Privacy Policy

1. Introduction

CrowdfundCanada Educational Resource Hub ("CrowdfundCanada Edu," "we," "us," or "our") is an independent educational platform dedicated to providing informational content about crowdfunding and community funding models in Canada. We operate from Toronto, Ontario, and our mission is to educate students, entrepreneurs, researchers, and the general public about how crowdfunding works within the Canadian regulatory framework.

This Privacy Policy describes in detail the types of personal information we collect from visitors and users of our website located at www.crowdfundcanadaedu.com (the "Website"), how that information is collected, the purposes for which it is used, the circumstances under which it may be disclosed, and the measures we take to protect it. This policy also outlines your rights regarding your personal data under both Canadian and European privacy legislation.

We are committed to handling your personal information responsibly and in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy laws, and the European Union's General Data Protection Regulation (GDPR) to the extent that it applies to individuals located in the European Economic Area (EEA) or the United Kingdom who access our Website.

By accessing or using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our Website. We encourage you to review this policy periodically, as we may update it from time to time to reflect changes in our practices or legal requirements.

2. Data Controller

The data controller responsible for your personal information collected through this Website is:

As the data controller, we determine the purposes and means of processing personal data collected through this Website. If you have any questions about how your data is handled, or wish to exercise any of the rights described in this policy, please contact us using the details above. We aim to respond to all privacy-related inquiries within 30 calendar days, consistent with PIPEDA requirements.

3. What Data We Collect

We collect several categories of personal information depending on how you interact with our Website. We are committed to collecting only the minimum amount of data necessary to fulfill the purposes described in this policy.

3.1 Information You Provide Directly

• Name: Your first and last name, provided when you sign up for our newsletter, register for a course or webinar, or submit a contact form.
• Email Address: Provided when subscribing to our newsletter, creating an account for courses, registering for webinars, or contacting us through our forms.
• Phone Number: If you choose to provide it through our contact form or when registering for certain workshops. This is optional in most cases.
• Message Content: Any text, questions, or feedback you submit through our contact forms, course discussion forums, or direct email communications.
• Payment Information: If you purchase a course or webinar, payment is processed through third-party payment processors. We do not directly store credit card numbers or banking details on our servers. We may retain transaction records including purchase amount, date, and the last four digits of the payment method for accounting purposes.

3.2 Information Collected Automatically

• IP Address: Your Internet Protocol address, collected automatically when you visit our Website. This may be used for analytics, security, and approximate geographic location (city/region level only).
• Device Information: Including your device type (desktop, tablet, mobile), operating system, browser type and version, screen resolution, and language preferences.
• Usage Data: Information about how you interact with our Website, including pages visited, time spent on each page, referring URLs, click patterns, scroll depth, and navigation paths.
• Cookies and Similar Technologies: Data collected through cookies, web beacons, and similar tracking technologies as described in Section 11 of this policy.
• Server Logs: Standard web server log information including access times, HTTP status codes, and data transfer volumes.

3.3 Information We Do Not Collect

We do not knowingly collect sensitive personal information such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, or information about sexual orientation. We do not collect Social Insurance Numbers, government-issued identification numbers, or detailed financial account information. Our Website is educational in nature and does not require such data for its operation.

4. How We Collect Data

We collect personal information through the following methods and channels:

• Website Forms: When you voluntarily fill out and submit forms on our Website, including the newsletter subscription form, contact form, course registration form, and webinar sign-up form. Each form clearly identifies which fields are required and which are optional.
• Cookies and Tracking Technologies: We use cookies and similar technologies to collect usage data automatically when you browse our Website. You can manage your cookie preferences through the cookie consent banner presented on your first visit, or through your browser settings at any time. Detailed information about our cookie practices is provided in Section 11.
• Analytics Tools: We use Google Analytics to understand how visitors use our Website. Google Analytics uses cookies to collect anonymized usage data including page views, session duration, traffic sources, and user demographics in aggregate form. We have enabled IP anonymization in Google Analytics, which truncates your IP address before it is stored.
• Email Communications: When you send us emails directly or respond to our newsletters, the content of those communications and your email address are collected and stored for the purpose of responding to your inquiries and maintaining communication records.
• Server Logs: Our web hosting infrastructure automatically records standard server log data when your browser requests pages from our Website. This is a standard technical process that occurs with virtually all websites.
• Third-Party Payment Processors: When you purchase educational courses or webinars, payment data is collected and processed directly by our payment processor. We receive only transaction confirmation details, not your full payment credentials.

5. Legal Basis for Processing (Why We Collect Data)

Under PIPEDA, we collect and process personal information based on the principle of meaningful consent. Under the GDPR, we rely on one or more of the following legal bases for processing your personal data, depending on the specific context:

6. How We Use Your Data

We use the personal information we collect for the following specific purposes:

• Service Delivery: To provide you with access to our educational content, deliver purchased courses and webinar recordings, process registrations, and facilitate your participation in live educational events.
• Communication: To respond to your inquiries submitted through our contact form or email, to send transactional messages related to your purchases (such as order confirmations and access instructions), and to send educational newsletter updates if you have subscribed.
• Marketing (with consent only): To send you bi-weekly educational newsletters, information about new courses or webinars, and relevant educational updates. You will only receive marketing communications if you have explicitly opted in, and you may unsubscribe at any time using the link provided in each email.
• Website Analytics and Improvement: To understand how visitors navigate and use our Website, identify popular content, detect technical issues, and improve the overall user experience. Analytics data is processed in aggregate form whenever possible.
• Security and Fraud Prevention: To monitor for suspicious activity, protect against unauthorized access or data breaches, and maintain the security and integrity of our Website infrastructure.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including Canadian tax requirements for educational service transactions, responding to regulatory inquiries, and exercising or defending legal claims.
• Internal Record-Keeping: To maintain accurate records of transactions, communications, and user preferences for operational and administrative purposes.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Below are our specific retention periods for different categories of data:

When the retention period expires, personal information is securely deleted or anonymized so that it can no longer be associated with you. In certain cases, we may retain anonymized or aggregated data indefinitely for statistical and research purposes, as such data cannot be used to identify any individual.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We share personal information only in the following limited circumstances and only with the categories of recipients listed below:

• Hosting and Infrastructure Providers: Our Website is hosted on secure servers provided by professional hosting services. These providers may have access to personal data stored on their servers but are contractually bound to process it only on our instructions and to implement appropriate security measures.
• Payment Processors: When you make a purchase, your payment information is processed by our third-party payment processor. They operate under their own privacy policies and are PCI DSS compliant. We do not have access to your full credit card details.
• Analytics Providers: We use Google Analytics to collect and analyze aggregate usage data. Google operates under its own privacy policy and data processing terms. We have entered into a data processing agreement with Google and have enabled IP anonymization.
• Email Service Providers: We use a professional email marketing platform to send newsletters and transactional emails. This provider processes subscriber data (names and email addresses) on our behalf under a data processing agreement.
• Learning Platform Partners: If you access our educational content through a third-party learning platform that we partner with, limited account data may be shared to facilitate your access. Such sharing is governed by data processing agreements.
• Legal and Regulatory Requirements: We may disclose personal information if required to do so by law, regulation, legal process, or enforceable governmental request. This includes responding to court orders, subpoenas, or requests from Canadian regulatory authorities.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred to the successor entity, provided that the successor agrees to handle the information in accordance with this policy or one that is equally protective.

9. International Data Transfers

Our primary operations are based in Canada. However, some of the third-party service providers we use (such as analytics tools, email marketing platforms, and cloud hosting providers) may process data in the United States or other jurisdictions outside of Canada and the European Economic Area (EEA).

When personal data is transferred outside of Canada, we ensure that the receiving jurisdiction provides an adequate level of protection for personal information, or that appropriate contractual safeguards are in place. For transfers from the EEA, we rely on one or more of the following safeguards:

• Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection (Canada has a partial adequacy determination for PIPEDA-governed commercial activities).
• Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses as the legal mechanism for transfers to service providers in jurisdictions without adequacy decisions.
• Data Processing Agreements: All third-party processors that handle personal data on our behalf are required to enter into data processing agreements that include appropriate data protection obligations.

You may request a copy of the applicable safeguards for any international data transfer by contacting us at [email protected].

10. Your Rights

Depending on your location, you have specific rights regarding your personal information under PIPEDA, GDPR, and other applicable privacy laws. We are committed to facilitating the exercise of these rights promptly and transparently.

10.1 Rights Under PIPEDA (Canadian Residents)

• Right of Access: You have the right to request access to the personal information we hold about you and to be informed about how it has been used and to whom it has been disclosed.
• Right to Correction: You may request correction of any personal information that is inaccurate or incomplete.
• Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.
• Right to Complain: If you are not satisfied with how we handle your privacy request, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

10.2 Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under GDPR Articles 15 through 22:

• Right of Access (Article 15): The right to obtain confirmation as to whether your personal data is being processed and, if so, to receive a copy of that data along with supplementary information about the processing.
• Right to Rectification (Article 16): The right to have inaccurate personal data corrected and incomplete data completed.
• Right to Erasure (Article 17): The right to have your personal data deleted in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.
• Right to Restriction (Article 18): The right to request that we restrict the processing of your personal data in certain situations, such as when you contest its accuracy.
• Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.
• Right to Object (Article 21): The right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Article 7): Where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

10.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a written request to [email protected] or send a letter to our registered address. We may need to verify your identity before processing your request. We will respond within 30 calendar days (PIPEDA) or one month (GDPR), with the possibility of extension in complex cases, provided we notify you of the extension and the reason for it.

There is no fee for exercising your rights. However, if a request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee or decline to act on the request, in accordance with applicable law.

11. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to enhance your browsing experience, analyze site usage, and support our educational mission. A cookie is a small text file placed on your device by a web server when you visit a website. Below is a detailed overview of the cookies we use:

11.1 Essential Cookies

These cookies are strictly necessary for the Website to function properly. They enable core functionality such as page navigation, access to secure areas, and remembering your cookie consent preferences. Without these cookies, the Website cannot function as intended. Essential cookies do not require your consent and cannot be disabled.

• cookie-consent: Stores your cookie preference choice. Duration: 12 months.
• session-id: Maintains your session state as you navigate pages. Duration: Session (deleted when browser closes).

11.2 Analytics Cookies

These cookies help us understand how visitors interact with our Website by collecting information about pages visited, time spent, traffic sources, and navigation patterns. All analytics data is processed in aggregate and anonymized form. These cookies are set only if you accept them through our cookie consent banner.

• _ga (Google Analytics): Distinguishes unique users. Duration: 13 months.
• _ga_[ID] (Google Analytics): Maintains session state. Duration: 13 months.

11.3 Marketing Cookies

We currently do not use marketing or advertising cookies on our Website. If this changes in the future, we will update this policy and seek your explicit consent before deploying any marketing cookies.

11.4 Managing Your Cookie Preferences

When you first visit our Website, a cookie consent banner is displayed allowing you to accept or reject non-essential cookies. You can change your preferences at any time by clearing your browser cookies (which will trigger the banner to appear again on your next visit) or by adjusting your browser settings. Most browsers allow you to block or delete cookies through their settings menus. Please note that blocking essential cookies may impair the functionality of the Website.

For more information on how to manage cookies in specific browsers, visit the help documentation for your browser (Chrome, Firefox, Safari, Edge, etc.).

12. Children's Privacy

Our Website and educational services are designed for a general adult audience, including university students, entrepreneurs, researchers, and professionals. We do not knowingly collect, use, or disclose personal information from children under the age of 16 (or the applicable minimum age in their jurisdiction).

If we become aware that we have inadvertently collected personal information from a child under the age of 16 without verified parental consent, we will take immediate steps to delete that information from our records. If you believe that a child under 16 has provided us with personal information, please contact us at [email protected] so that we can take appropriate action.

Parents and guardians who wish to learn more about our data practices as they relate to minors are welcome to contact us at any time.

13. Data Security

We take the security of your personal information seriously and implement a range of technical and organizational measures designed to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your browser and our Website is encrypted using Transport Layer Security (TLS/SSL) with HTTPS protocol.
• Access Controls: Access to personal data is restricted to authorized personnel who require it for legitimate business purposes. We use role-based access controls and strong authentication mechanisms.
• Regular Updates: Our Website software, server operating systems, and security tools are kept up to date with the latest security patches.
• Backup Procedures: Regular encrypted backups are maintained to ensure data availability and recovery in case of a security incident.
• Vendor Assessment: Third-party service providers that process personal data on our behalf are evaluated for their security practices before engagement and are bound by data processing agreements.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security but are committed to continually improving our safeguards in line with industry best practices and evolving threats.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make changes, we will update the "Last Updated" date at the top of this policy.

For material changes that significantly affect how we collect, use, or share your personal information, we will provide prominent notice on our Website (such as a banner notification) and, where feasible, send an email notification to subscribers at least 14 days before the changes take effect. We encourage you to review this policy periodically.

Your continued use of our Website after any changes to this policy constitutes your acceptance of the revised terms. If you disagree with any changes, you should discontinue use of the Website and contact us to request deletion of your personal data.

15. Contact Details

If you have any questions, concerns, or requests related to this Privacy Policy or our data handling practices, please contact us through any of the following channels: