CSIC* Privacy Policy

Policy Statement:

The Canadian Society of Immigration Consultants (“CSIC”) is committed to protecting the privacy of the Public and of our Members/Fellows and Students and the security of their personal information under our control. As part of that commitment, we have implemented this privacy policy to govern the collection, use and disclosure of personal information held by CSIC and its affiliated corporate entities.

The Federal Parliament has passed the Personal Information Protection and Electronic Documents Act (“PIPEDA”), which sets out 10 privacy principles that apply to all Canadian organizations. There are several exemptions to the applicability of PIPEDA; the main one is where the entity is a Federally Incorporated, Not-For-Profit and its core activity is non-commercial. The CSIC is a Federally Incorporated Not-For-Profit entity and because CSIC’s core activity is not commercial, CSIC is not subject to the provisions of Part 1 of PIPEDA.

The CSIC has, however, elected to implement this Privacy Policy, which embraces aspects of the 10 Principles of the Canadian Standards Association Model Code for the Protection of Personal Information in a manner, which is consistent with the furtherance of its consumer protection mandate.

*For the purposes of this document only, references to CSIC should be read to include its affiliate corporate entities Canadian Migration Institute and IMMFUND-IMMFONDS Inc.

Our Organization and Mandate

The CSIC’s mandate is to protect the consumers of immigration consulting services (the Public) by offering a compliment of services and exceptional educational programming to its Members, the Fellows of CMI and the students enrolled in E-Academy.

CSIC and its Affiliates and subsidiaries also contract with third party service providers and labour such an Accountant for audits, Lawyers, Temporary Workers, Translators, Cleaners, Computer consultants and other Consultants that may, in the course of their duties, have limited access to personal information that we hold in order to fulfill their work for the CSIC and its affiliated corporate entities.

Definitions

Fellowa fellow in good standing of the Canadian Migration Institute

Student — a student who is enrolled in CSIC e – Academy

Student Records — refers to any personal information about a particular student collected by e-Academy and includes but is not limited to name, address, examination results, enrollment credentials etc.

Collection — means the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means.

Consent — as referenced in this Privacy Policy is the voluntary agreement by an individual to the collection, use and disclosure of personal information. Consent can be either express or implied and can be provided directly by the individual, or some designate of the individual. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of CSIC. Implied consent is consent that can reasonably be inferred from an individual's action or inaction.

Disclosure — is defined as making personal information about an identifiable individual available to a third party.

Personal information — is defined as information about an identifiable individual other than name, title, or business address or telephone number

Third party — is defined as an individual other than a CSIC employee, or member to whom information is disclosed. For our purposes, CMI and its staff and Immfunds and its staff are not third parties.’ Similarly, information disclosed to service providers such as QuickLaw and other suppliers of educational material not constitute information provided to a third party as collaboration with these entities is essential to the furtherance of CSIC’s mandate.

Use — is defined as the treatment, handling, and management of personal information by CSIC and its staff.

What are the 10 CSA Privacy Principles?

  1. Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
  2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
  3. Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
  4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
  5. Limiting Use, Disclosure and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
  6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
  7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
  8. Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
  9. Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
  10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.

CSIC Implementation of the Privacy Policy

1. Accountability

CSIC is compliant with the 10 CSA Principles because CSIC has implemented a series of measures to regulate the way personal information under its control is collected and retained. Further CSIC has appointed our legal counsel to act as Privacy Officer

CSIC Privacy Officer works in conjunction with other senior staff to ensure adherence to this policy statement. Specifically, we restrict access to personal information on a ‘need to know’ basis.

Society staff is educated and reminded about this policy and the appropriate management of personal information. All staff, consultants and outside sources of labour are required to sign a Privacy and Confidentiality Agreement.

2. Identifying Purposes

Where practical to do so beforehand, CSIC identifies the purposes for which personal information is collected from Members/Fellows and Students and the Public at the time of collection.

CSIC collects personal information for the following purposes; among others:

  • Assess Applications for Membership/Fellowship
  • Assess application for enrollment in e-Academy
  • Maintain and update Membership/Fellowship information
  • Maintain and update Student Records
  • Member Language test results for admission to the CSIC
  • Student Examination Results for progress reports etc.
  • Member Results of substantive Immigration law Examinations fro admission into the profession
  • Copies of Student transcripts, diplomas, any disciplinary matters
  • To facilitate registration for the Annual General Meeting
  • The selection, completion and payment of Continuing Professional Development and other courses provided by CSIC and/or its subsidiaries to Members
  • The Purchase of on-line products
  • To process Credit card and banking records for Payment of annual dues/tuition online
  • Website visits (see Website below)

Essentially, CSIC collects information that assists it in assessing competency standards, compliance with our Membership and Fellowship criteria and payment of fees and dues to name a few.

In addition to information about members/fellows and students, CSIC will from time to time collect information about members of the public, for instance:

  • to provide general information to the public about CSIC and our members/fellow sand students i.e. email addresses and phone numbers of the public
  • to obtain references and views about applicants to join CSIC (e.g., their good character)
  • to facilitate attendance at a public meeting hosted by CSIC or one of its affiliates
  • to advocate effectively with government and other organizations
  • verify the application information provided by a student applicant
  • to select external consultants and service providers for CSIC and
  • for security and accommodation planning purposes (e.g., sign-in sheets), among others.

Electronic Collection of Personal Information

CSIC has the usual electronic equipment for an organization of its nature and size. The use of this equipment results in the routine collection of personal information. CSIC strives to ensure that this collection is reasonable and obvious. Most of the collection is known by the individual at the time of collection (e.g., CSIC security cameras (monitoring only), voice mail systems, emails sent to CSIC, website forms filled out by visitors and Google Analytics Service for IP addresses etc). CSIC e-Academy collects information such as user-names and passwords of students and instructors when they log onto Moodle. Other forms of electronic collection are made known at the time (e.g., people are advised if the meeting room digital recording devices are in use for recording or an audio tape is made of a meeting). Other forms of electronic collection are made known in this Privacy Policy or upon request and are likely assumed by most individuals having contact with CSIC (e.g., CSIC has call display on some telephones, an automatic attendant at the switchboard, security cards given to staff and some volunteers and consultants record their use, CSIC’s long distance service provider details long distance calls made by CSIC, also CSIC cell phones may have automatic records of call details).

The purposes of this electronic collection of information include: ensuring the security of CSIC’s premises, staff and information, assisting in the efficiency of CSIC’s staff, accurate recording of important information and facilitating navigation and the appropriate use of CSIC’s website.

CSIC strives to use its electronic equipment in a manner that would be generally accepted as being appropriate and reasonable. Anyone having questions or concerns about CSIC’s electronic collection of information should contact CSIC’s Privacy Officer for clarification.

3. Consent for the Collection, Use, or Disclosure of personal Information

Subject to the exceptional circumstances outlined below, CSIC will endeavour to obtain consent from Members/Fellows, Students, and the Public for the collection, use, or disclosure of their personal information at the point of collection of the information. Either written or oral consent is obtained for collecting, using and disclosing personal information. Implied consent is permitted for the ongoing use of personal information provided that it is , consistent with the purposes for which it was first collected. CSIC will attempt to obtain express consent in advance.

Exception to the general Requirement for Consent to CollectPersonal Information:

CSIC may from time to time collect personal information without the individual’s knowledge and express consent in advance, where advance consent would compromise the availability or accuracy of the information, and where collection is required in furtherance of our mandate and mission statement.

4. Limiting Collection

CSIC collects only as much personal information as is required to permit it carry out its corporate purposes.

5. Limiting Use, Disclosure and Retention

As stated it in fulfilling its mandate, CSIC may be required to disclose certain types of personal information about its members/fellows and students. However, CSIC will endeavour not to use or disclose personal information for purposes other than those for which it was collected, except in furtherance of its mandate or as required by law. For instance, CSIC will make certain types of information about its members known to the public such is whether the individual is a member/fellow in good standing or whether a student is enrolled in e-Academy.

CSIC employs User Role Based access to its electronic and hard-copied information and further restricts access to Society information on a ‘need to know basis’. There is further information regarding limits on access below under the 7th topic “Safeguards”.

Special Uses and Disclosures of Personal Information:

Language Certification

All language Certification Examination information is collected by our service providers and disclosed to CSIC for the purpose of processing examination results, making membership decisions and to conduct research to enhance the examination process. For information on the Privacy Policy of any of our service providers, you may contact our Privacy Officer for the providers contact details.

Payment Data

Chequing and Credit card information collected by CSIC is submitted in encrypted format to CSIC’s Credit Card Merchant only for payment approval and processing. CSIC’s on-line processing merchant is a recognized on line payment service provider.

Other Uses:

CSIC shares information about its Members/Fellows and Students with the third party organizations as required by law. ,CSIC also shares information about Members/Fellows and Students with its affiliated corporate entities as required and in furtherance of our mandate.

Website Use:

Cookies:

A cookie is a piece of data that a website can send to the browsers of visitors’ computers and that may then be stored on the hard drives of those computers. CSIC website does not use cookies to identify return visitors.

The operating system for CSIC website (www.csic-scci.ca ) will automatically record and track only the number of users to the site as well as we receive information from Google Analytics Service.

When Exiting CSIC Website:

CSIC website contains links to other sites. Once visitors link to another site, they are subject to the Privacy Policy of the new site. CSIC encourages its visitors to the website to read the privacy policies of all websites visited, especially if personal information is shared.

Access to Moodle by E-Academy students:

CSIC E-Academy is CSIC’s on-line education provider. It offers students the opportunity to learn in the unique and exclusively on-line environment. When students’ access Moodle, their user-names, passwords, and usage patterns are recorded by Embanet, the third party operator of Moodle and shared with e-Academy.

Disclosure:

Personal information in the control of CSIC may not be disclosed with the express written consent of the member/fellow or student, except where CSIC is required to do so by law.

Retention:

With the exception of e-Academy, which employs its own retention procedures, CSIC retains personal information in secure cabinets and/or password secure electronic systems and only as long as necessary for the fulfillment of the identified purposes. CSIC destroys, erases or makes anonymous personal information that is no longer required to fulfill the identified purposes within [3] years.

Examination information collected and retained in hard copy format is kept in a secured place[IO1] for up to two years. Payment information collected and retained in hard copy format is kept in a secured place for a period of years.

CSIC E-Academy – is required to maintain student records in a secure storage medium in a secure location. E-Academy, retain hard copies of all student records for a minimum seven (7) years[IO2] . The hard copies are stored offsite with a third party storage provider. For more detailed information regarding e-Academy’s privacy obligations to its students please refer to its privacy statement, which is located at [INSERT LINK]

6. Accuracy

CSIC creates and maintains personal information records using the most accurate information available to it. Members/Fellows are subject to a positive duty to keep their Membership/Fellowship information accurate and up to date. They have access through CSIC’s website to a secure process that allows them to update their own information.

CSIC also updates personal information as required.

7. Safeguards

CSIC takes reasonable measures to ensure that personal information is kept safe from loss or theft, unauthorized access, use, copying, disclosure or modification. A higher level of protection is used to safeguard more sensitive information. The measures CSIC takes to ensure the security of personal information include:

  • Physical security of our premises
  • Restriction of staff access to files on a “need to know” basis
  • Locked file cabinets where member and Fellow records are kept
  • Separate and Department-specific file storage on our computer systems and in terms of physical storage mediums.
  • Student records are stored in a restricted area of our system and hardcopies are stored off-site once the student completes the program.
  • Undertakings by all staff to comply with our policy
  • Deployment of technological safeguards like security software, encryption and firewalls to prevent hacking or unauthorized computer access
  • Internal password and roll-based user security
  • Regular audits of our procedures and measures to ensure that they are properly administered and that they remain effective and appropriate.

If CSIC transfers personal information to a third party for processing, CSIC uses contractual or other means to ensure that the third party affords an appropriate level of protection to such information during its processing.

CSIC disposes of personal information with care to prevent unauthorized parties from gaining access to the information.

8. Openness

This policy is available to Members and to the Public whose personal information is collected by CSIC. This policy can be obtained by visiting CSIC website (www.csic-scci.ca) or by contacting CSIC’s Privacy Officer.

9. Access

CSIC has opted no to adopt the access provisions of the 10 Principles with regards to information in its possession about Members and Fellows, however, CSIC e-Academy will provide students with access to records as required.

10. Challenging Compliance

CSIC is compliant with the 10 CSA Principles to the extent that such compliance is in furtherance of our mandate as the Regulator of Immigration Consultants. Any questions or complaints about CSIC’s management of this information should be directed to CSIC’s Privacy Officer:

Ibi Olabode – Legal Counsel & Privacy Officer
Canadian Society of Immigration Consultants (‘CSIC’, or the ‘Society’)
390 Bay Street, Suite 1600
Munich Re Centre
Toronto, ON M5H 2Y2
Canada

CSIC e-Academy Student Privacy Statement

CSIC e-Academy collects information about its Students for a variety of reasons including to process an application for enrolment, to verify payment of fees, to tabulate exam results, etc. CSIC e-Academy does not sell the information it collects and maintains about Students for any purpose. CSIC e-Academy will not disclose any of the Student information it collects about Students unless it is required to do so for limited purposes such as on the authorization of a Student.

CSIC e-Academy may be required to disclose Student information to third parties to facilitate a reference check or verify enrolment dates to name a few. CSIC e-Academy may also disclose Student information as required by law.

The sort of information CSIC e-Academy collects about its Students includes personal information such as age and date of birth, academic records from other institutions, exam results and other information which it requires to process Student applications and to maintain a complete Student record.

Student records and other information maintained by CSIC e-Academy are maintained using one of the following secure methods. Hard copies of all Student application documents are maintained in a locked cabinet for the duration of the Student’s enrolment in the program. Once a Student graduates, CSIC e-Academy will store the hard copy of the Student record off-site with a secure third party storage facility. Electronic records are maintained using a secure storage medium in a secure location. A copy of the record will be saved from time to time using an electronic archiving system. CSIC e-Academy employs the services of a third party data storage firm.

Current and former Students of CSIC e-Academy will have access to their records at any time with reasonable written notice. CSIC e-Academy will maintain a hard copy of the Student record for seven (7) years following the Student’s completion of the program or withdrawal for any reason.

For more detailed information regarding CSIC e-Academy’s efforts to protect Student information in its control, please to the Privacy Policy of the Canadian Society of Immigration Consultants.

DEMO
Username: demostudent
Password: demo

MORE INFO

“I have a passion for teaching and sharing the knowledge that I have acquired through my own practice and experience. Working with our students has given me extreme pleasure and the one-on-one communication ability one secures through the online environment has in fact proven to be effective in building up a strong rapport with each student, not just during the program but also after graduation.”
Holly Gracey
Port Moody, British Columbia,
providing immigration consulting services since 1985.