Privacy Policy

CFAPSSC is a private for-profit organization whose purpose is to bring people together: International Students with Local Students and Educational Institutions; International Workers and Job Seekers with Local Employers; International Entrepreneurs with Local businesspeople and organizations; and so forth.

By doing so, CFAPSSC helps International Students, Workers, Businesses, Entrepreneurs and Employers to connect with local and international markets, institutions, organizations, communities, and opportunities. These connections -in turn- support, develop, and diversify local economies while helping to improve the lives of all involved.

CFAPSSC delivers a range of services to its Clients in several business lines. Depending on the service you want to receive as a Client, we may need to share your personal information with one or more parties, as the nature of these services includes collecting personal (or business) information to assess the eligibility of the Client when completing an application, and/or to submit it to authorities of the Government of Canada, officers of Educational Institutions, Employers, and/or other relevant and applicable parties or organizations.

Business Line

Information provided by:

May be shared with, and what for

International Student Mobility

   

·         Application-required personal information

Students (Families in case of minors/underage students)

Educational Institutions

(School Enrollment)

Government Authorities

(Study Visa and Permit Applications)

Landlords or Home Stay families

(for living arrangements only)

·         Student Language Assessments

Student

Educational Institutions

Human Capital Management

   

·         Foreign Worker Recruitment

Employers

(business information)

Government Authorities

(Government Applications)

Workers (for recruitment only)

Workers

Government Authorities

(Visa and Work Permit Applications)

Employers

(limited to need-to-know for recruitment)

Landlords or Home Stay families

(for living arrangements only)

·         Employer-paid Personality, Cognitive, other recruitment assessments (Foreign/Local Workers)

Worker

Employers

·         HR Process Improvement

Employers

Third-Party allies / vendors online platforms

Immigration Services

   

·         Corporate (Government Applications)

Employers, Businesses

Government Authorities (Government Applications)

·         Personal and Family

Individuals (Students, Workers, Investors)

Government Authorities (Government Applications)

Market Development

Individual Investors, Businesses

Those defined by the terms of the written individual agreement between each Investor or Business and CFAPSSC

The Client is the main source of information, but CFAPSSC will also ask to obtain information directly from a third source where the Client does not have the required information.

The table below includes our business lines, Clients that provide us with the information, and who and what for we may need to share information that You provide us with, to deliver the service(s) that you want:

CFAPSSC believes that delivering many of its services using technological tools, websites, online platforms, and cloud computing (whether owned and operated by CFAPSSC or by CFAPSSC’s third-party business allies, suppliers, or vendors) benefits its Clients, adding value and convenience while lowering costs. These technologies allow more responsiveness, effectiveness and efficiency in service delivery using private or public networks.

This Privacy Policy does not apply to the extent CFAPSSC processes personal information on behalf of clients for their benefit and under their control (as a “processor”), such as Cloud Services or applications (“apps”). It may apply to collection of information related to authorized users of such services to the extent CFAPSSC processes this information for its own interests (as “controller”).

1.1 The Ten Principles of PIPEDA Summarized:

CFAPSSC’s Privacy Policy follows the 10 Fair Information principles to protect personal information that are set by PIPEDA:

    1. Accountability: organizations are accountable for the personal information they collect, use, retain and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Chief Privacy Officer;
    2. Identifying Purposes: organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes;
    3. Consent: organizations must obtain an Individual’s express or implied consent when they collect, use, or disclose the individual’s personal information;
    4. Limiting Collection: the collection of personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes;
    5. Limiting Use, Disclosure and Retention: personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the Individual consents to the alternative use or disclosure;
    6. Accuracy: organizations are required to keep personal information in active files accurate and up to date;
    7. Safeguards: organizations are to use physical, organizational, and technological safeguards to protect personal information from unauthorized access or disclosure.
    8. Openness: organizations must inform their clients and train their employees about their privacy policies and procedures;
    9. Individual Access: an individual has a right to access personal information held by an organization and to challenge its accuracy if need be; and
    10. Provide Recourse: organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Chief Privacy Officer, and respond promptly to a request or complaint by the individual.

This Privacy Policy applies to CFAPSSC’s Board of Directors, members, employees, and contracted employees. CFAPSSC will ensure as well that all third-party service allies and providers sign confidentiality agreements before any transfer of a Client’s personal information in the course of providing the services, consultancy, advice, and other related information and/or services.

1.2  Definitions

Personal information” means any information about an identifiable individual. It includes, without limitation, information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Passport Number, Social Insurance Number, date of birth, marital status, education, employment health history, assessments scores, assets, liabilities, payment records, credit records, loan records, income and information relating to proof of funds, financial transactions, as well as others.

Business information” means business name, business address, business telephone number, name(s) of owner(s), officer(s) and director(s), job titles, business registration numbers (HST, GST, RST, source deductions), and/or financial status. Although business information is not subject to PIPEDA, confidentiality of business information will be treated with the same security measures by CFAPSSC staff, members, and Board members, as is required for individual personal information under PIPEDA, and -when applicable- as per the terms of a confidentiality agreement between CFAPSSC and the business supplying the information.

“Client” means the individual person or the business that wants to acquire a service from CFAPSSC, including applying for or having been approved for employment, studies, or immigration programs;

“Individual” means a Client that is an individual person, or -in the case of businesses- the client’s owner(s) or shareholders, co-signors, and/or any guarantor associated with a Client.

“Member” means a person who has effectively acquired a membership from CFAPSSC.

Application” means the application form or related forms completed, as well as the necessary supporting documents submitted, by a Client to request a service through CFAPSSC (such as enrollment in an educational institution, or application for a Temporary Visa or Permit, or for a Government authorization to Employers, or others).

“Data base” means the list of names, addresses, e-mails, telephone numbers and personal or business information of Clients held by CFAPSSC in the forms of, but not limited to, computer files, paper files, and files on computer hard drives or servers.

File” means the information collected in the course of processing an application, as well as information collected/updated to maintain /service the Client.

Express consent” means the individual explicitly provides consent (electronically or physically) authorizing CFAPSSC to collect, use, and disclose the individual’s personal information according to this policy and, when applicable, for the purposes set out in the application and/or forms part of an application, or other forms containing personal information.

Implied Consent” means the organization may assume that the Client consents to the information being used, retained, and disclosed for the original purposes, unless notified otherwise by the Client.

“Third Party” means a person or company that provides services to CFAPSSC supporting the programs, benefits, and other services offered by CFAPSSC as well as persons with whom the individual or Client does business but does not include any Government office or department to whom CFAPSSC reports in the delivery of such programs, benefits, or services.

2.0 Purposes of Collecting Personal Information

Personal information is collected to assess the eligibility of the Client completing an application. The Client is the main source of information, but CFAPSSC may also ask to obtain information directly from a third source where the Client does not have the required information.

Only that information which is required to determine a Client’s eligibility will be collected. Although the individual’s Social Insurance Number may be requested in the application for confirming identification of the Client, provision of this personal information is optional. The individual may provide alternative forms of identification, such as passport, date of birth, and driver’s license number.

3.0 Consent

A Client’s express consent will be obtained before or at the time of collecting personal information. The purposes for the collection, use or disclosure of the personal information will be provided to the Client at the time of seeking his or her consent.

Once consent is obtained from the Client to use his or her information for those purposes, CFAPSSC has the Client’s implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.

By signing (electronically or physically) the application and/or other forms, implied consent is granted by the Client to obtain and/or to verify information from third parties, where applicable, in the process of assessing the eligibility of a Client. Implied consent is also granted by the individual to permit CFAPSSC to report or otherwise disclose information to Government authorities when mandated to do so by law or a court order.

A Client can choose not to provide some or all of the personal information at any time, but if CFAPSSC is unable to collect sufficient information to validate the request for service, the Client’s application for such service may be turned down.

A Client can withdraw consent to CFAPSSC’s use of personal information at any time before the application being approved, by making such request in writing using the form provided here.

Once an application has been approved, a Client cannot withdraw consent authorizing CFAPSSC to use and disclose the personal information for the purposes set out in this Privacy Policy. Express consent will be obtained from the Client before disclosing the Client’s personal information to any other third parties not mentioned here.

This Privacy Policy does not cover statistical data from which the identity of individuals cannot be determined. CFAPSSC retains the right to use and disclose statistical data as it determines appropriate.

4.0 Limiting Collection

Personal information collected will be limited to the purposes set out in this Privacy Policy, CFAPSSC applications, and/or other forms.

5.0  Limiting Use, Disclosure and Retention

5.1  Use of Personal Information

Personal information will be used for only those purposes to which the Client has consented with the following exceptions, as permitted under PIPEDA. CFAPSSC will use personal information without the individual’s consent, where:

  • the organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial, or foreign law and the information is used for that investigation;
  • an emergency exists that threatens an individual’s life, health, or security;
  • the information is for statistical study or research;
  • the information is publicly available;
  • the use is clearly in the individual’s interest, and consent is not available in a timely way;
  • knowledge and consent would compromise the availability or accuracy of the information, and
  • collection is required to investigate a breach of an agreement.

5.2  Disclosure and Transfer of Personal Information

Personal information will be disclosed to only those CFAPSSC employees, members of CFAPSSC committees, and the Board of Directors that need to know the information for the purposes of their work or making an assessment as to the individual’s eligibility to a program.

Personal information will be disclosed to third parties with the individual’s knowledge and consent. PIPEDA permits CFAPSSC to disclose personal information to third parties, without an individual’s knowledge and consent, to:

  • a lawyer representing CFAPSSC;
  • collect a debt owed to CFAPSSC by the Client;
  • comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
  • a law enforcement agency in the process of a civil or criminal investigation;
  • a government agency or department requesting the information; or,
  • as required by law.

PIPEDA permits CFAPSSC to transfer personal information to a third party, without the individual’s knowledge or consent, if the transfer is simply for processing purposes and the third party only uses the information for the purposes for which it was transferred. CFAPSSC will ensure, by contractual or other means, that the third party protects the information and uses it only for the purposes for which it was transferred.

5.3  Retention of Personal Information

Personal information will be retained in Client files as long as the file is active and for such periods of time as may be prescribed by applicable laws and regulations.

A file shall remain active if the proper party (Government, Educational Institution, Landlord or Home Stay family, for example) rejects a Client’s application, but the Client wishes to pursue other application(s), or when the Client’s application is approved by the proper party.

The information contained in an active file will be retained as long as the file remains active, or for a period of seven (7) years from the last rejection, or as long as required by applicable laws and regulations when a Client’s application has been approved.

If a Client’s application is rejected by the proper party (for example, Government, Educational Institution, Landlord or Home Stay family) and the Client does not wish to pursue other application(s), the file will be deemed inactive. Where an application has been rejected, the file and all personal information contained in the inactive file will be retained for a period of two (2) years.

6.0 Accuracy

CFAPSSC endeavors to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current, and complete as is necessary to fulfil the purposes for which the information has been collected, used, retained, and disclosed. Individuals are requested to notify CFAPSSC of any change in personal or business information. Information contained in inactive files is not updated.

7.0 Safeguards

CFAPSSC will use physical, organizational, and technological measures to safeguard personal information and share it only with those CFAPSSC employees, volunteers, or third parties who need to know this information for the purposes set out in this Privacy Policy.

Organizational Safeguards: Access to personal information will be limited to the Managing Director, Privacy Officer, the Administration Officer(s), the Education Consultants, and/or the Immigration Consultants who have a need to know and/or who have to decide as to the individual’s eligibility for an application, a program, or a transaction.

Personal information provided to staff members of CFAPSSC will be limited only to that information required to carry out the mandate of each staff member. CFAPSSC staff is not permitted to copy or retain any Client’s personal information and must return for destruction, or destroy, all such information given to them to review, once the purpose for being provided with this information has been fulfilled.

Employees and members of CFAPSSC staff are required to sign a confidentiality agreement binding them to maintain the confidentiality of all personal information to which they have access.

Physical Safeguards: Active files are stored in locked filing cabinets when not in use. Access to work areas where active files may be in use is restricted to CFAPSSC employees only and authorized third parties. All inactive files or personal information no longer required are shredded before disposal to prevent inadvertent disclosure to unauthorized persons.

Technological Safeguards: Personal information contained in CFAPSSC computers and electronic databases are password protected in accordance with CFAPSSC’s internal Information Security PolicyAccess to any of the CFAPSSC’s computers also is password protected. CFAPSSC’s Internet router or server has firewall protection sufficient to protect personal and confidential business information against virus attacks and “sniffer” software arising from Internet activity. Personal information is not transferred to volunteers, the Board of Directors, or third parties by e-mail or other electronic form.

8.0 Openness

CFAPSSC will endeavor to make its privacy policies and procedures known to the individual via this Privacy Policy, as well as the CFAPSSC Privacy Statement in this website.

9.0 Individual Access

A Client who wishes to review or verify what personal information is held by CFAPSSC, or to whom the information has been disclosed (as permitted by the Act), may make the request for access, in writing and using the form available here, to CFAPSSC’s Privacy Officer. Upon verification of the individual’s identity, the Privacy Officer will respond within 30 days.

If the Client finds that the information held by CFAPSSC is inaccurate or incomplete, upon the Client providing documentary evidence to verify the correct information, CFAPSSC will promptly make the required changes to the Client’s active file(s).

10.0 Complaints/Recourse

If an individual has a concern about CFAPSSC’s personal information handling practices, a complaint, in writing and using the form available here, may be directed to CFAPSSC’s Chief Privacy Officer.

Upon verification of the Client’s identity, CFAPSSC’s Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the Client.

Where CFAPSSC’s Privacy Officer determines that the Client’s complaint is well-founded, the Privacy Officer will take the necessary steps to correct the offending information handling practice and/or revise CFAPSSC’s privacy policies and procedures.

Where CFAPSSC’s Privacy Officer determines that the Client’s complaint is not well-founded, the Client will be notified in writing. If the Client is dissatisfied with the finding and corresponding action taken by CFAPSSC’s Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner at the address below:

The Privacy Commissioner of Canada                
Website: www.priv.gc.ca

112 Kent Street, Place de Ville Tower B, 3rd Floor

Ottawa, Ontario K1A 1H3 Toll Free 1-800-282-1376

Email notification@priv.gc.ca

Questions/Access Request/Complaint

Any questions regarding this or any other privacy-related policy of CFAPSSC may be directed to the Privacy Officer. Requests for access to information, or to make a complaint, are to be made in writing using the form available here, or sent to the Privacy Officer at the address below:

Privacy Officer

CFAPSSC Inc. Canada

or

Email address: info@CFAPSSC.ca