CDR Privacy Notice

This privacy notice (“Notice“) provides details about how the Centre for Digital Rights (“CDR“) collects, uses, stores and discloses your personal information/data (“PI“) on this website (“Site“).  IP addresses are not considered PI unless, in the context of other information, they can be used to identify you.  CDR is responsible for PI under its control and has a privacy officer/data protection officer (“Privacy Officer“) to promote and help ensure compliance with applicable privacy laws, which include the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA“) and the European Union’s General Data Protection Regulation (“GDPR“).

Similar to everybody else trying to get their message heard on the Internet, we use infrastructure providers and social media channels that may not (yet) comply with the privacy policies that we advocate for. And if you click on a link, or on a button that allows you to share our page, you will be directed to a different site and will be subject to their privacy policy. We cannot ensure their compliance with PIPEDA, let alone with what we think is right – but with your help we are working on it!

The Site.  By using the Site, you signify your consent and agreement to our collection, use, storage and disclosure of your PI as outlined in this Notice. CDR is committed to protecting the privacy of Site users’ PI and respects the need for security surrounding the collection, use, storage and disclosure of this information. The Site may contain links to sites that are owned or controlled by other organizations. CDR has no influence on, and is not responsible for, the privacy practices or the content of other sites.

Use of PI for the Site.  We use your PI to provide you with this Site, make sure it does not go offline and obtain an anonymous statistic to see if we succeeded in doing so.

Transactional Data.  We collect transactional data such as IP addresses, operating systems and browser information in order to provide this Site to you and use it for ensuring the security of the Site. This transactional data includes IP addresses of computers accessing the Site, the operating systems and the types and versions of browsers used to access the Site, the date and time the Site is accessed, the webpages visited, the key words used in the search engine, the name and size of files requested, and the URL of any referring website.

Legal Basis.  The legal basis of our collecting your PI is your request to use the Site and our legitimate interests in the security of the Site.

Storage.  Transactional data as described above will be stored for the purpose of website analytics. Security log data (e.g., when the software identifies an “incident“) will be deleted after 12 months, unless there is a specific reason to keep that information for a longer period of time (e.g., individual IP addresses are blocked).

Sharing Your PI.  We do not share your PI with other organizations /data controllers.

Data Processors.  We use trustworthy third party service providers/data processors that process your PI on our behalf.  For the Site, our current hosting provider is Canhost Inc., a Canadian company located in Kelowna, British Columbia.

Transfers of Data to Third Countries.  We store your PI within Canada and do not transfer it to other countries for processing or storage. However, for transmission purposes, your PI may be communicated through countries other than Canada without processing or storage.

Statistics.  We maintain a statistics system that does not track PI but uses transactional data to supply website analytics.

Cookies.  We do not store PI in cookies. We may store your own-page settings in non-personalized ways (e.g., your language settings).

Disposal of PI.  PI that is no longer required will be disposed of in a secure manner.

Privacy Breach Notifications.  If any breach of the security safeguards involving your PI under our control occurs that creates a real risk of significant harm, we will, as soon as feasible after we determine that such a breach has occurred, notify you and report the breach to the Office of the Privacy Commissioner of Canada (“OPC“) as required under PIPEDA.

Disclosure Required by Law.  We will disclose your PI as required by law or to comply with a judicial proceeding, court order or legal process served on us.

User Rights.  With respect to your PI, you have the right to access, to rectification, to object, to restriction of processing, to data portability and to withdraw your consent: Just send us a message at [email protected].  You also have the right to make a complaint to the OPC.

Information Requests and Concerns.  If you have any requests or concerns regarding this Notice or the collection, use or disclosure of your PI by CDR, or if you wish to withdraw consent for CDR to collect, use or disclose your PI, please contact our Privacy Officer with your request or concern.

CDR’s Privacy Officer is Andrew McMurtry who can be contacted at:
Email: [email protected]
Phone: 226.791.1911  

Alternatively, you may contact the OPC at:

Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec K1A 1H3

Changes to Notice.  Privacy laws and circumstances are rapidly evolving and, as a result, from time to time, we may need to change this Notice in which event we will post the most current version on the Site.

Last updated June 15, 2018

Close Menu