HOW WE CAN HELP

PRIVACY STATEMENT

BACKGROUND:
Credit Counselling Canada understands that your privacy is important to you and that you care about how your Personal Data is used. We respect and value the privacy of all of our Website users and will only collect and use Personal Data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Credit Counselling Canada is the national association of not-for-profit credit counselling agencies.

This privacy statement (“Privacy Statement”) applies only to www.creditcounsellingcanada.ca (or the “Website”) which is provided by Credit Counselling Canada (also referred to below as “we”, “us”, “our” or “CCC”).

By using our Website and submitting any Personal Data to us, you agree to the use by us of your Personal Data in accordance with the terms of this Privacy Statement.

This Privacy Statement explains how we use your Personal Data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your Personal Data.

What is Personal Data
“Personal Data” is any information that is identifiable with you, as an individual. This information may include, but is not limited, to your mailing address, telephone number, email address, Internet Protocol (“IP”) address, age, gender, marital status, health information, financial status, credit card information and credit history. Personal Data, however, does not include your business title, business address or business telephone number in your capacity as an employee of an organisation.

How we collect your Personal Data
From time to time, you may voluntarily provide us with unsolicited Personal Data (e.g. by providing information through the Website). If you do wish to provide such information for any reason, you consent to us using that information in the ways described in this Privacy Statement or as described at the point where you choose to disclose this information. When providing us with unsolicited information, we ask that you not provide any sensitive information (e.g. Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information) unless you provide us with explicit consent to collect this information from you.

With respect to our Website, we may use cookies, log files and web beacons to collect information regarding the use of the Website. Generally, this information is non-identifiable and would likely not be considered Personal Data.

Web beacons: To gather visitor statistics and manage cookies, we use electronic images called a “single-pixel GIF” or “web beacon.” Web beacons allow our third-party tracking tool Google Analytics to gather information such as the IP address of your computer, the time the material was viewed and the type of Internet browser used to access the page. This information is tracked on the third-party tracking tools’ servers and reported in aggregate to our webmasters. If you are concerned about the use of Web beacons you can turn off your browsers’ cookies. This action will prevent Web beacons from tracking your specific activity; however, the Web beacon may still record a visit from your IP address.

Cookies: A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at:
https://www.google.com/policies/privacy/

If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our Website.

Social Media Platforms: Our Website also includes certain social media features and widgets that run on our Website, including from social media sites such as Instagram, Facebook, Twitter, LinkedIn, YouTube.com, and Google Plus. These features may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the third party social media Website providing such features.

How we use your Personal Data
We use information that we collect about you or that you provide to us, including any Personal Data:
• To present our Website and its contents to you;
• To provide you with information, products, or services that you request from us;
• To market our products and services to visitors;
• To analyse data or metrics about our Website to send more targeted messages to visitors of our Website;
• To conduct research to improve our products and services and Website;
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
• To notify you about changes to our Website or any products or services we offer or provide through it;
• To respond to your inquiries; and
• To fulfil any other purpose for which you provide your information or for any other purpose with your consent.

Security and Transfer of Personal Data
Personal Data provided to us by our clients is primarily stored on cloud servers. However, except where restricted by contractual arrangements or legal requirements applicable to specific clients, we also may leverage the services of select service providers. Personal Data that is “in the cloud” may be stored on multiple servers in a number of locations around the world. Rest assured that we have taken appropriate steps for the protection of Personal Data handled by our service providers. However, information transmitted to other countries may be subject to the laws and lawful disclosure requirements of the jurisdiction(s) where the information is stored. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who need to know such data. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You acknowledge that Persona Data that you submit for publication through our Website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

Sharing Personal Data
We may disclose aggregated information about our Website users, and information that does not identify any individual, without restriction. We do not sell your information to third parties for marketing or advertising purposes.

We may disclose Personal Data that we collect, or you provide as described in this Privacy Statement:
• To contractors, service providers, and other third parties we use to support our business or who provide important services to us;
• To a partner or other successor of our organization in the event of a merger, restructuring, reorganization, dissolution, or other transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, or similar proceeding, in which Personal Data held by us about our Website users is among the assets transferred and which may result in the successor altering the terms of this Privacy Statement or our Terms of Use;
• To fulfil the purpose for which you provide it; and
• For any other purpose disclosed by us when you provide the information.

We may also disclose your Personal Data:
• To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• To enforce or apply our Terms of Use, this Privacy Statement, and other agreements, including for billing and collection purposes;
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our members, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We may send Personal Data outside of the country for the purposes set out above, including for process and storage by service providers in connection with such purposes.

To the extent that any Personal Data is out of the country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.

How long will we keep your Personal Data
We will not keep your Personal Data for any longer than is necessary in light of the reason(s) for which it was first collected.

We make reasonable efforts to retain Personal Data only for so long i) as the information is necessary to comply with an individual’s request, ii) as necessary to comply with legal, regulatory, internal business or policy requirements, or iii) until that person asks that the information be deleted. The period for which data is retained will depend on the specific nature and circumstances under which the information was collected.

Policy on use of Website by minors and children under 13
Our Website is not intended for use by anyone under the age of thirteen (13) years old. No one under age 13 may provide any Personal Data through our Website. We do not knowingly collect Personal Data from children under 13. If you are under 13, do not use or provide any information through our Website or on or through any of its features or register for the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information as soon as it is commercially practicable. If you believe we might have any information from or about a child under 13, please contact us at the contact information below.

Changes to this Privacy Statement
We may change this Privacy Statement from time to time. This may be necessary, for example, if the law changes, or if we change our services in a way that affects Personal Data protection.

Any changes will be made available on our Website under Privacy.
This Privacy Statement was last updated on 19 June 2018.
Your rights with respect to Personal Data we have collected

You have the following rights, which we will always work to uphold:
1. The right to be informed about our collection and use of your Personal Data. This Privacy Statement should tell you everything you need to know, but you can always contact us.
2. The right to access the Personal Data we hold about you.
3. The right to have your Personal Data rectified if any of your Personal Data held by us is inaccurate or incomplete.
4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your Personal Data that we hold.
5. The right to restrict (i.e. prevent) the processing of your Personal Data.
6. The right to object to us using your Personal Data for a particular purpose or purposes.
7. The right to data portability. This means that you can ask us for a copy of your Personal Data held by us to re-use with another service or business in many cases.
For more information about our use of your Personal Data or exercising your rights as outlined above, please contact us.

If you want to know what Personal Data we have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses.

How Do I Contact You?
To contact us about anything to do with your Personal Data and data protection, including to make a subject access request, please use the following details:
Credit Counselling Canada
1600- 401 Bay Street
Toronto, ON
M5H 2Y4
Email: contact@creditcounsellingcanada.ca