RIA Privacy Policy

1. Introduction

This Privacy Policy explains and governs how the Responsible Investment Association (RIA) handles personal information. This Policy is applicable to the RIA’s websites and other means of data collection and storage.

The RIA may collect, use and disclose personal information about our users in accordance with this policy and all applicable privacy law. By using the RIA’s websites, you confirm your acceptance of this Policy and agree that the RIA may collect, use and disclose personal information as described in this Policy and as permitted or required by law. We respect the privacy of our users and aim to protect the personal information of RIA members and other individuals who use our website and services.

This policy explains how we process, collect, manage, and store personal information. Our contact information is provided in section 10 of this policy if you have any questions.

2. How We Use Your Personal Data

In this section, we set out:

  • The general categories of personal data that we may process;
  • In the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
  • The purposes for which we may process personal data.

We may process your personal data for the main purposes listed below.

  • Account data – your name, job title, employer, and email address, amongst other personal data. The source of the account data is you or your employer. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
  • Usage data – data concerning the use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and services.
  • Profile data – your personal profile information on our website. The profile data may include your name, address, telephone number, email address, profile pictures, educational details and employment details. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services.
  • Service data – data that is provided in the course of the use of our services. The service data may include website usage data. The source of the service data is you or your employer. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
  • Publication data – information that you post for publication on our website or through our services. The publication data may be processed for the purposes of enabling such publication and administering our website and services.

Other purposes for processing include:

  • Enquiry or correspondence data – This includes information contained in any enquiry you submit to us regarding products and/or services, and, more generally, in or relating to any communication that you send to us. Data may include the communication content and the metadata associated with the communication. By placing an enquiry with us, we will process your personal data for the purposes of answering that enquiry. Your data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you.
  • Transaction data – The transaction data may include your contact details, card and the transaction details for the purchases of goods and services from us. The transaction data is processed to execute the contract between you and us and to keep proper records of those transactions.
  • Notification data – If you subscribe to our email notifications and/or newsletters. The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters.

When personal information that has been collected is to be used for a purpose not identified above, the new purpose will be disclosed to you prior to your personal information being used for that purpose. Your personal information will not be used for a purpose not listed above without your prior consent unless the new purpose is required by law.

In addition to the specific purposes for which we may process your personal data set out in this section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject.

3. Safeguards

The RIA will use its best efforts to protect your personal information through safeguards appropriate to the sensitivity of the information to protect your personal information against loss or theft, as well as unauthorized access, copying, use or modification. Access to your personal information will be limited to staff on a need to know basis and/or third parties set out in this Policy. Despite our best efforts, the RIA cannot guarantee that your personal information will not be used or disclosed in ways not specified in this Policy.

RIA will strive to protect your personal information by designating a responsible individual and by otherwise assigning internal responsibilities and by developing, maintaining and enforcing practices that are necessary to protect your personal information and by providing information about such practices upon request. RIA will make reasonable efforts to ensure that personal information collected is accurate and complete.

Further, RIA will investigate all data security incidents and respond appropriately with a view to understanding them, containing them, mitigating the potential for harm and improving safeguarding practices to prevent future incidents. RIA will notify individuals and regulators of data security incidents in accordance with applicable laws and otherwise, when it concludes that an incident give rise to a real risk of significant harm.

4. Other websites

For your convenience, the RIA’s websites may include links or references to other websites or resources and businesses operated by other persons. The RIA does not endorse and has no responsibility, liability or control over any other websites or their collection, use or disclosure of your personal information. We encourage you to read the privacy policies or statements of those other websites to learn how they collect, use or disclose your personal information.

5. Sharing your data

We may share your personal data with third parties where necessary to facilitate our events, seminars, webinars and other such similar services we offer. For example, in some cases we may publish a list of attendees or speakers. Data shared for this purpose will be used in line with this Policy.

We may disclose your personal data to our suppliers (for example, our providers of remote voting, mobile applications, and event administration services) insofar as reasonably necessary for providing a service. In doing so, RIA will take reasonable steps to identify and select suppliers that are capable of keeping personal information reasonably safe. Wherever possible, RIA will also enter into contractual agreements with suppliers and other third parties specifying that the third parties will take reasonable steps to ensure that personal information is kept reasonably safe.

Financial transactions relating to our websites and services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

In addition to the specific disclosures of personal data set out in this section 5, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject.

6. Retaining data

The RIA will limit its collection of personal information to that information which is necessary for the purposes identified in this Policy. The RIA will retain your personal information only for so long as is necessary to fulfill the purposes identified.

We may also retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject.

7. Amendments

We may update this policy from time to time by publishing a new version on our website. Please check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email.

8. Your rights

You may instruct us to provide you with any personal information we hold about you. We may ask you to supply appropriate evidence of your identity if we need to.

You may instruct us at any time not to process your personal information for marketing purposes. In practice, you will usually either agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

You may also have other rights available to you in respect of the personal data we hold, including the right to object and/or withdraw consent to the processing of your personal data and the ability to erase, restrict or correct your personal data. We will comply with any requests to exercise your rights in accordance with applicable law, but you should note that there are certain situations where your rights will not be exercisable because of other factors, or where you have not established the criteria needed to exercise a particular right. To exercise your rights, please contact us using the methods listed in section 10 below.

9. Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

While the RIA’s websites do not currently use cookies, our service providers such as Google Analytics and other vendors may use cookies which may be stored on your computer when you visit the websites of the RIA or our service providers.

10. Our details

This website is owned and operated by the Responsible Investment Association (RIA). We are a non-profit organization registered under the Canada Not-for-profit Corporations Act. Our Business Number is 140374679RC0001, and our Corporation Number is 264774-5. Our Chief Executive Officer acts as our Privacy Officer.

Our office is located at:

1240 Bay Street, Suite 304
Toronto, ON, M5R 2A7
Canada

You can contact us via the following methods:

  • by post, using the postal address given above.
  • using our website contact form riacanada.ca/contact-us/
  • by telephone, on the contact number published on our website.
  • by email, using the email address privacy@riacanada.ca.