Privacy
Last Updated: December 13, 2021.
Introduction
Your privacy is important to the Canadian Institute for Advanced Research (“CIFAR”). This Privacy Policy explains how CIFAR collects, uses and discloses personal information, including information collected in-person and in connection with its websites (such as the CIFAR website and the CIFAR Deep Learning + Reinforcement Learning Summer School website) (collectively, the “Websites”).
CIFAR is an independent, not-for-profit entity. As such, we are neither subject to the privacy laws governing the private sector in Canada, which focus on profit-based organizations, nor the privacy laws that govern how personal information is managed by government institutions at different levels across Canada. Nevertheless, we are committed to managing personal information and data in accordance with the principles upon which many of these laws are based. These “fair information” principles have gained worldwide acceptance in jurisdictions where privacy is recognized as a fundamental value. They are embodied, for example, in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, and in the Canadian Standards Association Model Code for the Protection of Personal Information. They provide a framework for voluntary self regulation by private sector organizations in the collection, use and disclosure of personal information, as well as in providing access to personal information. They give individuals control over how their personal information is handled in the private sector.
Table of Contents
- Your Consent
- How CIFAR Defines Personal Information
- Personal Information that CIFAR Collects
- How CIFAR Uses Personal Information
- How CIFAR Discloses Personal Information
- Withdrawing Consent
- Retention of Personal Information
- Protection of Personal Information
- Accuracy and Access to Personal Information
- Non-Personal Information
- Other Websites and Businesses
- Social Media and Similar Sites
- Children and Personal Information
- Changes to this Privacy Policy
- Notices to You
- Contacting Us
-
Your Consent
By providing CIFAR with your personal information, you consent to the collection, use, disclosure and retention of that information by CIFAR in accordance with this Privacy Policy and as otherwise permitted by applicable law. You may withdraw your consent at any time as described in Section 6, subject to legal or contractual restrictions, and reasonable notice. We will advise you about any consequences of doing so.
-
How CIFAR Defines Personal Information
In this Privacy Policy, “personal information” means information about an identifiable individual, such as an individual’s name and email address, but does not include (to the extent permitted by law) information that is publicly available in a telephone or website directory or that is business contact information that enables an individual to be contacted at a place of business. Personal information also does not include information that has been aggregated or anonymized, as explained in Section 10, below.
-
Personal Information that CIFAR Collects
We will collect the minimum personal information required to accomplish the purposes that we identify. We will collect your personal information by fair and lawful means.
-
Information You Provide
You may be asked to voluntarily give your personal information to CIFAR when you interact with us. For example, we may collect:
- contact information (such as name, email address, postal address and phone number) when you make an inquiry or contact us;
- contact information, academic affiliation and language preferences when you subscribe to a CIFAR bulletin or a Deep Learning + Reinforcement Learning Summer School newsletter or register online for a CIFAR program or event;
- contact information and academic affiliation and other education and employment information when you apply for or attend a program or event (including the Deep Learning + Reinforcement Learning Summer School);
- contact information and payment information when you make a secure donation to CIFAR through the Websites
- contact information, communications preferences and correspondence you send to us; and
- you may be asked to provide information regarding equity, diversity and inclusion (EDI), including whether you self-identify as part of an equity-deserving community.
In those circumstances, you can choose not to provide certain requested personal information, but then you might not be able to proceed with your intended interaction or transaction with CIFAR or otherwise receive the full benefit of the desired product or service.
-
Automated Collection
CIFAR may automatically collect certain information regarding your use of the Websites. For example, we may collect:
- the dates and times that you use the Websites;
- the browsers, operating systems, software and devices that you use to access the Websites;
- the address of the website you came from;
- a general geolocation and your IP address; and
- details of your use of the Websites, including the pages you visit, the duration of your visit and the number of times that you visit the Websites.
The Websites may use technologies (e.g. cookies, web beacons, tokens, pixels or tags) to collect information that assists CIFAR to improve its products, services, customer communications and advertising and to prevent fraud. CIFAR may use information collected through technological means to recognize you as a user of the Websites, to facilitate and improve your use of the Websites, to confirm that messages have been delivered to and opened by you and to provide you with targeted advertisements. You may choose to decline or disable cookies if your web browser or device permits, but doing so may affect your ability to access or use certain features of the Websites.
Some of the information automatically collected by technological means is non-personal information (because the information does not identify you), and CIFAR will handle that non-personal information as explained below in this Privacy Policy unless applicable law requires otherwise.
-
How CIFAR Uses Personal Information
CIFAR may use your personal information collected for purposes relating to or arising from your relationship and transactions with CIFAR and as otherwise set out in this Privacy Policy or permitted by applicable law, including:
- to contact and correspond with you regarding your transactions and your use of CIFAR’s programs, events and services;
- to facilitate your interactions and transactions with CIFAR, including to personalize and enhance your experience on the Websites and at CIFAR’s programs and events;
- to provide you with information regarding CIFAR and its programs, events and services and the programs, events and services offered by other businesses, to the extent permitted by applicable law;
- to process your donation, and keep you informed about and ask for your support of our mission;
- to process and respond to your inquiries, requests and other communications;
- to maintain, protect and improve the Websites and CIFAR’s programs, events and services;
- to protect and enforce CIFAR’s legal rights, interests and remedies and to protect the business, operations and clients of CIFAR or other persons, including security and fraud monitoring and prevention;
- to comply with legal and regulatory requirements; and
- to adjudicate and administer awards, and to evaluate, audit and improve CIFAR’s programs.
CIFAR may use your personal information to create non-personal information, and CIFAR may then use, disclose, transfer and retain the non-personal information as set out below in this Privacy Policy.
-
How CIFAR Discloses Personal Information
-
Specific Consents
CIFAR may disclose your personal information to other persons in accordance with express or implied consents that you give during your interactions and transactions with CIFAR. For example, if you make a donation to CIFAR, CIFAR may disclose your name on the Websites with your consent.
-
Suppliers and Service Providers
CIFAR may disclose your personal information to its suppliers and service providers (including service providers that provide information technology, payment processing, email delivery, marketing and customer support services) to assist CIFAR in the provision of information and services to you, to provide services to CIFAR, to assist CIFAR to use your personal information as set out in this Privacy Policy and as otherwise permitted by applicable law.
-
Partners and Other Third Parties
In some circumstances, CIFAR may share personal information with its partners and other third parties. CIFAR will only disclose your personal information to a third party if we have obtained your consent to do so, if you have provided your consent to the third party, or if we are legally required or permitted to do so. For example, if you register for an event offered by CIFAR that involves third parties, we may disclose information to that third party to the extent necessary to provide that event to you. If you voluntarily provide information regarding equity, diversity and inclusion (EDI) in an application, we may disclose this information to reviewers to the extent needed to evaluate the application.
-
Law Enforcement/Legal Disclosures
CIFAR may disclose your personal information as required or authorized by applicable law, including to comply with a subpoena, warrant or court or arbitral order or litigation disclosure obligation. CIFAR may disclose your personal information to law enforcement agencies or other independent organizations if CIFAR reasonably believes the disclosure is necessary or appropriate in connection with national security, law enforcement or other issues of public importance, or if CIFAR reasonably believes the disclosure is necessary or appropriate to protect and enforce CIFAR’s legal rights, interests and remedies or to protect the rights, interests, business, operations or customers of CIFAR or other persons (including to detect and prevent fraud and other illegal activities, or to enforce any of the terms of use, terms of service or other agreements that govern access to or use of any of CIFAR’s products or services). CIFAR has no control over, or responsibility or liability for, the use, disclosure or retention of your personal information by the agencies, independent organizations or other persons to whom CIFAR discloses the information in the foregoing circumstances, and the collection, use, disclosure and retention of the disclosed information by those agencies, independent organizations or other persons is not subject to this Privacy Policy.
-
Business Transactions
CIFAR may disclose your personal information in connection with a proposed or actual business transaction in which CIFAR is involved (e.g. a corporate amalgamation, reorganization, merger or acquisition, or the sale or transfer of some or all of CIFAR’s business or assets), and in those circumstances CIFAR will require the information recipient to agree to protect the privacy of your personal information in accordance with applicable law.
-
-
Withdrawing Consent
When you interact with CIFAR, you consent to the collection, use, disclosure and retention of personal information as set out in this Privacy Policy. You may withdraw your consent in the following ways:
- Disabling Automatic Website Collection: You may choose to decline or disable cookies if your web browser or device permits, but doing so may affect your ability to access or use certain features of the Websites.
- Contacting Us: You may withdraw your consent for other purposes (such as receipt of a newsletter) by contacting us using the information set out at the end of this Privacy Policy. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice.
-
Retention of Personal Information
CIFAR will retain your personal information for the period reasonably necessary for the purposes set out or referenced in this Privacy Policy and to comply with CIFAR’s legal obligations or enforce or protect CIFAR’s legal rights, or a longer period required or permitted by applicable law. CIFAR will delete or dispose of your personal information, or depersonalize the information, when CIFAR is no longer required or permitted by applicable law to retain the information for the purposes set out or referenced in this Privacy Policy.
-
Protection of Personal Information
The privacy and security of your personal information is extremely important to us. CIFAR uses reasonable safeguards — including administrative, physical and technical security and safeguarding measures — appropriate to the sensitivity of the personal information in CIFAR’s possession or under CIFAR’s control to help protect the information from unauthorized access, collection, use, disclosure, deletion or similar risks. CIFAR acknowledges that it is responsible for personal information under its control, including information that it has entrusted to a third party for processing. We will use contracts or other means to provide a comparable level of protection for personal information that CIFAR transfers to a third party for processing.
-
Accuracy and Access to Personal Information
CIFAR is committed to ensuring that your personal information is as accurate, complete, and current as necessary for the purposes for which it is to be used, particularly when we intend to use it to make a decision that affects you directly. To assist CIFAR, you will promptly notify CIFAR of any changes to the personal information that you provide to CIFAR using the procedures made available for that purpose by CIFAR or by contacting CIFAR’s Privacy Officer using the contact information set out in Section 16 at the end of this Privacy Policy.
Although CIFAR is not subject to a privacy law and therefore under no legal obligation, we are committed to the principle that you should be informed upon request of the existence, uses, and disclosures of your personal information under our control, and that you should be given access to your personal information upon request, subject to reasonable limits. You may also challenge the accuracy and completeness of the information and have it amended as appropriate.
You may request access to your information using the contact information set out in Section 16 at the end of this Privacy Policy. Please include sufficient details to enable us to identify you and to retrieve your information. Any personal information that you provide to us to facilitate access or correction will be used only for this purpose.
We may not be able to provide you with all your personal information upon request. There are always reasonable and necessary limits to access; we recognize, however, that such exceptions should be limited and specific. Upon request, we will provide you with clear reasons for any denial of access to information. Exceptions may include, for example, information that contains references to other individuals, information that we cannot disclose for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege, and information that is prohibitively costly to provide. When requesting access to your personal information, you should bear in mind that we are committed to providing access to records under our control that contain your personal information, not to creating new records.
-
Non-Personal Information
CIFAR may use your personal information to create and collect personal information that has been aggregated or otherwise de-identified so that the information no longer relates to an identifiable individual. CIFAR will take reasonable steps to reduce or eliminate the risk of re-identification in aggregated or otherwise de-identified information. If CIFAR creates non-personal information (information that is not about an identifiable individual), CIFAR may use, disclose, transfer and retain that non-personal information for any purpose and in any manner whatsoever. If non-personal information is combined with your personal information, then CIFAR will treat the combined non-personal information as personal information for the purposes of this Privacy Policy for as long as the non-personal information is combined with your personal information.
-
Other Websites and Businesses
This Privacy Policy only addresses the collection, use, disclosure and retention of personal information by CIFAR. The Websites and correspondence (including emails and messages) may include advertisements for products and services offered by independent businesses or links to websites operated by independent businesses or CIFAR may otherwise refer you to or provide information to you about independent businesses. CIFAR has no responsibility or liability for, or control over, those other websites, online services or businesses, their products or services, or their collection, use, disclosure or retention of your personal information. This Privacy Policy does not apply to the collection, use, disclosure or retention of your personal information by those websites, online services and independent businesses. If you have questions about how those websites, online services or independent businesses collect, use, disclose or retain personal information, please contact the owner or operator of the website, service or business.
-
Social Media and Similar Situations
When you use certain aspects of the Websites or other services to access or post information to social media websites, the personal information that you post or share in connection with these third party websites is visible to other persons and can be read, collected, used and disclosed by other persons, including to send unsolicited messages to you. When you click on a link to a social media website, you will leave the Websites and go to that social media website. Any information provided to such third party social media websites and other websites is governed by their own privacy policies, which you may read on the applicable website. You are solely responsible for the personal information that you choose to post or share in those situations. CIFAR has no control over, or responsibility or liability for, the collection, use, disclosure and retention of the personal information that you disclose in those situations, and this Privacy Policy does not apply to the collection, use, disclosure or retention of your personal information by those websites.
-
Children and Personal Information
We do not knowingly collect personal information from children without the consent of a legal guardian.If you believe we might have any information from or about a child, please contact CIFAR’s Privacy Officer using the contact information set out in Section 16 at the end of this Privacy Policy.
-
Changes to this Privacy Policy
CIFAR may change this Privacy Policy as it applies to CIFAR from time to time by posting a new version of this Privacy Policy on the Websites. CIFAR’s collection, use, disclosure and retention of your personal information will be governed by the version of this Privacy Policy in effect at that time. Your continued interactions with CIFAR after any change to this Privacy Policy will signify your consent to the collection, use, disclosure and retention of your personal information by CIFAR as set out in the changed Privacy Policy. Accordingly, you should check the “Last Updated” date of this Privacy Policy (at the top of this Privacy Policy) and review any changes since the last version. If we make material changes to the ways in which we collect, use, disclose and retain your personal information, we will provide you with appropriate notice.
-
Notices to You
You consent to CIFAR sending you emails (to the email address you provide to CIFAR) regarding this Privacy Policy and related matters.
-
Contacting Us
If you have any comments or questions about this Privacy Policy or CIFAR’s collection, use, disclosure and retention your personal information, please contact CIFAR’s Privacy Officer at:
Canadian Institute for Advanced Research
Attention: Privacy Officer
MaRS Center, West Tower
661 University Ave., Suite 505
Toronto, ON M5G 1M1 Canada
Tel: 416-971-4251
Email: privacy@cifar.ca