- Accountability for Personal Information
The agency is responsible for the personal information that is in its control and possession, and has appointed an individual to be responsible for ensuring compliance with the Act. This responsibility extends to third parties who may be contracted to process personal information.
The agency has assigned responsibility for ensuring organizational compliance with this legislation to the Privacy Officer, Carol Bell. She can be reached at: 905-770-1825.
- Identifying the purposes for collecting, using and disclosing personal information
The agency will state clearly the reason for collecting new personal information, and use it only for that purpose. Personal information already in its possession will only be used for the purpose it was initially collected.
- Obtaining consent for the collecting, using and disclosing personal information
The agency ensures that individuals clearly understand why personal information is collected and how it will be used. The individual's consent must be obtained before or at the time of collection. Subsequently, if another use for the information is planned that differs from the original purpose for the personal data, consent to use the information for the new purpose must be obtained.
- Limiting collection, use and disclosure of personal information
The agency will always be straightforward about its reasons for collecting personal information.
- Limiting use, disclosure and retention of personal information
The agency will only use or disclose personal information for the purpose for which it was collected, unless the individual consents otherwise.
- Ensuring accuracy of personal information
The agency will ensure that personal information will be kept up to date and accurate.
- Ensuring appropriate safeguards for personal information
The agency will:
- protect personal information against loss or theft at all times;
- will safeguard the information from unauthorized access, disclosure, copying, use or modification; and
- in general, will protect personal information regardless of the format in which it is held.
- Maintaining openness with personal information policies, procedures and practices
The agency will ensure that all donors, clients, customers, members, and volunteers are informed of the policies and procedures that have been developed for the management of personal information. The policies are readily available upon request.
- Ensuring individuals' access to own personal information
Upon the person's request, the agency will inform individuals of any personal information about them on file. The agency will further explain how it is, or has been, used and will provide a list of any third parties to which it has been disclosed. Access will be provided to individuals once it is certain that the individual requesting access has the the legal authority to do so.
- Challenging compliance with privacy policies, and providing recourse
The agency understands the importance of individuals having recourse should they be concerned about compliance with the Act. Simple and easily accessible complaint procedures are available to individuals, and any complaints will be investigated and appropriate measures, including revising the policies and procedures concerning compliance to the Act, will be taken.
The Aplastic Anemia and Myelodysplasia Association of Canada (AAMAC) is a registered federal charity working to improve the lives and medical treatment of Canadian myelodysplasia, aplastic anemia and paroxysmal nocturnal hemoglobinuria patients. We accomplish this by:
- Helping our members to understand their diagnosis and treatments for the diseases;
- Building a National Support Network to connect members with others;
- Fostering public awareness of the diseases;
- Keeping our members up to date on new treatment developments, conferences, etc.;
- Building connections with like-minded associations with similar interests;
- Financially supporting medical research related to the diseases;
- Supporting, in principle, Canadian Blood Services blood and bone marrow programs.
Information We Collect
According to PIPEDA (the Personal Information Protection and Electronic Documents Act), Personal Information is information about an "identifiable individual", but does not include the name, title, business address or business phone number of an employee of an organization. Most of the information we collect is personal information. The types of personal information that we do collect can include:
- name, address, phone number, fax number, and e-mail address of patient, patient's family members, and patient's friends
- patient's diagnosis, year of diagnosis, age at diagnosis
- patient's doctor's name, hospital
- medication, previous medical history
- notes on volunteer roles
- credit card information
Information is also collected through registration for support meetings and annual general meetings and conferences.
AAMAC collects no personal information about you unless you choose to provide that information to us. The information you provide to AAMAC — such as your name, address, e-mail etc. — allows AAMAC to provide you with appropriate and meaningful information and to connect you (where you request) to a suitable National Support Network volunteer. It also enables us to inform you of issues or events which may be of interest to you. Any personal data about our members or website visitors is stored securely and used only for the purposes stated below.
By becoming a member or by requesting information or registering for events offered by AAMAC, you give AAMAC permission to contact you by way of the information provided.
How We Use the Information
AAMAC may use the personal information that you provide as follows:
- To correspond with you, by either mail, e-mail, phone or fax
- To track statistics that help us improve our member services
Special Event Registration Information
AAMAC respects your confidentiality and does not disclose your name or other personal information to any third party except as specifically provided as follows: AAMAC routinely offers patients the opportunity to speak with other patients about the diseases. The AAMAC also offers support group meetings and annual meetings, for which individuals are invited to register. The information collected on registration forms for these events is used to produce badges and to contact the individuals with specific details about the event (e.g. location, timing, background papers, etc.). It is also used to produce a registrants' list, which may be distributed to organizers of the events (e.g. to make nametags).
Payment Data Collected
All credit card information that is collected is used in payment approval and processing only. AAMAC only retains your credit card information as long as legally required for auditing purposes, and then destroys it in a timely and secure manner.
The nature of the Internet is such that it passively and automatically collects certain information about a user's traffic patterns, linked to their Internet Protocol (IP) addresses. These are unique Internet "addresses" assigned to all web users by their Internet Service Providers (ISP). IP addresses are automatically logged by web servers.
Host Server Logs
The host's servers automatically log information about visits to our website in the normal course of establishing and maintaining web connections. Server logs record statistical information such as visitor's IP addresses, type of operating systems, time and duration of visit, web pages requested, and identify categories of visitors by items such as domains and browser types. These statistics, if collected, are reported in aggregate form to the web server's staff, and are used to improve our website and ensure that it provides the optimal web experience for visitors.
The AAMAC website may use "cookies". A cookie is a file created by a website to store information on your computer, such as your preferences when visiting that site.
When You Leave the AAMAC Website
Our Commitment to Security
We have put in place appropriate physical, electronic, and managerial procedures to safeguard and prevent unauthorized access to personal information, and ensure that the information we collect is used for the purposes stated above. AAMAC uses encryption, password protection and other technology to protect personal information from unauthorized third party access, alteration, theft or misuse.
How You Can Access or Correct Information
You may change or modify information that you have already provided by contacting AAMAC by phone, fax, or email.