ANAC commits to the following ten principles, as outlined in the Canadian Standards Association’s Model Code for the Protection of Personal Information (CAN/CSA-Q830-96) and that comply with provincial and federal legislation:
- Identifying purposes
- Limiting collection
- Limiting use, disclosure and retention
- Individual access
- Challenging compliance
This Policy may be updated by from time to time, at which time we will give you reasonable notice of the revised terms (including by e-mail or by posting on this website), and this Policy may be supplemented or modified by agreements entered into between the ANAC and you from time to time.
This Policy also contains certain information required by the European Union (“EU”) Regulation No. 2016/679 of 27 April 2016, known as the General Data Protection Regulation (“GDPR”), and mirroring legislation (with the GDPR, the “European Data Privacy Laws”) of the other countries (Norway, Iceland and Liechtenstein) forming with the EU Member States the European Economic Area (the “EEA”), which apply when we process personal data about individuals located in the EEA in relation to (i) the offering of goods and services to these individuals or (ii) the monitoring of their behaviour in the EU or EEA – at the moment we consider that only processing of personal data about individuals who register for conferences or events held by or on behalf of ANAC through our website fall within the scope of European Data Privacy Law.
We are the data controller of the processing activities described in this Policy for the purposes of European Data Privacy Laws and can be contacted by mail at 150 Metcalfe Street, Suite 1301, Ottawa, ON K2P 1P1 Canada or by email as indicated under 12 below. We do not have a representative in the EU.
This Policy explains how we will collect, use, disclose and store Personal information. We urge you to read the Policy carefully in order to gain a clear understanding of how we may collect, use or disclose personal information.
For the purposes of this Policy, “personal information” refers to any information about an identifiable individual. Information will be about an identifiable individual where there is a serious possibility that an individual could be identified through the use of that information, alone or in combination with other information. Personal information does not include business contact information (i.e. name, title, business address, etc.).
This Policy does not cover business contact information, anonymous aggregate information or data from which the identity of an individual cannot be determined. Subject to any agreement between ANAC and you otherwise, ANAC retains the right to use and disclose such information and data in any way that it determines appropriate.
This Policy applies to all personal information collected by us including personal information we collect from you through our website (when you register for a conference or event, set up an account or visit anonymously), our Member Portal, Partner Portals, as well as personal information provided to us by our clients, contractors, service providers, agents, partners, and subsidiary and affiliated entities participating in our programs, conferences and events.
ANAC and its agents, partners, contractors or service providers that may collect personal information on behalf of us, will not collect any personal information without obtaining the consent of the individual to whom it belongs prior to the collection of the information. By using our website or providing us with your personal information over the telephone, by email, in writing, by fax or in person, you provide your consent for us to collect, use, disclose and store your personal information in accordance with the terms of this Policy to the greatest possible under applicable law.
In most cases and subject to legal and contractual restrictions, you are free to refuse or withdraw your consent to – or if consent is not required object to – the collection, use, disclosure and storage by us of your personal information at any time upon reasonable, advance notice to us. However, the withdrawal of your consent or objection is not retroactive. It should be noted that in certain circumstances, our products or services can only be offered if you provide us with your personal information. Consequently, if you choose not to provide us with the required personal information, we may not be able to offer you these products or services. We will inform you of the consequences of the withdrawal of consent as appropriate. Notwithstanding anything in this Policy, we may, from time to time, seek consent from you – or if consent is not required inform you of our intention to – to use and disclose your personal information collected for a purpose other than the purposes set out herein.
You may have your personal information removed by contacting the Chief Privacy Officer whose contact information can be found at the bottom of this Policy.
If you are our client, supplier or partner and you provide us with the personal information of other individuals, you are responsible for obtaining the consent of the individuals from whom you collect any personal information at the time of collection in accordance with all applicable laws.
3. Collection of Personal Information.
What Personal Information Do We Collect? We collect your personal information and use it in the course of providing services to you. We may collect personal information such as your name, address, contact information, email address, financial information, payment card information, demographic and profile data, and purchase history, for the following purposes:
- Registration for membership with ANAC;
- Automatic renewals of memberships;
- Increasing engagement of our members and increasing and retaining our membership;
- Providing you with ANAC articles, position papers, and news of interest to you;
- Registration for ANAC conferences, courses and other events, and subscribing for e-learning activities;
- Advertising and promoting conferences, courses and other events to you;
- Tailoring our conference activities, courses and other events to your needs;
- Providing you with course updates, guidelines, brochures, pamphlets, books or websites for which ANAC produces;
- Providing you with periodic newsletters or updates, announcements and special promotions regarding ANAC products and services;
- Promoting contests and awarding prizes;
- Contacting you for participation in speaking engagements;
- Processing applications submitted to the ANAC job bank postings;
- Answering your questions or responding to your comments or complaints. We may also retain this information to assist you in the future and to improve our customer service and product and service offerings;
- Processing abstracts submitted to the ANAC abstract manager program;
- Processing purchases of products and services on our website; and/or
- For additional purposes that are identified at or before the time of collection and use, or through changes to this Policy.
We collect only such personal information as we deem to be reasonably required in the circumstances for the purpose(s) for which it is collected.
Except as set out in this Policy (or unless otherwise permitted by the applicable laws), we do not collect personal information without first obtaining the consent of the individual concerned to the collection of such personal information.
How Do We Collect Your Personal Information? We collect personal information from individuals who create accounts with our website or who create (or are provided) accounts with any Member Portal or Partner Portal operated by us.
We also collect personal information from individuals who place orders through the website for goods and services, who respond to online or email surveys, or provide information to us in person, in writing, by fax or over the telephone when asked for such information.
We may also indirectly collect and store in our systems personal information which is provided to us indirectly by clients, contractors, service providers, agents, partners, subsidiary and affiliated entities.
We may enter into agreements with trusted third-party service providers, agents and business associates who provide support, services, and equipment to us. These service providers, agents and business associates may use your personal information in order to provide us with services that we can provide you, or to directly provide you with services.
We use only fair and lawful methods to collect personal information.
4. Use of Personal Information.
What Do We Use Your Personal Information For? We use personal information for the following purposes:
- for the performance and delivery of our services;
- for the performance and delivery of education, training sessions and webinars;
- to process transactions for the purchase of goods and services;
- to perform activation services and generate reports;
- to improve our products and services;
- to improve our website;
- to inform or offer goods or services or seek donations;
- to comply with our statutory obligations or any judicial order or judiciary rule of procedure;
- to generate statistical data that, to the extent that anonymized data ceases to be personal data, we may use for a variety of purposes.
Unless permitted or required by the applicable laws, we do not use personal information for other purposes.
How do we use your personal information for marketing? We may, occasionally, send you information by electronic means (this includes email, telephone, text message (SMS) or automated calls) about our products and services, conferences, events and special offers which may be of interest to you as well as appropriate for soliciting donations.
Other entities within our group or which we have selected carefully may also send you similar marketing messages, depending on what you agree with us or as appropriate.
If you have consented to receive marketing from us, you can opt out at any time. See ‘Your Rights’ for further information.
What’s the legal basis for these uses under European Data Privacy Laws? When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that we are allowed to process your personal data on the following legal bases:
a) Legitimate interests. We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The following personal data processing activities are based on this ground:
- contacting or verifying the authority of an individual representing an organization in relation to the execution or performance of a contract with that organization and keeping exchanges with that individual as evidence in case of a possible dispute with that organization;
- anonymising personal data for generating statistics that can be used for, amongst others, improving our products and services and our websites;
- improving our products and services and our websites when this cannot be done without first anonymising the data;
- providing information to debt or equity investors or donators in order to incite them to invest or donate or continue to do so;
- presenting or communicating on our good or services or requests for donations when we do not need consent;
b) Contract. We are also permitted to process your personal data every time it is necessary for the entry into or the performance of the contract you have agreed to enter with us. If you do not provide the necessary personal data, we will not enter the contract for which it is necessary, or we will not be able to carry out our obligations thereunder in case of personal data necessary for its performance.
c) Legal obligation. We are also permitted to process your personal data every time it is necessary for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.
d) Consent. We may ask for your consent for presenting or communicating on our goods or services or requests for donations when this cannot be done on the sole basis of our legitimate interests. You can withdraw this consent at any time.
e) Public interest or official authority. We are also permitted to process your personal data when necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us by the relevant authorities when laid down by applicable EU or EEA country laws. At the present time, we have not been vested with official authority to carry out any specific activities in the EU or EEA.
5. Disclosure of Personal Information.
We may transfer or disclose your personal information in the following limited ways:
- When participating in a contest or promotion, we may collect personal information, such as a contest winner’s name, city of residence, and prize winnings in order to award prizes and promote such contests, and this information may be published in connection with contests;
- When you provide us with you name, address and other contact information at our conferences, this information will be provided to our exhibitors at each of our conferences;
- We may disclose your personal information between our related entities, as well as to third party individuals or organizations who are our trusted partners, service providers, contractors or agents who assist us in delivering or performing our services, conducting our activities, operating our websites, doing marketing (as indicated above), so long as those parties agree to use, disclose and store the personal information disclosed to them solely for the purpose(s) such personal information was provided to them, and to otherwise keep your personal information confidential and have appropriate safeguards for the protection of the information.
- Either ANAC or third-party service providers, agents, and business associates may use servers or storage for such purposes which are located in the US or another foreign jurisdiction. The personal information of individuals processed and stored in foreign jurisdictions is subject to the laws of that foreign country and as such may be accessible in that foreign country;
- ANAC, and our Canadian, US and other service providers may provide your personal information without your consent in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required by applicable Canadian, US or other laws.
Unless permitted or required by the applicable laws, we do not disclose personal information for other purposes.
Except as set out otherwise in this Policy, or except as you may permit from time to time in the manner set out in this Policy, we will not sell, exchange, transfer or give your person information to any other person or entity for any reason whatsoever.
Where Disclosure Can Be Made Without Consent. Please note that there are circumstances where the use and/or disclosure of personal information may be justified or permitted without your consent or where we are obliged to disclose your personal information without consent. Such circumstances may include, without limitation and subject to applicable laws:
- where use or disclosure of personal information is required by applicable law or by order or requirement of a court, administrative agency or governmental tribunal;
- where we believe, upon reasonable grounds, that the use or disclosure of personal information is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
- where the use or disclosure of personal information is necessary to permit us to pursue available remedies or limit any damages that we may sustain;
- where the personal information is public as permitted by applicable law;
- where the use or disclosure of personal information is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
- where the use or disclosure of personal information is necessary for the purpose of a prospective business transaction (including any equity or debt investment in our entities, businesses or assets) or donation if use or disclosure of such personal information is necessary to determine whether to proceed with the transaction or donation or to complete the transaction or donation, or a completed business transaction where the information is necessary to carry on the activity that was the object of the transaction; or
- where the disclosure is to an affiliate, or a third-party service provider acting on our behalf.
Where obliged or permitted to disclose personal information without consent, we will not disclose more personal information than is necessary for the relevant purposes of such disclosure.
6. Storage and Transfer of Personal Information.
Hard copies of your personal information are stored by us in Ontario, Canada. Electronic copies of your personal information are stored on servers and/or operated by or for us in Ontario, Canada. Personal information collected from or about you offline may also be stored in Canada.
However, in certain circumstances, unless prohibited by applicable privacy legislation, personal information may also be accessed, transferred and stored outside of Canada by our contractors, service providers and affiliates. Where personal information is accessed, transferred or stored outside of Canada where privacy laws may offer different levels of protection from those in Canada, your personal information may be subject to access by and disclosure to law enforcement agencies under the applicable foreign legislation.
Individuals in the EEA are hereby informed that we may transfer and store their personal data in the EEA, Canada and other countries deemed to offer an adequate level protection according to the European Commission as well as the US, provided that any recipient of personal data based in the US adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.
7. Protection of Personal Information.
How Do We Protect Your Personal Information? We employ a variety of physical, technical and organizational security measures to maintain the safety of personal information.
We offer the use of a secure server. All sensitive financial (e.g. credit card) information, any information provided via our websites, Members Portal and Partner Portal is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database, where it is only accessible by those authorized with special access rights to such systems, and who are required to keep the information confidential.
What Do We Do in Case Of A Security Breach? A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving personal information under our control, we will notify you and the appropriate federal or provincial Privacy Commissioners in Canada if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm. We will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach.
Individuals in the EEA are hereby informed that we will also comply with the documentation and notification requirements of articles 33 and 34 of the GDPR in case of a personal data breach as defined in the GDPR.
8. Cookies and Embedded Scripts.
Adjusting cookie settings on your browser: By default, most browsers will automatically accept cookies. However, you can disable cookies completely, or be prompted prior to a cookie being loaded, by adjusting your browser’s settings. Consult each individual browser’s “help” feature for more information. If you do not want to receive cookies on your computer, you must select the appropriate settings in your browser’s options; however, doing so may limit some of the interactivity our websites offer you.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
Embedded Scripts. An embedded script is a programming code that is designed to collect information about your interactions with our website, such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third-party service provider. The code is active only while you are connected to our website and is deactivated or deleted once you disconnect from the website.
9. Access and Correction of Personal Information.
How can you access or correct any inaccuracies in your Personal Information? We endeavour to ensure that all personal information provided by or about you and in our possession is accurate, current and complete as necessary for the purposes for which we use that personal information. If we become aware that personal information is inaccurate, incomplete or out of date, we will revise the personal information and, if necessary, use our best efforts to inform third party service providers or contractors which were provided with inaccurate information to enable those third parties to also correct their records.
We permit the reasonable right of access and review of personal information held by us and will endeavour to provide the personal information in question within a reasonable time, generally no later than 30 days following the request subject to applicable law. To guard against fraudulent requests for access, we may require sufficient information to allow us to confirm that the person making the request is authorized to do so before granting access or making corrections.
We will provide copies of the personal information in our possession in a form that is easy to understand or in a summary form where appropriate. We reserve the right not to change any personal information but will append any alternative text the individual concerned believes to be appropriate. We will not charge you for verifying or correcting your information, however, to the extent permitted by applicable law, there may be a minimal charge imposed if you need a copy of records.
Rights of individuals in the EEA. When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that you have the rights set out below.
You may exercise these rights by contacting us at the email address indicated in this Policy. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the European Data Protection Laws.
- Right to object to processing of your personal data. You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so.
In particular, you can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- email, call or write to us (at email@example.com). You can also click on the ‘unsubscribe’ button at the bottom of the email newsletter. It may take up to 14 business days for this to take place.
- provide proof of your identity and address (a copy of your driver’s licence or passport and a recent utility or credit card bill), and
- provide us with details of your preferred method of contact (for example, you may be happy for us to contact you by email but not by telephone).
- Right to access personal data relating to you. You may ask to see what personal data we hold about you and be provided with:
- a copy of the personal data;
- details of the purpose for which the personal data is being or is to be processed;
- details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are outside the EEA and what protections are used for those transfers;
- the period for which the personal data is held (or the criteria we use to determine how long it is held); and
- any information available about the source of that data.
- To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
- Right to correct any mistakes in your information. As indicated above, you can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
- Right to restrict processing of personal data. You may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate (we will start processing again once we have checked whether or not it is accurate);
- the processing is unlawful but you do not want us to erase your data;
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
- you have objected to processing because you believe that your interests should override our legitimate interests.
- Right to data portability. You may ask for an electronic copy of your personal data which we hold electronically and which we process on the basis of a contract with you or with your consent.
- Right to withdraw consent. You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
- Right to erasure. You can ask us to erase your personal data:
- should we not need your data anymore in order to process it for the purposes set out herein;
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- if you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- if your data has been processed unlawfully or have not been erased when it should have been.
- Rights in relation to automated decision making. You have the right to have any decision that has been made by automated means and which produces legal effects or has a similar significant effect on you reviewed by a member of staff, it being noted that our processing activities do not fall in that category.
- France only – directives for handling personal data after death. If you are in France, we inform you that you may write directives about the handling of your personal information after your death.
- Complaints to a European supervisory authority. It is important that you ensure you have read this Policy and, if you do not think that we have processed your data in accordance with this Policy, you should let us know as soon as possible. You may also complain to any European competent supervisory authority.
10. Retention of Personal Information
How Long Do We Retain Your Personal Information? We keep your personal information only as long as we believe it is required to be used and kept in view of the reasons for which it was collected and purposes for which it will be used. The length of time we will retain personal information varies depending on the purpose(s) for which it was collected and the nature of the personal information. This period may extend beyond the end of your relationship or contract with us (or the relationship or contract of your organization with us, or our affiliates and licensees, as applicable) but it will be only for so long as we believe it to be necessary for us to have sufficient personal information to respond to any issues that may arise at a later date.
Storage period of personal data of individuals in the EEA for processing activities falling within the scope of European Data Privacy Laws. The following provisions apply only to personal data of individuals in the EEA for processing activities falling within the scope of European Data Privacy Laws:
- As regards customers, and other persons with whom we have a contractual relationship as well as their individual representatives, we will hold all personal information for so long as we are in a contractual relationship. We may then (i) archive the data up to one year after the applicable limitation period has expired or final settlement of any dispute whichever is last and (ii) keep contact details for the purposes of direct marketing for a period of up to 3 years after termination of the contract or last contact made by the relevant individual.
- As regards website/app/email users who do not provide us with their contact details, we maintain a log during 18 months before anonymizing the data; as regards expiration of cookies, please see above.
11. Links to Other Websites.
We cannot and do not guarantee, represent or warrant that the content or information contained in such third-party websites and resources is accurate, legal, non-infringing or inoffensive. Further, we do not warrant that such websites or resources will not contain viruses or other malicious code or will not otherwise affect your computer. By using any of our systems or websites to search for or link to a third-party website, you agree and understand that we shall not be responsible or liable, directly or indirectly, for any damages or losses caused or alleged to be caused by or in connection with the use of, or reliance on, our websites to obtain search results or to link to a third-party website.
12. Resolving Your Privacy Concerns.
In the event of questions about: (i) access to personal information; (ii) our collection, use, disclosure or storage of personal information; or (iii) this Policy, please contact our Privacy Officer by sending an email to firstname.lastname@example.org.
We will investigate all complaints and if a complaint is justified, we will take all reasonable steps to resolve the issue.
13. Changes to This Policy.
We may update this Policy from time to time if our privacy practices change or if the law requires changes to it. We will post any Policy changes on this page, and, if the changes are significant, we will provide a more prominent notice and a summary of the relevant changes at the top of the page. You should review this Policy regularly for changes, and can easily see if changes have been made by checking the Effective Date below.
If you do not agree to the terms of this Policy, you should exit the website, Member Portal, or Partner Portal, and cease use of all our services immediately, or contact us to withdraw your consent where applicable. Your continued use of our websites, our Member Portal, Partner Portal, or our services following the posting of any changes to this Policy means you agree to be bound by the terms of this Policy to the greatest extent permitted by law.
This Policy is drafted in English; however, we have provided translations of the Policy into other languages. To the extent of any conflict between the Policy in English and any version in another language, the English version shall prevail.
15. Additional Information.
If you would like more information about our policies, or if you would like to access or correct the personal information we have about you in our records, then please contact our Chief Privacy Officer by email or in writing, as provided below:
Animal Nutrition Association of Canada
Attention: Chief Privacy Officer
Address: 150, Metcalfe Street, Suite 1301, Ottawa, Ontario, K2P 1P1
Effective Date: This Policy was last updated on January 9, 2020.