Privacy Policy
How Control Architecture Institute collects and uses the limited personal information required to provide access to its online research library.
This Privacy Policy (the “Policy”) explains how Control Architecture Institute Inc. handles personal information collected through the Website. It forms part of, and is incorporated by reference into, the CAI Terms of Use, and should be read together with them. Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms of Use. As provided in the Terms of Use, where there is any conflict between the Terms of Use and this Policy with respect to personal information, this Policy governs.
1. About this Policy and who we are
In this Policy, “CAI,” “we,” “us,” and “our” mean Control Architecture Institute Inc., operating as Control Architecture Institute, a corporation incorporated under the Canada Business Corporations Act and based in Ontario, Canada. “You” and “User” mean the individual accessing or using the Website. “Website” has the meaning given in the Terms of Use and includes the CAI website, its subdomains and portals, and its online research library. CAI is responsible for the personal information under its control and has designated a contact for privacy matters, identified in Section 10.
2. The personal information we collect
We collect only the personal information needed to give you access to the Website’s research library: your name and your email address, which you provide when access is arranged for you or when you sign in. We do not collect payment information through the Website; where fees apply, they are handled separately under a written agreement and not through the Website. We do not request, and you should not provide, any other personal information through the Website.
3. Essential sign-in information
Access to the research library uses a one-time “magic link” sent to your email address, together with an essential cookie that keeps you signed in during your session. This information is used only to authenticate you and operate the sign-in. It is not used for advertising, profiling, or third-party tracking.
4. Why we collect it, and your consent
We use your name and email address solely to: (a) establish and administer your access to the research library; (b) send you the sign-in link and essential service messages about your access; and (c) respond to your enquiries. We rely on your consent, which you provide when you request or use access, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). We do not sell your personal information, and we do not use it for advertising.
5. How we share it
We do not sell, rent, or trade your personal information. We disclose it only to service providers that host the Website and deliver our sign-in emails on our behalf, who are permitted to use it solely to provide those services; and where required by law or to establish, exercise, or defend our legal rights, consistent with the Terms of Use. Some service providers may process information outside Canada, including in the United States; where this occurs, the information remains subject to this Policy and may be accessible to courts, law enforcement, and government authorities in those jurisdictions under their laws.
6. How long we keep it
We keep your name and email address only for as long as you have access to the research library, and for a reasonable period afterward to meet our legal, security, and record-keeping obligations, after which we delete or de-identify it. When your access ends — for example, at the conclusion of an advisory engagement — we remove your access record.
7. Safeguards
We maintain reasonable administrative, technical, and physical safeguards appropriate to the limited and low-sensitivity nature of the information we hold. Sign-in uses a one-time link rather than a stored password. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your choices and rights
Subject to applicable law, you may ask us to access, correct, update, or delete the personal information we hold about you, or withdraw your consent to our use of it. Withdrawing consent or requesting deletion may end your ability to access the research library. We will respond to your request within a reasonable time. To make a request, contact us using the details in Section 10.
9. Canadian privacy law and governing law
We handle personal information in accordance with PIPEDA and other applicable Canadian privacy law. This Policy, and any matter relating to it, is governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, consistent with the Terms of Use.
10. How to contact us
Questions, concerns, or requests about this Policy or your personal information may be directed to Control Architecture Institute Inc. by email at info@controlarch.org.
11. Changes to this Policy
We may update this Policy from time to time by posting the revised Policy on the Website; the revised Policy takes effect when posted. Your continued use of the Website after the revised Policy is posted constitutes your acceptance of it.
The parties confirm that this Policy and all related documents are drawn up in English. Les parties confirment que la présente politique et tous les documents connexes sont rédigés en anglais.
This Privacy Policy is published by Control Architecture Institute Inc. and should be read together with the CAI Terms of Use.