Privacy Policy

Background

The Canadian Foundation for Financial Planning™ (“the Foundation” “our”, “we”, or “us”) understands that privacy is important to you. Integrity is one of our core organizational values and that means we are transparent, trustworthy, and accountable in all we do—including the vigilant protection of your privacy. Learn about privacy practices in this document.

The Research Foundation is an independent registered charity dedicated to improving the lives of Canadians by supporting widespread access to the benefits of financial planning. Our work impacts all Canadians, no matter their financial circumstance.

Through our research, partners, and volunteer financial planning professionals, those who need it most will have improved access to financial planning advice, and the knowledge and skills to feel financially secure and enhance their financial well-being – something every Canadian needs and deserves.

Scope

This Privacy Policy is effective September 25, 2023.

The Canadian Foundation for Financial Planning regularly collects, maintains, and uses Personal Information (as defined below) from donors, funding applicants, volunteers, and users of our website (www.canadianfoundationforfinancialplanning.ca) and any additional subdomains (collectively, the “Site”). The Foundation is committed to preserving and safeguarding the privacy of information it obtains in the course of carrying out its activities. As part of this commitment, the Foundation wants you to be aware of our Personal Information management practices.

This Privacy Policy sets out the way in which the Foundation collects, uses, discloses and protects your Personal Information when you use our Site or otherwise provide, or disclose Personal Information to us. We will only collect, use, transfer, and disclose your Personal Information in accordance with this Privacy Policy. If you do not agree with any terms of this Privacy Policy, please do not use our Site or provide us with any Personal Information. If you do not understand the nature, purpose and consequences of the Foundation collecting, using and disclosing your Personal Information, please do not use our Site or provide us with any Personal Information. You may contact us at the contact information set out below and we will address your questions or concerns.

Accountability

The Foundation is responsible for Personal Information under our possession and control. We have a designated a Privacy Officer who is responsible for our compliance with this Privacy Policy and any applicable privacy legislation. The Foundation will make known, upon request, the name of the Privacy Officer who oversees our compliance with this Privacy Policy.

The Foundation is responsible for Personal Information in its possession or custody, including information that has been transferred to a third party for processing. The Foundation shall use contractual or other means to provide a comparable level of protection while the information is being used by the third party on behalf of the Foundation.

The Foundation shall implement policies and practices to give effect to these principles, including:

  • implementing procedures to protect Personal Information;

  • establishing procedures to receive and respond to complaints and inquiries; and

  • training staff and communicating to staff information about our policies and practices.

Definitions

To better understand this Privacy Policy, the Foundation has set out some basic definitions to use when reading and interpreting it.

  • Collection: the act of gathering, acquiring, recording, or obtaining Personal Information from any source, including third parties, by any means.

  • Consent: voluntary agreement to the collection, use and disclosure of Personal Information for defined purposes. Consent can be either express or implied. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of the Foundation. Implied consent is consent that can reasonably be inferred from the circumstances or from an individual’s action or inaction.

  • Disclosure: making Personal Information available to a third party for that party’s own use.

  • Personal Information: means information, recorded in any form, that identifies an individual or that could be used to identify an individual, but does not include aggregated or depersonalized information that cannot be associated with an individual.

  • Transfer: making Personal Information available to a third party for processing, storage or otherwise, solely to be used on behalf of the Foundation.

  • Use: the treatment, handling, and management of Personal Information by and within the Foundation.

What Personal Information Do We Collect?

We collect your Personal Information when you voluntarily provide it to us in connection with our charitable or other activities. For example, we may collect your Personal Information if you:

  • Make a donation to the Foundation;

  • Submit a Funding Application;

  • Send us a question or comment by email;

  • Contact us by phone or visit our office;

  • Send us your resumé and/or job application;

  • Send us a volunteer application; or

  • Otherwise provide Personal Information through using the features of our Site that ask for Personal Information.

We may also collect your contact information from FP Canada, our affiliated corporation, for the purposes identified in the section entitled “How Do We Use Your Personal Information.”.

Personal information that the Foundation collects includes, but is not limited to:

  • Contact and Application Information: such as your first and last name; address; phone number; email address; administering institution; information contained on your resumé; and education and employment history.

  • Donation and Payment Information: including donation amounts and level and credit card information and banking information (see Payment Information section below for further details).

  • Your Communications: including Personal Information that you provided to us voluntarily.

How Do We Use Your Personal Information?

The Foundation will only use the Personal Information that we collect for the purpose for which it was collected. We use your Personal Information for the following purposes:

  • To identify and contact you when you submit a donation;

  • To respond to your questions that you send us by email or through our Site, or ask over the phone or in-person, whether you are an FP Canada Certificant, donor, volunteer or member of the public;

  • To communicate with you about projects, our charitable activities and other events and programs (you may opt-out of the Foundation mailing list at any time by clicking here);

  • To support Foundation funded research;

  • To process your payments for donations;

  • To contact you about the donation that you have submitted, and to send you, by email or mail, donation related communications;

  • To provide you with any subsequent donation related updates/interest;

  • To communicate with you about your job application or volunteer application or opportunity;

  • To support our business functions such as internal business processes, marketing and advertising;

  • To administer the relationship between you and us establish and maintain relations with you;

  • To enforce our contracts and legal agreements; to meet any legal or regulatory requirements;

  • To comply with applicable laws; and

  • For any other reasonable purposes for which you may have provided your express consent or in which your consent can be reasonably implied.

How Long Will We Retain Your Personal Information?

We retain your Personal Information only for as long as we need it to fulfill the purposes for which it was collected and to comply with our legal obligations.

Consent

We respect your privacy and, unless otherwise required by law, we will not collect, use, or disclose your Personal Information without your prior consent. Your Personal Information will only be used for the purposes for which it was collected or in accordance with applicable laws. From time to time, we may wish to use Personal Information for new or additional purposes, in which case we will obtain your consent for such new purpose(s).

You may expressly give your consent in writing, verbally or through any electronic means. In certain circumstances, your consent may be implied by your actions. For example, providing the Foundation with a donor application is implied consent for FP Canada to use provided Personal Information to process such a donation. The form of consent sought by the Foundation may vary, depending upon the circumstances and type of information disclosed. In determining the appropriate form of consent, the Foundation shall consider the sensitivity of the Personal Information and the reasonable expectations of the individual. The Foundation will seek express consent when the information is likely to be considered sensitive. Implied consent will generally be appropriate where the information is less sensitive.

In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected, but before use (for example, when the Foundation wants to use information for a purpose other than those identified above).

Subject to legal and contractual requirements, you may refuse or withdraw your consent to certain of the purposes identified in this Privacy Policy at any time by contacting us at the contact information set forth below. If you refuse or withdraw your consent, you acknowledge that we may not be able to provide you or continue to provide you with certain services or information which may be of value to you.

Limiting Collection

When collecting Personal Information, the Foundation will limit the collection of Personal Information to that which is necessary to fulfill the purposes identified in this Privacy Policy. The Foundation will be open and transparent about the information that is being collected by communicating the purpose of collection.

Do We Disclose or Transfer Your Personal Information to Others?

The Foundation will maintain the strict confidentiality of all Personal Information collected and will not sell, transfer; or otherwise disclose any of your Personal Information to any third party without your knowledge and consent except for the purposes outlined in this Privacy Policy.

We may share your Personal Information with our service providers that help us with our business operations or to support the Foundation, including:

  • To facilitate donations from donors;

  • With our suppliers responsible for administering marketing and donor activities on our behalf; and

  • With service providers that help with our operations and Site, including, without limitation, for donor services, monitoring and analyzing Site activity, and operating and maintaining the Site. Such service providers and partner companies may only use your Personal Information for the purposes described in this Privacy Policy.

We may share your Personal Information to our affiliated corporation, FP Canada, to support its internal business activities. In addition, we may share Personal Information with our research partners to support our research activities. Only the Foundations’, our affiliates’ and our service provider’s employees with a business need to know, or whose duties reasonably so require, are granted access to Personal Information that we are accountable for. All such employees will be required as a condition of employment to contractually respect the confidentiality of your Personal Information.

We may transfer any information we have about you in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of our business or as part of a corporate reorganization or other change in corporate control.

From time to time we may disclose your Personal Information with third parties under the following limited circumstances:

When necessary to protect our safety, property or other rights, our affiliates, donors and users of the Site, including to detect and prevent fraud;

  • With your consent; or

  • When otherwise required or permitted by law.

We will disclose Personal Information without your knowledge or consent if we receive an order, subpoena, warrant or other legal requirement issued by a court, tribunal, regulator or other person with jurisdiction to compel disclosure of your Personal Information.

Payment Information

When providing payment information with respect to a donation, you may provide the Foundation with a cheque or make an online payment through our Site. Online payments are processed through our third-party provider (Blackbaud eTapestry) (the “Third Party Payment Provider”), on behalf of the Foundation. The Third-Party Payment Provider will collect payment information directly from you, such as your credit card number and expiration date (“Payment Information”) and any other Personal Information necessary to process your payment. The Third Party Payment Provider is PCI compliant, and all your Payment Information will be processed, stored, and transmitted in a secure environment. FP Canada does not store and nor has access to your Payment Information. The processing of online payments is subject to the privacy policy of our Third-Party Payment Provider (see https://www.blackbaud.com/company/privacy-policy/north-america).

Security and Protection of Personal Information

The Foundation protects your Personal Information by security safeguards appropriate to the sensitivity of the information. We maintain technical, physical and administrative security safeguards to protect your Personal Information against loss, theft, misuse and unauthorized access.

The Foundation’s methods of protection include:

  • maintaining your Personal Information in secure data storage to safeguard it from unauthorized access, use or disclosure (any Personal Information you provide to us is exchanged on a secure server);

  • redundant firewalls with Intrusion Detection and Prevention System (IDS/IPS) with Deep Packet Inspection (DPI);

  • hosts installed with Endpoint Detection and Response (EDR) solution for advanced threat detection, investigation and response limiting access of employees and contractors to, and the use of, Personal Information through the use of passwords and graduated levels of clearance and making available Personal Information only on a need-to-know basis;

  • the use of pseudonymization and encryption of Personal Information, where appropriate;

  • measures to ensure the ongoing confidentiality, integrity, availability and resilience of our systems and services;

  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of Personal Information;

  • employees are made aware of security threats and practices at time of onboarding and on an ongoing basis through security awareness training; and

  • ongoing third-party security vulnerability and penetration testing

Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we are committed to protecting your Personal Information, we cannot ensure or warrant the security of any information you provide to us.

Service Providers in Other Countries

As noted above, we may use service providers, data processors and other third parties (“Third Parties”) to perform services on our behalf. These Third Parties may store, process, and transfer Personal Information on servers located outside of Canada in jurisdictions whose data protection laws may differ from those of Canada, such as the United States of America. As a result, Personal Information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to the laws in those jurisdictions. For example, information may be shared in response to valid demands or requests from government authorities, courts, and law enforcement officials in those countries. Subject to applicable laws in such other jurisdictions, we will use reasonable efforts to ensure that appropriate protections are in place to require our Third Parties to maintain protections on Personal Information that are equivalent to those that apply in Canada.

Do We Collected Non-Identifiable and Aggregated Information and How Do We Use It?

Non-Identifiable and aggregated information is data and information that is aggregated or anonymized in such a manner that it cannot be connected to an individual. This may include demographic information of donors and funding applicants that we use to better understand and inform our fundraising activities. We may disclose such aggregated and non-identifiable information to third parties that provide services for us (e.g. a survey research firm). In some instances, the Foundation may collect non-identifiable data through cookies. This information is used to better understand and improve the usability, performance, and effectiveness of the Site, as is further described below under "Cookies, Web Beacons and Other Similar Technology”.

How May I Access and Modify My Personal Information or Make a Complaint?

Upon request, the Foundation will provide you with information regarding the existence, use and disclosure of Personal Information that the Foundation may hold. We will need to verify your identity before providing you with the Personal Information we hold about you and we will respond within the time periods provided for under applicable laws. There is no cost for such access request unless you require copies of records.

In certain circumstances, the Foundation may not be able to provide you with access to your Personal Information if the information cannot be separated from the Personal Information of others, cannot be disclosed for reasons of security or commercial confidentiality, or is protected by legal privilege. If we cannot provide you with access to your Personal Information, we will advise you of the reasons access is being denied, unless we are prohibited by law from doing so.

You may request to update and change your Personal Information either directly through your account or through the Foundation at the contact information set forth below. We shall endeavor to correct or complete any Personal Information that you advise us is inaccurate or incomplete. Where appropriate, the amended information shall be transmitted to third parties having access to such information. If you have any concerns about how your payment information is stored, please contact Blackbaud eTapestry at https://www.blackbaud.ca/company/contact-us.

An individual shall direct all inquiries or complaints involving the Foundation’s handling of Personal Information or compliance with this policy or with applicable privacy legislation to our Privacy Officer.

The Foundation will maintain procedures for addressing and responding to all inquiries or complaints from individuals about our handling of Personal Information. The Foundation shall investigate all complaints. The Privacy Officer will respond to all such inquiries or complaints within 14 business days of receipt. The Privacy Officer will make reasonable efforts to resolve all such complaints within 30 days of receipt of the initial complaint. If the Foundation finds a complaint to be justified, it will take appropriate measures, including, if necessary, amending its policies and procedures.

For more information, please contact our Privacy Officer as follows: directly at 416-593-8587 or 1-800-305-9886 or by e-mail at foundation@canadianfoundationforfinancialplanning.ca or write to us at:

Privacy Officer, c/o Canadian Foundation for Financial Planning
902-375 University Avenue
Toronto, ON
M5G 2J5
Canada

Links to Other Sites

The Site may contain links to other sites that are independently owned and operated by third parties. These other sites may have their own privacy policies and are not governed by this Privacy Policy. We are not responsible for the privacy practices, or the content of any sites owned and operated by any third parties. Other sites may collect and treat information collected differently, so we encourage you to carefully read and review the privacy policy of each site you visit.

Cookies, Web Beacons and Other Similar Technology

As you interact with the Site, we may use automatic data collection technology and services that record and collect information that identifies your computer, tracks your use of this Site, and collects certain other information about you and your surfing habits. This data collection technology may include cookies, web beacons and other similar devices on this Site to enhance functionality and navigation for our visitors.

A cookie is a small data file that is placed on the hard drive of your computer so that your computer will “remember” information when you visit a site. Web beacons and tags are small strings of code that are used in conjunction with a cookie and allow us to record activity on our Site. Internet tags, graphic tags and similar web beacon type functions allow us to count the number of users who have visited a particular web page or to access certain cookies. We may use web beacons on this Site to count users and to recognize users by accessing our cookies. Being able to access our cookies allows us to personalize this Site and improve your experience at this Site. We may also include web beacons in HTML-formatted email messages that we send to determine which email messages were opened.

Information tracked through these mechanisms includes but is not limited to: (i) your IP address; (ii) the type of web browser and operating system being used; (iii) the pages of the Site a user visits; and (iv) other sites a user visited before visiting this Site.

You can reject or disable cookies by managing your browser settings and following the directions provided in your Internet provider’s help file. Please note that if you disable cookies, you may be unable to access some customized features on this Site. Cookies and web beacons do not collect or contain your Personal Information.

Google Analytics

Our Site may use Google Analytics, a web analytics service of Google, Inc. ("Google"), or comparable technology. Google Analytics uses cookies to analyze how you use our Site. The information generated by the cookie about your use of our Site (including your IP address) is sent to a Google server in the U.S. and stored there. Google will use this information to evaluate your use of our Site, compile reports on Site activity for our Site operators and to provide other site activity related to internet services. Additionally, Google may transfer this information to a third party when required by law or in the case of a third party processing information on Google's behalf. In no case will Google use your IP address in connection with any other information held by Google. You can set your internet browser to prohibit the installation of cookies, although we must point out that some features and functions of our Site will then be unusable. By using our Site, you consent to the processing of data about you collected by Google in the manner described and for the above-mentioned purpose. The consent for collection and storage of data can be withdrawn at any time in the future by clicking on the following link and installing the add-on: https://tools.google.com/dlpage/gaoptout?hl=en

Furthermore, we use the cookies to carry out frequency assessments, page usage assessments and marketing assessments. For the aforementioned assessments, we utilize this cookie information without a link to your Personal Information, so it remains anonymous.

Children’s Privacy

We are committed to protecting the privacy of children and we do not knowingly solicit Personal Information from children under the age of 13. If you are under 13 years of age, then do not use the Site at any time. If a child has already provided us with Personal Information, his or her parent or guardian may contact us for the purpose of deleting this information.

Email Communications

We comply with Canada’s anti-spam legislation (CASL) and we will not send you electronic communications in contravention of this law.

We will ensure that each email includes an opt-out feature and instructions on how to unsubscribe if you no longer wish to receive future emails from us. You can unsubscribe using the link included in the email or by using the contact information set forth below. If you do not expressly consent to receiving electronic communications, we will only communicate with you for the limited purposes permitted under CASL.

Privacy Policy Changes

We will update this Privacy Policy from time to time to reflect any changes regrading how we collect, use, or disclose your Personal Information.

We reserve the right to change or replace this Privacy Policy at our sole discretion at any time. Please check back from time to time to ensure that you are aware of any updates or changes in this Privacy Policy. We will indicate at the top of this page the date this Privacy Policy was last revised. Your continued access or use of this Site after any such changes constitutes your acceptance of the Privacy Policy as revised and will be binding on you.

CFP®, CERTIFIED FINANCIAL PLANNER® and CFP logo are trademarks owned by Financial Planning Standards Board Ltd. (FPSB) and used under license. QAFP®, QUALIFIED ASSOCIATE FINANCIAL PLANNER™ and QAFP logo are those of FP Canada™. © 2024 Canadian Foundation for Financial Planning™. All rights reserved.