CS-CAN | INFOCAN

Login
Menu

CSCAN-INFOCAN Privacy Policy

This Privacy Policy describes how CS-CAN|INFO-CAN (the Computer Science Canada Information Canada Association, referred to as we, us, or our) collects, uses, discloses, and protects personal information through our website cscan-infocan.ca and related services.

We are committed to handling your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), and where applicable, provincial privacy legislation including Quebec Law 25, and the EU General Data Protection Regulation (GDPR) for visitors based in the European Economic Area.

By using our website or providing your information to us, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect personal information in the following ways:

1.1 Information You Provide Directly

  • Contact information (name, email, phone, mailing address)
  • Professional information (job title, organization, institution, role, research area)
  • Membership information (membership category, status, payment history)
  • Event registration information (sessions selected, dietary preferences or restrictions, accessibility requirements)
  • Newsletter subscription information (email address, communication preferences)
  • Content you submit (form responses, success story submissions, survey responses, messages sent to us)
  • Payment information (processed by our third party payment providers, see Section 3)

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information through analytics and tracking tools:

  • IP address (typically truncated or anonymized for analytics)
  • Browser type, operating system, device type, and screen resolution
  • Pages visited, time spent on pages, referring URL, and exit pages
  • Click events, scroll depth, and other interaction data
  • Approximate geographic location (city or region level, derived from IP)
  • Cookies and similar tracking technologies (see our separate Cookie Policy)

2. Analytics and Tracking Tools

To understand how visitors use our website and to improve user experience, we use the following analytics and behavioural tracking tools. These tools are loaded only after you provide consent through our cookie banner.

2.1 Google Analytics 4 (GA4)

We use Google Analytics 4, a service provided by Google LLC, to measure website traffic, user behaviour, and content performance. Google Analytics uses cookies and similar identifiers to collect aggregated usage data. We have enabled IP anonymization and disabled advertising features. Data is processed on Google servers, which may include locations outside Canada (including the United States).

Learn more: Google Privacy Policy  Google Analytics opt-out

2.2 Microsoft Clarity

We use Microsoft Clarity, provided by Microsoft Corporation, to capture aggregated behavioural data such as click maps, scroll heatmaps, and anonymized session recordings. Clarity helps us identify usability issues and improve the website. Session recordings exclude sensitive form fields by default, and we mask personal identifiers where technically feasible.

Learn more: Microsoft Privacy Statement

3. Third Party Service Providers

We rely on trusted third party providers to deliver core functions of our website and operations. Each provider processes only the data needed for its specific purpose, under contractual obligations that protect your information.

3.1 Membee (Association Management System)

We use Membee, operated by IRM Systems Inc. (Calgary, Alberta, Canada), as our association management platform. Membee stores and processes member records, membership applications and renewals, event registrations, member directories, and related communications. Membee is hosted in Canada.

Learn more: Membee website, Membee Subscription Agreement

3.2 WooCommerce

Our online store and event registration checkout are powered by WooCommerce, an e-commerce platform integrated with our WordPress website. WooCommerce processes order details, billing and shipping information (where applicable), and transaction records. Order data is stored on our hosting infrastructure.

Learn more: WooCommerce Privacy Policy

3.3 Stripe (Payment Processing)

Payments made through our website are processed by Stripe, Inc. and its Canadian affiliate. Stripe handles credit card and other payment data directly. We do not store full credit card numbers on our servers. Stripe is PCI DSS Level 1 certified, the highest level of payment security certification.

Learn more: Stripe Privacy Policy

3.4 Constant Contact (Email Newsletter)

We use Constant Contact to manage our email newsletter and broadcast communications. When you subscribe, your email address, name (if provided), and engagement data (opens, clicks, unsubscribes) are stored on Constant Contact servers. Constant Contact is operated by Constant Contact, Inc. in the United States. You may unsubscribe at any time using the link in any newsletter or by contacting us.

Learn more: Constant Contact Privacy Notice

3.5 Website Hosting and Infrastructure

Our website is hosted on infrastructure that may include content delivery networks and cloud providers used to deliver pages efficiently and protect against attacks. These providers process limited technical data such as IP addresses and request headers for the sole purpose of delivering and securing the site.

4. Artificial Intelligence Assistant (Planned Feature)

We are evaluating the addition of an AI assistant or chatbot on the website to help visitors find information, navigate membership resources, and answer common questions. Before launching this feature, we will update this Privacy Policy with specific details. The following principles will apply to any AI assistant we deploy:

  • Clear notice that you are interacting with an automated assistant, not a human
  • Your conversation inputs will be processed only to generate a response and improve the assistant
  • We will not enter sensitive personal information into the assistant, and we will advise users not to share such information through it
  • AI providers used will be selected for their privacy commitments, including not using customer inputs to train public AI models (zero data retention or equivalent)
  • Conversation logs will be retained only for as long as needed to operate and improve the service, then deleted
  • You can choose not to use the assistant, and human contact options will remain available

Any future AI feature will be operated in accordance with PIPEDA and guidance from the Office of the Privacy Commissioner of Canada, including transparency about automated processing and the purposes for which inputs are collected.

5. How We Use Your Personal Information

We use the personal information we collect for the following purposes:

  • Processing membership applications, renewals, and member services
  • Registering you for conferences, workshops, and events
  • Communicating with you about your account, registrations, and inquiries
  • Sending the newsletter and other communications you have opted in to receive
  • Processing payments and issuing receipts
  • Operating, maintaining, and improving our website and services
  • Analyzing aggregated usage trends to improve content and user experience
  • Complying with legal, regulatory, and accounting obligations
  • Protecting the security and integrity of our website and members

6. Legal Basis and Consent

Under PIPEDA, we collect, use, and disclose personal information with your consent, except where the law allows or requires otherwise. Consent may be express (for example, when you check a subscription box) or implied (for example, when you provide contact details to register for an event).

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may affect our ability to provide certain services to you. To withdraw consent, contact us at the address in Section 12.

For visitors in the European Economic Area, we rely on consent, contractual necessity, legal obligation, or legitimate interests as a lawful basis for processing, depending on the activity.

7. Disclosure of Personal Information

We do not sell or rent your personal information. We may disclose your information in the following circumstances:

  • To the service providers identified in Section 3, who process data on our behalf under confidentiality and security obligations
  • To event partners, sponsors, or co-organizers when necessary to deliver a specific event you registered for (with notice at the time of registration)
  • To comply with applicable laws, regulations, court orders, or lawful requests from public authorities
  • To protect the rights, property, or safety of CS-CAN|INFO-CAN, our members, or others
  • In connection with a merger, reorganization, or similar event, with appropriate safeguards

8. Cross Border Data Transfers

Some of our service providers (including Google, Microsoft, Stripe, and Constant Contact) process data on servers located outside Canada, including in the United States. When personal information is processed in another jurisdiction, it may be subject to the laws of that jurisdiction, including lawful access by foreign authorities. We use providers that maintain industry standard safeguards, and we contractually require providers to protect the information they process on our behalf.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law or contract. Examples:

  • Member records: for the duration of membership and a reasonable period afterward for renewal, statistical, and legal purposes
  • Event registration records: for the duration of the event and a reasonable period afterward for reporting and audit
  • Financial records: as required by applicable tax and accounting laws
  • Newsletter subscriptions: until you unsubscribe
  • Analytics data: typically up to 14 months in aggregated form, then deleted or further anonymized

10. Security

We take reasonable physical, technical, and administrative measures to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. These measures include encrypted connections (HTTPS), access controls, secure hosting, regular software updates, and limiting access to personal information to staff and contractors who need it to perform their duties.

No system is completely secure. If we become aware of a security incident that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by law.

11. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you
  • Correction: ask us to correct inaccurate or incomplete information
  • Withdrawal of consent: withdraw consent for future processing (subject to legal or contractual limits)
  • Deletion: ask us to delete personal information we no longer need
  • Complaint: file a complaint with us or with a privacy regulator

To exercise these rights, contact us using the details in Section 12. We may need to verify your identity before responding. We will respond within 30 days, or notify you if more time is needed.

12. Contact and Privacy Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of personal information, please contact our Privacy Officer:

CS-CAN|INFO-CAN

Email: info@cscan-infocan.ca

Website: https://cscan-infocan.ca

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada:

https://www.priv.gc.ca   Toll free: 1 800 282 1376

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The Last Updated date at the top will reflect the most recent revision. Material changes will be communicated through the website and, where appropriate, by email. Continued use of the website after changes take effect constitutes acceptance of the updated policy.

14. Conference Registration Personal Information Collection Statement

This section provides additional detail for individuals registering for CS-CAN|INFO-CAN conferences and events, supplementing the general policy above.

14.1 Information Collected for Conference Registration

  • Contact information: name, email, phone, mailing address
  • Professional information: job title, organization, industry, role
  • Demographic information: gender, age, nationality (optional)
  • Dietary preferences or restrictions (for catering)
  • Accessibility requirements or special accommodations
  • Payment information (processed by Stripe)

14.2 Purpose

  • Process and confirm your conference registration
  • Send important updates and event information
  • Accommodate dietary and accessibility needs
  • Analyze and improve our event programming
  • Meet legal and accounting requirements

14.3 Sharing

We may share event information with sponsors, co-organizers, or service providers (caterers, venues, conference platforms) strictly for the purpose of delivering the event. These parties are required to protect your information and use it only for the agreed purpose.

14.4 Consent and Withdrawal

By registering for a conference, you consent to the collection, use, and disclosure described in this section. You may withdraw your consent at any time by contacting info@cscan-infocan.ca. Withdrawal may affect our ability to provide certain registration services (for example, catering or accessibility arrangements).

14.5 Retention

Conference registration information is retained for the duration of the event and a reasonable period afterward for reporting, audit, and legal requirements.