The Canadian Payroll Association Commitment to Privacy
Protecting your privacy and the confidentiality of your personal information is very important to us and fundamental to the way we do business at the Canadian Payroll Association (the CPA).
How We Collect Your Personal Information
The CPA collects personal information to provide our products and services to our Customers.
As a Customer and user of our products and services, most of your personal information is provided to us directly by you, or by another individual on your behalf (such as your employer or your educational institution), including for example when you register as a member or for a course, or when you request a CPA publication.
Depending on the service you use, we may also collect information about you from third parties. For example, to fulfill our payroll certification requirements, the CPA also collects information about the CPA payroll courses taken, compulsory and elective course exemptions and related academic results, and certifications attained.
The personal information we collect is gathered in a number of ways throughout your relationship and dealings with us as a Customer. We offer various methods for communication with us generally and also for registration for membership and our other products and services, including by mail, email, phone, fax and through our website. Personal information collected through each of these methods will be protected from the point of collection by the CPA through the administrative, technical and operation safeguards and security that we have implemented and described in this Policy.
We also collect information on, and track behaviour of, visitors to the CPA website. For further information on this collection, please see the “Collection of Information Through CPA Website” section below.
We will obtain your consent to collect, use, and/or disclose personal information, except where we are authorized or required by law to do so without consent.
In certain circumstances, personal information can be collected, used or shared without knowledge and consent. For example, we may collect, use, and/or share personal information without your knowledge or consent where:
- the personal information is publicly available from a prescribed source, such as a telephone directory, membership directory, etc.;
- it is reasonable to expect that obtaining consent would compromise an investigation or proceeding;
- we are collecting or paying a debt; or
- we have your implied consent.
You may withdraw consent at any time, subject to legal or contractual restrictions, provided that reasonable notice of withdrawal of consent is given to the CPA. Please see the “Your Privacy Choices” section below for further information on withdrawing consent.
Information We Collect
Personal information is any information about an “identifiable individual” that can be used to distinguish, identify or contact a specific individual. The personal information that we collect will depend on which of our products and services you request or use and how you use them. The personal information that we collect falls into the following categories:
Identity Information that allows us to identify and authenticate you (e.g. name, date of birth, occupation, employer and government-issued identification);
Contact Information that allows us to communicate with or contact you (e.g. address, telephone number, email or other electronic address);
Financial Information that allows us to process your transactions with us (e.g. credit card details);
Transactional and Behavioural Information about how you use our different products and services (e.g. purchase and payment history);
Relationship and Preference Information that helps us to understand more about you, including what types of products, services or offers you may like (e.g. language and communication preferences, location, demographics and interests); and
Educational Information that allows us to verify your educational achievements and accreditations.
We limit the personal information we collect to only what is required to carry out the purposes set out in the “Use of Information” section below. Any additional information about you that we would like to collect to assist us in understanding your profile and needs and providing you with products and services will be clearly indicated as “optional”.
Use of Information
As a member organization, the main reason why we collect, use and share personal information is to maintain relationships with, and provide products and services to, our Customers. To facilitate that objective, we collect, use and share your personal information for the following purposes:
- To set up, manage, administer, maintain, record, determine your eligibility for, and better manage your products and services and relationship with us;
- To establish and maintain communications with you, and disseminate to you information of interest to payroll professionals;
- To help us to better understand your needs and what products and services may be of interest to you, including through surveys and review and analysis of your relationship, transactions and website visits with us;
- To compile statistical data and carry out research;
- To offer and market products and services to you of the CPA or its partners that we have carefully selected and believe will be of interest to you;
- To detect and prevent fraud, identity theft and other illegal acts;
- To perform our everyday business operations, including recordkeeping and internal reporting; and
- To comply with applicable laws.
The CPA does not sell, trade or rent Associate lists or personal information of Customers to third parties for their own use, unless you provide consent.
For example, at a CPA conference, you may choose to complete a request to obtain information from a particular sponsor and provide your contact details and consent for that sponsor to contact you.
As a record keeper of your CPA certifications, we may be contacted from time to time to provide verification of your accreditation. We require your consent in each case to release such information.
However, we may also release your personal information to parties outside of the CPA in certain circumstances, without your consent, as set out below.
- Suppliers and Corporate Partners
In order to facilitate the provision of products and services to you, we may require the assistance of third party suppliers and corporate partners and need to share your personal information with them from time to time. This would include for example third party suppliers that we engage to facilitate completion of an order (i.e. printing, shipping, etc.), hotels and other event venue providers who are hosting our conferences or symposiums, and corporate partners such as other educational institutions who are providing courses to you. Only the information that is required for that purpose will be disclosed. Such suppliers and corporate partners must follow our strict confidentiality standards to protect that information and are required to use it only for the purposes for which they have been engaged. These suppliers and corporate partners may be located in Canada or in other jurisdictions or countries which may provide for different data protection rules and may be subject to a demands or requests for information from legal or government authorities in those locations.
- Responding to Legal, Compliance or Regulatory Obligations
Sometimes it may be necessary for the CPA to disclose personal information of our Customers to meet legal, compliance or regulatory obligations. This would include, for example, a request by a Government official for information. In such cases, we will release only the information that is required and only after confirming that the appropriate legal authority to require such information is in place.
- Prevention of Illegal Acts
Information may also be disclosed by us to third parties outside of the CPA where we are of the view that it is necessary to do so in order to detect and prevent fraud, identity theft and other illegal acts. Such disclosure would be limited to what is required and subject to the third party having appropriate legal authority and providing a commitment to confidentiality and restricted use.
- Aggregated Non-Personal Information
We may provide third parties with aggregated, non-personal information, such as the total number of members by region. Such demographic information does not identify you personally.
Protecting Your Information
At the CPA, we take the protection of your personal information seriously. We are committed to protecting your personal information and maintaining high standards of confidentiality through the implementation of appropriate administrative, technical and operational safeguards and security measures so as to prevent any unauthorized access, disclosure, copying, use, or modification of your personal information.
We have security standards and safeguards to protect our systems and your information against unauthorized access and use. Safeguards are in place to ensure that the information is not disclosed or shared more widely than is necessary to achieve the purpose for which it was gathered. The CPA will protect your personal information by security safeguards appropriate to the sensitivity of the information. Safeguards will vary depending on the sensitivity, format, location and storage of the personal information, but may include limiting access to personal information to representatives of the CPA on a need-to-know basis, storing personal information on computers, servers, files or sites with encryption protection and password entry, and utilizing locked filing cabinets with restricted physical access to the file storage location for physical documents containing personal information.
To ensure the integrity and privacy of the personal and credit card information you pass to us via the Internet when you make an online transaction, the CPA has implemented safeguard and security measures that are industry standard and Payment Card Industry (PCI) compliant. All information collected within a secure page is encrypted while being transmitted to CPA's secure server. The server is protected by a firewall that is regularly updated when new patches and fixes are released.
We do not store credit card numbers of Customers in our electronic databases.
Our suppliers, as part of their contracts with the CPA, commit to maintain the confidentiality of your information and not use it for any unauthorized purpose.
For all disclosures, we disclose only the information that is legally required.
All employees of the CPA are familiar with the procedures that must be taken to safeguard Customer information. Protecting the confidentiality of your personal information is more than a procedure – it is part of our job.
The CPA regularly audits our procedures and security measures to ensure they are being properly administered and that they remain effective and appropriate to the sensitivity of the information.
The length of time we keep your information will vary depending on the product or service and the type of information we have. We retain your information only as long as we reasonably need to for customer service, legal or reasonable business purposes. That period may extend beyond the end of your relationship with us, but only for so long as it is necessary for us to be in a position to respond to an issue that may arise at a later date, or for legal or regulatory purposes.
When your personal information is no longer required for these purposes, we have procedures in place to destroy, delete, erase or convert it to an anonymous form.
Keeping Your Information Accurate
The CPA takes reasonable efforts to ensure that any personal information in its possession is accurate, current and complete as is necessary for the purposes for which the information is to be used, as set out in this Policy. We count on you to keep your personal information current, and you should advise the CPA of any changes to your personal information as and when they occur. Keeping your information accurate and up-to-date enables us to continue to offer you the highest quality service.
If you demonstrate the inaccuracy or incompleteness of personal information, we will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed.
Information contained in files that have been closed is not actively updated or maintained.
Accessing Your Information
You have the right to access all personal information we hold about you. For members, most of your information is available to you through your member portal.
Upon written request and authentication of identity, we will provide you with your personal information under our control, information about the ways in which that information is being used, and a description of the individuals and organizations to whom that information has been disclosed.
We may charge a fee for providing information in response to an access request and will provide an estimate of any such fee upon receiving an access to information request. We may require a deposit for all or part of the fee.
We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request.
In some situations, we may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purposes of an investigation, disclosure of the information would reveal confidential commercial information that, if disclosed, could harm the competitive position of the CPA, or where we exercise our solicitor’s lien against materials in our files in respect of outstanding accounts. The CPA may also be prevented by law from providing access to certain personal information.
Where an access request is refused, we will notify you in writing, document the reasons for refusal and outline further steps available to you.
If you have questions about our personal Information practices, please reach out to us using the information in the “Contact Us” section below.
Collection of Information Through CPA Website
By accessing and browsing our website, you agree that we may collect, use and share any information we collect about you through our website as described in this Policy.
- Cookies and Other Web Tracking Tools
The CPA uses various web tools including cookies, web beacons, embedded script and tagging on our websites and advertisements, as well as various analytics and marketing services from third parties such as Google.
The web tools may be used for a number of purposes, including, without limitation, to count visitors to our website, to monitor how visitors navigate the website, to determine the date and time of your visit to our website, the documents that you downloaded and the searches you performed, to count how many emails that were sent were actually opened or how many particular articles or links were actually viewed. Web tools will not be used to collect personal information that is not expressly provided by a visitor (for example, the email address associated with an email message).
These web tools help us to better serve visitors by managing our website, diagnosing any technical problems, remembering information about your visits (e.g. login credentials, preferences), improving the content of our website, and communicating with you regarding products and services that may be of interest.
- Social Media Tracking Pixels and Cookies
We may also use social media cookies embedded on our website to communicate with our visitors who are registered users of certain social media platforms (e.g. Facebook, Instagram, Twitter, LinkedIn, YouTube, Pinterest, SnapChat, WeChat, etc.). We use web data, including email addresses and other personal information expressly provided, to create custom audiences by retargeting advertising to visitors and similar social media users of these platforms in order to deliver more useful and relevant content. The use of Social Media by the CPA adheres to the policies sent forth by each social media platform.
All data matching takes place using secure one-way hash functions, such that no personal information of our visitors is provided to the social media platforms if the visitor is not already registered with the social media platform.
- Digital Marketing
From time to time, we may engage in digital marketing campaigns. These efforts may include using social media platforms to promote goods and services. You consent to us using your personal information to serve advertisements and other announcements. When we do so, we follow the protocols and procedures established by service providers such as the Google Display Network and other leading advertising exchange platforms. You consent to us working with digital media channels in this manner.
We may also track your activity on other websites or social media platforms that you visit after leaving the CPA website for the purposes of delivering advertising campaigns that may be of interest to you.
- Links to Other Websites
- Withdrawing Your Consent to Cookies
If you wish to withdraw your consent to cookies, you should review the help documentation for your web browser software to decline or selectively decline cookies by adjusting the setting on your browser. Declining cookies may adversely impact website performance.
For information on how you may withdraw your consent to the collection of information by the CPA, please see the “Your Privacy Choices” section below.
Customers from Outside Canada
The CPA is a Canadian not-for-profit organization and our membership consists primarily of Canadian payroll professionals. We realize that we do have members outside Canada and that our website may be accessed by Customers from around the world for membership, education and information purposes.
The CPA is subject to and complies with Canada’s Federal Privacy legislation, known as the Personal Information and Protection of Electronic Documents Act (PIPEDA).
If you are located in the European Union (EU), you should know first of all that, as a result of the comprehensive privacy protections provided to data subjects under PIPEDA, personal data flow from the EU to Canada has been approved by the adequacy decision of the European Commission under its European Directive. While the CPA is not directly subject to the General Data Protection Regulation (GDPR), most of the rights granted to you under the GDPR are substantially similar to those granted to data subjects under PIPEDA, including the right to request access to, correct, amend, delete, or limit the use of your personal data. Please refer to the “Accuracy of Your Information” and “Access to Your Information” sections above for further information.
If you have any questions about our personal information practices, please reach out to us using the information below in the “Contact Us” section.
Your Privacy Choices
You can withdraw your consent to various aspects of our collection, use or sharing of your personal information at any time upon giving us reasonable notice, subject to legal, business or contractual requirements.
- Consent to Collection
As indicated in the “Information We Collect” section above, we limit the collection of personal information to that which is necessary and required to provide you with our products and services and carry out the purposes set out in the “Use of Information” section above. As such, withdrawal of consent to collection of required personal information may result in our inability to provide services for which that information is necessary. If we ask for additional information, we will clearly indicate that it is optional for you to provide that information, and if you do provide it, you are free to withdraw your consent at any time, and such information will be deleted.
- Consent to Use
You may withdraw your consent to certain uses of your personal information as set out below:
- Sending of Payroll Related Resources and Information
A key benefit of your membership in the CPA is receiving information on products and services that are of interest to payroll professionals, such as legislative updates, professional development programs, and other payroll-related services.
Consent to receiving this information is optional and you can decide to withdraw it at any time by contacting us directly or through our website. The option is set out in our membership application, and update and registration forms. In the event that you do not check the option provided to you on such forms, the submission of the form to the CPA constitutes your consent to receive such information.
- Marketing of Products and Services of the CPA
The CPA may also offer and market to Customers products or services of the CPA that it believes will be of interest from time to time. This includes marketing through various communication methods, including mail, phone, email, and website digital marketing.
Consent to receiving this information is optional and you can decide to withdraw it at any time by contacting us directly or through our website.
- Marketing of Products and Services of the CPA’s Partners
The CPA may also offer and market to Customers products or services of the CPA’s partners that it believes will be of interest from time to time. This includes marketing through various communication methods, including mail, email, website and digital marketing.
Consent to receiving this information is optional and you can decide to withdraw it at any time by contacting us directly or through our website. You should note that all marketing of services of the CPA’s partners will be sent to you by the CPA and not the partner, unless your express consent has been obtained from the partner to market directly to you.
If you withdraw your consent to optional communications, information or marketing, we retain the ability to contact you regarding important legislative updates, association governance, and membership-related communications, such as renewal notices, etc.
- Consent to Sharing
Upon receipt of notice of withdrawal of consent, we will inform you of the likely consequences of the withdrawal of consent, which may include our inability to provide services for which that information is necessary.
Attn: Privacy Officer
The Canadian Payroll Association
1600 – 250 Bloor Street East
Toronto, ON M4W 1E6
Tel: (416) 487-3380
Toll Free: 1-800-387-4693
Fax: (416) 487-3384
If we are unable to resolve your concerns to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada during business hours at 1-800-282-1376, or at https://www.priv.gc.ca/en/ , or by writing to:
The Privacy Commissioner of Canada
30 Victoria Street