Privacy Policy
CANARIE is committed to protecting the privacy of individuals and to safeguarding personal information under its control. This Privacy Policy describes how CANARIE collects, uses, discloses, retains, and protects personal information.
This Policy applies broadly to personal information collected by CANARIE in connection with our:
- Programs and services including related processes and activities
- Websites, portals, platforms, and digital services
- Events, working groups, and collaboration environments
- Communications and engagement
- Operational, security, audit, and compliance activities
This Policy applies to all personal information in any form, including electronic, paper, and other recorded formats.
Governing Principles
CANARIE’s privacy practices are based on the Canadian Standards Association Model Code for the Protection of Personal Information, which forms the foundation of the Personal Information Protection and Electronic Documents Act (PIPEDA).
The following principles guide CANARIE’s handling of personal information:
- Accountability
- Identifying Purposes
- Consent
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Accuracy
- Safeguards
- Openness
- Individual Access
- Challenging Compliance
Accountability
CANARIE is responsible for personal information under its control. CANARIE has designated its Director, Legal Affairs as Privacy Officer, who is accountable for compliance with this Policy and applicable privacy laws.
CANARIE employees, contractors, and service providers with access to personal information are required to comply with this Policy and with applicable confidentiality and security obligations.
Identifying Purposes for Collection
CANARIE collects personal information only for purposes that are reasonable and appropriate in the circumstances. Purposes for collection are identified at or before the time of collection, or as soon as practicable.
Depending on the context, CANARIE may collect personal information for purposes that include, but are not limited to:
- Operating secure websites, portals, platforms, and collaboration tools
- Authenticating users and managing access permissions
- Facilitating participation in initiatives, communities, and events
- Evaluating eligibility, participation, and outcomes
- Communications
- Monitoring usage, auditing activity, and investigating misuse or incidents
- Meeting legal, regulatory, and contractual obligations
- Planning, reporting, evaluation, and continuous improvement
Types of Personal Information Collected
The personal information CANARIE collects varies depending on the program, service, or interaction. It may include, for example:
- Identification and contact information, such as name, work email address, phone number, and organizational affiliation
- Professional information, such as role, title, department, or area of expertise
- Account and access information, including usernames, roles, permissions, and authentication details
- Participation and collaboration data, such as membership in working groups, mailing lists, or collaboration channels
- Operational and activity data, including timestamps, resource access records, file interactions, and system logs associated with identifiable users
- Application and program‑related information, including information provided in funding or participation applications
- Communications, including correspondence sent to or from CANARIE
- Voluntarily provided information, such as survey responses or feedback
CANARIE does not knowingly collect more personal information than is necessary to fulfill the identified purposes.
Consent
Knowledge and consent are required for the collection, use, or disclosure of personal information, except where consent is not required or is otherwise permitted by law.
Consent may be obtained in writing, electronically, orally, or may be implied, depending on the nature of the information and the context in which it is collected.
Where personal information is collected in connection with participation in a CANARIE program, service, or platform, continued participation may constitute implied consent for uses that are consistent with the identified purposes.
Use and Disclosure of Personal Information
CANARIE uses and discloses personal information only for the purposes for which it was collected, except:
- With the consent of the individual
- Where required or permitted by law
- Where necessary to protect the security or integrity of CANARIE systems or services
Personal information may be disclosed internally to CANARIE employees, officers, or contractors on a need‑to‑know basis.
Personal information may also be disclosed to third‑party service providers that perform services on CANARIE’s behalf (such as hosting, analytics, or technical support), subject to contractual safeguards that protect confidentiality and limit use.
CANARIE may publish or disseminate limited information about programs or initiatives (for example, names and affiliations of project leaders or participants) where such disclosure is consistent with program objectives and expectations.
Websites, Portals, and Digital Services
CANARIE operates websites and digital services that may collect personal information and technical data, including through cookies and similar technologies.
CANARIE may collect anonymized or aggregated usage data to understand how its services are used, improve functionality, and enhance user experience. Where identifiable information is collected through digital services, it is treated as personal information under this Policy.
Retention of Personal Information
CANARIE retains personal information only for as long as necessary to fulfill the purposes for which it was collected and to meet legal, regulatory, audit, and operational requirements.
Retention periods are determined based on:
- The purpose and sensitivity of the information
- Legal and contractual obligations
- Audit and accountability requirements
- Operational and security needs
When personal information is no longer required, CANARIE will take appropriate measures to ensure that throughout the disposal and destruction of such records, confidentiality or personal information is maintained.
Accuracy
CANARIE makes reasonable efforts to ensure that personal information is accurate, complete, and up‑to‑date for the purposes for which it is used.
Individuals may request corrections to factual inaccuracies, and CANARIE will correct such information upon receipt of satisfactory evidence.
Safeguards
CANARIE protects personal information through physical, organizational, and technical safeguards appropriate to the sensitivity of the information.
These safeguards may include:
- Access controls and authentication mechanisms
- Encryption and secure system configurations
- Monitoring and logging of system activity
- Confidentiality obligations for employees and contractors
- Secure disposal and destruction practices
Openness
CANARIE makes information about its privacy practices readily available and will provide additional details upon request.
Individual Access
Individuals may request access to their personal information held by CANARIE and may request information about how it has been used or disclosed.
CANARIE will respond to access requests in accordance with applicable law. Reasonable costs may apply in limited circumstances. CANARIE may refuse access where permitted by law, including where disclosure would reveal personal information about another individual or is subject to legal privilege.
Requests for Access; Questions, Concerns; Withdrawal of Consent
Individuals may request access to their information, address any questions or concerns regarding their personal information or change or withdraw their consent to CANARIE’s use of their information, in accordance with this policy by contacting CANARIE’s Privacy Officer.
By mail to:
CANARIE Inc.
45 O’Connor Street, Suite 1150
Ottawa, Ontario
K1P 1A4
By telephone: 613-943-5454
By email: [email protected]