The SecDev Foundation (“The Foundation”) takes data security and privacy seriously, it’s core to our mission. We commit to collect, use, and disclose personal information in compliance with applicable laws and in such a manner that a reasonable person would consider appropriate in the circumstances.
Cookies: a tiny text file stored on an individual’s computer. Cookies store information that is used to help make sites work. Only the Foundation can access the cookies created by the Foundation’s website. Users can control and remove their cookies at the browser level.
- Necessary Cookies: these cookies are required for the user to be able to use some important features on the website, such as logging in. These cookies do not collect any personal information.
- Analytics Cookies: these cookies are used to track the use and performance of the foundation’s website. Google Analytics is used to anonymously gather this data.
Express Consent: Is given explicitly, either orally, in writing, or through a specific online action, such as clicking on “I agree”.
Implied Consent: Reasonably inferred consent from the action or inaction of the individual.
Personal Information: Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
There are some instances where PIPEDA does not apply. Examples include:
- Business contact information such as an employee’s name, title, business address, telephone number or email addresses that is collected, used or disclosed solely for the purpose of communicating with that person in relation to their employment or profession
- An individual’s collection, use or disclosure of personal information strictly for personal purposes (e.g. personal greeting card list)
- An organization’s collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes
The Foundation stores and maintains personal information in conformity with the principles of PIPEDA, GDPR, and CASL. These principles are as follows:
2. Identifying Purposes
The Foundation will identify the purposes for which it collects personal information at or before the time the information is collected from individuals.
The Foundation may choose to identify such purposes orally or in writing. Written notification will be used whenever practical to do so. Common purposes for collection may include, but are not limited to:
- Administration of the Foundation websites:
- Cookie use (see definition)
- Email addresses (only collected via our contact form)
- Embedded content (see definition)
- The Foundation does not collect IP addresses and associated hostnames except for the specific purposes of security and fraud prevention.
- Website statistics: We collect the date, time and length of your visit, browser identification and IP address for internal use and analysis of website traffic. This information is anonymized and used for statistical analysis only
- Administration of Newsletters:
- The SecDev Foundation collects emails for an opt-in subscription newsletter. In accordance with Canada’s Anti-Spam Legislation, a trusted third-party mailing service is used with a simplified opt-out option at the bottom of every email. Email addresses are never shared externally.
- Operate, monitor, and improve our programs;
- Understand, analyze, and report on how our programs are meeting the specific needs of our beneficiaries. The following information is collected about our beneficiaries in order to understand our beneficiaries and measure our impact:
- Organization Name;
- Organization Size;
- Organization Country;
- Organization Field of Work;
- Participant Names;
- Participant Genders; and
- Participant Age Group.
- To communicate with beneficiaries, either directly or through our partners, to provide, with updates on our programs, and to occasionally ask for feedback.
The Foundation will obtain the appropriate consent from individuals for the collection, use, or disclosure of their personal information, except where the law provides an exemption. We don’t collect your information without your permission and we won’t ever use your information without your permission.
4. Limiting Collection
Any personal information that the Foundation collects will be limited to that which is necessary for the purposes the Foundation has identified.
The Foundation will only collect personal information for specific, legitimate purposes/interests, and will not collect personal information indiscriminately.
The Foundation will only collect information by fair and lawful means and not by misleading or deceiving individuals about the purpose for which information is being collected.
5. Limiting Use, Disclosure, and Retention
The Foundation does not use personal information for purposes other than those for which it was originally collected unless consent is obtained prior to that. Personal information is retained only for as long as it is needed and for the fulfillment of the purposes for which it was originally collected. This may include retaining personal information for a set length of time in fulfillment of contractual, grant, or legal responsibilities. We never sell or rent your information.
The Foundation is committed to maintaining accurate, complete and up-to-date personal information.
The Foundation will safeguard personal information under its control in a manner that is appropriate to the sensitivity of the information.
Personal information, regardless of the format in which it is held, will be safeguarded against loss or theft, and against unauthorized access, disclosure, copying, use, or modification. The Foundation takes this seriously and uses best practices in digital and physical data security measures. For more information please write to the Privacy Officer.
The Foundation will make readily available to individuals specific information about the policies and procedures relating to the management of personal information which is under the Foundation’s control. Any data breach will be reported to the appropriate authorities and any personal data breach will be communicated to the data subject.
9. Individual Access
Individuals can request access to their personal information held by the Foundation. For security purposes the Foundation reserves the right to confirm the identity of the person seeking access to personal information before complying with any access requests.
If you want to access your information or ask us to delete personal information about you that we have stored in our systems, please write to [email protected].
10. Challenging Compliance
An individual may address a challenge concerning compliance with the above policies and procedures to the Privacy Officer.
Upon request, individuals who wish to inquire or file a complaint about the manner in which the Foundation handled their personal information – or about the Foundation’s personal information policies and procedures – will be informed of their applicable complaint procedures.
To file a complaint, an individual must notify the Foundation in writing providing basic information and a description of the nature of the complaint to [email protected].
An individual may make a complaint to the Privacy Commissioner of Canada in the case that they believe they did not reach a resolution.
This website is hosted by SiteGround, a third-party service provider. Their Terms of Service are also relevant and can be found here.
This policy has been shortened for the purpose of brevity and simplicity. For more in-depth details or if you have any questions, please feel free to get in touch via [email protected].