To cover the protection of donor information at True North Aid, as well as through third party platforms (DonorPerfect, GiveCloud, Canada Helps)
SECURITY AND PRIVACY POLICY
Purpose
The purpose of this policy is to outline security and privacy safeguards in place to protect donor information both at True North Aid, as well as through our third party suppliers, specifically: DonorPerfect, GiveCloud, and Canada Helps.
Scope
This policy applies to all persons who provide services directly to True North Aid or provide services indirectly through the Community Initiatives Program.
Privacy Policy
True North Aid is sensitive to your privacy interests and believes the protection of those interests is a significant responsibility and obligation. Communication is of key importance to fulfilling our mission as a federally registered Canadian charity dedicated to helping indigenous communities of northern Canada. True North Aid has adopted the following Privacy Policy applicable to information about its donors, volunteers and other contacts. It reflects our best efforts to maintain a respectful relationship with you while communicating in a productive and cost-effective manner. It explains how we collect, use and safeguard your personal information.
True North Aid collects personal information for the purpose of:
- establishing and maintaining a responsible relationship with you
- better serving you with information about True North Aid activities and events
- furthering the activities of True North Aid in fulfillment of its mission
- meeting legal and regulatory requirements
Your information will not be sold, rented or disclosed to any third party. However, we may disclose personal information to third parties when we have your consent, or when it is necessary for the purposes stated above.
Your information is protected in our secure database which is accessible only to True North Aid authorized persons. Login and credit card information is processed over a secure connection with at least 128 bit SSL encryption. Credit card information is not stored in our database.
Information we collect and how we use it:
Personal information
“Personal Information” is information that can be used to identify (or infer the identity of) a specific person; for example, your name, address, birth date, and gender. Information such as your computer’s IP address would be personal information if it could be used to infer your identity. We may ask for personal information in a variety of ways, including but not limited to website forms, mail-in forms, telephone and in person.
We need personal information for many reasons, such as processing a donation, sending you a newsletter, inviting you to an event, informing you about opportunities to participate in our mission by volunteering or donating, or providing other information about True North Aid that may interest you.
Personal information is provided to us at your discretion, and you may always choose to withhold information. When you make a donation we are required by law to take your name and mailing address in order to send you a tax deductible receipt.
Cookies and data technology
Cookies and other internet technology make our website easier to use and inform us about how it is used. Information collected this way may include (but is not limited to) your IP address and internet service provider, the type of web browser and operating system used and which of our website pages were visited. We use links in our emails to track their open and click-through rates to help us learn what emails appeal to our correspondents. Some interactions with our web site, social media accounts or emails provide us with anonymous data, such as IP address, link clicks, page visits, and time spent on a page. We use Google Analytics on our website to learn where our visitors are located, when they are using our site and what content they find most interesting. This helps us stay relevant. We may also use third party cookies, beacons and other storage technologies to understand what website content is most important to our visitors. We want to measure our performance so we can send the most relevant content through those third party platforms.
It is possible for us to put anonymous data together with personal information you give us to find out more about you. This helps us respect what we know about you by limiting the information we send you. For example, we try to send content that is meaningful locally, such as volunteer opportunities, only to people who live reasonably near the volunteer event location. This helps us avoid sending irrelevant emails, or sending too many emails.
Aggregate Data
In some cases, we may aggregate your information with that of others to report on campaigns. For example, we may count the number of people who donate based on their postal code so we can report on where Canadians are taking action (e.g. 8.5% of donations to this campaign came from Toronto) or by indicating the figures on a map. Data of this kind is reported in anonymised groups: we do not show your actual postal code.
Use of third parties
In many cases, we don’t actually collect and store personal information in our systems, but instead use a third party. For example, we use Constant Contact to send email updates on our activities. Such services have resources dedicated to maintaining security and confidentiality, and we ensure that any third party partner has written policies about never sharing your information with anyone other than True North Aid.
Donation and credit card information
In order to donate to us, you may choose to provide credit card information. In the case of donations made online, we do not collect your credit card information. Instead, this information is collected and processed by third party, PCI compliant services.
Donations made by credit card in person, through the mail or by phone are collected by us and processed. Credit card information is then destroyed and/or deleted. We do not keep any credit card information on file.
Fundraising
We cannot do our work without the financial support of our many generous donors who enable us to carry out our mission. We do our best to reach out to as many possible individual supporters as we can. We may use information you provide (such as your postal code) to find more complete contact information from other sources (like Canada Post) so we can reach out to you, and we may use third party providers to help. The opportunity to send you a letter or give you a phone call helps us discover whether we are a good fit for you when it comes to making donations. You may opt out of these communications at any time by contacting info@truenorthaid.ca.
Links to other websites
Our web sites contain links to web sites owned and operated by other organizations. They may have their own privacy policies and terms and conditions and are not governed by this policy. We encourage you to carefully review the privacy policy and terms of use of each website you visit.
What you need to know about consent
By providing personal information to us, you are deemed to have consented to the collection, use and disclosure of your information in accordance with this policy. We may be unable to provide you with certain information or services if you do not give us specific personal information. For example, we cannot issue you a charitable tax receipt without your address, or send you an e-newsletter without your email address. When you provide contact information to us for one purpose, we may contact you using that information for other areas of our work. For example, if you make a donation and provide us with your mailing address, we may also send a paper newsletter to your home in order to keep you up-to-date with work you have helped to support.
We respect your right to control your personal information — please contact us immediately if you want us to stop using it in any particular way and we will endeavor to promptly fulfill your request. Please note that in order to adhere to Canada Customs and Revenue Agency rules, we are required to maintain donation records and are not allowed to remove this information from our internal records, even at your request.
Updating your consent
If you would like to stop receiving email from us at any time, click the unsubscribe link at the bottom of any of our emails, or you can email info@truenorthaid.ca to request that you be unsubscribed. If you would like to stop receiving mail solicitations from us, please email info@truenorthaid.ca. You can also reach us by phone at the contact number on our truenorthaid.ca web site.
Upon reasonable request and notice, you may view and have corrections made to personal information we hold about you, subject to any legal or contractual restrictions. If you are aware of any inaccuracies in the personal information we hold about you, or wish us to remove all of your information from our databases, please contact us at info@truenorthaid.ca.
Ways to prevent us from collecting “anonymous” data
Our websites use cookies and JavaScript-based tracking scripts to collect the anonymous data referred to above. To stop this from happening, adjust your web browser’s “cookie”, “cache” and JavaScript settings. Please note that doing so may affect the performance of our web properties, and in some cases may completely prevent you from using some of our pages and forms.
How we keep your information secure
We endeavor to maintain appropriate physical, procedural and technical safeguards for your personal information. Some information we collect may be stored and processed on servers located outside your jurisdiction of residence, including outside your country. As a result, this information may be subject to disclosure to governments, courts or law enforcement agencies in those areas, according to their laws, without notice to us or to you.
Policy updates and changes
We may change this policy from time to time without notice. Changes will be reflected on this page.
Need more information?
For further information, mail to PO Box 37023, Kitchener, Ontario N2A 4A7, by telephone at 226-444-3385, or contact us by email at info@truenorthaid.ca.
This document is available to the public and explains how we collect, use and disclose information, in accordance with this policy, the Personal Information and Electronic Documents Act, the Personal Information Protection Act and other relevant legislation.
Appendix A: Third Party Security & Privacy Statements
DONOR PERFECT
https://drive.google.com/file/d/14P6EUVNmbMKc96ksW5kl1zmT7ZMLWGrc/view?usp=drive_link
GIVECLOUD
https://help.givecloud.com/en/articles/6045181-security
Security Statement
Givecloud prioritizes cybersecurity to shield against external threats and internal risks. We have established suitable management, operational, and technical controls to mitigate cyber risks, bolster resilience against cyber incidents, and safeguard against cyber threats. Complying with or surpassing the industry’s information security best practices, Givecloud implements robust security measures to defend its clients and itself.
- Givecloud has successfully passed a SOC 2 Type 2 Audit, demonstrating our organization’s secure handling of your confidential data.
- Givecloud is PCI DSS compliant, ensuring that all financial transactions are safe and secure.
- Givecloud utilizes TLS version 1.2 with 256-bit encryption, guaranteeing the highest levels of confidentiality, integrity, and privacy for all information exchanged between Givecloud and its customers.
- Givecloud’s service resides in a world-class data center that has passed over 20 audits and assessments by 3rd-party security assessors.
Givecloud’s cybersecurity program is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). This page offers a comprehensive overview of Givecloud’s information security strategy and outlines our practices for securing information, systems, and services. Our approach is organized according to the five core functions of the NIST CSF:
Identify
❖ Risk Governance
Risk governance and risk management are a function of Givecloud’s management culture. Givecloud’s governance model is achieved by the day-to-day activities of managers and their teams.
❖ Asset Management
Givecloud maintains an asset management system that inventories, classifies, and protects applications, information, and hardware. Givecloud’s Mobile device management implementation allows it to control, secure and enforce policies on smartphones, tablets, and other endpoints.
Protect
❖ Identity and Access Management
Givecloud has implemented security controls to identify, authorize, authenticate and manage individuals’ access to Givecloud’s systems and information assets.
❖ Applications and Software Security
Givecloud manages application and software security through its secure software development practices, vulnerability testing, monitoring, and logging.
❖ Infrastructure Security
Givecloud protects its infrastructure through vulnerability testing, system hardening, and malware protection.
❖ Data Protection and Data Privacy
Givecloud has implemented security controls that are designed to safeguard Givecloud and client data. This includes the secure storage and transmission of data.
❖ Mobile Security
Givecloud’s mobile solutions allow employees to conduct business activities on their personal devices while protecting Givecloud systems and client information.
❖ Physical Security
Givecloud has implemented physical security controls at all Givecloud facilities including its office spaces, and cloud-based facilities.
Detect
❖ Continuous Monitoring
Givecloud maintains detective security controls at the network, end-point, and application layers to detect anomalous activities, potential threat activities, and indicators of compromise.
❖ Anomaly Detection
Givecloud has deployed end-point protection and detection services to ensure that security anomalies and events are detected quickly, and their potential impact is understood.
Respond
❖ Incident Management
Givecloud’s incident management processes enable the effective detection and management of security threats and incidents that have the potential to impact the confidentiality, integrity, or availability of Givecloud’s information, applications, and services.
Recover
❖ Givecloud’s Business Continuity and Disaster Recovery processes covers both business and technology resilience. Givecloud’s cloud-based infrastructure features a highly available architecture where applications and information can be restored within their Recovery Time Objective.
CANADA HELPS
Privacy Policy