(and “your” refers to) anyone who provides personal information to us.
1. Scope and application
- information about an individual that is publicly available and is specified by regulation pursuant to PIPEDA;
- personal information that is not collected, used or disclosed, for commercial purposes;
- non-personally identifiable information; and
- the name, title, business address or telephone number of an employee of an organization, where collection, use or disclosure of such information is solely for the purpose of communicating with the person about his or her employment, business or profession.
collection: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
consent: Voluntary agreement for the collection, use and disclosure of personal information for defined purposes. The form of consent we seek may vary, depending upon the circumstances and the type of personal information. In determining the form of consent, we take into account the sensitivity of the personal information and your reasonable expectations. Consent may be provided directly by you, or by your authorized representative, in accordance with applicable law.
disclosure: Making personal information available to a third party.
employee: An employee of, or an independent contractor to, CSAE. The inclusion of independent contractors within the definition of “employee” is for convenience of reference only and should in no manner imply that such independent contractors are our employees within the meaning of employment legislation or are in an employee-employer relationship with us.
personal information: Information about an identifiable individual, but does not include information that is used for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession, such as the individual’s name, position name or title, work address, work telephone number, work fax number or work electronic address. Where an individual provides his or her home address to CSAE as their business contact information, the CSAE considers it to be business contact information, and is therefore not subject to protection as personal information. Information about corporations is not considered personal information.
third party: An individual or organization outside of CSAE.
use: The treatment, handling, and management of personal information by and within CSAE or by a third party with the knowledge and approval of CSAE.
we: Means (and “us”, “our”, and “ours” refer to) CSAE.
you: Means (and “your” refers to) the user of our services and products, and your successors, heirs, administrators, executors and assigns (as the case may be).
3. Accountability for our handing of personal information
4. Reasons why we collect, use and disclose personal information
CSAE collects personal information from you for the following purposes:
- to provide you with information, products, or services that you request from us, including legislative updates, professional development programs and other services that we make available, from time to time;
- to respond to member and other stakeholder needs;
- to carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection or to comply with legal or regulatory requirements;
- to notify you about changes to any products or services we offer or provide;
- to improve our products or services, marketing, or customer relationships and experiences;
- to measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you;
- to authenticate your identity, such as when you sign into your account;
- in any other way we may describe when you provide the information; and
- for any other purpose with your consent, or as required or permitted by law.
We will indicate the identified purposes to you, orally, electronically or in writing, at or before the time your personal information is collected. Persons collecting personal information may explain the identified purposes or refer individuals to a designated person within CSAE who can explain these identified purposes.
5. Collection of personal information
If you request information, products or services from CSAE, we will collect your name and contact details, including address(es), mailing preference, telephone and fax numbers, email address, and language preference.
You may also provide us your credit card information in order to pay for items you purchase. We collect this information only to set up your account, process the order, and provide you with the services you are purchasing. We do not store credit card information for later use.
CSAE collects and retains information about your transaction history when you use CSAE services and various programs.
CSAE also provides individuals with an opportunity to specify certain preferences in service delivery; if an individual chooses to provide such information, CSAE will collect and maintain language preference in order to send individuals the information they need in the language they prefer, as well as other special needs requested for a specific event (i.e., meal preference).
We collect no personal information about you unless you choose to provide that information to us. We do not use techniques that collect personal information about anyone without their knowledge. We only collect personal information about individuals when they specifically and knowingly provide it to us– for example, when they apply for membership, register for a program or complete a registration form. As a limited exception to this principle, we may collect personal information without your consent, where permitted by PIPEDA and other applicable laws.
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. You may contact us for more information regarding the implications of withdrawing consent.
6. Consent for us to contact you about our products and services
The information you provide to CSAE – such as your name, address, etc. – allows CSAE to inform you about events and activities and to notify you of issues, events or special offers which may be of interest to you. By becoming a member or by requesting information or registering for events or courses offered by CSAE, you are giving CSAE permission to contact you by way of the information you provide. Members may choose not to be contacted by CSAE – please use the “Update Profile” section of the CSAE website (www.csae.com) to customize your communications preferences, or contact CSAE Member Services at email@example.com or 416-363-3555, ext. 239.
7. Disclosure of personal information
CSAE will not disclose personal information for purposes other than those purposes for which it was collected, except with your consent or as required or permitted by law. CSAE may disclose your personal information:
- when we have your consent, whether express or implied;
- to your authorized representatives;
- if and when we are involved in a corporate reorganization or if we sell or lease all or part of our business;
- to meet legal and regulatory requirements; and
- where required or permitted by law.
In such circumstances, we will not disclose more information than is required for the purpose for which the information is being disclosed. We will also, whenever it is reasonable and practicable to do so, enter into privacy agreements with third parties with whom we share personal information.
We will retain personal information only as long as it remains necessary or relevant for the identified purposes or as required or permitted by law. Where personal information has been used to make a decision about you, CSAE shall retain, for a period of time that is reasonably sufficient to allow for access by you, either the actual information or the rationale for making such decision.
Only our employees who require access for legitimate reasons or whose duties reasonably so require are granted access to personal information.
We maintain reasonable controls, schedules and practices for personal information management retention and destruction. Personal information that is no longer necessary or relevant for the identified purposes, or is required by law to be retained, is destroyed, erased or made anonymous, as appropriate in the circumstances.
CSAE may share aggregate information – not personal information – about its members and customers with sponsors, potential sponsors and other parties to help them better understand CSAE members and their interests. Such aggregate information is used to give CSAE demographic data about its members in order to improve the organization and the programs and services we provide.
8. CSAE Website
only string of information that a website transfers to the cookie ﬁle of the browser on your computer’s hard drive, making it possible for the website to remember who you are and what your preferences are.
There are diﬀerent types of cookies. A “session” cookie is erased from memory when a visitor’s
browser closes. A “persistent” cookie expires based on a time set by the web server. Persistent cookies help websites identify speciﬁc visitors and their preferences when they return to a website.
Disabling or blocking cookies may affect your ability to use our website. If you want to change your cookie preferences, you must change your browser’s preferences to enable/keep, disable/block/restrict, or delete/remove cookies. For the best experience of our website, we recommend enabling cookies. Enabling cookies is handled by your browser’s security settings,
which are speciﬁc to each browser and operating system. Please check with the company that created your browser if you need more information.
We may also use web beacons, clear gifs, or other similar technologies (Pixel Tags). A Pixel Tag is an electronic image, often a single pixel (1×1), which is ordinarily not visible and which
may be associated with cookies on the visitors’ storage drives. We may use Pixel Tags to track your use of our website for advertising, marketing, or promotional purposes, and to determine whether you opened an email message from us. This information also enables us to customize the services we offer you.
In some instances, we may generate profiles from your personal information. We may disclose these profiles to third parties to enable them to provide targeted content or advertisements to you, or for their own business analysis and research purposes, based on the fact that you have previously visited our website (this process is sometimes referred to as Retargeting). So, you should be aware that:
- we may disclose information about which products and services you have viewed on our website, to third party vendors, so that they can use that information to deliver advertisements about products and services we think may be of interest to you;
- for more information about how Retargeting works, you can visit Google’s
website, which provides information about how Google Ads uses Retargeting;
- if you would like to opt out of Retargeting, please see the “Your choices about
how our website collects your information” heading below.
Website traffic patterns
Our internet servers may passively and automatically collect certain information about website visitors’ traffic patterns, which may be linked to their Internet Protocol (IP) addresses (which are unique internet “addresses” assigned to all internet users by their internet service providers). Server logs may record statistical information, such as visitors’ IP addresses, type of operating systems, time and duration of visit, pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are generally collected and used on an aggregate basis.
Other information collected by our website
- Non-personal information, that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as statistical or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the percentage of users accessing a specific website feature.
- Technical information, including your login information, browser type and
version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our website, and usage details.
- Non-personal details about your website interactions, including the full Uniform
Resource Locators (URLs), clickstream to, through and from our website (including date and time), products or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse
away from the page, or any phone number used to call our customer service number.
Why do we collect this information?
The information we collect automatically is statistical information and may include personal information, and we may maintain it or associate it with personal information we collect in other ways, that you provide to us, or receive from third parties. It helps us to improve our website and to deliver a better and more personalized service, including by enabling us to:
- estimate our audience size and usage patterns;
- store information about your preferences, allowing us to customize our website according to your individual interests, including showing you advertisements that we think will be of interest to you;
- speed up your searches;
- recognize you when you return to our website; and
- show our advertisements on external sites.
Your choices about how our website collects your information
We strive to provide you with choices regarding the personal information you provide to us.
You can opt out of several third-party ad servers’ and networks’ cookies simultaneously by using opt out tools created by Google Advertising, the Digital Advertising Alliance of Canada or by the Network Advertising Initiative. You may also opt out of our use of Google Analytics by visiting the Google Analytics opt out page. We may have reporting of your aggregate interactions with our ads across the Google Display Network or DoubleClick for Advertisers in conjunction with activity on our website.
You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.
In addition, we have created mechanisms to provide you with the following control over your information:
- Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on
- Third-Party Advertising. If you do not want us to share your personal information
with unaffiliated or non-agent third parties for promotional purposes, you can opt out by sending us an email stating your request to CSAE Member Services at firstname.lastname@example.org or 416-363-3555, ext. 239.
- Promotional Offers. If you have opted in to receive certain emails from us but no
longer wish to have your email address/contact information used by CSAE to
promote our own or third parties’ products or services, you can opt out by contacting CSAE Member Services at email@example.com or 416-363-3555, ext. 239. If we have sent you a promotional email, you may unsubscribe by clicking the unsubscribe link we have included in the email.
- If you do not want us to use information that we collect or that you
provide to us to deliver advertisements according to our advertisers’ target- audience preferences, you can opt out by using the opt out tools created by the Digital Advertising Alliance of Canada, the Network Advertising Initiative or Google Advertising.
9. Accuracy of personal information
We make reasonable efforts to ensure that personal information we collect, use or disclose is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used. If you find any errors in our personal information holdings, we should be informed so that we can make the appropriate corrections. We will convey these corrections to any third party that may have been provided inaccurate information. For personal information that remains in dispute, we will make note in our records of your opinion as to accuracy of the relevant personal information.
10. Security of personal information
CSAE endeavours to maintain appropriate safeguards and adequate physical, procedural and technical security with respect to our offices and information storage facilities so as to prevent any unauthorized access, disclosure, copying, use, or modification of personal information.
Safeguards include securing physical documents and technological measures by way of secure access and encryption. CSAE employees are authorized to access personal information based only on their need to deal with the information for the reason(s) for which it was obtained.
Safeguards are in place to ensure that the information is not disclosed or shared more widely than is necessary to achieve the purpose for which it was gathered. We also take measures to ensure the integrity of this information is maintained and to prevent its being lost or destroyed.
We protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the personal information and the purposes for which it is to be used.
To ensure the integrity and privacy of the personal and credit card information you pass to us via the Internet when you make an online transaction, CSAE has obtained a Secure Socket Layer (SSL) Server Certificate, the industry standard with 128-bit encryption. All information collected within a secure page is encrypted while being transmitted to CSAE’s secure server. The server is protected by a firewall that is regularly updated when new patches and fixes are released.
We may engage service providers to assist us with fulfilling the purposes for which personal information has been collected, used and disclosed, and, in some instances, these service providers may be located outside Canada. We only select service providers that protect personal information in a manner that is comparable to the protection we provide under our own privacy policies. However, personal information may be subject to, and accessed under, the laws of the countries in which our service providers operate. If you have any questions about our transfer of personal information to our service providers outside Canada, or if you would like to learn more about our privacy policies in that regard, please contact the CSAE Privacy Officer at the contact information provided below.
11. Openness concerning our policies and procedures
We are open about the policies, procedures and practices we use to protect your personal information. Information about these policies, procedures and practices will be made available to you either electronically or in writing.
12. Access to your personal information
You may access any personal information that we have concerning you, and which has been collected, used or disclosed for a commercial purpose, by sending a written request to the CSAE Privacy Officer. CSAE may advise you in advance if there is a minimal charge to conduct a search of our records and will respond within 30 days or advise that the request for access is subject to an extension as authorized by PIPEDA.
To protect your privacy, you may be required to provide sufficient identification, in order to permit us to account for the existence, use and disclosure of certain personal information and to authorize access to such information. Any such information will only be used for this purpose.
We may not be able to provide personal information to you if doing so would violate the privacy of a third party or if certain personal information is subject to legal privilege, contains information proprietary to us or a third party, is too costly to retrieve, or cannot be disclosed for other legal reasons. If we are unable to provide access to all or part of your personal information, we will explain our reasons for such a decision.
Where you have been provided with access to your personal information, you shall be able to challenge the accuracy and completeness of your personal information and have it amended as appropriate.
Personal information that is disclosed to third parties by us will be subject to the general laws applicable in the jurisdiction in which the third-party conducts business. As a result, and in certain limited situations, we may not be legally permitted to account for certain collections, uses or disclosures of personal information. In most circumstances, however, we shall provide an account of the collection, use and disclosure of personal information and, where reasonably possible, we shall state the source of the personal information. In providing an account of disclosure, we shall provide a list of organizations to which we may have disclosed your personal information when it is not possible to provide an actual list.
13. Challenging compliance with privacy laws
All questions or concerns regarding our privacy practices should be directed to the CSAE Privacy Officer.
14. Contact Us
Attn: Privacy Officer Tracy Folkes Hanson President & CEO
Canadian Society of Association Executives 10 King Street East, Suite 1100
Toronto, Ontario, Canada M5C 1C3 E-mail: firstname.lastname@example.org