Privacy Policy

Overview

The protection of personal information is important to the Canadian Construction Association (CCA). The CCA is committed to maintaining the accuracy, security and privacy of personal information in accordance with applicable legislation. This CCA Privacy Policy is a statement of principles and guidelines concerning the protection of personal information of our customers, service providers and other individuals (“you”).
Any questions about this policy can be directed to our Privacy Officer, CCA President  Mary Van Buren at tel: (613) 236-9455 ext. 101.

Our employees play an important role in protecting personal information. Our employees are required to adhere to this policy and take all reasonable steps to ensure that personal information is protected from unauthorized access.

Consent

By submitting personal information to the CCA, you agree that we may collect, use and disclose such personal information in accordance with this privacy policy and as permitted or required by law. Subject to legal and contractual requirements, you may refuse or withdraw your consent to certain of the identified purposes at any time by contacting the CCA Privacy Officer. If you refuse or withdraw your consent, the CCA may be unable to provide you or continue to provide you with certain services, programs and/or information which may be of value to you. If you provide the CCA with personal information of another individual, you represent that you have all necessary authority and/or have obtained all necessary consents from such person to enable the CCA to collect, use and disclose such personal information for the purposes set forth in this Privacy Policy.

Collection of Personal Information

Canadian privacy legislation defines “personal information” broadly as information about an identifiable individual or as information that allows an individual to be identified. For the purposes of this policy, “personal information” means information about an identifiable individual as defined from time to time in applicable privacy legislation. Generally speaking personal information does not include what is considered business contact information generally found on a business card (i.e. name, title, business number, business fax number, business e-mail address, etc.).

Although the CCA deals commonly with other companies and in those cases does not collect personal information, we also deal with individual customers. We collect the personal information of our individual customers by administering the following:

  1. Registration for CCA’s conferences/meetings
  2. Technical support for CCA’s electronic construction documents

When individual customers register for CCA conferences/meetings we may collect the following types of personal information:

  1. name;
  2. names of family members, if they will be attending a conference/meeting;
  3. home address, telephone number, and fax number;
  4. e-mail address;
  5. dietary requirements; and
  6. credit card information.

Use of Personal Information

The personal information collected by the CCA is used for the following purposes:

  1. to contact the individual for instruction;
  2. to issue invoices, administer accounts, collect and process payments;
  3. to send CCA conference/meeting enrollment confirmation;
  4. to plan and arrange for needs while in attendance at a CCA conference/meeting;
  5. to develop, enhance, market, sell or otherwise provide CCA’s products and services;
  6. to include you on our mailing list for CCA bulletins and event notices;
  7. to comply with any legal or regulatory requirements or provisions;
  8. for any other purpose to which you consent.

We only collect personal information directly from the individual except when we have the individual’s consent to collect information from elsewhere or are permitted by law to collect it without the individual’s consent.

We use an individual’s personal information strictly for the purposes outlined above. If we need to use the personal information for any other purpose, we will contact the individual and obtain consent prior to that use.

Disclosure of Personal Information

From time to time, the CCA may disclose your personal information to:

  • service providers, including an organization or individual retained by CCA to perform functions on its behalf, such as catering, marketing, data processing, printing, mailing, document management, and office services;
  • an organization or individual retained by the CCA to collect debts outstanding on an account;
  • a financial institution, on a confidential basis and solely in connection with negotiating payment of an account to which you have consented; and
  • any third party or parties, where you consent to such disclosure or where disclosure is required or permitted by law.

When we disclose your personal information to third parties, we require such parties to maintain levels of confidentiality and security, in addition to obtaining such third parties’ representation of the implementation of their own privacy policy.

An individual has the right to withdraw consent for our collection, use or disclosure of their personal information at any time. However, if an individual does so it may affect his/her ability to participate in programs and/or receive services provided by the CCA. If an individual wishes to withdraw consent, or has any questions about withdrawing consent, he or she can contact our Privacy Officer.

Business contact information is not protected by this policy. This type of information is not considered to be personal information and may be collected, used and disclosed without consent.

Storage of Personal Information

The CCA has appropriate safeguards in place to protect personal information. The CCA takes all reasonable precautions to ensure that your personal information is kept safe from loss, unauthorized access, modification or disclosure. Among the steps taken to protect your personal information are:

  • premises security;
  • restricted file access to personal information;
  • technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access;
    internal password and security policies;
  • proper training of CCA’s employees in respect of privacy matters.

Accuracy of Personal Information

We try to keep personal information as accurate as possible and individuals can assist us by providing us with updated information when necessary. Information can be updated by contacting CCA Privacy Officer and President Mary Van Buren.

Retention of Personal Information

We only keep personal information for as long as is necessary for the purposes outlined above. This may include keeping the information after a service or program has been completed in order to resolve any problems or concerns that may arise. We are also required by law to maintain certain records for set amounts of time. Once personal information is no longer necessary for a defined purpose, the information will be securely destroyed or anonymized.

Access

Individuals have the right to access the personal information we hold about them. You can access your personal information by making a request to our Privacy Officer. The Officer will provide the necessary forms and assistance to make the request and obtain the information. If you believe that some of the personal information is incorrect you can request that the information be corrected.

The CCA may charge an individual for minimal out-of-pocket expenses in responding to an access request. If we decide that a charge is appropriate we will provide you with a written estimate prior to providing access. Any concerns with the estimated charge should be directed to our Privacy Officer.

Accountability

We apply our best efforts to protect your privacy. If an individual has any concerns they are free to contact our Privacy Officer. We hope that the Officer will be able to resolve any problems. If concerns are not resolved, the Officer can provide information on making a formal complaint.

Employment Inquiries

If you apply for employment at the CCA, we will require your personal information, as part of our review process. We normally retain information from candidates after a decision has been made, unless you ask us not to retain the information. If we offer you a job, which you accept, the information will be retained in accordance with our privacy procedures for employee records.

Web Site

CCA’s website may contain links to other sites, which are not governed by this privacy policy.

On our website, like most other commercial websites, we may monitor traffic patterns, site usage and related site information in order to optimize our web service. We may provide aggregated information to third parties, but these statistics do not include any identifiable personal information.

We use “cookies” on our website, which are small files containing information about your visit to our website, which makes it easier for you to navigate the website. We use Google Analysis and Feathr, which use cookies and web beacons to remember non-personalized information about what uses have accessed the website, and what a user has done on other pages of the website, or on previous visits to the website.

Amendment of this Privacy Policy

The CCA will from time to time review and revise its privacy practices and this Privacy Policy. In the event of any amendment, an appropriate notice will be posted on CCA’s web site.

Breaches of Security Safeguards

Employees must report actual or suspected breaches of security of personal information

Any employee of CCA who becomes aware of the possible loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of the CCA’s security safeguards must immediately inform the Privacy Officer of a potential breach.

Breach containment and prevention of future breaches

The Privacy Officer will take immediate steps to determine the source of the security breach and undertake any reasonable steps to contain the breach and prevent further breaches.

Determining whether there is a real risk of significant harm

If the Privacy Officer becomes aware of a potential breach of security of personal information, the Privacy Officer will determine whether it is reasonable to believe that there is a real risk of significant harm caused by the breach including bodily harm, humiliation, damage to reputation or relationship, loss of employment, business or professional opportunities, financial loss, identity theft or damage to or loss of property. When making a determination whether there is a real risk of significant harm the Privacy Officer will consider factors such as the sensitivity of the personal information and the probability that the personal information will be misused.

Reporting Breaches

If the Privacy Officer has determined that there is a breach of security of personal information which would reasonably result in a real risk of significant harm, the following action shall be taken:

  • The Privacy Officer is responsible for coordinating the response to the breach and ensuring that all reasonable action is taken to address the breach.
  • The Privacy Officer will notify the Office of the Privacy Commissioner of Canada (the “Privacy Commissioner”) of the breach in the prescribed form and manner as soon as feasible. CCA will also submit any new information that the agency becomes aware of after having made the report.
  • The Privacy Officer will notify any affected individuals of the breach in the prescribed form and manner as soon as feasible.
  • CCA will comply to the greatest extent possible and in a timely manner with any requests, orders, or other instructions from the Privacy Commissioner in order to respond to and address the security breach.
  • CCA will maintain records of every breach of security safeguards for at least 24 months after the breach occurred, and will provide the Privacy Commissioner with access to or a copy of a record of a breach at the request of the Privacy Commissioner.

Contents of report

Any report submitted to the Privacy Commissioner will contain:

  • A description of the circumstances of the breach and the cause of the breach, if known;
  • The date on which or the period during which the breach occurred or if neither is known the approximate period;
  • A description of the personal information that is the subject of the breach to the extent that the information is known;
  • The number of individuals affected by the breach or if unknown the approximate number;
  • A description of the steps that the organization has taken to reduce the risk of harm to affected individuals that could result from the breach or to mitigate that harm;
  • A description of the steps that the organization has taken or intends to take to notify affected individuals of the breach
  • Any other information required by law; and
  • The name and contact information of the Privacy Officer to answer the Privacy Commissioner’s questions about the breach.

Notifications to affected individuals

The Privacy Officer is responsible for ensuring that all individuals for whom the breach creates a real risk of significant harm are notified at the earliest available opportunity, subject to any legal restrictions, in a form of communication that a reasonable person would consider appropriate in the circumstances.  Notifications shall contain sufficient information to allow the individual to understand the significance to them of the breach, including:

  • A description of the circumstances of the breach;
  • The date on which or period during which the breach occurred or if neither is known the approximate period;
  • A description of the personal information that is the subject of the breach to the extent that the information is known;
  • A description of the steps that the organization has taken to reduce the risk of harm that could result from the breach;
  • A description of the steps that affected individuals could take to reduce the risk of harm that could result from the breach or to mitigate that harm;
  • Contact information that the affected individual can use to obtain further information about the breach; and
  • Any other information required by law.

The notice shall be conspicuous and given directly or indirectly to the individual in the prescribed form and manner as legislatively required as the situation dictates.

In addition to the individuals affected by the breach, CCA may notify other parties of the breach or disclose personal information relating to the breach, subject to the following guidelines:

  • CCA will notify other organizations, government institutions, or parts of government institutions if CCA believes that doing so can reduce or mitigate the harm from the breach.
  • CCA may disclose personal information without the knowledge or consent of the individual if:
  • The disclosure is made to the other organization, the government institution, or the part of a government institution that was notified under the breach; and
  • The disclosure is made solely for the purpose of reducing the risk of harm to the individual that could result from the breach or mitigating that harm.

Rights of European Union users

If you are using our site from the European Union, you have the rights, among others, to:

  1. access your personal data
  2. ensure the accuracy of your personal data
  3. the right to have us delete your personal data in some circumstances
  4. the right to restrict further processing of your personal data in some circumstances
  5. the right to object to processing of your personal data
  6. the right to complain to a supervisory authority, in the event that data is misused
  7. the right to have your data transferred to another data processor

You may exercise any of your rights in relation to your personal data by written notice to us addressed to our Privacy Officer.

Contact Information

The CCA has appointed CCA President Mary Van Buren in our Ottawa office as Privacy Officer to oversee compliance with this Privacy Policy and applicable privacy laws. For information on CCA’s privacy practices, please contact our Privacy Officer at:

Canadian Construction Association
Privacy Officer
300-250 Albert Street
Ottawa, ON K1P 6M1
Email: Mary Van Buren
Tel: (613) 236-9455 ext. 101