Last updated on August 27, 2021
- interact with or use our current or future websites (e.g. CSA OnDemand, CSA Communities, etc.) or mobile or web applications (including but not limited to any trial period or beta launch) which includes the downloading of materials (collectively “Websites”);
- register, attend or participate in any of our events, webinars, conferences or surveys (collectively “Events”);
- purchase or use any of our products and/or services; or
- become a Member of our standards organization.
What kind of Information do we collect and how do we use the information?
If you request information about our products, services, Websites, or Events, you may be asked to provide Personal Information. Personal Information refers to any information relating to an identified or identifiable natural person, such as an identification number, physical, physiological, mental, economic, cultural, or social identifiers. CSA Group collects Personal Information about you in connection with many of our Websites, products, services or Events. When working with or using CSA Group’s Websites, you may be prompted to register for an account, and in doing so, CSA Group may ask you for Personal Information such as your name, contact details including mailing address, email address, username and password, or credit card information. In addition, you may be providing Personal Information when:
- communicating with CSA Group via phone calls, chats, emails, web forms, social media, and other methods of communication,
- subscribing to receive CSA Group’s marketing and promotional content,
- applying for a job, or
- providing services to CSA Group.
We collect this information to provide you with products and services, such as to fulfill your requests for products or to help us personalize our offerings to you. In some cases, this involves sharing your information with third-party service providers for the purpose of fulfilling your order and providing you with the information, products or services you have requested. We also use your Personal Information to support our business functions, such as fraud prevention, marketing, and legal functions including but not limited to:
- Providing you with information, products, services and programs that we believe respond to your interests and needs;
- Answer your questions and address your concerns;
- Conduct an investigation into a suspected breach of contract, a violation of CSA’s policies and procedures, or contravention of the law;
- Contact you in the unlikely event of a data security breach or legal proceeding, or contact you if we believe doing so is in your best interest; and
- Meet legal and regulatory requirements.
Website Usage Information
We may also collect Technical Information about you when you visit CSA Group Websites, which your web browser automatically sends whenever you visit a website on the internet. “Technical Information” is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers and analytic services (described below) automatically record this information, which may include your Internet Protocol (“IP”) address (a number that is automatically assigned to your computer by your internet service provider), the address of the website you are coming from, the amount of time you spend visiting our website, the pages visited, how you interact with those pages, if you link to us through a search engine, the keywords you used to find our website, browser type, browser language, and the date and time of your request. CSA Group also uses the web analytics services of FullStory and live chat services of LivePerson to analyze, monitor and facilitate visitor interactions on CSA Group’s website.
Gathering your information helps us track visits to the CSA Group’s Websites, understand and evaluate the customer experience, improve the content and layout of our Websites and customize the web experience, ensure our Websites and other services work correctly, and support our customer analytic efforts. CSA Group will only attempt to link the logs to identifiable individuals if that is necessary for investigating a data security breach, a breach of contract, a violation of CSA Group’s policies and procedures or a contravention of laws.
We use Google Analytics to collect information about visitor behaviour. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. As we sell products, it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price. This Analytics data is not tied to personally identifiable information. We do not collect or store your Personal Information in association with these cookies, e.g., your name or address, so this information cannot be used to identify who you are.
Read more about Google’s position on privacy as regards its analytics service.
Pardot is a marketing automation platform provided by Salesforce, Inc. which tracks visitors and potential client’s activities on the website and on the Landing Pages by setting cookies on their browsers. Pardot cookies does not store personally identifiable information, but only a unique identifier.
Facebook Pixel allows us to track and monitor the success of our advertisements on Facebook and improve the effectiveness of advertisements by recording information such as the device you used to access our website and the actions you took while search through the CSA Group website. We may also may use Facebook Pixel to create targeted advertisements and custom audiences for our advertisements on Facebook and our websites.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Other Tracking Technologies
Log file information is automatically reported by your browser each time you access a web page. Our servers automatically record certain log file information which may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the service, domain names, landing pages, pages viewed, and other such information.
Web Beacons/Clear GIFs Information: When you use the Site, we may employ clear GIFs (also known as web beacons) which are used to track the online usage patterns of our users anonymously. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting, improve the effectiveness of our marketing, and enhance the experience for our users.
Targeting Cookies / Google AdSense Cookies
The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.
For more information on Google AdSense read the official Google AdSense privacy FAQ.
How Can I Control Cookies?
You have the right to decide whether to accept or reject cookies.
- You can delete cookies after having visited the Site
- You can browse the Site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” in Internet Explorer, “Private Browsing” in Firefox and Safari)
- You can set your browser’s security controls so that all or certain cookies are blocked
Cookies Policy Change
Disclosure of Personal Information to Third Parties and International transfers
- CSA Group may share your Personal Information with third parties such as vendors, contractors and other service providers who we engage to perform tasks on our behalf or business affiliates who engage us to deliver services on their behalf. These parties only have access to such information as necessary to perform their functions.
- CSA Group may be required by law enforcement, government institutions, or judicial or regulatory authorities to provide information on individual users without notifying you.
- An investigation must be conducted into a suspected breach of contract, a violation of CSA Group’s policies or procedures, or a contravention of the law.
- In the context of a data security breach or legal proceedings.
Security Measures Taken to Protect Personal Information by Company
Security of all information is of the utmost importance for CSA Group. CSA Group uses commercially reasonable efforts to employ security safeguards such as technical, physical and organizational measures to protect the security of your Personal Information from unauthorized disclosure. We use current best-practice encryption algorithms to keep all Personal Information secure. Only CSA Group personnel and third parties, with a need to know, have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of Personal Information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In the case of a data breach, we will make reasonable efforts to notify you without delay of any loss, misuse or alteration of Personal Information that may affect you. We will notify relevant regulatory bodies within seventy-two (72) hours of a breach or as otherwise mandated by applicable privacy laws.
We also require that our third-party service providers and business affiliates agree to keep confidential all Personal Information we share with them and to use the information only to perform their obligations in the agreements we have in place with them. These third-party service providers and business affiliates are expected to maintain privacy and security protections that are consistent with CSA Group’s privacy and information security policies. Read more about our security measures.
Personal Information Retention and Storage
Except as otherwise permitted or required by applicable law or regulation, we will retain your Personal Information for as long as necessary to fulfill the purposes for which it is processed. CSA Group will also retain your Personal Information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your Personal Information for a reasonable period of time. At any point in time, you can withdraw your consent and we will immediately stop processing your data.
Any Personal Information collected about EU data subjects via our Websites is processed either in Canada, Europe or United States of America by CSA Group or by a third party acting on our behalf. When you provide Personal Information to CSA Group, you consent to the processing of your information in the aforesaid jurisdictions. Our Websites are hosted in Europe, Canada & the United States of America.
Right to Access, Update, Erase, Transmit or Receive a Copy of Your Personal Information
You have the right to access, update, delete or limit the use and disclosure of your Personal Information. If your Personal Information changes or is inaccurate, you have the right to request changes. Please notify us and we will update or correct your Personal Information. At any point in time, you can contact us to confirm if your Personal Information is still being processed and request access to it. If you desire to obtain or transfer your Personal Information, subject to identity verifications, we will provide you with your Personal Information in a structured and commonly used electronic format.
Except where exemptions apply, you have the right to request CSA Group to erase all of your Personal Information on a number of grounds, including but not limited to (i) if the Personal Information is no longer necessary for its original purpose and no new lawful purpose exists; or (ii) if the lawful basis to processing your Personal Information is your consent and you withdraw that consent.
If CSA Group receives a request, we will respond within thirty (30) calendar days of request receipt. If CSA Group requires more time, we will inform you of the reason and extension period in writing. CSA Group will take reasonable steps to verify the identity of the requester and may refuse the request if the identity cannot be confirmed.
Where CSA has disclosed your Personal Information to third parties, as per this policy, and except where compliance would require disproportionate effort, CSA Group will notify those third parties of your request.
If you wish, at any time, to express your point of view, challenge an explanation of Personal Information use, access, update, delete, limit the use of your Personal Information, confirm that it is still being processed, or otherwise obtain further information, please contact [email protected].
Right to Restrict Processing
You have the right restrict the processing of your Personal Information at any time on multiple grounds such as to contest the accuracy of your Personal Information. This right means we will refrain from using your Personal Information during the period for which this right is applied. If you wish to exercise this right or otherwise obtain further information, please contact [email protected].
Right to Object
Where CSA Group is processing your Personal Information based on its legitimate interest and there are no overriding grounds to continue processing, such as to defend against legal claims, you have the right to object to your Personal Information being processed for, including but not limited to, profiling, direct marketing, scientific research, and statistics. If you wish to object, please contact [email protected].
Questions and Contact information
We’re always here to help. Let’s talk.
We’re here to answer your questions and help you get started right away. Call or send us a message anytime.