CPOI Privacy Policy
In this document, the terms "we" and "our" refers to the Chartered Privacy Officers, Inc. and the terms "you" and "your" refers to the reader.
By accessing and using information from our web site or by sending information to CPOI, you agree to the terms of this privacy policy and to our practices of collecting, using and disclosing your personal information. We may amend our privacy policy from time to time. Such updates may affect our practices of collecting, using and disclosing your personal information.
When you visit our web site without providing your name and contact information, we collect some or all of: time of visit, host name, length of visit, pages visited, arrival pages, exit pages, referring sites or sites from which you came, the site to which you go, user agents (type and version of web browser you used to access the web site), countries, top level domains, IP address and domain you used to access the web site. We use the information to assess usefulness of our site to our visitors, to assess our marketing efforts, and to monitor our web site's performance.
We collect personal information on forms you use to obtain our products and services such as: becoming a member; registering for accreditation courses; taking accreditation tests; registering for conferences, purchasing our publications. The information is used to deliver the requested products and services. The information may also be used to deliver information about products and services relevant to privacy compliance. The information may be disclosed to third parties to facilitate delivery of the products and services.
We communicate with members and product and service purchasers via post, e-mail, telephone, fax and our web site.
We provide a membership directory to members and other purchasers of the directory.
Third parties may purchase advertisements or inserts for delivery in or with our products and services.
We may deliver to you information on behalf of third parties with whom we have a strategic relationship.
When accreditation course registrants register to write a test, we disclose to invigilators personal information about the course participants expected to take the test during the particular invigilation session. This enables the invigilators to verify the identities of the people writing the test.
When accreditation course registrants write a test, we use the test to assess their performance in relation to the course educational objectives to determine their test result and resulting accreditation status.
Information received by us may be entered into a database to help us make use of the information for purposes indicated in this policy.
When we receive inquiries regarding whether particular individuals hold our accreditation, we disclose whether or not the particular individuals hold our accreditation and/or the status of their membership with us. Your consent to the collection, use and disclosure of this information is necessary for accreditation to obtain its objective of providing reliable evidence of the qualifications of those holding our accreditation and preventing those not holding our accreditation from claiming that they do hold our accreditation. Denial or withdrawal of this consent will necessarily result in loss of membership and accreditation.
We use the services of a number of companies. Their privacy policies differ from ours.
Baremetal is the registrar of our domain. They have access to our usage statistics. Their privacy policy is at their website here: www.baremetal.ca
Stormweb is our domain host. They have access to our usage statistics. Their privacy policy is at their website here: www.stormweb.ca
Cookies placed by your browser on your computer are used by one or more of our service providers.
Our web site contains hyper-links to other Internet web sites. We are not responsible for those web sites or your use of them.
Information contained on our web site is copyrighted. The information contained on our web site may not be reproduced, transmitted or disseminated without previously entering a written license agreement with us.
In every sale of goods by us includes a provision reading: "The Vendor and Buyer hereby exclude the application of the United Nations Convention on Contracts for the International Sale of Goods."
Exceptions to our privacy policy may be made for particular types of transactions. When such exceptions are to be made, your consent will be sought prior to your entering the transaction.
By submitting your information to us you consent to the following:
We collect your contact information on our application forms for the following purposes:
To provide you with our certificates of membership and accreditation.
To provide you with our updater publication containing, among other things, summaries and analysis of recent privacy compliance regulatory and judicial decisions, notice of relevant conferences, seminars and courses, information about relevant products and services, and other information we believe you may be interested in receiving to fulfill your responsibilities as a privacy officer.
To contact you regarding your membership and accreditation and renewals.
To identify you and to disclose your Order of Privacy Officers membership and the exam-based CPOI accreditation you hold when we receive requests for confirmation that you are an OPO member or hold a particular exam-based CPOI accreditation.
To update your information as required to facilitate your receipt of your OPO membership benefits.
To contact you to request your permission should a new use or potential disclosure of your information be identified and should we wish to use or disclose your information for the new purpose.
We collect information about what you would like CPOI to do for you for the purpose of providing OPO members with maximum value for their membership fees.
We collect information about your relevant experience and relevant professional development activities for the purpose of assessing and verifying your credentials for our accreditations.
We collect information about invigilators for the purpose of enabling them to receive, invigilate and report to us regarding your accreditation exam.
We collect information about whether your organization is under federal or provincial jurisdiction, the provinces and industries in which your organization's privacy relevant activities occur, whether your organization uses information technology and the size of your organization for the purpose of designing for you an accreditation exam relevant to your responsibilities.
We collect your test answers for distribution to evaluators retained by us for evaluation. Unless you put your personal information inside your test answers, your test answers are made anonymous prior to forwarding to the evaluators so they do not know whose answers they are evaluating.
We use your test results to determine whether we will grant you one of our exam-based accreditations.
The information we collect on paper is kept in our offices.
The information we collect electronically is collected without secure socket layers.
Once the information we collect electronically reaches us we keep it in computers behind a firewall. We may also transfer it to storage equipment. We may also copy it to paper for storage.
When we use the electronic information to communicate with you we do so via the unsecure internet, fax, telephone, courier or post.
Our staff and third parties retained by us to assist us in accomplishing our mission have access to the information we collect.
Your information is disposed of after the latter of three years after you cease being an OPO member and the end of known and recognized legal liabilities (other than those relating to the retention and security of the information) relating to the information.
If you contact CPOI to verify a person's OPO membership and CPOI accreditation, we collect from you your contact information and place it in the relevant member's file and may disclose it to the relevant member.
If you withdraw your consent to any of the above, you may not receive all of your membership benefits.
If you withdraw your consent to our disclosing whether you are an OPO member and what CPOI exam-based accreditation you hold, your membership and accreditation will be cancelled. This is because a fundamental purpose of the accreditation process is to prevent those who do not hold the accreditation from claiming that they do. In order to prevent that, and thereby make the accreditation process meaningful, it is necessary for us to confirm whether you do hold the accreditation when we are asked.
Information collected may be placed in databases, word processing merge documents, and other electronic systems to facilitate the uses described above.
Practices
When a membership application arrives, we send the necessary products and file the application.
When an exam-based accreditation application arrives, we verify the included information, determine the relevant accreditation, confirm it will be acceptable to the applicant, design an accreditation test, send the necessary preparation information to the applicant, coordinate test date with applicant and invigilator, forward the test to the envigilator, and file the application.
When test answers arrive, we copy them, remove the front page identity information from the copy to be sent to the evaluators, forward the anonymous copy to relevant evaluators, receive the evaluator's evaluations, send the relevant revision test or send the license for the relevant accreditation, send payment to the evaluator, when the license is received, license the relevant accreditation to the relevant person, update the member's accreditation information in the member's file.
When a member joins and provides a referrer number, we disclose to the referrer that the member joined unless the member checks a box indicating the member does not want the information disclosed.
When an inquiry about a person's membership status arrives, we obtain the requestor's consent to collect and save and disclose to the member the requestor's information, receive the identity and contact information of the requestor, check the member's file, confirm the membership and accreditation or not, place the requestor's information in the member's file.
When information is sent electronically to members, we send it by e-mail to the e-mail address on record.
When information is sent by post to members, we send it to the postal address on record.
When a request to review a member's personal information is requested, all within 30 days of the request, we locate the file, determine whether there are legal prohibitions on the disclosure, if not, then send a message advising of the cost of satisfying the request. When the payment is received, we purge the personal information of third parties if necessary, copy and send the copied file. If they provide corrected information, update the file accordingly.
If we receive a complaint, we date it, acknowledge receipt immediately, and deal with it within 30 days.
We change our privacy policy from time to time. When we do, our updated policy will be updated here.
If you make a request regarding the existence, use, or disclosure of your personal information, we will advise you of the approximate cost of responding to the request. At that time you may choose whether to withdraw or continue with the request.
To make a request, gain access to your information, or file a complaint, the Chartered Privacy Officers, Inc. Privacy Officer may be contacted via postal address: 766 Community Row, Winnipeg, Manitoba, R3R 1H7.