Privacy Policy

Last Updated: April 17, 2025
Ontario STEAM Foundation (hereinafter referred to as "OSF," "we," "our," or "us") is committed to protecting the privacy and personal information of our website visitors, donors, volunteers, program participants, and other stakeholders. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.​

1. Types of Information We Collect
We collect a variety of personal information depending on your interaction with our organization—whether you're a visitor, donor, volunteer, program participant, or partner. The information we gather helps us deliver educational programs, manage donations, and maintain transparency and accountability.
- Personal Identification Information: Includes full name, mailing address, phone number(s), email address, and emergency contact details. This allows us to confirm identities, respond to inquiries, and register individuals in our systems.
- Educational and Professional Information: For volunteers and program applicants, we may request information such as academic background, employment history, relevant skills, certifications, or training to ensure suitability for specific educational or mentorship programs.
- Donation and Payment Information: Donors may be asked for billing addresses, donation amounts, and payment details. This is used to process financial transactions and issue charitable tax receipts in accordance with Canada Revenue Agency regulations.
- Website Usage Data: Our systems log IP addresses, browser type, pages accessed, time of visit, and referral links to help improve our website structure, optimize content delivery, and monitor site security. Cookies and analytics tools may also collect user preferences.

2. How We Use Your Information
We only use personal information for clearly defined, lawful purposes. We aim to be transparent and respectful in all aspects of data usage.
- Service Delivery: Personal details are used to enroll individuals in programs, organize events, confirm participation, track engagement, and provide educational content tailored to age and learning level.
- Donation Processing and Recognition: Payment and contact data are used to process donations securely, issue receipts, and acknowledge contributions publicly when permission is granted.
- Volunteer and Staff Management: Information helps us assess applicant qualifications, manage onboarding processes, assign duties, and conduct background or reference checks where necessary.
- Communication: We may send updates about upcoming events, campaigns, reports, or educational resources to users who have opted in to receive communications.
- Legal and Compliance Obligations: We retain records for audit, legal review, and reporting to relevant tax authorities and regulators as required by Canadian law.
 
3. Sharing Your Information
We value your trust and handle data responsibly. We do not sell, rent, or trade your personal information. We only disclose information in the following limited and clearly defined scenarios:
- Service Providers: We may share data with carefully selected vendors (e.g., CRM systems, payment processors, cloud storage providers) solely to perform services on our behalf under strict confidentiality agreements.
- Legal Disclosure: If required by law, court order, or regulatory authority, we may disclose information to comply with legal obligations.
- With Consent: If you give explicit permission, we may share your details with partner organizations for collaboration or co-hosted programming.

4. Data Security Measures
We take the security of your information seriously and implement technical and administrative safeguards to prevent unauthorized access, misuse, or loss.
- Encryption: Sensitive data is encrypted both in transit (SSL/TLS protocols) and at rest (secure databases).
- Access Controls: Only authorized staff members have access to specific data based on role requirements, protected by secure authentication protocols.
- Infrastructure Protections: Servers and cloud systems are monitored, regularly patched, and audited for vulnerabilities.
- Staff Training: Employees and volunteers handling data are trained in privacy compliance, information handling procedures, and breach response protocols.

5. Your Rights
You have legal rights over your personal data. We provide accessible channels for you to review and control your information.
- Right to Access: You may request a copy of the personal information we hold about you, along with information about how it is used.
- Right to Rectification: You can ask us to correct or update incomplete, inaccurate, or outdated information.
- Right to Withdraw Consent: You may withdraw consent for us to use your data for non-essential purposes, such as newsletters or promotional emails.
- Right to Erasure: In some cases, you may request that we delete your personal data, provided it is not legally required to retain it.

6. Use of Cookies and Web Technologies
Our website uses cookies, pixels, and similar technologies to enhance user experience, analyze trends, and deliver content more effectively.
- Functionality Cookies: Help us remember login details, preferences, and forms you've submitted.
- Analytics Cookies: Allow us to track how visitors use our site so we can improve navigation and performance.
- Marketing Cookies (if used): Only deployed with consent, these cookies track engagement with our campaigns or third-party tools.
You can disable cookies through your browser settings; however, certain features of the site may be limited.

7. Children’s Privacy
We are committed to protecting the privacy of children and youth who may participate in our programs.
- Consent from Guardians: For any personal data collected from individuals under the age of 13, we require verified consent from a parent or legal guardian.
- Limited Collection: We only collect the minimum amount of data necessary for participation, such as first name, age group, and allergy information (if applicable).
- Data Access: Parents and guardians have the right to access, review, and request deletion of their child’s data.

8. Changes to This Policy
We may occasionally update this Privacy Policy to reflect changes in our operations or legal obligations.
- Notification: Any significant changes will be prominently posted on our website and emailed to registered users.
- Review Period: We encourage users to revisit this policy regularly to stay informed of how we protect your information.
 
9. Contact Us

If you have questions, concerns, or wish to exercise your rights under this policy, please contact us:

Ontario STEAM Foundation

Email: privacy@ontariosteamfoundation.org

Mailing Address: 720-920 Yonge Street, Toronto, Ontario, Canada

We are committed to addressing your inquiries promptly and respectfully.