Updated: November 27, 2024

1. Our Commitment

The Human Resources Professionals Association (HRPA) is committed to protecting the privacy of personal information collected from its employees, applicants, registrants, volunteers, customers, suppliers, and others, and to ensuring such information is used and disclosed only for appropriate purposes. This policy describes the HRPA’s practices with respect to its management of personal information.

The various pieces of privacy legislation that have been enacted to protect an individual’s personal information and which may govern HRPA’s activities, draw a distinction between personal information about an individual and business information such as individual’s name, business title, business address, and business telephone number, and typically excludes such information from the scope of protected personal information. HRPA similarly excludes such business-related information from the ambit of personal information it collects and protects.

2. Types of Personal Information Collected

As a regulatory body, the HRPA collects certain information in connection with its public interest mandate as described in the Registered Human Resources Professionals Act, 2013 and the HRPA’s by-laws. It publishes some personal information in its public register in accordance with that mandate. Such information may include the following information about registrants and former registrants:

  • name and business contact information
  • class of membership and membership status
  • designation
  • insurance information (where applicable)
  • relevant dates
  • information regarding suspension and revocation
  • information needed in the public interest (e.g., incapacity findings, restrictions, conditions, certain types of investigation).

More detail about information published in the public register is available in the HRPA’s by-law.

The HRPA collects information through different means: by phone, in person, by email, by mail, and online.

The HRPA collects information when a person applies to become a member or student of the HRPA (e.g., information may be collected about a person’s educational record, demographic information, answers to “good character” questions, status as a recent resident). Similar information may also be collected when a person seeks to renew or amend registration with the HRPA.

The HRPA also collects information when it conducts a survey, seeks volunteers (e.g., for committees), receives and processes applications for designations (e.g., in respect of education, exam, and experience requirements), and provides products or services (e.g., conferences, convening opportunities, mentorship opportunities, practice exam and exam preparation courses, and continuing professional development courses). Technical information, such as information related to Internet access and email access (e.g., pages visited, IP addresses, and email interactions) is also collected. This information is used to update the HRPA’s internal systems to ensure that the HRPA has necessary and important information about those who interact with the HRPA.

The federal Personal Information Protection and Electronic Documents Act (PIPEDA), applicable to the private sector in Ontario, applies to the collection, use, retention, and disclosure of personal information in the course of commercial activities. Since the core activities of the HRPA are not commercial in nature, PIPEDA does not apply to most of our activities. PIPEDA only applies to the limited forms of commercial activity that the HRPA engages in outside of our core activities. Please review the HRPA Communications & Canada’s Anti-Spam Legislation (CASL) section of this policy for further details.

3. Our Policies

The HRPA has developed a comprehensive data retention and destruction policy for all staff to adhere to. The policy has a robust guide on how long each type of data is retained, the purposes for which it was collected, and how to destroy the data securely once the retention period is over.

All HRPA employees have undergone training regarding Canadian privacy law, Canada’s Anti-Spam Legislation (CASL), and privacy breaches, as we believe that these practices are very important. All employees also abide by a security and data breach policy, which has a comprehensive crisis communications plan included to not just mitigate the risks of a potential breach occurring but also to provide easily accessible steps for protecting your data. Protecting the confidentiality of your personal information is more than just a “best practice” – it is part of our job.

 4. Consent

Consent is obtained at the time personal information is collected. The specific use for which the information is intended is identified at that time (in some cases, this is apparent from the request and will not be in a separate statement; in other cases, a separate statement will be used). Those uses include the following:

  • to fulfil the HRPA’s regulatory mandate
  • to provide or facilitate the purchase of services or products
  • to employ staff and recruit volunteers
  • to advise of HRPA products or services
  • to understand our registrants (e.g., through surveys and focus groups)
  • to communicate with registrants and others.

By agreeing to provide information in connection with the HRPA activities identified in section 2, you have consented to both the collection and use of your personal information in connection with the identified activities in accordance with HRPA’s policies.  

HRPA considers the information it collects to be of low-sensitivity in that the information collected relates only to your professional association and affiliation with the HRPA.  HRPA neither collects nor stores sensitive information such as health information, financial information nor government issued identification.  Should HRPA require such information, it will seek your consent at the time such information is collected.

For any questions regarding these activities, or if you wish to opt out of such consent, please contact our Privacy Officer.

5. PCI Compliance

To ensure the integrity and privacy of the personal and credit card information you provide via the Internet when you make an online transaction, the HRPA has implemented safeguard and security measures that are industry standard and Payment Card Industry (PCI) compliant. All information collected within a secure page is encrypted while being transmitted to our secure server. The server is protected by a firewall that is regularly updated when new patches and fixes are released. The HRPA does not store credit card numbers in our electronic databases.

Our partners and vendors, as part of their contracts with the HRPA, commit to maintaining the confidentiality of your information and to not using it for any unauthorized purpose. The HRPA discloses only information necessary to be disclosed.

6. Vendors & Affinity Program Partners

The HRPA may provide your personal information to vendors responsible for providing the products and services you have requested or administering our marketing and promotional activities. The HRPA may also provide your personal information to our affinity program partners so that you are eligible to receive their products and services at favourable rates.

The HRPA, our vendors, and our affinity partners may store or process your personal information outside of Canada. The HRPA may use some vendors who may be subject to the General Data Protection Regulation (GDPR), and while outside of Canada your personal information may be subject to disclosure in accordance with the laws of the foreign jurisdiction in which the data resides. The HRPA ensures that each vendor and partner has a privacy policy that adheres to the requirements we have set out that follows both PIPEDA and CASL. The HRPA may seek to end any agreement with a vendor or partner should such vendor or partner experience a data or privacy breach. For any questions regarding a certain partner or vendor, or if you wish to opt out of a partner program, please contact our Privacy Officer.

7. Limitations on Use

Any individual from whom information is collected may request that such information be used for no purpose other than that for which it was collected. This request may be made at any time by contacting our Privacy Officer. Such a limitation does not bar the HRPA from using such information as otherwise permitted or required by law.

The HRPA reserves the right to change this Privacy Policy, including to comply with any new Ontario or federal legislation. We recommend that you review this policy periodically so that you are aware of any changes. Your continued use of our website following the posting of any changes to this policy constitutes your acceptance of these changes. The date on which this Privacy Policy was last amended appears at the top.

Access, Accountability, and Updating

The HRPA has undertaken a comprehensive review of practices to ensure proper safeguards for personal information in its custody and control and has implemented physical, organizational, contractual, and technological security measures to protect such information from loss, theft, unauthorized access, disclosure, copying, use, or modification, both in hard copy and online. Only staff whose duties require access to sensitive personal information are granted such access.

Individuals from whom information is collected may request access to such information as may be in the HRPA’s possession and may challenge the accuracy of the information. Unless prohibited by law, a small administrative fee may be charged to access such information. Information that is confidential or privileged may not be disclosed even upon request, if disclosure is not required by law. The HRPA endeavours to ensure the information collected is accurate, through updates requested annually upon membership renewal and at other times as required.

8. Cookies

A cookie is an element of data that our website can send to your browser, for storing on your hard drive so the HRPA can more easily recognize you when you return to our website. The HRPA may use cookies to provide you with tailored information. Cookies allow the HRPA to know that you’re logged in and help us to administer our advertising and perform analytics. You may set your browser to notify you when you receive a cookie and you may choose to decline, delete, or disable cookies. You should be aware that if you do so, you may not be able to access or run certain applications that are on our website.

HRPA Communications & Canada’s Anti-Spam Legislation (CASL)

CASL restricts the ability of organizations to send commercial electronic messages without the consent of the recipient. As it relates to the activities of a professional association, the Privacy Commissioner’s Fact Sheet states: “Collecting membership fees, organizing club activities, compiling a list of members’ names and addresses, and mailing out newsletters are not considered commercial activities.” Generally speaking, activities that further the HRPA’s statutory objects are not considered commercial. The HRPA’s statutory objects are set out in the Registered Human Resources Professionals Act, 2013.

HRPA communications that are not “commercial electronic messages” and thus not subject to CASL include communications relating to

  • association governance (e.g., elections, general and special meetings of the membership, changes in by-laws)
  • professional regulation (e.g., registration, certification, complaints, discipline, exams, assessment of qualifications, the Code of Ethics and Rules of Professional Conduct, practice standards and practice guidelines, regulatory processes and procedures)
  • activities that further the statutory objects of the association (e.g., membership, conferences, professional development and mentoring offerings, credential maintenance, chapter events, resources).

There may be some HRPA communications that would not relate to the objects of the HRPA. These would be deemed “commercial electronic messages” and be subject to CASL. Such commercial electronic messages will include an “unsubscribe” option or can be unsubscribed from using the Preference Centre.

9. Questions or Concerns

Privacy practices for the HRPA’s various activities are reviewed regularly and updated as necessary. Any questions or concerns regarding this policy or its implementation should be directed to the Privacy Officer via email.