Privacy Statement

Overview

We recognize that you value the privacy of your information and we strive to make our privacy practices simple and transparent. We are also aware that understanding your privacy rights can be confusing, especially if it is laden with legalese, terms and concepts that may be unfamiliar. To support your knowledge and awareness, we have added explanations for common terms and concepts. The following paragraphs explain what information we collect, why we collect it, how this information is used and shared, as well as what your options are regarding personal information. 

To ensure broad privacy compliance across our various websites, services and initiatives we have based our privacy practices on existing best practices such as:

  • The Personal Information Protection and Electronic Acts (PIPEDA) 
  • Fair Information Practice Principles (FIPPs)
  • The Guidelines of the Online Privacy Alliance (OPA)
  • The Organization for Economic Co-operation and Development (OECD)
  • The Direct Marketing Association (DMA)
  • General Data Protection Regulation (GDPR)

The above statement is our commitment to safeguard your privacy as well as uphold the industry best practices in favour of supporting the FIPPs. Note, that while we are not subject to PIPEDA, we support the FIPPs because we believe we do not have to be forced by law to do the right thing when it comes to respecting your privacy.

Please note that this privacy statement is a living document and as such the KnowledgeFlow Cybersafety Foundation will continue to refine our privacy practices to safeguard your personal information. 

Get in Touch

If at any point you have any questions and/or concerns about how your personal information is being handled, we encourage you to connect with our Privacy Officer at [email protected] regarding our collection and/or use of personal information, which you believe may be unfair, misleading or inappropriate. Moreover, we would also welcome any suggestions for improving our procedures.

Thank you for trusting KnowledgeFlow CyberSafety Foundation.

This Privacy Statement was last updated on July 20th 2021. 

Frequently Asked Questions (FAQs)

While perusing our websites, you may have additional questions about how we collect and use information to operationalize our website and offer services. Below is a list of FAQs, which may offer additional clarity surrounding our practices and procedures.

1. What personal information is used by KnowledgeFlow and why?

We collect personal information such as full name and email address for projects and/or initiatives such as www.knowledgewise.ca or agora.knowledgeflow.org. This is done to gauge your interests and preferences for participating in such projects. 

If you supply us with any personal information such as your full name, email address, postal address and/or your telephone number, you will only receive correspondence from us regarding orders or programs that you wish to receive. As a non-for-profit organization, we will not use your information to carry out any commercial activity. We encourage you to visit the Office of the Privacy Commissioner of Canada (OPC) website to learn more about managing personal privacy with respect to non-for-profits and charitable organizations.

Our newsletter, the Information Advisor, is sent via opt-in consent to email addresses and we do not use your email addresses for any other purpose. Subscription to this free service is optional while unsubscribing only takes second. 

2. How is the KnowledgeFlow newsletter disseminated?

Our newsletter, the Information Advisor is powered by the reputable service called MailChimp. 

3. What is the purpose behind the KnowledgeFlow newsletter?

The newsletter itself is simply an email notification informing subscribers that a new article has been posted on our website.

4. What does KnowledgeFlow do to reduce the amount of data collected during visits to its sites?

Aiming for data minimization, KnowledgeFlow will only collect and process data for essential reasons, for which we will inform our users/visitors in advance of collection. For example, each visitor to our website, our web server automatically recognizes no information regarding the domain or email address. While we collect aggregate information on what pages users visit, we do not collect information about visitors who browse our web pages and nor do we set or use any cookies for tracking. 

5. What other online services does KnowledgeFlow Cybersafety Foundation employ?

In addition to MailChimp, we also use very specific Google services and features from our hosting company, known as IONOS to enhance user experiences without impacting the privacy of website visitors. 

6. Does KnowledgeFlow Cybersafety Foundation partner with any ad server companies?

We do not partner with or have special relationships with any ad server companies. We encourage our visitors and clients to do the same. 

7. I see the term “sponsor” mentioned on the pages of multiple projects and/or initiatives, what does this term mean?

The term sponsors is defined as organizations that are invited to fund our activities. As a non-for-profit organization, we seek to partner with like-minded organizations that value the education of personal privacy and online security. We also seek out financial opportunities such as bursaries and grants to assist in promoting our mission. 

8. How can I manage my personal information that I have shared with KnowledgeFlow Cybersafety Foundation?

As an organization, our privacy practices are transparent, respectful and open; we offer the following by default as well as encourage clients and visitors to look for these from their service providers:

  • Be informed of how we collect and process personal information/data
  • Request a copy of their personal data as well as make correction of their personal data
  • Receive the data in a structured, commonly used, machine-readable format
  • In specific circumstances, to erase personal data where it is no longer necessary for the purpose for which it was collected or processed.
  • Notify the appropriate authorities of personal data breaches

You may also withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us via [email protected]

9. How long do we retain your Personal Information?

We will use or retain your personal information only for as long as necessary to fulfil the purposes for which that personal information was collected and as permitted or required by applicable law.

Our Responsibility

Communication over the internet can lead to the inadvertent discovery or disclosure of electronically transmitted confidential messages. Since absolute security of information is not possible, interception or loss of information may occur. Nevertheless, we strive to collect and retain as little information as possible about our visitors and subscribers. Your personal Information will be protected by security safeguards that are appropriate to the sensitivity level of the information. 

While we review the privacy policies and whenever possible, the practices of our partners and service providers, KnowledgeFlow Cybersafety Foundation has no visibility into the security preparedness of our visitors and thus cannot assume responsibility for the privacy practices of its users not the content of other sites to which it is linked. Therefore, we are not responsible for the privacy practices employed by third party websites. We suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed. If our own information practices change at some time in the future, we will notify you if your information will be impacted in any way, and you will have the option to opt out in advance. 

Terms and Definitions

Commercial Activity:

Under PIPEDA subsection 2(1), the term commercial activity is defined “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.” It is important to note that this definition is fairly broad and that the OPC assesses the presence of commercial activity with respect to personal information on a case-by-case basis. For more information on how this term has been interpreted across various sectors and/or cases, please refer to sources cited.

Data Minimization:

Is one of the seven principles of the GDPR, which shape the approach and process to protect personal information. This principle states that organizations or entities should only:

  • Collect and process personal information/data that is adequate, relevant and limited for specified purposes
  • Periodically review or assess existing data that they hold, and delete anything they is no longer required

Although there is no set definition or threshold for what constitutes as being “adequate”, “relevant”, “limited” or “necessary”, the responsibility and accountability falls on the organization or entity to make this determination dependent on their information management practices and procedures.

Machine-Readable Format:

This term is used within the GDPR in the context of a user’s right to data portability, otherwise known as the ability to carry and/or transfer data. Machine-readable format or data are digital file format structures that allow software applications to identify, analyze and extract data elements. Examples of such file formats include comma-separated values (CSV), JavaScript Object Notation (JSON) or Extensible Markup Language (XML). 

Opt-in Consent:

While consent is mentioned within the Canadian federal and provincial privacy regulations, it is best defined within the GDPR as being “freely given, specific, informed and unambiguous” via a “clear affirmative action”. A common practice that is used by organizations and entities is to offer users clear and concise options during the process of completing an online contact submission form to determine whether or not the user is interested in receiving more information/services/products and if so to clearly declare their intention via “yes” or “no” tick box. Note, that just because consent has been given once that it can be maintained or assumed for entirety. In other words, users must be given the opportunity to unsubscribe or change their consent preference should they desire. 

Personal Information:

Personal Information (PI) is any information about an identifiable individual. PI is conceptualized quite broadly in federal privacy legislations such as PIPEDA and the Privacy Act.  Generally, it can mean information about:

• Race, nationality or ethnic origin
• Religion,
• Age, marital status,
• Citizenship
• Languages spoken
• Veteran status
• Identifying numbers (SIN, driver’s license

• Medical, education, or employment history,
• Financial information • DNA,
• Disabilities
• Views or opinions about you as an employee (e.g. performance appraisals, complaints filed about an employee)

Personal Data Breach:

The GDPR, article 4 (12) defines personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”. This includes breaches that are accidental as well as deliberate in nature and extends beyond the misplacement of personal information/data since it also includes inappropriate authorization.