Scope and Application
- a corporate member, non-member or employee's name, title, business address, or telephone number;
- other information about an individual that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act ((Canada)); or
Principle 1: Accountability
The Canadian Marketing Association is responsible for personal information under its control and will designate one or more persons who are accountable for CMA's compliance with the following principles.
1.3 CMA is responsible for personal information in its possession or control. CMA will use contractual or other means to provide a comparable level of protection while information is being processed or used by a third party.
- implementing procedures to receive and respond to complaints or inquiries;
- training employees to understand and follow CMA's policies and procedures;
- developing information materials to explain CMA's policies and procedures; and
Principle 2: Identifying Purposes for Collection of
CMA will identify the purposes for which personal information is collected at or before the time the information is collected.
2.1 CMA collects personal information only for the following purposes:
- to identify individuals;
- to establish, maintain, communicate and renew membership in the CMA;
- to advertise, develop, enhance and provide marketing services and products;
- to measure and improve the effectiveness of CMA services, products and marketing endeavours;
- to manage and develop CMA's business operations, including personnel and employment matters;
- to protect CMA against error and fraud; and
- to meet legal and regulatory requirements.
Further reference to "identified purposes" mean the purposes identified in this Principle.
2.2 Upon request, persons collecting personal information will explain these identified purposes or refer the individual to a designated person within CMA who can explain the purposes.
2.3 When personal information that has been collected is to be used or disclosed for a purpose not previously identified, the new purpose will be identified prior to use. Unless otherwise permitted or required by law, the consent of the individual will be acquired before the information will be used or disclosed for the new purpose.
2.4 CMA will document the purposes for which personal information is collected prior to the information being collected.
2.5 CMA will make reasonable efforts to ensure that individuals are aware of the purposes for which personal information is collected, including any disclosures to third parties.
Principle 3: Obtaining Consent for Collection, Use or Disclosure of Personal Information
3.1 In obtaining consent, CMA will use reasonable efforts to ensure that, where not obvious, an individual is advised of the purposes for which personal information will be used or disclosed. The identified purposes will be stated in a manner that can be reasonably understood by the individual.
3.2 Generally, CMA will seek consent to use and disclose personal information at the same time it collects the information. However, CMA may seek consent to use and/or disclose personal information after it has been collected, but before it is used and/or disclosed for a new purpose.
3.3 CMA may require individuals to consent to the collection, use and/or disclosure of personal information as a condition of the supply of a product or service only if such collection, use and/or disclosure are required to fulfill the explicitly specified and legitimate identified purposes.
3.4 In determining the appropriate form of consent, CMA will take into account the sensitivity of the personal information and the reasonable expectations of the individual.
3.5 The purchase or use of products and/or CMA services by a member or non-member, or the acceptance of employment or benefits by an employee, may constitute implied consent for CMA to collect, use and disclose personal information for the identified purposes, including communicating with the individual.
3.6 An individual may withdraw consent at any time, subject to legal or contractual restrictions, provided that reasonable notice of withdrawal of consent is provided to CMA and the withdrawal of consent is in writing and includes understanding by the individual that withdrawal of consent could mean that CMA cannot provide the individual with a related product or service. Individuals may contact CMA for more information regarding the implications of withdrawing consent.
3.7 CMA may collect, use or disclose personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is seriously ill or mentally incapacitated.
3.8 CMA may collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting, using or disclosing the information, such as in the investigation of a breach of an agreement or a contravention of a law.
3.9 CMA may collect, use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.
3.10 CMA may use or disclose personal information without knowledge or consent to a lawyer representing CMA, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required or authorized by law.
Principle 4: Limiting Collection of Personal Information
CMA will limit the collection of personal information to that which is necessary for the purposes identified by CMA . CMA will collect personal information by fair and lawful means.
4.1 CMA collects personal information primarily from members, non-members and employees.
4.2 CMA may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties who represent that they have the right to disclose the information.
Principle 5: Limiting Use, Disclosure, and Retention of Personal Information
CMA will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. CMA will retain personal information only as long as necessary for the fulfillment of those purposes.
5.1 CMA may disclose an individual's personal information to:
- a third party who in the reasonable judgment of CMA is seeking the information as an agent of the individual;
- a third party involved in supplying the individual with CMA products or services;
- a third party engaged by CMA to perform functions on its behalf, which may involve storage and/or processing of personal information in the United States, subject to the necessary contractual provisions in accordance with PIPEDA;
- a third party engaged by CMA for the development, enhancement, marketing or provision of any of CMA's products or services; periodically our website may allow the use of third party cookies or similar technologies to measure and improve the effectiveness of our advertising campaigns. More details about how this information may be used are found below in CMA's Website Privacy Policies.
- a third party engaged by CMA to collect the member's or non-member's account;
- a credit reporting agency;
- a public authority or agent of a public authority if, in the reasonable judgment of CMA, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information; or
- a third party or parties, where the individual consents to such disclosure or disclosure is required or permitted by law.
- for normal personnel and benefits administration, such as the initiation, management or termination of the employment relationship; or
- in the context of providing references regarding current or former employees in response to requests from prospective employers.
5.3 Only CMA employees with a business "need-to-know", or whose duties reasonably so require, are granted access to personal information about members and employees.
5.4 CMA will keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about an individual, CMA will retain, for a period of time that is reasonably sufficient to allow for access by the individual, either the actual information or the rationale for making the decision.
5.5 CMA will maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction that applies to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information will be destroyed, erased or made anonymous.
Principle 6: Accuracy of Personal Information
Personal information will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1 Personal information used by CMA will be sufficiently accurate, complete, and up-to date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
6.2 CMA will update personal information about individuals as necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7: Security Safeguards
CMA will protect personal information by security safeguards appropriate to the sensitivity of the information.
7.1 CMA will protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures, regardless of the format in which it is held.
7.2 CMA will protect personal information disclosed to third parties by contractual or other means to safeguard the confidentiality of the information and the purposes for which it is to be used.
7.3 All CMA employees with access to personal information will be contractually required to respect the confidentiality of that information.
7.4 The nature of the safeguards will vary depending on the sensitivity, amount, distribution and format of the information, and the method of storage. More sensitive information will be safeguarded by a higher level of protection.
7.5 The methods of protection will include:
- physical measures, for example, locked filing cabinets and restricted access to offices;
- organizational measures, for example, controlling entry to data centers and limiting access to information on a "need-to-know" basis;
- technological measurers, for example, the use of passwords and encryption; and
- investigative measures, in cases where CMA has reasonable grounds to believe that personal information is being inappropriately collected, used or disclosed.
Principle 8: Openness Concerning Policies and Procedures
CMA will make readily available to individuals specific information about its policies and procedures relating to the management of personal information.
8.1 CMA will make information about its policies and procedures easy to understand, including:
- the means of gaining access to personal information held by CMA;
- a description of the type of personal information held by CMA, including a general account of its use; and
- a description of what personal information is made available to third parties.
Principle 9: Access to Personal Information
CMA will inform an individual of the existence, use, and disclosure of his or her personal information upon request and will provide the individual access to that information except where inappropriate. An individual will be able to challenge the accurateness and completeness of the information and have it amended as appropriate.
9.1 Upon request, CMA will afford individuals a reasonable opportunity to review personal information in the custody of the CMA . Personal information will be provided in understandable form within a reasonable time, and at minimal or no cost to the individual.
9.2 In certain situations, CMA may not be able to provide access to all the personal information that it holds about an individual. For example, CMA may not provide access to information if doing so would likely reveal personal information about a third party, such as another individual, or could reasonably be expected to threaten the life or security of another individual. Also, CMA may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor: client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of the laws of(Canada)or a province.
9.3 Upon request, CMA will provide an account of the use and disclosure of personal information and, where reasonably possible, will state the source of the information. In providing an account of disclosure, CMA will provide a list of third parties to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
9.4 In order to safeguard personal information, an individual may be required to provide sufficient identification information to permit CMA to account for the existence, use and disclosure of personal information and to authorize such access. Any such information will be used only for this purpose.
9.5 CMA will promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness will be noted by CMA . Where appropriate, the Association will transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
9.6 Individuals can obtain information or seek access to their personal information by contacting the CMA Privacy Officer.
Principle 10: Challenging Compliance
10.1 CMA will maintain procedures for addressing and responding to all inquiries or complaints from individuals regarding the CMA's handling of personal information.
10.2 CMA will inform individuals about the existence of these procedures as well as the availability of complaint procedures.
Website Privacy Policies
Our site may automatically record some general information about your visit which we use for statistical analysis to help make our site more useful to visitors. This information might include the:
- Internet domain for your Internet service provider, such as 'company.com' or 'service.ca' and the IP address of the computer accessing the website, such as 'ppp-55';
- type of browser you are using, such as Internet Explorer or Netscape;
- type of operating system you are using, such as Windows or Macintosh;
- date and time you visit our site and Web pages that you visit on our site, along with the address of the previous website you were visiting, if you linked to us from another website.
We also use "cookies" that identify you as a return visitor and which can help us tailor information to suit your individual preferences. A cookie is a piece of data that a website can send to your browser, which may then store the cookie on your hard drive. The goal is to save you time and provide you with a more meaningful visit and to measure website activity. Cookies do not contain any personally identifying information. Many browsers, however, allow you to disable cookie collection if you wish, or inform you when a cookie is being stored on your hard drive.
Periodically our site may allow the use of third party cookies or similar technologies to measure and improve the effectiveness of our advertising campaigns. From time to time this information may be shared with a third party who in turn uses that information to serve you advertising relevant to your interests as you are browsing across the web. When doing so CMA and/or it's agents use the services of Google and Facebook. Our website users can visit www.youradchoices.ca to learn more about this type of advertising and may choose whether to continue receiving interest-based ads.
We protect the security of your transactions on our website by using Thawte SSL (Secure Sockets Layer) Web server certificates that offer secure communications by encrypting all data going to and from the CMA website. Thawte has checked and verified the CMA registration documents and the site's registered domain name.
This policy discloses the privacy practices for our website. However, our site contains links to other sites. Once you link to another site, you are subject to the privacy and security policies of the new site. We encourage you to read the privacy policies of all websites you visit.
Contributions to the CMA blog are open to CMA Member organizations and their employees.
Blog posts should offer original content, be respectful of organizations (in particular, confidential and proprietary information), customers and competitors.
Material referenced in a post, such as research, direct quotations or other source material should include either a direct link to the material cited or acknowledgment of the owner of the material (company name, research report, website, etc.) and date of publication where applicable.
Post length may vary depending on the subject matter, a general guideline is no longer than 1000 words for more substantive pieces.
Please note that we review all submissions and comments and approve for publication. Approved comments are generally posted during business hours only. CMA may close the comment option for a given post at any time.
We won't post and/or will remove offensive, disrespectful, threatening or rude comments, or those that overly promote products and services, are off topic or are spam. Press releases and corporate communication pieces will not be published to the blog.
If you are submitting a post, please return to the site to see if it has been published. Generally, submissions approved will be published within a two week period. Posts of a time-sensitive nature will be given priority and we will make every effort to accommodate publication in a timely manner.
Please note that the views expressed in the blog are those of the author, and do not necessarily represent the views of the CMA. We do not provide legal advice or opinions.
Canadian Marketing Association
55 University Avenue, Suite 603
Toronto, ON M5J 2H7
Attention: Privacy Officer