The Canadian Franchise Association (the “CFA”) is committed to protecting the privacy of the personal information on its customers, members, employees, volunteers, and other stakeholders.

This Privacy Policy documents our ongoing commitment to privacy and has been developed in compliance with applicable privacy legislation.


During the course of our various programs and activities, the CFA may gather and use personal information. Anyone from whom we collect such information should expect that it will be carefully protected and that any use of, or other dealing with, this information is subject to consent. The CFA’s privacy practices are designed to achieve this.


Personal information is any information that can be used to distinguish, identify, or contact a specific individual. Exceptions: business contact information and certain publicly available information, such as names, addresses and contact details as published in publicly-available directories, are not considered personal information.

Where CFA customers, members, employees, volunteers, or other stakeholders use their home contact information as business contact information, the CFA considers that the contact information provided is business contact information and is not therefore subject to protection as personal information.


The CFA is responsible for personal information under its control. We have a designated Privacy & Data Protection Officer who is responsible for the CFA’s compliance with this policy.


An individual’s consent is required for the CFA to collect and/or process personal information when information is collected. Consent can either be express or implied and be can provided directly by the individual or by an authorized representative.

We will obtain your express consent to collect, use, and/or disclose personal information, except where we are authorized or required by law to do so without consent. For example, we may collect, use, and/or disclose personal information without your knowledge or consent where:

the personal information is publicly available from a prescribed source, such as a telephone directory, membership directory, etc.;the CFA is collecting or paying a debt;it is reasonable to expect that obtaining consent would compromise an investigation or proceeding; orthe CFA has your implied consent.

Express consent may be provided orally, in writing, electronically, through action (such as when you click submit on an e-newsletter subscription form) or otherwise. By providing personal information to us, you agree that we may collect, use and disclose such personal information as set out in this Privacy Policy and as otherwise permitted or required by law.

Implied consent is consent that can be reasonably be inferred from an individual’s action or inaction.

In certain circumstances personal information can be collected, used or disclosed without knowledge and consent if seeking the consent of the person might defeat the purpose of collecting the information such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law. CFA may from time to time engage outside suppliers, including technology providers.

The CFA will never disclose personal contact information without consent, unless the use or disclosure is authorized or required by law.

You may withdraw consent at any time, subject to legal or contractual restrictions, provided that reasonable notice of withdrawal of consent is given to the CFA. On receipt of notice of withdrawal of consent, we will inform you of the likely consequences of the withdrawal of consent, which may include our inability to provide services for which that information is necessary.


We use your IP address to help administer our website. Your IP address is also used to gather broad, aggregated demographic information to help us track website and program performance. When you submit a transaction we may store your IP address for validation and to protect against fraud. We may use cookies to deliver content specific to your interests, to save your password so you don’t have to re-enter it every time you visit our site, and for other purposes set out below:

Our site uses analytics and marketing cookies from third parties such as Facebook, Google, Twitter, Instagram, Bing and LinkedIn. We may update the cookies used from time to time.We may use cookies to remind us who you are and to find your account information in our database when you access a service so you do not need to log in at every visit. This helps us to provide you with service tailored to your specific needs and interests.A cookie may be created when you register for a service.We may use cookies to determine the browser the visitor uses so the site can be designed to work properly with the most common versions of different browsers.Advertisers that place ads with CFA may use cookies.We may use cookies to estimate our audience size.Your browser is given a unique cookie that helps us determine whether yours is a repeat visit or a first visit.We may use cookies, pixels, and other similar technologies to track actions on our website and serve interest-based ads to you.

Visitors that wish to opt-out of cookies should review the help documentation for their web browser software to decline or selectively decline cookies. Learn how you can manage your cookies. Declining cookies may adversely impact website performance.

Please note that our web site may contain links to other sites and advertisements. Our Privacy Policy only applies to information collected by our web site. We are not responsible for the privacy practices and policies of third parties.


The CFA website uses Google Analytics to track performance. Google Analytics uses persistent cookies to track visitor sessions, visitors across multiple sessions, and referral sources to our sites. We also track the performance of promotional links to our site using Google Analytics. In compliance with the Google Analytics Terms of Service, at no time is personally identifiable information (PII) passed to Google Analytics. Note that Google Analytics stores its data within the United States of America and is subject to US laws. We use this data to understand site performance to serve you better. Those wishing to opt out of Google Analytics data collection should use the Google Analytics Opt-out Browser Add-on.


Your personal information will only be used or disclosed for the purposes set out above and as authorized by law.

We will retain personal information only as long as necessary for the fulfillment of the purpose for which it was collected, except with the consent of the person or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a person, CFA will retain, for a period of time that is reasonably sufficient to allow for access by the person, either the actual information or the rationale for making the decision.

We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for legal or business purposes.

We will take due care when destroying personal information so as to prevent unauthorized access to the information.


We will make reasonable efforts to ensure that personal information we collect, use or disclose is accurate and complete. In some cases, we rely on you to ensure that certain information, such as your e-mail address or telephone number, is current, complete and accurate.

If you demonstrate the inaccuracy or incompleteness of personal information, we will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed.

When a challenge regarding the accuracy of personal information is not resolved to your satisfaction, we will annotate the personal information under our control with a note that the correction was requested but not made.


The CFA protects the personal information in its custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.

The CFA will take reasonable steps to ensure that a comparable level of personal information protection is implemented by its suppliers and agents who assist in providing products and services to you.

Please note that confidentiality and security are not assured when information is transmitted through e-mail or other electronic communication. We will not be responsible for any loss or damage as a result of a breach of security and/or confidentiality when you transmit information to us by e-mail or other electronic communication or when we transmit such information by such means at your request.


The CFA is open about the policies and procedures it uses to protect your personal information. Information about these policies and procedures will be made available. However, to ensure the integrity of our security procedures and business methods, we do not disclose sensitive information about our policies and procedures.


You have a right to access your personal information held by the CFA.

Upon written request and authentication of identity, we will provide you with your personal information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed.

We may charge a fee for providing information in response to an access request and will provide an estimate of any such fee upon receiving an access to information request. We may require a deposit for all or part of the fee.

We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request.

In some situations, we may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purposes of an investigation, disclosure of the information would reveal confidential commercial information that, if disclosed, could harm the competitive position of the CFA, or where we exercise our solicitor’s lien against materials in our files in respect of outstanding accounts. The CFA may also be prevented by law from providing access to certain personal information.

Where an access request is refused, we will notify you in writing, document the reasons for refusal and outline further steps which are available to you.


While the CFA is a Canadian not-for-profit organization, we realize that our websites may be accessed by users from around the world.

For the purposes of applicable EU data protection law, we are a “data controller” of your personal information. Our servers are located in Canada in Toronto, Ontario. Data flow from the EU to Canada has been recognized by the adequacy decision of the European Commission.

If you are located in the EEA, you have certain rights under European law with respect to your personal data, including the right to request access to, correct, amend, port, delete, or limit the use of your personal data. You also have the right to make a complaint to a Data Protection Authority about how the CFA processes your personal data. If you are a visitor to CFA’s websites and wish to exercise these rights, please reach out to us using the contact information below.

Additionally, if you are located in the EEA, please note that we may be processing your information in order to fulfill actions you have asked of us (for example if you register to attend an event or have submitted an information request form through our websites), or otherwise to pursue our legitimate business interests, unless we are required by law to obtain your consent for a particular processing operation.


We may review and change our Privacy Policy from time to time.


If you have any questions about our Privacy Policy or your personal information, or if you would like to make a complaint about how the CFA processes your personal data, please contact:

Privacy & Data Protection Officer
5399 Eglinton Avenue West, Suite 116
Toronto, Ontario, Canada
M9C 5K6

Further information on privacy and your rights in regard to your personal information may be found on the website of the Privacy Commissioner of Canada at www.priv.gc.ca.

Effective: May 25, 2018