Latest update: April 2023
Chartered Professional Accountants of Canada (“CPA Canada”) is a not-for-profit national accounting organization whose mission is to enhance the influence, relevance and value of the accounting profession by acting in the public interest, supporting the Chartered Professional Accountants (“CPAs”) who are members of CPA Canada (our “Members”), and contributing to economic and social development.
Attention: Senior Privacy Compliance Officer
277 Wellington Street
Toronto, Ontario M5V 3H2
- What is personal data?
- What personal data do we collect about you, and for what purposes?
- How can you unsubscribe from our communications?
- Do we share personal data with third parties?
- How do we protect your personal data?
- Where do we store your personal data?
- How long do we retain your personal data?
- What are your personal data rights?
- visit our websites: cpacanada.ca, knotia.ca, CPAStore.ca, international.cpacanada.ca, education.cpacanada.ca, conferences.cpacanada.ca (and related conference sites), foresight.cpacanada.ca, indepth.cpacanada.ca, frascanada.ca, connect.frascanada.ca and any websites which we operate from time to time;
- submit your personal data for an employment opportunity or join our talent community;
- subscribe to, use or access our online services;
- purchase our products or services online;
- register for conferences, educational activities and events which we organize;
- download resources from our websites, such as research papers and audio sessions; and
- otherwise interact with us (together, our “Services”).
2. WHAT IS PERSONAL DATA?
3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU, AND FOR WHAT PURPOSES?
We collect personal data to administer your CPA Canada membership, to provide you with access to the Services, to secure and manage our Services, to obtain analytics, to process job applications and to conduct marketing regarding our Services. We also collect personal data when you purchase our products and services.
Below are categories of personal data collected by CPA Canada, along with explanations as to why that personal data is collected, and how we use it. If you have more questions, do not hesitate to reach out to us at [email protected].
- CPA Canada Member and Candidate Data
Examples: Identification data, contact information, professional information, membership status, affiliation data, and financial information regarding the payments of membership fees.
On behalf of CPA Canada, and with the consent of the individual, provincial and territorial CPA Partners collect personal and professional information about each Member and each candidate for membership (“Candidate”), including their name, address, email, year of birth, gender, language preference, employer as well as their Member/Candidate ID number, membership status, provincial/territorial affiliation and date. If you are a Candidate or a Member, we collect this information to create a Member/Candidate profile so as to:
- register you as a Member or Candidate of CPA Canada, and update your information;
- administer your membership in CPA Canada, collect membership fees, provide you with member benefits and communicate membership-related information;
- deliver our financial literacy program;
- promote our products, programs and services;
- send you our Pivot Magazine as well as electronic newsletters that may be of interest to you or to which you have subscribed;
- manage graduate certification and awards recognitions;
- deliver career and professional development activities, such as events, conferences, webinars, online and in-person learning, as well as education/certification programs;
- conduct statistical analysis by way of surveys and polls, which allows us to better understand the CPA professional landscape, to better serve our Members and Candidates, while developing the programs, products and services that respond to your professional needs; and
- conduct interest-based advertising (find more information).
- Accounts Registration Data
Examples: E-mail address, passwords, website usage data
If you decide to create an account on our websites to access our online Services, or if you otherwise register for our Services, such as for participating in educational events or for purchasing our products and services, we collect the information that you share with us to create this account or to register you. We use this information to administer your accounts and registrations, and the corresponding Services, and to send you communications from time to time. Learn how to unsubscribe to our communications.
- Research and Community Engagement Data
Examples: Responses to surveys, forms, and questionnaires
From time to time, CPA Canada may engage in research and community engagement activities. Notably, CPA Canada administers Foresight, an online engagement platform regarding the future of the profession and available at foresight.cpacanada.ca, and the Financial Reporting and Assurance Standards engagement platform available at connect.frascanada.ca. These platforms provide you with opportunities to share your opinions and ideas with CPA Canada on these matters using engagement tools, such as surveys, forms, and questionnaires.
We use this information to prepare research and community studies, generate professional development activities, improve our Services (such as by providing new benefits to Members) and engage into a conversation with stakeholders on the profession. We do not sell or resell your personal data as part of the Research and Community Engagement Data. We may aggregate and anonymize the personal data that you provide through these platforms and similar research and community engagement activities, including as part of our paid products.
Examples: Continuing education credits, completed courses, registered courses, exam results
For Candidates enrolled with our online course curriculum and/or with our Education Exam Administration program (education.cpacanada.ca), CPA Canada collects the list of courses which is assigned to you, your name, email, provincial candidate number, password and username, your education credentials and transcript information, as well as course and exam results. We collect this information to provide you with our online learning environment and certification program. We share Candidate performance data, exam results and appeals results with CPA Canada Partners.
Examples: Purchased items, credit card information, delivery address, transaction history
We collect financial data about you when you make purchases through our Services. This can include the purchase of research, professional and educational material as well as when you register to attend our conferences, events and webinars. To complete your purchase of our products and services and process your credit card information, we use a PCI-DSS compliant third-party payment processor: Chase. If you pay online, you pay through a secured digital portal directly into Chase’s environment, and we cannot see your full credit card numbers and your CVV. We collect information about your purchase history with us, and whether Members’ fees have been paid.
Examples: Contact information, marketing preferences, transaction history, cookies, browsing habits.
We collect Marketing Data to market our products and services, including to provide you with personalized and tailored content based on your preferences. For instance, we may provide you with suggestions for professional activities or news articles based on your past purchases.
- Volunteer Management Program Data
Examples: Identification data, contact information, professional information, membership status, responses to surveys, forms, and questionnaires
We collect personal and professional information about CPA Canada volunteers, including their name, address, email, year of birth, gender, language preference, and employer to create Member and/or Non-Member profiles so as to:
- register you as a volunteer of CPA Canada, and update your information;
- communicate volunteer-related information;
- deliver our Volunteer Management program;
- deliver training activities, such as online and in-person learning, webinars, conferences and events; and
- manage recognition activities. Contact information, including name, professional designations, tenure, and committee(s) served may be disclosed to third parties, as reasonably appropriate to facilitate the Program.
We may also use this information to prepare research and community studies, and conduct statistical analysis to better understand volunteer activities, develop programs and improve our Services. We do not sell or resell your personal data as part of the Research and Community Engagement Data. We may aggregate and anonymize the personal data collected for these purposes.
- Usage Information and Technical Log Data
Examples: Technical logs, IP address, browser type and configuration, operating system, number of visitors, pages viewed, length of visits, geographical location, language preferences and device information
We collect Usage Information and Technical Log Data automatically through our websites to allow us to monitor and secure our websites, and to understand traffic within our websites so that we can optimize them and improve our Services.
Examples: Education information, professional experiences, contact information
If you apply for one of our career opportunities, or if you participate in our talent community, we will collect the personal data you share with us, including any attachments and content. We will only use this information for making employment decisions.
Examples: Contact information, messages
If you communicate with us by e-mail, social media, through our websites or otherwise, we will collect the personal data that you share with us to respond to your communication. If the communication should be addressed to the CPA Canada Partner with whom you are affiliated, we may forward your communication to that CPA Canada Partner.
4. HOW CAN YOU UNSUBSCRIBE FROM OUR COMMUNICATIONS?
We provide our Members, Candidates and subscribers with various communications, such as electronic newsletters. Our Members also receive copies of our Pivot Magazine. You can unsubscribe at any time from such communications by using the link to unsubscribe included in our electronic messages, or you can contact us at [email protected]. You can also unsubscribe to our communications in your Preference Center, accessible from your online account.
5. DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?
We generally identify to whom, and for what purposes, we disclose your personal data, at the time we collect such information from you or otherwise obtain your consent to such disclosure. For example, we may disclose your personal data to:
- CPA Canada Partners
- Payment processors
- Educational programing providers
- Sponsors of events in which you participate
We may also transfer your personal data to service providers that are assisting us in our operations. We ensure that those service providers are subject to appropriate privacy standards.
Examples of our service providers include:
- Hosting/infrastructure/storage providers
- Educational programming providers
- Communications services providers
- Analytical service providers
- Online Engagement service providers
- Membership Management service providers
- Ad conversion tracking and personalized content service providers
We may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to enforce or apply our policies and agreements; (e) to protect our rights, operations or property; (f) to collect amounts owed to us; (g) to allow us to pursue available remedies or limit the damages that we may sustain; (h) to protect the safety of our Members, Candidates, stakeholders, CPA Canada Partners or others; (i) to address, prevent or stop fraud or other activity that we consider to be illegal or unethical; or (j) to address an emergency involving danger of death or serious harm.
6. HOW DO WE PROTECT YOUR PERSONAL DATA?
CPA Canada has adopted reasonable security procedures to help protect your personal data. For example, our cloud-based platform is hosted on Microsoft Azure servers located in Canada, which uses built-in security protections. We use password-protected systems and encryption when necessary, our personnel has been provided training on the protection of privacy and we use contractual agreements with our service providers. Our payment processor, Chase Payment Solutions, is PCI DSS Level 1.
We have implemented physical, organizational, contractual and technological security measures in an effort to protect your personal data from loss or theft, or unauthorized access, use, or disclosure. For example:
- we restrict access to your personal data to those employees or agents who need access for authorized purposes;
- electronic data is protected by technological means, such as firewalls, access controls, and encryption);
- we sensitize our employees and agents to the importance of safeguarding personal data
Like most organizations, we cannot guarantee that our safeguards will always be effective. No method of transmitting information over the Internet or of storing information is completely secure. A breach of security safeguards can result in such risks as phishing and identity theft. In such cases, we act promptly to mitigate the risks and to inform you where there is a real risk of significant harm, or as otherwise required by law.
We may also require you to assist us to safeguard your personal data. For instance, if you use an account on our website, you should use unique and strong passwords, not share your passwords with others, and promptly alert us if you believe your password has been compromised. You should only connect to our website via a safe network.
7. WHERE DO WE STORE YOUR PERSONAL DATA?
Generally, we retain your personal data at our head office in Ontario, and in our offices and data centres elsewhere in Canada.
In addition, unless prohibited by law or contracts with our stakeholders, we may rely on service providers who are in the United States who assist us with the Services, in which case your personal data may be stored in or accessed from the United States. In that case, your personal data will be subject to United States laws, and may be subject to disclosure to United States governments, courts or law enforcement or regulatory agencies, pursuant to those laws. Subject to those laws, CPA Canada uses reasonable measures to protect your personal data as it would be protected in Canada. If you would like more information about our policies and practices regarding processing of personal data outside of Canada, please send us an email at [email protected].
8. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We retain your personal data for as long as required for the purpose for which it was collected, or longer if we are required or permitted to do so under applicable laws.
We retain your online account data for as long as this account exists in our databases. You can request the deletion of your personal information by e-mail at [email protected]. We will endeavour to accommodate your request, subject to legal requirements.
9. WHAT ARE YOUR PERSONAL DATA RIGHTS?
The law provides you with rights regarding your personal data. These rights may change depending on where you are located, and they may not apply to all types of personal data. Most individuals have the right to access their personal data, the right to withdraw their consent to the use and disclosure of their personal data, and the right to request corrections to their personal data under certain circumstances, such as if the personal data is inaccurate or outdated.
In some cases, withdrawal of your consent may mean that we will no longer be able to provide you with our Services.
If you want to exercise your rights, or if you have a question or complaint about how we collect, use, or disclose your personal data, you can communicate with us by email at [email protected] or by writing to us at:
Attention: Senior Privacy Compliance Officer
277 Wellington Street
Toronto, Ontario M5V 3H2
Generally, our Senior Privacy Compliance Officer will address your inquiry within 30 days unless we extend that time limit because of the nature of your request (in compliance with applicable laws). We will try our best to respond to your request without charging you any fees, but if your request involves significant costs for us (such as printing or transcript costs), then we may invoice you these fees, after you have approved them. We may also need you to share personal data to enable us to confirm your identity prior to responding to your inquiry.
We will try to help you, and if we cannot respond to your inquiry or if we must reject your request, we will notify you in writing and explain our decision. If you do not agree with how we handled your inquiry or request, please let us know. Otherwise, you can also contact your privacy and data protection regulator. Below is the contact information for the Office of the Privacy Commissioner of Canada:
Attention: Office of the Privacy Commissioner
30 Victoria Street
Gatineau, Québec K1A 1H3