apply.
- CRCS Employees and Volunteers: This Privacy Policy does not apply to CRCS employees and volunteers (“CRCS personnel”). Internal policies apply to CRCS personnel, which can be found on the CRCS InfoSite.
8. How Do We Protect Personal Information?
We protect the personal information using physical, technological and organizational safeguards (collectively, the “Safeguards”). We regularly review our practices to ensure they align with reasonable industry practices appropriate to the level of sensitivity to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
Despite using the Safeguards outlined above, "perfect security" does not exist, particularly online. We cannot guarantee the security of information posted or transmitted via Our Online Platforms. Third parties may unlawfully intercept or access such information. If you think someone is impersonating CRCS, that there has been abreach of your privacy, or you believe that you are the victim of fraud, please contact us as soon as possible.
9. How Do We Obtain Consent to Collect, Use and Disclose Personal Information?
When you choose to become a Client of the CRCS, you are consenting to our collection, use and disclosure of your personal information in accordance with this Privacy Policy. We may seek additional consent where required by law or in situations where we consider further consent to be necessary or appropriate.
We may collect personal information of potential Services Recipients without their consent in the event of an emergency. In these situations, we may collect personal information from organizations such as the fire department, governmental authorities, or even a civilian that notices an individual in distress and who may require our Services. In these scenarios, we strive to collect only the minimum amount of personal information that we need in the circumstances.
Clients are free to refuse or withdraw their consent to the collection, use or disclosure of their personal information at any time upon reasonable notice in writing to the CRCS, subject to certain restrictions as may be permitted by applicable laws. Clients may decline to give the CRCS their personal information; however, this decision may hinder our ability to provide Services (if applicable), or generally interact with such Clients.
10. How Do We Maintain Accuracy and Allow Individual Access to Personal Information?
We endeavor to ensure that any personal information provided to us by Clients is as accurate, current and complete as necessary in order to meet the reason for which we collected it.
For example, the following mechanisms allow individuals the opportunity to advise us of any potential inaccuracies in the information that we hold about them:
1. AccessClients may request access to and review of their personal information in the possession or control of the CRCS. However, access may be declined where permitted or required by applicable law, which may include (without limitation) the following circumstances:
- the information is protected by solicitor-client (between a lawyer and their client) privilege;
- disclosure of the personal information would compromise the confidential information of another individual or threaten the safety of another person; or
- non-disclosure of the personal information is required or permitted by law.
2. Requests to Change or Delete Personal Information
Clients may request that we change or delete their personal information in the possession or control of the CRCS. We reserve the right not to change any personal information if we do not agree that it is inaccurate or outdated, but will append any alternative text the individual concerned believes appropriate. In addition, requests to delete personal information may be subject to certain limitations, including where we have a legal or contractual obligation to retain the information. Where a request for access, rectification, amendment, or deletion of personal information is declined, as may be permitted by applicable laws, we will provide reasons for declining the request.
11. Contact Us
Clients can contact us at any time, for reasons such as to:
- access, correct or update their personal information;
- ask questions or express concerns about this Privacy Policy or any other matter related to our collection, use, protection or disclosure of their personal information;
- obtain access to written information about our policies and practices with respect to Third Party Service Providers and affiliates outside Canada that process personal information on our behalf service, and/or ask questions about the collection, use, disclosure or storage of personal information by such service providers and affiliates outside Canada; or
- withdraw consent to continued use and disclosure of personal information.
You can contact us by email at privacy@redcross.ca, or by mail sent to:
CRCS Privacy Officer
CRCS National Office, 400 Cooper Street, Suite 8000,
Ottawa, ON, Canada
K2P 2H8
Donors can also contact us by email at WeCare@redcross.ca.
12. Changes to this Privacy Policy
This Privacy Policy was last updated in December 2022. We will occasionally update this Privacy Policy and revise the "last updated" date appearing in this paragraph.
We will generally notify Clients of material changes to the Privacy Policy, where we are able to do so, which involve new or revised uses or disclosure of personal information that may not have been reasonably expected by them at the time that their information was collected. However, we encourage all Clients to review our Privacy Policy from timeto-time, in order to check for updates and refresh their understanding of our personal information handling policies and practices