Security / Privacy Policy

COSAP cares about your privacy and security. We use a 2-step security access to the back-end of our website for additional security. The following Security and Privacy Policy applies to COSAP’s website. This Privacy Policy describes the types of member information we collect and is designed to help you understand how we use and safeguard the information you provide to us, thus permitting you to make informed decisions when using the COSAP website. This Privacy Policy also describes (1) the measures we take to safeguard the information we collect and (2) your rights and privileges concerning our collection, use and disclosure of information about you.

COSAP is not responsible for the content or privacy practices of other websites to which this website may link. By using our website, you consent to the data practices described in this Privacy Policy. If you do not agree with the data practices described in this Privacy Policy, you should not use the COSAP website.

Changes to the Privacy Policy

The data that COSAP collects and uses is governed by this Privacy Policy as amended from time to time, not by the Privacy Policy in effect at the time of data collection. COSAP may change the Privacy Policy at its sole discretion and will provide notice of changes in the Privacy Policy and on the privacy policy page of our website. If, as the result of such changes, you want to alter the ways in which we are allowed to use your personal information, you can do so by following the procedure described in the section entitled Privacy Rights.

Please regularly review our Privacy Policy. If you have objections to the Privacy Policy, you should immediately discontinue use of the COSAP website. This Privacy Policy does not govern privacy practices associated with offline activities, websites other than the COSAP website, or any products or services not available or enabled via COSAP website.

You will be deemed to have been made aware of, and will be subject to, the changes to the Privacy Policy after such notice has been posted with the following exception: if at the time you provide personal information to COSAP you limit how such information will be used to communicate with you by COSAP. COSAP will not change your preference in this regard without your express consent. 

PIPEDA Principles

In accordance with Canada’s Personal Information Protection and Electronic Documents Act (this referred to as ‘PIPEDA’), COSAP will enact its Security and Privacy Policy based on the following ten PIPEDA ‘principles’:

1. Accountability

2. Identifying Purposes

3. Consent

4. Limiting Collection

5. Limiting Use, Disclosure, and Retention

6. Accuracy

7. Safeguards

8. Openness

9. Individual Access

10. Challenging Compliance

1. Accountability

COSAP accepts responsibility for your member information under its control. 

The Board of Directors of COSAP is accountable for the organization’s compliance with PIPEDA principles through the Executive Team.

All member information in COSAP’s possession will be protected, including member information that has been transferred to a third party for processing. 

COSAP has: 

• implemented procedures for protecting your member information
• established procedures for receiving and responding to member complaints and inquiries
• trained staff, volunteers, partners and communicated information to staff about the organization’s policies and practices
• developed information to explain the organization’s policies and procedures (this document)

2. Identifying Purpose

COSAP collects information from you when you become a member and engage in other activities such as; 

• registering for classes or events
• joining groups or activities 
• using communication such as email
• signing up for newsletters
• participating in COSAP blogs and social media
• completing forms, surveys and quizzes
• joining forums 

Information that you submit, post or otherwise chose to reveal in a public forum (such as comments to a blog or product discussion forum) is not subject to this Privacy Policy, will be seen by third parties not related to COSAP and may be used by them or COSAP to contact you for any purpose.

COSAP may ask you to provide specific information that may be required is as follows:

membership and billing details, including:

• name
• email address
• mailing address
• phone number
• credit card details 

Please note: billing and credit card information is not stored on the COSAP servers.

Like many websites, COSAP’s uses "cookies" to enhance your experience and gather information about visitors and visits to our websites. Please refer to the Do we use cookies? section below for information about cookies and how we use them.

You will be notified in advance should your member information be used for any purpose not identified at the time of collection

3. Consent

COSAP will obtain your consent for any collection, use, or disclosure of your member information, except where inappropriate (e.g., legal, medical or security reasons).

COSAP will make a reasonable effort to ensure that you are advised of the purposes for which your member information will be used or disclosed in a manner that is clear and understandable to you. 

You may withdraw consent at any time with reasonable notice, you will be informed of any consequences of withdrawing consent.

If you have opted-in to receive our email newsletter and/or blogs, we may send you periodic emails. If you would not wish to receive promotional email from us, please unsubscribe or send us an email to info@cosap.ca..

COSAP does not sell, trade, or otherwise transfer to outside parties your identifiable information unless COSAP provides you with advance notice, and you agree to this sharing, except as described below.

The term "outside parties" does not include COSAP or its partners. It also does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. COSAP may release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.

 

4. Limiting Collection

COSAP will limit the collection of your member information to what is necessary for identified purposes; 

• to better serve you in responding to your customer service requests
• to quickly process your transactions

COSAP will never collect your member information indiscriminately, and will only collect your information by fair and lawful means. 

5. Limiting Use, Disclosure, and Retention

COSAP will never use or disclose your member information for purposes other than those for which it was collected, except with your consent or as required by law. 

Your member information will be retained only as long as necessary to fulfill member management and course, training, group or activity registration purposes. 

COSAP has developed guidelines and procedures to govern the disposal of your member information.

6. Accuracy

COSAP will ensure that your member information is as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used. 

COSAP will update your member information only if such a process is necessary to fulfill the purposes for which the information was collected.

In determining the extent to which your member information must be accurate, complete, and up to date, COSAP will consider the use of the information and your interests.

7. Safeguards

COSAP will protect your member information by security safeguards appropriate to the sensitivity of the information, your member information will be protected regardless of the format in which it is held. 

COSAP has instituted security safeguards that will protect your member information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification: 

• A variety of security measures have been deployed to maintain the safety of your member information
• Your member information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to the system
• When you access your member information, you do so through a secure server. All sensitive information you supply (for example your address, classes you have registered for, password) is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our databases, to only be accessed as stated above.
• COSAP does not store billing and credit card information on our servers, with the exception of the last 4 digits of your credit card number for verification purposes. 
• Payments are processed using Interac e-Transfers or PayPal. We have chosen to use these two forms of transaction because they are highly secure. Bank to bank transfers or Interac e-Transfers carry the highest level of security. PayPal uses industry-leading technology to keep your information safe. Once your information reaches the PayPal site, it resides on a server that is heavily guarded both physically and electronically. PayPal servers sit behind an electronic firewall and are not directly connected to the internet, so your private information is available only to authorized computers. 

8. Openness

COSAP has made all of its policies and practices, relating to the management of member information, open and transparent.  

These policies and practices are: 

• under the responsibility of the Board of Directors and Executive Team of COSAP, to whom complaints or inquiries can be forwarded 
• available on all the COSAP web pages

9. Individual Access

On written request, you may request the existence of, use, and disclosure of your member information, and will be provided access to your member information (except for legal and security reasons). 

You may challenge the accuracy and completeness of your member information and have it amended as appropriate. Upon receiving a request in writing, COSAP will: 

• inform you whether or not COSAP maintains member information about you
• if so, allow you access to your member information
• provide an account of how COSAP has used or will use your member information
• inform you of third parties to which your member information has been disclosed 

10. Challenging Compliance

Enable individuals to address challenges concerning compliance with the 10 principles to the designated individual or individuals accountable for the organization’s compliance. 

COSAP has put in place procedures for receiving and responding to complaints or inquiries concerning the organization’s policies and practices relating to the handling of member information. 

Complaint procedures, that are easily accessible and simple to use, have been established, and may be accessed as follows:

• Online - https://www.cosap.ca
• By Phone – (416) 473-5393
• By Email: info@cosap.ca

COSAP will investigate all complaints and will take appropriate measures if a complaint is found to be justified, including amending policies and practices, if necessary.

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow this on your personal computer browser) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We may also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
 

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Safari, Firefox or Internet Explorer) settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. However, please note that if you turn cookies off, you will be able to browse the website - but you will not be able to log in to your account, purchase membership, join groups/activities or register for courses, training or events.

How can you opt-out from receiving our email newsletters?

To modify your email subscriptions, please go to My Account page and login into to your account. Once you have logged in, select the option to Edit Account info and Opt-out of emails.

Surveys and Contests

From time-to-time, COSAP may request information via surveys or contests. Participation in these surveys or contests is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as postal code). Contact information will be used to notify winners and award prizes, if applicable. Survey information will be used for purposes of monitoring or improving the use and satisfaction of the COSAP website. 

Third Party Links

COSAP may include third party links on our site, such as to our partners’ websites and reserves the right to link to other third parties as required. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work). 

Third-Party Analytics

COSAP may permit select third-party analytics service providers to include cookies and web beacons within the pages of the website on COSAP’s behalf and to retain and use the information received from such cookies and web beacons themselves. Third-party service providers that collect this data on COSAP’s behalf may offer information about their data collection practices, and in some cases, opt out on their respective websites, (which can be accessed here: http://www.google.com/analytics/.

COSAP and our Community Partners, uses the statistical reports generated by Google Analytics to help us make our Site more useful to visitors.  

For further information about Google Analytics, please refer to the Google Analytics Privacy Policy, external link and the Google Analytics Terms of Service, external link. If you wish, you may opt out of being tracked by Google Analytics by disabling or refusing the cookies; by disabling JavaScript within your browser; or by using the Google Analytics Opt-Out Browser Add-On, external link.

Do Not Track

Currently, various browsers — including Microsoft Edge, Google Chrome, Internet Explorer, Mozilla Firefox, and Apple Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to websites’ visited by the user about the user’s browser DNT preference setting. 

COSAP does not currently commit to responding to browsers’ DNT signals with respect to COSAP’s website, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. 

COSAP takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard, through its service provider GoDaddy.

Privacy Rights

COSAP must provide you with the ability to ‘be forgotten’ from the system. This will permit you to have all your personally identifiable member information that you provided to be irreversibly removed. This includes your name, external ID, email address, and all other profile information from the system. 

This process is permanent, and your member account will be unrecoverable. You will receive a warning as to the implications of this action prior to execution. Upon receiving your request, COSAP will confirm to you, and any other integrated third parties, your request to ‘be forgotten’. To execute this request, please contact COSAP directly. Your identification will need to be confirmed before any action can be taken. 

Policy Changes

COSAP will post any and all changes on this page. Policy changes will apply only to information collected after the date of the change. This policy was last modified on December 9, 2019.

Disclaimer

Please also visit our Disclaimer page establishing the release of liability governing the use of our website and offline.

Questions and Feedback

COSAP welcomes your questions, comments, and concerns about privacy. Please send us any and all feedback pertaining to privacy, or any other issue. 

Access to related links;

• PIPEDA - Personal Information Protection and Electronic Documents Act https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/
• OPC - Office of the Privacy Commissioner of Canada https://www.priv.gc.ca/en/opc-actions-and-decisions/

COSAP is powered by GoDaddy and Linux Software.  GoDaddy Operating Company, LLC participates in and has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework.

For more information please go to- https://ca.godaddy.com/legal/agreements/privacy-polic