Privacy Policy

Last updated on August 27, 2021

CSA Group and its subsidiaries and affiliates (collectively “CSA Group” or “we” or “our”) are committed to respecting your privacy. This Privacy Policy describes how we collect, use, disclose, store and otherwise process information that may identify you as an individual (“Personal Information”) when you:

  1. interact with or use our current or future websites (e.g. CSA OnDemand, CSA Communities, etc.) or mobile or web applications (including but not limited to any trial period or beta launch) which includes the downloading of materials (collectively “Websites”);
  2. register, attend or participate in any of our events, webinars, conferences or surveys (collectively “Events”);
  3. purchase or use any of our products and/or services; or
  4. become a Member of our standards organization.

In addition, this Policy states how you can control the collection, correction and/or deletion of your Personal Information. We will not use or share your information with anyone except as described in this Privacy Policy. We urge you to read this Privacy Policy so that you understand our commitment to you and your privacy, and how you can participate in that commitment.

By providing your Personal Information to CSA Group in the ways described in this Privacy Policy, you agree that you are authorized to provide that information and are accepting this Privacy Policy and any supplementary privacy statement that may be relevant to you. You have the right at any point to revoke consent and CSA Group will stop using and processing your Personal Information. If you do not agree to our practices, please do not use our Websites, register to or participate in one of our Events, or purchase or use any of our products or services.


This Privacy Policy is based on CSA’s Model Code for the Protection of Personal Information (Can/CSA-Q830-96) and complies with the General Data Protection Regulation (GDPR) as set forth by the European Parliament on April27, 2016 and which came into force on May 25, 2018. The regulation mandates that CSA Group protects the personal information and privacy of EU data subjects. If there is any conflict between the policies in this Privacy Policy and GDPR, the GDPR principles shall govern. Please note that for individuals located in Europe, the term Personal Information used in this policy is equivalent to the term “personal data” under applicable European and United Kingdom’s data protection laws.

What kind of Information do we collect and how do we use the information?

If you request information about our products, services, Websites, or Events, you may be asked to provide Personal Information. Personal Information refers to any information relating to an identified or identifiable natural person, such as an identification number, physical, physiological, mental, economic, cultural, or social identifiers. CSA Group collects Personal Information about you in connection with many of our Websites, products, services or Events. When working with or using CSA Group’s Websites, you may be prompted to register for an account, and in doing so, CSA Group may ask you for Personal Information such as your name, contact details including mailing address, email address, username and password, or credit card information. In addition, you may be providing Personal Information when:

  1. communicating with CSA Group via phone calls, chats, emails, web forms, social media, and other methods of communication,
  2. subscribing to receive CSA Group’s marketing and promotional content,
  3. applying for a job, or
  4. providing services to CSA Group.

We collect this information to provide you with products and services, such as to fulfill your requests for products or to help us personalize our offerings to you. In some cases, this involves sharing your information with third-party service providers for the purpose of fulfilling your order and providing you with the information, products or services you have requested. We also use your Personal Information to support our business functions, such as fraud prevention, marketing, and legal functions including but not limited to:

  • Providing you with information, products, services and programs that we believe respond to your interests and needs;
  • Answer your questions and address your concerns;
  • Conduct an investigation into a suspected breach of contract, a violation of CSA’s policies and procedures, or contravention of the law;
  • Contact you in the unlikely event of a data security breach or legal proceeding, or contact you if we believe doing so is in your best interest; and
  • Meet legal and regulatory requirements.

Website Usage Information

We may also collect Technical Information about you when you visit CSA Group Websites, which your web browser automatically sends whenever you visit a website on the internet. “Technical Information” is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers and analytic services (described below) automatically record this information, which may include your Internet Protocol (“IP”) address (a number that is automatically assigned to your computer by your internet service provider), the address of the website you are coming from, the amount of time you spend visiting our website, the pages visited, how you interact with those pages, if you link to us through a search engine, the keywords you used to find our website, browser type, browser language, and the date and time of your request. CSA Group also uses the web analytics services of FullStory and live chat services of LivePerson to analyze, monitor and facilitate visitor interactions on CSA Group’s website.

To learn more about LivePerson’s services and privacy practices, visit the Live Person privacy page. To learn more about FullStory’s services and privacy practices, visit the FullStory privacy page.

Gathering your information helps us track visits to the CSA Group’s Websites, understand and evaluate the customer experience, improve the content and layout of our Websites and customize the web experience, ensure our Websites and other services work correctly, and support our customer analytic efforts. CSA Group will only attempt to link the logs to identifiable individuals if that is necessary for investigating a data security breach, a breach of contract, a violation of CSA Group’s policies and procedures or a contravention of laws.


As is common practice with almost all professional websites, CSA Group’s Websites use cookies, which are tiny files that are downloaded to your computer, to improve your experience. This section describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored, however this may downgrade or ‘break’ certain elements of the CSA Group’s websites’ functionality. The information below describes the cookies we use on the site and why we use them. If located in the European Union, by clicking “Accept” you explicitly agree to cookies being used while browsing the site. For detailed guidance explaining what cookies are and how to control or delete them, we recommend you visit what cookies are and how to control or delete cookies

Required Cookies

These cookies are required for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. All CSA group websites are powered by WordPress who use cookies to keep track of logged in users. Additionally, we operate a cookie plugin which remembers the state of visitor acceptances to our Cookie policy.

Performance Cookies

We use Google Analytics to collect information about visitor behaviour. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. As we sell products, it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price. This Analytics data is not tied to personally identifiable information. We do not collect or store your Personal Information in association with these cookies, e.g., your name or address, so this information cannot be used to identify who you are.
Read more about Google’s position on privacy as regards its analytics service.

Pardot is a marketing automation platform provided by Salesforce, Inc. which tracks visitors and potential client’s activities on the website and on the Landing Pages by setting cookies on their browsers. Pardot cookies does not store personally identifiable information, but only a unique identifier.

Facebook Pixel allows us to track and monitor the success of our advertisements on Facebook and improve the effectiveness of advertisements by recording information such as the device you used to access our website and the actions you took while search through the CSA Group website. We may also may use Facebook Pixel to create targeted advertisements and custom audiences for our advertisements on Facebook and our websites.

Personalization Cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Other Tracking Technologies

Log file information is automatically reported by your browser each time you access a web page. Our servers automatically record certain log file information which may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the service, domain names, landing pages, pages viewed, and other such information.

Web Beacons/Clear GIFs Information: When you use the Site, we may employ clear GIFs (also known as web beacons) which are used to track the online usage patterns of our users anonymously. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting, improve the effectiveness of our marketing, and enhance the experience for our users.

Social Network Widgets: Our Service has buttons or icons provided by third-party social media providers (e.g., Facebook, Twitter, and LinkedIn) that allows you to interact with those social media services when you interact with our Service. Those social widgets may collect browsing data, including through cookies and similar technologies, which may be received by the third party that provided the widget, and are controlled by those third-parties. Please review the privacy policy and privacy settings of the applicable social media property before using such features on our Service.

Targeting Cookies / Google AdSense Cookies

The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.
For more information on Google AdSense read the official Google AdSense privacy FAQ.

How Can I Control Cookies?

You have the right to decide whether to accept or reject cookies.

You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Service though your access to some functionality may be restricted. To learn more about cookie controls in your browser, click the link for your browser below.

Disabling Cookies

Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies. If you disagree with the use of cookies, you have the following options:

  • You can delete cookies after having visited the Site
  • You can browse the Site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” in Internet Explorer, “Private Browsing” in Firefox and Safari)
  • You can set your browser’s security controls so that all or certain cookies are blocked
Cookies Policy Change

Periodically, we may update our Cookie Policy to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please therefore re-visit this Cookie policy regularly to stay informed about our use of cookies and related technologies.

Disclosure of Personal Information to Third Parties and International transfers

The Personal Information you provide to CSA Group is never disclosed to third parties without your consent. We do not sell, rent or trade your Personal Information to other organizations or companies. When Personal Information is shared with others, it is only in ways that have been explained to you in advance for purposes consistent with this Privacy Policy or based on our legitimate interest. The limited exceptions to this rule are:

  • CSA Group may share your Personal Information with third parties such as vendors, contractors and other service providers who we engage to perform tasks on our behalf or business affiliates who engage us to deliver services on their behalf. These parties only have access to such information as necessary to perform their functions.
  • CSA Group may be required by law enforcement, government institutions, or judicial or regulatory authorities to provide information on individual users without notifying you.
  • An investigation must be conducted into a suspected breach of contract, a violation of CSA Group’s policies or procedures, or a contravention of the law.
  • In the context of a data security breach or legal proceedings.
  • CSA Group may also share your Personal Information with our subsidiaries and/or corporate affiliates to fulfil the purpose of collecting your Personal Information or for other lawful grounds such as our legitimate interest. For example, the provision of services, sales, marketing and support. We take commercially reasonable steps to ensure that our subsidiaries and/or affiliates follow this Privacy Policy and applicable local law when handling Personal Information. This includes having in place proper Personal Information transfer safeguards such as EU Standard Contractual Clauses or other acceptable Personal Information transfer mechanisms as stipulated by the GDPR. To facilitate our global operations, CSA Group may transfer Personal Information from your home country to other CSA Group locations across the world. To protect your Personal Information, we will only transfer Personal Information to countries that provide an “adequate” level of Personal Information protection. If the Personal Information is transferred to countries without ‘adequate’ protection as determined by the European Commission, we will use additional safeguards as mentioned above to help ensure your Personal Information is protected.

Security Measures Taken to Protect Personal Information by Company

Security of all information is of the utmost importance for CSA Group. CSA Group uses commercially reasonable efforts to employ security safeguards such as technical, physical and organizational measures to protect the security of your Personal Information from unauthorized disclosure. We use current best-practice encryption algorithms to keep all Personal Information secure. Only CSA Group personnel and third parties, with a need to know, have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of Personal Information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In the case of a data breach, we will make reasonable efforts to notify you without delay of any loss, misuse or alteration of Personal Information that may affect you. We will notify relevant regulatory bodies within seventy-two (72) hours of a breach or as otherwise mandated by applicable privacy laws.

We also require that our third-party service providers and business affiliates agree to keep confidential all Personal Information we share with them and to use the information only to perform their obligations in the agreements we have in place with them. These third-party service providers and business affiliates are expected to maintain privacy and security protections that are consistent with CSA Group’s privacy and information security policies. Read more about our security measures.

Personal Information Retention and Storage

Except as otherwise permitted or required by applicable law or regulation, we will retain your Personal Information for as long as necessary to fulfill the purposes for which it is processed. CSA Group will also retain your Personal Information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your Personal Information for a reasonable period of time. At any point in time, you can withdraw your consent and we will immediately stop processing your data.

Any Personal Information collected about EU data subjects via our Websites is processed either in Canada, Europe or United States of America by CSA Group or by a third party acting on our behalf. When you provide Personal Information to CSA Group, you consent to the processing of your information in the aforesaid jurisdictions. Our Websites are hosted in Europe, Canada & the United States of America.

Your Rights

Right to Access, Update, Erase, Transmit or Receive a Copy of Your Personal Information

You have the right to access, update, delete or limit the use and disclosure of your Personal Information. If your Personal Information changes or is inaccurate, you have the right to request changes. Please notify us and we will update or correct your Personal Information. At any point in time, you can contact us to confirm if your Personal Information is still being processed and request access to it. If you desire to obtain or transfer your Personal Information, subject to identity verifications, we will provide you with your Personal Information in a structured and commonly used electronic format.

Except where exemptions apply, you have the right to request CSA Group to erase all of your Personal Information on a number of grounds, including but not limited to (i) if the Personal Information is no longer necessary for its original purpose and no new lawful purpose exists; or (ii) if the lawful basis to processing your Personal Information is your consent and you withdraw that consent.

If CSA Group receives a request, we will respond within thirty (30) calendar days of request receipt. If CSA Group requires more time, we will inform you of the reason and extension period in writing. CSA Group will take reasonable steps to verify the identity of the requester and may refuse the request if the identity cannot be confirmed.

Where CSA has disclosed your Personal Information to third parties, as per this policy, and except where compliance would require disproportionate effort, CSA Group will notify those third parties of your request.

If you wish, at any time, to express your point of view, challenge an explanation of Personal Information use, access, update, delete, limit the use of your Personal Information, confirm that it is still being processed, or otherwise obtain further information, please contact [email protected].

Right to Restrict Processing

You have the right restrict the processing of your Personal Information at any time on multiple grounds such as to contest the accuracy of your Personal Information. This right means we will refrain from using your Personal Information during the period for which this right is applied. If you wish to exercise this right or otherwise obtain further information, please contact [email protected].

Right to Object

Where CSA Group is processing your Personal Information based on its legitimate interest and there are no overriding grounds to continue processing, such as to defend against legal claims, you have the right to object to your Personal Information being processed for, including but not limited to, profiling, direct marketing, scientific research, and statistics. If you wish to object, please contact [email protected].

Changes to this Privacy Policy

In order to keep up with changing legislation and best practices, we may revise this Privacy Policy at any time. Any changes to this Privacy Policy will be posted here. Where required by applicable privacy law and there is a significant change to this Privacy Policy, we may alert you by placing a notice on our Websites. We encourage you to frequently check this page for any changes. We include the date this policy was last updated at the top of the page. You acknowledge and agree that you are responsible for periodically reviewing this Privacy Policy.

Questions and Contact information

The Chief Privacy Officer for CSA Group is Kathryn Yung, EVP, Chief Legal, Ethics & Compliance Officer and Corporate Secretary. CSA Group takes full responsibility for the management and confidentiality of the Personal Information it collects through its Website, Events, products or services. By providing this Privacy Policy, CSA Group pledges its continued commitment to protecting the Personal Information you give us. We regularly review our online information handling practices to ensure that we are abiding by this Privacy Policy. If you believe CSA Group is not abiding by this Privacy Policy or have concerns about CSA Group’s Personal Information handling practices please contact us at [email protected]. Your concerns will be addressed promptly.