Privacy Policy

Last Update March 2024.

OUR PRIVACY COMMITMENT

Your personal information matters.

PURPOSE

The purpose of this policy includes:
●	Ensuring that Vesta identifies and complies with required legislation for the privacy and protection of personal information;
●	Promoting transparency of Vesta data practices and the measures we undertake to safeguard personal information;
●	Providing clarity on how Vesta collects and utilizes personal information; and
●	Enabling awareness for individuals on how to contact Vesta if you have questions, inquiries, or complaints. 

SCOPE

This policy covers the handling of personal information collected by Vesta, including information or data (herein referenced as ‘information’) that is stored, processed, or otherwise shared with Vesta. It covers the use, disclosure, processing, storing, and deletion of personal information.

THE POLICY

Vesta is guided by internationally recognized privacy best practices and complies with relevant privacy laws. The CSA Model Code  (CAN/CSA-Q830-96) has become recognized as a national standard for privacy protection and is upheld by Vesta as follows:

ACCOUNTABILITY

Vesta is responsible for personal information in its custody and/or under its control and has designated a Privacy Officer who is accountable for our compliance with our privacy policy and all related privacy principles.

IDENTIFYING PURPOSES

Whenever Vesta collects personal information from an individual, we will explain the purposes and authority for the collection at the time of the collection, or as soon as is reasonably possible.

CONSENT

Vesta obtains the individual’s consent for the collection of personal information. Vesta only collects personal information that has been provided voluntarily and with consent and will only collect personal information that is necessary.

Even if consent has been provided, individuals may withdraw consent at any time by clicking the appropriate options made available to them. Individuals have the right to withhold consent. If an individual does not consent to the sharing of their information or an individual has withdrawn consent, it may impact Vesta’s ability to provide resources or ongoing communication.

LIMITING COLLECTION

Vesta limits its collection of personal information to that which is required for its business operations and services.

The types of personal information collected by Vesta includes, but is not limited to:

1. Google Analytics Usage Data: Usage statistics about your interactions with the website, including the last webpage or application you visited before visiting our website (referrer information), the website pages visited, the time spent on each page, the date and time of your visit, and the features and resources you accessed or used (for example, if you signed up to receive our newsletter).We use Google Analytics to help analyze how visitors use the https://vestasit.com website. We do not combine the information generated using Google Analytics with any other information you may provide to us. Google Analytics collects the IP address assigned to you when you visit the site. It places a persistent cookie on your web browser to identify you as a unique user the next time you visit the site and recognizes you when you visit other sites that use Google Analytics. Google Analytics continues to collect and store this information even if the “Do Not Track” function of your browser is turned on. Google’s ability to use and share information collected by Google Analytics about your visits to the https://vestasit.com site and other sites is governed by the Google Analytics Terms of Use. To see an overview of privacy at Google and how to opt out of certain Google practices, visit Google’s Privacy Policy. You can prevent your data from being collected by Google Analytics by downloading the Google Analytics opt-out browser add-on. Opting-out is generally done by the third party dropping a cookie on your browser indicating your intent to opt-out. If you get a new device, install a new browser, erase, or otherwise alter the third party’s browser cookie file, you may clear the opt-out cookie and no longer be subject to the opt-out.
2. Approximate Geographic Data: An approximate geographic location, including information like country, city, and geographic coordinates, calculated based on your IP address. If you are using a mobile device, your mobile device’s geographic location (specific geographic location if you have enabled collection of that information, or general geographic location automatically).we collect this data for the following purposes:
   • a. To recognize your browser if you leave the site and come back, so we understand you are the same visitor.
   • b. To provide the content and services on our website and improve them. We analyze information about how many visitors we have, how our visitors use our website and what content, resources, and features they access and use, to improve the site experience and provide additional resources to survivors and allies.
   • c. Testing and site analytics, so we can understand any technical problems or issues with our website and fix them.
   • d. Complying with our obligations. We may use visitor information to carry out fraud prevention checks or comply with other legal or regulatory requirements, where this is explicitly required by law.
   • e. Contact information for our newsletters
3. Information We Collect When You Contact Us or Sign Up to Receive Our Newsletter:
   The https://vestasit.com website provides various ways for you to contact us and provide additional information to us about you. If you choose to subscribe to our Vesta newsletter, you will receive periodic email updates about our mission, activities, resources to survivors and their allies, impact reports, as well as messages regarding partnership efforts. We may add you to our subscriber list if you register for one of our events, or otherwise share your contact information with us via means other than our website. You can “opt out” of receiving our emails at any time via the unsubscribe link in the footer of each of our email messages. If you use the ‘Join our Waiting List’ feature to suggest an organization, company, or network with whom we could partner to offer Vesta, we will ask you to provide your name, email, the name of the institution you are suggesting, your title and affiliation with the suggested institution, the industry of the institution, and anything else you want to let us know about the institution. We will use this data to add your information to our partnership waiting list and to contact you once we are ready to discuss a potential partnership with your institution. We may add the email address you submitted to our Newsletter subscribers to keep you informed on our activities, product and partnership updates. You can unsubscribe from our Newsletter at any time.
4. Applying for a Job – If you chose to apply for a job at Vesta, you will share your application information (which may include your name, contact information, citizenship or immigration status, resume, LinkedIn profile, cover letter, names of your references, and other information you submit). We will only use this information to process your job application. If you contact us via one of the email addresses published on our website, we will store your email address and the text of your message to us, and only use this information to respond to your question, feedback, or request.
5. Vesta Campus Community Application – The Vesta Campus Community application allows you to document your experience confidentially and anonymously and provides you with options of what you would like to do with the information you have recorded. You decide if and when you are ready to engage the criminal justice system or share the information with a support person. You will be asked a series of questions, so you can document your experience at your own pace and in your own words. The application will allow you to upload any documentation you have about the experience from either social media, emails, or texts.
6. Voluntary Questionnaire – The voluntary questionnaire will ask information that relates to your experience, including:
   1. Details of the incident, such as what, when, where the incident occurred.
   2. Details about the offender – such as name, address, contact details, physical appearance, age, build, distinguishing features, pictures, social media presence.
   3. Physiological traits during the incident, including what emotions you felt during the event, any sensory feelings you may have experienced, and the impact on your mental state.
   4. Your contact information – only when you are ready and choose to have the police or sexual assault counsellor contact you. The purpose of this collection is to provide you with a safe and secure space to document your experience at your own pace and in your own words so that you have a record of the events that occurred. Your information is stored in the Vesta Community application only if you choose to do so. It is NOT mandatory. When you choose to save the information, a unique key is created and emailed to you so that you can access the file with this key/code whenever you are ready to continue. What information is shared with the Criminal Justice System: Your personal information is not shared with anyone until you choose to do so, although aggregate, non-identified information may be collected to provide stats about usage to sexual assault clinics and police. The aggregate, non-identified information may be provided to police because it may contain critical information about sex crime patterns within and across police jurisdictions. This aggregate information may also be shared with funders and potential funders and partners, even newsletters and social media.
7. Email and Newsletters – MailChimp is Vesta’s email service provider. MailChimp sends emails to our donors and subscribers on our behalf. When you interact with an email message that you receive from us, MailChimp may collect information about your device and whether you opened, read, deleted the email, or took any action promoted by the email. MailChimp uses cookies and other tracking technologies to collect some of this information. If you have enabled the “Social Profiles” feature in your MailChimp account, additional information may be shared between MailChimp and your social media platform (such as Facebook or Twitter). For more information, you can visit MailChimp’s Privacy Policy.
   
   

LIMITING USE, DISCLOSURE & RETENTION

Vesta uses personal information only for the purpose for which it was collected or compiled; for a consistent purpose; with the written consent of the individual; or for the purpose for which the information was disclosed to Vesta. Employees use the minimum amount of personal information needed. Authorized disclosures are limited to the minimum amount necessary. Vesta will only maintain personal information for the time it is required to utilize the personal information or to adhere to legislative requirements. Once the retention period expires, the individual’s personal information will be securely deleted.

Vesta may share personal information with a third-party :

• to facilitate the provision of services including client services, such as health care teams when facilitating services.
• to exchange names and mailing address information with other charitable organizations on specific occasions through an exchange list brokerage. This only applies to active donors who donate through our direct mail program. Any donors who wish to have their name removed from our trade list can do so at any time upon request; and
• to send periodic mailings with information about new programs and services, requests for support, fundraising opportunities, or upcoming events, where consent and contact information has been provided.

ACCURACY

Vesta makes every reasonable effort to ensure that the personal information it collects, uses and discloses is accurate and complete. When direct collection is not feasible or appropriate, Vesta makes every reasonable effort to ensure the accuracy of personal information collected from third parties.

SAFEGUARDS & SECURITY

Vesta ensures that personal information in its custody is secured in a manner appropriate to the sensitivity of the information. Vesta ensures that records containing personal information are protected from unauthorized collection, access, use, disclosure and disposal by putting in place reasonable administrative, physical and technical security measures. All employees ensure that personal information which they handle as part of their job is secure from unauthorized access, that collection, use and disclosure of personal information is minimized and that records are managed in accordance with an established records retention and disposal system.

Safeguards include:

• All personal information collected by Vesta is kept confidential and secure;
• Vesta uses Secure Socket Layer (SSL) encryption technology to ensure the integrity and privacy of the personal and credit card information provided online, and implements safeguards for financial information provided by mail, phone, or in person;
• Vesta maintains records of all contributions to the Society. All information is kept private and confidential and is stored in a secure location accessible only by authorized employees; and
• Electronic records are stored in a secure hosted, cloud environment in Canada and protected with secure access. Computers and phones with data access are password protected.

OPENNESS & TRANSPARENCY

Vesta ‘s Privacy Policy is available on Vesta ‘s website. Printed copies are available from Vesta’s Privacy Officer upon request, who responds to any related questions. It is important ethically and legally to provide reasonable transparency to individuals in respect to the processing and handling of their personal data. Vesta maintains an up-to-date privacy policy (I.e. privacy notice) that is made available to all clients and users of the Vesta website and services. It is imperative that employees and contractors read this privacy notice. In the event that errors or concerns are discovered, findings must be shared with the Privacy Officer.

INDIVIDUAL ACCESS

An individual may access his or her personal information by making a request to the Vesta Privacy Officer. Access requests are responded within a reasonable timeframe (no longer than 30 days) and at a nominal or no cost to the requester in accordance with privacy laws. Any person whose personal information is held by Vesta has the right to know of the existence of such personal information and to have access to that information to ensure that it is accurate and the right to complain if that personal information is improperly collected, used, stored, or disclosed.

CHALLENGING COMPLIANCE

Complaints or questions with respect to Vesta’s compliance with this Privacy Policy may be made to Vesta’s Privacy Officer. Vesta’s Privacy Policy will continue to evolve over time to reflect current best practices in privacy protection, legislative amendments and as Vesta’s responsibilities evolve.

YOUR RIGHTS

You have the right to do the following:

• Withdraw their consent at any time. You have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data
• Object to processing of your Data. You have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
• Access your Data. You have the right to learn if Data is being processed by Vesta, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. You have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of your Data. You have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Vesta will not process Data for any purpose other than storing it.
• Have your Personal Data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of your Data from Vesta.
• Receive your Data and have it transferred to another controller. You have the right to receive your Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on your consent, on a contract which you are a part of or on pre-contractual obligations thereof.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority by contacting Vesta’s privacy contact.

How to exercise your rights

To exercise the rights described above, you need to submit your verifiable request to us by contacting us at privacy@vestasit.com. For us to respond to your request, it’s necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:

• provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not be able to respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession relates to you.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We strongly encourage you to refer to this Privacy Policy often for the latest information about our privacy and security practices.

CONTACT

If you have you any questions about our privacy practices, would like to access or change the personal information we have collected about you, or would like to make a complaint, contact:

Privacy Officer

Vesta
privacy@vestasit.com

Vesta will provide acknowledgement of receipt of your inquiry/concern, and will provide either a full response, or with a reason for a further extension, within 30 calendar days.