CNIB Deafblind Community Services (“DBCS”) is committed to your privacy. This policy outlines how we collect, use, disclose and retain your personal information. It reflects the principles and requirements set out in applicable privacy legislation. We reserve the right to update this policy without prior notice to reflect changes in our practices. The version of the policy appearing on this website is the authoritative version.
What is Personal Information?
Personal information is any information that contributes to the identification of an individual and includes details that can be used to distinguish, identify, or contact a specific individual.
Business contact information and certain publicly available information, such as names, addresses and telephone numbers as published in telephone directories, are not considered personal information in this context.
What Personal Information does DBCS collect?
DBCS collects personal information to support program and service delivery, to establish, maintain and manage our relationship with our clients, employees, donors, volunteers and members, and for research, fundraising, public education and advocacy purposes.
DBCS collects personal information when an individual:
- Registers to access DBCS services
- Registers for an event
- Participates in any interactive feature of our websites
- Makes a donation online
- Purchases a product online
- Becomes an employee or volunteer
- Contacts us with an enquiry, comment or suggestion
- Subscribes to a mailing list or newsletter
Personal information collected may include:
- Contact information such as home address, telephone number, e-mail address (when e-mail message was sent to DBCS through the website, the time the message was sent and the IP address from which it was sent is automatically collected)
- Participates in any interactive feature of our websites
- Demographic information
- Credit card or bank account information
- Language and communications preferences
- Reading preferences (for library-related services)
- Service or event-specific information such as name and phone number of an emergency contact individual, dietary restrictions and accommodation preferences
How does DBCS use my Personal Information?
We use your personal information in order to:
- Facilitate your participation in requested services, programs, activities or events
- Refer you to CNIB, Vision Loss Rehabilitation Canada or other community organizations, with your consent
- Contact you with information about programs, offers and research opportunities from DBCS and/or our partners that may be relevant to you, with your consent
- Plan, administer and manage our internal operations
- Conduct research and compile statistics
- Teach, train and qualify staff and volunteers
- Get payment for the services you receive
- Investigate activity that may violate the terms of acceptable use for particular services
- Comply with legal and regulatory requirements, and fulfil other purposes permitted or required by law
From time to time, we may wish to use your personal information for new or additional purposes, in which case we will request your consent as required.
When does DBCS disclose my Personal Information?
Your personal information will not be disclosed without your consent for purposes other than those for which it was collected, or as permitted by law. We may disclose your personal information to third parties in the following limited circumstances:
- To other external service providers or agencies to support the planning and delivery of coordinated health and social services. Disclosure of information may be directly to an external provider, or through a shared health record
- To funding bodies such as government ministries or health authorities, for the purposes of verifying your eligibility for funded programs and providing reports on program participation and outcomes
- To service providers, including vendors, consultants and service delivery partners or agencies contracted to perform certain services on behalf of DBCS. These organizations are given only the information necessary to perform those services, and sign an agreement committing to ensure that personal information is securely transferred, stored, and used only for the contracted purposes
- To a government institution that has asserted its lawful authority to obtain the information or where we have reasonable grounds to believe the information could be useful in the investigation of unlawful activity
- To comply with a subpoena or warrant or an order made by a court, person or body with jurisdiction to compel the disclosure of information, or with court rules regarding the disclosure of records and information
- As otherwise required by law.
How long does DBCS retain my Personal Information?
The length of time we retain personal information varies depending on the situation and the type of information. Our record retention policy outlines the following standard retention timelines:
- Adult clients: Records are kept for a minimum of 7 years from the date of the last entry in the client’s record, or as long as required
- Clients who are minors: Records are kept for 10 years from the date on which the client reached or would have reached their 18th birthday
Unless there are exceptional circumstances such as pending legal matters, when these timelines have elapsed personal information is securely destroyed, deleted or de-identified.
How does DBCS keep my Personal Information accurate and secure?
We make reasonable efforts to ensure your personal information is accurate, complete and up to date so that we can fulfil the purposes outlined in this policy. We rely on you to provide us with accurate information and to notify us when your information needs to be updated.
We also take reasonable measures to ensure that our systems keep personal information safe from loss or theft, unauthorized access, use, copying, disclosure or modification. Safeguards include but are not limited to:
- A designated systems security officer accountable for information security controls and ongoing oversight to strengthen information security
- Hard disk encryption on all issued laptop computers
- Firewalls, intrusion-detection, anti-virus, strong passwords, inactivity-based screen lock, mandatory portable device access control and other software solutions for technical security
- Annual privacy training and policy sign-off by all employees
- An ongoing operational emphasis on the importance of safeguarding personal health information
This includes mandatory reporting of privacy breaches to information and privacy commissioners in situations and jurisdictions where this is required.
How can I access or correct my Personal Information?
You have the right to access and correct inaccuracies in the personal information we have about you in our records
To do so, contact Deafblind Community Services with a request in writing. To protect your privacy, we will take reasonable steps to verify your identity upon receiving your request, and ask you to complete a standardized request form
We will respond to all requests to access or correct personal information within 30 days, either providing access to the requested information, providing written notice of the need for an extension, or providing written notice of why the request cannot be fulfilled
If you are requesting a physical or digital copy of your personal information, you will be informed of any applicable fees ahead of time. Fees are capped at a reasonable rate
Links to third-party website
Links to third-party websites from DBCS website are provided for the convenience of our users. DBCS has no control over, and therefore has no responsibility or liability for, the manner in which the organizations that operate such linked websites may collect, use, disclose or otherwise treat your personal information. The inclusion of any link does not imply DBCS’s endorsement of any other organization, its websites, or its products and/or services.
- Access or update your personal information as stored in our records
- Withdraw your consent for use or disclose your personal information in some of the ways described above
- Change your information or contact preferences
The privacy officer can be reached at:
DBCS Privacy Officer
1929 Bayview Avenue
Toronto, ON M4G3E8