The Canadian Evaluation Society (CES) is committed to protecting privacy and acts in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), as amended and updated on the Government of Canada's website. The Privacy Policy applies to personal information collected, used and disclosed by the Canadian Evaluation Society and includes the personal information of members and non‐members, including those who visit the CES website. “Personal Information” for the purposes of this policy means information about an individual except the name, title, business address, or business telephone number of an individual.

The Privacy Officer for the CES is the Chair of the Governance and Process Committee. 

Questions or Concerns Related to the Privacy Policy may be submitted in writing to: 

Privacy Officer
C/O Canadian Evaluation Society Secretariat
3‐247 Barr Street, Renfrew, ON K7V 1J6
governance_process@evaluationcanada.ca
Tel: 1‐855‐251‐5721 
Fax: 1‐613‐432‐6840

Policy

CES collects personal information primarily for registration and payment purposes. The Society makes every effort to limit the amount and type of personal information collected to that which is deemed necessary for the purpose of administering the affairs of CES. Members are asked to voluntarily provide information during the membership registration and renewal processes that can assist CES in ensuring the accuracy of our membership information. This enables the organization to provide better services by understanding the diversity of our membership. CES may contact its members directly to gather additional information for organization planning purposes.

The CES membership database consists of information compiled from the membership application and renewal forms. The CES membership database and its derivatives or products are the sole property of the CES and its Chapters. CES members who knowingly do not comply with CES privacy policies when using the membership database information may have their membership revoked indefinitely by the CES Board of Directors. Both CES members and non‐members who knowingly do not comply with the use of membership information may be subject to criminal prosecution or civil action.

In the normal course of establishing and maintaining web connections, the CES Website automatically logs information about visitors. The server logs record statistical information, such as visitors’ IP addresses, time and duration of visit, and web pages visited. This information is collected so that website content may be continuously improved. These statistics are reported in aggregate form only. 

Server log information is not linked to any other data in a way that would enable the identification of individual visitors. Cookies are used only to ensure the delivery of service reserved to members.

Procedure

1. Consent: CES obtains consent to share information. An individual may refuse to have their personal information shared and it will not affect their participation in an event or their status as a CES member. If CES wishes to use personal information for a purpose other than that stated at the outset of membership or an event, the express written consent of the participant will be obtained. No information that can personally identify an individual participant is provided to anyone outside CES without explicit permission. In the rare event that information that might personally identify individual participants is to be transferred to a third party, explicit permission is obtained from those individual participants. The only exception to this is if CES is required to disclose information for legal reasons such as a subpoena or other court or government orders.
   
   The membership registration process enables an individual to identify that their personal
   information may or may not be shared with a third party. A third party is an individual or
   organization that is independent of the CES. If an individual chooses not to answer this section of the registration form, it will be assumed that they are not providing consent to share information for a stated purpose. However, the Secretariat or appointed CES representative may contact members for purposes of verification of the accuracy or completeness of membership information provided.
   
   Members and non‐members may at any time choose not to be contacted by CES or notify CES of any change in their consent to providing information to third parties.
2. Storage and retention: Any personally identifiable data about members or website visitors is
   stored securely and used only for the purpose for which it is provided to CES. Personal information is retained only for the purpose for which it was collected, except where required by law. Personal information that is no longer required to fulfill the identified purposes and/or legal requirements is destroyed, erased, or rendered anonymous using secure data destruction methods.
   
   CES safeguards and protects personal information in its possession or control from loss or theft and from unauthorized access, disclosure, duplication, use or modification. Physical safeguards such as restricted access to the entire office, alarm systems and secure locks on all doors are in use. Passwords and firewalls protect all electronic documents. 
   
   All credit card information is collected and stored securely. CES uses the information only for the purpose supplied and does not maintain credit card information for each individual member.
3. Disclosure: CES may share aggregate information about its members and customers — not
   individual data — with sponsors, potential sponsors and other parties to help them better
   understand CES members and their interests.
   
   In the rare event that information that might personally identify individuals is to be transferred to a third party, explicit permission will be obtained from those individuals. The only exception to this is if CES is required to disclose information for legal reasons such as a subpoena or other court or government orders.

Information requests

1. Requests for internal use of the CES membership database in whole or in part by CES National and Chapters (or appropriate designates such as the publisher of the CJPE) must still conform to the basic principles of the Privacy Policy. The use of members’ personal information within the database (e.g. email, home mailing address, home telephone or cellphone) is acceptable for the purpose of communicating with members regarding any CES activities or CES sponsored events that could be perceived as relevant opportunities or benefits consistent with the core mandate and mission of the organization. This may include items such as annual general meetings, the Canadian Journal of Program Evaluation, newsletters, professional development workshops, annual conferences, membership renewal notices and additional information for organizational planning purposes. No fees will be charged for providing information from the CES membership database for internal use to appropriate designates. As stated previously members may choose to indicate that they do not wish to be contacted by CES or amend their personal information on the membership database at any time by contacting the CES Secretariat in writing or by email.
2. Requests for external use of the CES membership database in whole or in part by third parties must also conform to the Privacy Policy. Requests by third parties must be made in writing or by email with a complete description of the use and purpose of the information to be obtained from the membership database to the CES Secretariat. The provision of personal information to a third party must respect the consent indicated by each member for a designated purpose as indicated on their membership registration form (i.e. research and surveys, commercial purposes).
3. The CES Secretariat will be responsible for notifying the CES Communication and Marketing
   Committee Chair or designate of all requests made to CES Board of Directors. For requests that the Secretariat or CES Communication and Marketing Committee Chair feel do not readily meet the consent guidelines and directives expressed by members, these will be referred to the CES Privacy Officer.
4. A standardized application process is utilized for each external request which requires application in writing or by e‐mail, with a complete description of the use and purpose of the information to be obtained from the database. Requests that require personal information that crosses international borders will require notification of the CES Executive to consider the merit of the request and the need for express consent of individual CES members. The CES Secretariat will be responsible for ensuring compliance by applicants as far as the one‐time use of membership data and the expressed use of the information for its intended purpose. The assignment of fees to external users for use of membership information will be in accordance with allocated rates deemed appropriate by the CES Secretariat. These rates will be reviewed and approved by CES Board of Directors as required.
   
   Rates set in August 2014 are as follows:
   a) For non‐commercial purposes: Requests that support the objectives of the CES: $200 student; $400 non‐student rate. Requests that do not support the objectives of the CES: $600.
   b) For commercial purposes: $2 per name supplied.
5. Website: CES has taken reasonable measures to ensure that the information and data presented on the website are accurate and current.
6. Right to Know: Individuals can be informed of the existence, use or disclosure of any personal information about them that is currently in the possession or control of CES upon providing proof of identity and submitting a written request to the Privacy Officer. If a request for access to personal information is denied, a written reply outlining the reasons for refusal will be provided (e.g., information was collected for the purposes of a legal investigation). The individual may then challenge the decision of CES. If individuals are not satisfied that CES has adequately addressed their comments or concerns, they can contact the Federal Privacy Commissioner.
7. Notification: CES will inform individuals when their personal information stored by the CES may have been lost or stolen.
8. Concerns: CES is open about the procedures used to safeguard and manage personal information. Questions or concerns related to the privacy policy or protection of personal information can be directed to the Privacy Officer. CES will investigate all comments or concerns and attempt to respond quickly to inform individuals of the steps, if any, that will be implemented to address comments or concerns. If an individual is not satisfied that CES has adequately addressed his/her comments or concerns, he/she may contact the Federal Privacy Commissioner.