Privacy policy

CPA Canada's privacy policy.

Latest update: April 2023

Access the previous version of our Privacy Policy.

Chartered Professional Accountants of Canada (“CPA Canada”) is a not-for-profit national accounting organization whose mission is to enhance the influence, relevance and value of the accounting profession by acting in the public interest, supporting the Chartered Professional Accountants (“CPAs”) who are members of CPA Canada (our “Members”), and contributing to economic and social development.

This Privacy Policy contains information on how we collect, use, and disclose personal data as part of our activities. This Privacy Policy also contains information about your rights regarding your personal data. Learn more about the scope of this Privacy Policy.

If you have any questions regarding this Privacy Policy, you can reach our privacy office by e-mail at [email protected]. You can also contact us by mail at:

Attention: Senior Privacy Compliance Officer
CPA Canada
277 Wellington Street
Toronto, Ontario M5V 3H2

CPA Canada conducts online interest-based advertising and as such, adheres to the Digital Advertising Alliance of Canada’s AdChoices program principles. These principles require us to provide you with an enhanced notice regarding our use of advertising cookies and tracking technologies for interest-based advertising. Learn more about how we use cookies and how we use interest-based advertising in our Cookie Policy.

This Privacy Policy follows a ‘question and answer’ format. You can click on the links below to jump to any question for which you would like an answer or scroll down to read more.

  1. When does this Privacy Policy apply?
  2. What is personal data?
  3. What personal data do we collect about you, and for what purposes?
  4. How can you unsubscribe from our communications?
  5. Do we share personal data with third parties?
  6. How do we protect your personal data?
  7. Where do we store your personal data?
  8. How long do we retain your personal data?
  9. What are your personal data rights?
  10. Do you update this Privacy Policy?


This Privacy Policy applies to a wide range of activities, including when you:

  • visit our websites:,,,,, (and related conference sites),,,, and any websites which we operate from time to time;
  • submit your personal data for an employment opportunity or join our talent community;
  • subscribe to, use or access our online services;
  • purchase our products or services online;
  • register for conferences, educational activities and events which we organize;
  • download resources from our websites, such as research papers and audio sessions; and
  • otherwise interact with us (together, our “Services”).

This Privacy Policy also applies to the personal data we collect, use and disclose from or about our Members to administer their membership in CPA Canada, including personal data collected by provincial and territorial bodies (“CPA Canada Partners”) on our behalf, such as to register an individual as a Member and collect their membership fees (the “CPA Canada Membership Data”).

Learn more about our practices regarding the use of cookies and interest-based advertising in our Cookie Policy.

This Privacy Policy does not apply to third party websites, applications, or services, even where they may be linked to our Services. For example, our websites may include links to the websites of other organizations that we collaborate with; if you click on a link to another website, that website is not covered by this Privacy Policy. We encourage you to review all third party privacy policies and notices prior to using third party websites, applications or services

This Privacy Policy does not apply to the programs or activities of CPA Canada Partners, or to your dealings with any CPA Canada Partner. Your relationship with CPA Canada is distinct from your relationship with any CPA Canada Partner. CPA Canada Partners have their own privacy policies and policies describing how they collect, use and disclose your personal data, including as part of your membership with them. We encourage you to review the privacy policies and notices of your CPA Canada Partner.


In this Privacy Policy, when we use the term “personal data”, we mean any information that relates to you, as an identified or identifiable natural person. The personal data that we collect depends on the circumstances (see question 3. “What personal data do we collect about you, and for what purposes?”).

Some of the information which we consider as personal data for the purpose of this Privacy Policy may not be protected under applicable laws, and you may not be entitled to the same rights regarding such personal data.

Personal data may include information collected about you through cookies and tracking technologies such as beacons and web pixels (together, the “cookies”). Cookies are small blocks of data which are installed on a browser or a device during a session, and which remembers preferences or information about you. Learn more about how we use cookies.


We collect personal data to administer your CPA Canada membership, to provide you with access to the Services, to secure and manage our Services, to obtain analytics, to process job applications and to conduct marketing regarding our Services. We also collect personal data when you purchase our products and services.

Below are categories of personal data collected by CPA Canada, along with explanations as to why that personal data is collected, and how we use it. If you have more questions, do not hesitate to reach out to us at [email protected].

  • CPA Canada Member and Candidate Data

Examples: Identification data, contact information, professional information, membership status, affiliation data, and financial information regarding the payments of membership fees.

On behalf of CPA Canada, and with the consent of the individual, provincial and territorial CPA Partners collect personal and professional information about each Member and each candidate for membership (“Candidate”), including their name, address, email, year of birth, gender, language preference, employer as well as their Member/Candidate ID number, membership status, provincial/territorial affiliation and date. If you are a Candidate or a Member, we collect this information to create a Member/Candidate profile so as to:

  • register you as a Member or Candidate of CPA Canada, and update your information;
  • administer your membership in CPA Canada, collect membership fees, provide you with member benefits and communicate membership-related information;
  • deliver our financial literacy program;
  • promote our products, programs and services;
  • send you our Pivot Magazine as well as electronic newsletters that may be of interest to you or to which you have subscribed;
  • manage graduate certification and awards recognitions;
  • deliver career and professional development activities, such as events, conferences, webinars, online and in-person learning, as well as education/certification programs;
  • conduct statistical analysis by way of surveys and polls, which allows us to better understand the CPA professional landscape, to better serve our Members and Candidates, while developing the programs, products and services that respond to your professional needs; and
  • conduct interest-based advertising (find more information).
  • Accounts Registration Data

Examples: E-mail address, passwords, website usage data

If you decide to create an account on our websites to access our online Services, or if you otherwise register for our Services, such as for participating in educational events or for purchasing our products and services, we collect the information that you share with us to create this account or to register you. We use this information to administer your accounts and registrations, and the corresponding Services, and to send you communications from time to time. Learn how to unsubscribe to our communications.

  • Research and Community Engagement Data

Examples: Responses to surveys, forms, and questionnaires

From time to time, CPA Canada may engage in research and community engagement activities. Notably, CPA Canada administers Foresight, an online engagement platform regarding the future of the profession and available at, and the Financial Reporting and Assurance Standards engagement platform available at These platforms provide you with opportunities to share your opinions and ideas with CPA Canada on these matters using engagement tools, such as surveys, forms, and questionnaires.

We use this information to prepare research and community studies, generate professional development activities, improve our Services (such as by providing new benefits to Members) and engage into a conversation with stakeholders on the profession. We do not sell or resell your personal data as part of the Research and Community Engagement Data. We may aggregate and anonymize the personal data that you provide through these platforms and similar research and community engagement activities, including as part of our paid products.

  • Education Data

Examples: Continuing education credits, completed courses, registered courses, exam results

For Candidates enrolled with our online course curriculum and/or with our Education Exam Administration program (, CPA Canada collects the list of courses which is assigned to you, your name, email, provincial candidate number, password and username, your education credentials and transcript information, as well as course and exam results. We collect this information to provide you with our online learning environment and certification program. We share Candidate performance data, exam results and appeals results with CPA Canada Partners.

  • Purchase Data

Examples: Purchased items, credit card information, delivery address, transaction history

We collect financial data about you when you make purchases through our Services. This can include the purchase of research, professional and educational material as well as when you register to attend our conferences, events and webinars. To complete your purchase of our products and services and process your credit card information, we use a PCI-DSS compliant third-party payment processor: Chase. If you pay online, you pay through a secured digital portal directly into Chase’s environment, and we cannot see your full credit card numbers and your CVV. We collect information about your purchase history with us, and whether Members’ fees have been paid.

  • Marketing Data

Examples: Contact information, marketing preferences, transaction history, cookies, browsing habits.

We collect Marketing Data to market our products and services, including to provide you with personalized and tailored content based on your preferences. For instance, we may provide you with suggestions for professional activities or news articles based on your past purchases.

For more information about our use of cookies or similar technologies and how to manage your cookie preferences, please refer to our Cookie Policy.

  • Volunteer Management Program Data

Examples: Identification data, contact information, professional information, membership status, responses to surveys, forms, and questionnaires

We collect personal and professional information about CPA Canada volunteers, including their name, address, email, year of birth, gender, language preference, and employer to create Member and/or Non-Member profiles so as to:

  • register you as a volunteer of CPA Canada, and update your information;
  • communicate volunteer-related information;
  • deliver our Volunteer Management program;
  • deliver training activities, such as online and in-person learning, webinars, conferences and events; and
  • manage recognition activities.  Contact information, including name, professional designations, tenure, and committee(s) served may be disclosed to third parties, as reasonably appropriate to facilitate the Program.

We may also use this information to prepare research and community studies, and conduct statistical analysis to better understand volunteer activities, develop programs and improve our Services. We do not sell or resell your personal data as part of the Research and Community Engagement Data. We may aggregate and anonymize the personal data collected for these purposes.

  • Usage Information and Technical Log Data

Examples: Technical logs, IP address, browser type and configuration, operating system, number of visitors, pages viewed, length of visits, geographical location, language preferences and device information

We collect Usage Information and Technical Log Data automatically through our websites to allow us to monitor and secure our websites, and to understand traffic within our websites so that we can optimize them and improve our Services.

Collection of Usage and Technical Log Data is generally made using cookies or by enlisting third party services which will use cookies to track and record your preferences on our websites. 

For more information about our use of cookies or similar technologies and how to manage your cookie preferences, please refer to our Cookie Policy.

  • Employment Data

Examples: Education information, professional experiences, contact information

If you apply for one of our career opportunities, or if you participate in our talent community, we will collect the personal data you share with us, including any attachments and content. We will only use this information for making employment decisions.

  • Communication Data

Examples: Contact information, messages

If you communicate with us by e-mail, social media, through our websites or otherwise, we will collect the personal data that you share with us to respond to your communication. If the communication should be addressed to the CPA Canada Partner with whom you are affiliated, we may forward your communication to that CPA Canada Partner.


We provide our Members, Candidates and subscribers with various communications, such as electronic newsletters. Our Members also receive copies of our Pivot Magazine. You can unsubscribe at any time from such communications by using the link to unsubscribe included in our electronic messages, or you can contact us at [email protected]. You can also unsubscribe to our communications in your Preference Center, accessible from your online account.


We generally identify to whom, and for what purposes, we disclose your personal data, at the time we collect such information from you or otherwise obtain your consent to such disclosure. For example, we may disclose your personal data to:

  • CPA Canada Partners
  • Payment processors
  • Educational programing providers
  • Sponsors of events in which you participate

We may also transfer your personal data to service providers that are assisting us in our operations. We ensure that those service providers are subject to appropriate privacy standards.

Examples of our service providers include:

  • Hosting/infrastructure/storage providers
  • Educational programming providers
  • Communications services providers
  • Analytical service providers
  • Online Engagement service providers
  • Membership Management service providers
  • Ad conversion tracking and personalized content service providers

We may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to enforce or apply our policies and agreements; (e) to protect our rights, operations or property; (f) to collect amounts owed to us; (g) to allow us to pursue available remedies or limit the damages that we may sustain; (h) to protect the safety of our Members, Candidates, stakeholders, CPA Canada Partners or others; (i) to address, prevent or stop fraud or other activity that we consider to be illegal or unethical; or (j) to address an emergency involving danger of death or serious harm.


CPA Canada has adopted reasonable security procedures to help protect your personal data. For example, our cloud-based platform is hosted on Microsoft Azure servers located in Canada, which uses built-in security protections. We use password-protected systems and encryption when necessary, our personnel has been provided training on the protection of privacy and we use contractual agreements with our service providers. Our payment processor, Chase Payment Solutions, is PCI DSS Level 1.

We have implemented physical, organizational, contractual and technological security measures in an effort to protect your personal data from loss or theft, or unauthorized access, use, or disclosure. For example:

  • we restrict access to your personal data to those employees or agents who need access for authorized purposes;
  • electronic data is protected by technological means, such as firewalls, access controls, and encryption);
  • we sensitize our employees and agents to the importance of safeguarding personal data

Like most organizations, we cannot guarantee that our safeguards will always be effective. No method of transmitting information over the Internet or of storing information is completely secure. A breach of security safeguards can result in such risks as phishing and identity theft. In such cases, we act promptly to mitigate the risks and to inform you where there is a real risk of significant harm, or as otherwise required by law.

We may also require you to assist us to safeguard your personal data. For instance, if you use an account on our website, you should use unique and strong passwords, not share your passwords with others, and promptly alert us if you believe your password has been compromised. You should only connect to our website via a safe network.


Generally, we retain your personal data at our head office in Ontario, and in our offices and data centres elsewhere in Canada.

In addition, unless prohibited by law or contracts with our stakeholders, we may rely on service providers who are in the United States who assist us with the Services, in which case your personal data may be stored in or accessed from the United States. In that case, your personal data will be subject to United States laws, and may be subject to disclosure to United States governments, courts or law enforcement or regulatory agencies, pursuant to those laws. Subject to those laws, CPA Canada uses reasonable measures to protect your personal data as it would be protected in Canada. If you would like more information about our policies and practices regarding processing of personal data outside of Canada, please send us an email at [email protected].


We retain your personal data for as long as required for the purpose for which it was collected, or longer if we are required or permitted to do so under applicable laws.
We retain your online account data for as long as this account exists in our databases. You can request the deletion of your personal information by e-mail at [email protected]. We will endeavour to accommodate your request, subject to legal requirements.


The law provides you with rights regarding your personal data. These rights may change depending on where you are located, and they may not apply to all types of personal data. Most individuals have the right to access their personal data, the right to withdraw their consent to the use and disclosure of their personal data, and the right to request corrections to their personal data under certain circumstances, such as if the personal data is inaccurate or outdated. 

In some cases, withdrawal of your consent may mean that we will no longer be able to provide you with our Services. 

If you want to exercise your rights, or if you have a question or complaint about how we collect, use, or disclose your personal data, you can communicate with us by email at [email protected] or by writing to us at:

Attention: Senior Privacy Compliance Officer
CPA Canada
277 Wellington Street
Toronto, Ontario M5V 3H2

Generally, our Senior Privacy Compliance Officer will address your inquiry within 30 days unless we extend that time limit because of the nature of your request (in compliance with applicable laws). We will try our best to respond to your request without charging you any fees, but if your request involves significant costs for us (such as printing or transcript costs), then we may invoice you these fees, after you have approved them. We may also need you to share personal data to enable us to confirm your identity prior to responding to your inquiry.

Different laws have rules on how to respond to your requests regarding your personal data, and we may change how we respond to your request to comply with this law. For instance, if we must respond in 15 days to your request, we will respond within 15 days even if the Privacy Policy says within 30 days. The information that we provide in this Privacy Policy is to help you understand how you can work with us to exercise your rights.

We will try to help you, and if we cannot respond to your inquiry or if we must reject your request, we will notify you in writing and explain our decision. If you do not agree with how we handled your inquiry or request, please let us know. Otherwise, you can also contact your privacy and data protection regulator. Below is the contact information for the Office of the Privacy Commissioner of Canada:

Attention: Office of the Privacy Commissioner
30 Victoria Street
Gatineau, Québec K1A 1H3


Yes, we will update this Privacy Policy. There are many reasons why we may change this Privacy Policy, such as a legislative change or a change in how we collect, use, or disclose your personal data. If we make substantial changes to this Privacy Policy, we will advise our Members, Candidates and subscribers by email. You can consult the previous versions of the Privacy Policy and the date at which this version became effective at the top of this page.