For the purpose of this policy, a reference to “we”, “us”, and “our” is a reference to CPAA, and a reference to a CPAA employee also includes a reference to an officer or board member of CPAA, or any other person acting in an official CPAA capacity, wherever applicable.
It is the responsibility of CPAA and all of its employees to safeguard the personal information obtained from CPAA members.
Personal information is information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. Personal information relating to a CPAA member shall not be used or disclosed for purposes other than those for which we have collected it, except if we receive consent from the member.
This policy sets out the 11 principles of fair information practices that CPAA will employ to assist in the care, collecting, using, and disclosing of personal information of CPAA members.
The National Secretary-Treasurer has ultimate accountability for CPAA’s compliance with the privacy regime. The individual holding that office will hold the title of the Chief Privacy Officer (CPO).
2. Identifying Purposes
CPAA members must be advised as to why we are collecting their personal information and how it will be used, i.e. to represent them as our member, to add them to our membership list, to maintain mailing lists and to provide them with member benefits provided by CPAA. This should all take place when a member joins CPAA and signs a Member’s File.
Members must be advised as to how and when their personal information will be stored, used and disclosed. Record their consent on membership forms, benefit applications, beneficiary designation forms, interview notes, etc.
4. Limit Collection
The amount and type of personal information collected from CPAA members should be limited to the mandate of CPAA and to representing them and providing them services and benefits accordingly. If a member asks, we must explain why the information is needed.
5. Limiting Use, Disclosure, and Retention
It is our responsibility to use or disclose personal information from a CPAA member only for the purpose for which it was collected, unless we obtain consent or as required by law. Personal information should be kept on file only as long as necessary.
We must remain committed to maintain accurate, complete and up-to-date personal information in CPAA member files. Information should be updated in our files and systems as required for the purpose for which it was collected. By keeping information accurate, we will minimize the possibility of using incorrect information when making a decision or disclosing information.
It is our responsibility to safeguard CPAA member personal information against loss, theft or unauthorized access. Safeguards must be adhered to regardless of the format in which personal information is held.
Upon request, CPAA employees must inform a CPAA member of all personal information CPAA has on file with respect to that member. Should the member request access to this information, it must be made available. If the member challenges the accuracy and completeness of the information, it is to be amended if necessary to improve accuracy or completeness.
10. Provide Recourse
Should a complaint be brought to the attention of any CPAA employee regarding the handling of member personal information, it should be immediately forwarded to CPAA’s CPO.
11. Web Site Privacy Notice
CPAA is committed to upholding and defending your privacy rights, whether online or offline. CPAA is subject to federal privacy laws in Canada and respect your privacy rights and honours its obligations to you.
During a visit to our web site, your privacy is respected. We do not collect personal information about you unless you choose to send us an e-mail, in which you voluntarily provide your name and contact information. The nature of the Internet is such that it passively and automatically collects certain information about a user’s traffic patterns, linked to their Internet Protocol (IP) addresses. These are unique Internet “addresses” assigned to all web users by their Internet Service Providers (ISP). IP addresses are automatically logged by web servers. While the IP address does not identify an individual on its face, it may with the cooperation of the ISP be used to locate and identify an individual using the web. The IP address is considered personal information because it is an identifying number, and IP addresses are therefore protected by most privacy legislation. The privacy issues surrounding IP addresses are explained further below.
Visitors’ personal information received via e-mail (feedback) is provided only to our CPAA office personnel (or their representatives) who require the information to respond to inquiries. We do not use this information for any other purpose. We protect all personal information in our custody with strong security safeguards, including strict access controls.
As we cannot guarantee the security of electronic systems or e-mail, we do not recommend sending sensitive personal information or complaints electronically at this time. For all such matters, please contact us by postal mail at: Canadian Postmasters and Assistants Association, 281 Queen Mary, Ottawa, Ontario, K1K 1X1, or by calling 1-613-745-2095, Monday to Friday from 8 a.m. to 5 p.m. Eastern Time.
Server logs: Our servers automatically log information about visits to our web site in the normal course of establishing and maintaining web connections. Server logs record statistical information, such as visitors’ IP addresses, type of operating systems, time and duration of visit, web pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are reported in aggregate form to our information technology, communications and research staff, and are used to improve our web site and ensure that it provides the optimal web experience for visitors.
However, we may review server logs for security purposes, for example, to detect intrusions into our network. The possibility therefore exists that server log data, which contains visitors’ IP addresses, could in instances of criminal malfeasance be used to trace and identify individuals. In such instances, raw data logs would be shared with appropriate investigative bodies authorized to investigate such breaches of security.