SCOPE OF POLICY
This Policy applies to the CFA and any affiliates from time to time in respect of activities that are subject to federal and provincial privacy legislation. This Policy addresses personal information about our members, clients, service providers and other individuals. It does not apply to information collected, used or disclosed with respect to corporate or commercial entities.
This Policy does not apply to the collection, use or disclosure of the following information by the CFA:
business contact information;
publicly available information recognized under applicable privacy legislation;
The CFA is responsible for personal information under its control. We have designated a Privacy Officer who is responsible for the CFA's compliance with this Policy.
Upon or before collecting information, the CFA will state the purpose of collection, unless the purpose is obvious, and will provide, on request, contact information for the Privacy Officer who can answer questions about the collection.
We collect, use and disclose personal information for purposes authorized or required by applicable privacy legislation or other law and for the following purposes:
- to establish and maintain member and supplier relationships;
- to manage and develop our business and operations;
- to detect and protect the CFA, you and others from error, negligence, fraud or other illegal activity, which may include providing information to insurers;
- to authenticate your identity;
- to provide information to anyone working with or for the CFA as needed for the provision of our services;
- to issue invoices, process payments and collect debts owed to the CFA;
- to comply with legal and regulatory requirements.
The above collections, uses and disclosures are a necessary part of your relationship with us.
We may also use your personal information for the following additional purposes:
- to offer you additional or alternative services and we may add it to member lists which we prepare and use for this purpose;
- to provide you with newsletters, bulletins, information about upcoming seminars and other general information about the franchising industry and related topics, and about the CFA;
- to contact you for survey purposes.
If you do not want us to use your personal information for these additional purposes you may at any time by provide written notice to the the CFA Privacy Officer. You will not be refused services merely because you advised the CFA to stop using information in these ways.
Before using or disclosing personal information for a purpose not previously identified, we will identify the new purpose and obtain your consent unless the use or disclosure is authorized or required by law.
We will obtain your consent to collect, use or disclose personal information except where we are authorized or required by law to do so without consent. For example, we may collect, use or disclose personal information without your knowledge or consent where:
- the personal information is publicly available from a prescribed source, such as a telephone directory;
- the CFA is collecting or paying a debt;
- it is reasonable to expect that obtaining consent would compromise an investigation or proceeding.
Your consent can be express, implied or given through an authorized representative such as a lawyer, agent or broker.
You may withdraw consent at any time, subject to legal or contractual restrictions, provided that reasonable notice of withdrawal of consent is given to the CFA. On receipt of notice of withdrawal of consent, we will inform you of the likely consequences of the withdrawal of consent, which may include our inability to provide services for which that information is necessary.
4. LIMITS ON COLLECTION OF PERSONAL INFORMATION
We will not collect personal information indiscriminately and will limit collection of personal information to that which is reasonable and necessary to provide our services and which is reasonable and necessary for the purposes consented to by you. The CFA also collects personal information as authorized or required by law.
5. LIMITS FOR USING, DISCLOSING AND RETAINING PERSONAL INFORMATION
Your personal information will only be used or disclosed for the purposes set out above and as authorized by law.
We will keep personal information used to make a decision affecting an individual for at least one year after using it to make the decision.
We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for legal or business purposes.
We will take due care when destroying personal information so as to prevent unauthorized access to the information.
We will make reasonable efforts to ensure that personal information we collect, use or disclose is accurate and complete. In some cases, we rely on you to ensure that certain information, such as your address or telephone number, is current, complete and accurate.
If you demonstrate the inaccuracy or incompleteness of personal information, we will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed.
When a challenge regarding the accuracy of personal information is not resolved to your satisfaction, we will annotate the personal information under our control with a note that the correction was requested but not made.
7. SAFEGUARDING PERSONAL INFORMATION
The CFA protects the personal information in its custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
The CFA will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by its suppliers and agents who assist in providing products and services to you.
Please note that confidentiality and security are not assured when information is transmitted through e-mail or other electronic communication. We will not be responsible for any loss or damage as a result of a breach of security and/or confidentiality when you transmit information to us by e-mail or other electronic communication or when we transmit such information by such means at your request.
The CFA is open about the policies and procedures it uses to protect your personal information. Information about these policies and procedures will be made available. However, to ensure the integrity of our security procedures and business methods, we do not disclose sensitive information about our policies and procedures.
9. PROVIDING ACCESS
You have a right to access your personal information held by the CFA.
Upon written request and authentication of identity, we will provide you with your personal information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed.
We may charge a reasonable fee for providing information in response to an access request and will provide an estimate of any such fee upon receiving an access to information request. We may require a deposit for all or part of the fee.
We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request.
In some situations, we may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purposes of an investigation, disclosure of the information would reveal confidential commercial information that, if disclosed, could harm the competitive position of the CFA, or where we exercise our solicitor's lien against materials in our files in respect of outstanding accounts. The CFA may also be prevented by law from providing access to certain personal information.
Where an access request is refused, we will notify you in writing, document the reasons for refusal and outline further steps which are available to you.
The CFA will, on request, provide information regarding its complaint procedures.
5399 Eglinton Avenue West, Suite 116
Toronto, Ontario, Canada M9C 5K6