Welcome to the CORDS Platform located at the URL https://cords.ai, or which you may be accessing via a widget at a third-party website (the “Platform”). We hope you enjoy your use of the Platform and find it useful.
The CORDS Consortium (the non-profit organization that owns and operates the Platform) takes your privacy and security of personal information very seriously. We are providing this Privacy Policy (the “Policy”) to tell you about who we are, what personal information we collect from you and about you, and what we do with your personal information, all while you use the Platform or otherwise interact with us. We ask that you read it carefully.
Please note that this Policy covers personal information collected from the following individuals: (i) Users of the Platform; (ii) Community Partner Account holders; and (iii) Analytics Partner Account holders.
Here are the key elements of this Policy needed to make an immediate, informed decision about your consent for our collection, use and disclosure of your personal information. By submitting personal information to us via any means, you consent to such collection, use and disclosure. You can find the details in the rest of the Policy.
| Personal Information we collect from you but only with your consent | What we do with it | Third parties we share it with |
| Your location and search queries | Provide relevant search results | Companies that provide the infrastructure for the Platform, specifically Amazon AWS; in anonymous, aggregated form we also provide this to our partners |
| Platform Account information (your email address) | To create a Platform account for you, to communicate with you about your account, and to control your access to the Platform | Companies that provide the infrastructure for the Platform, specifically Amazon AWS |
Before we get started on the details, here are a few terms and phrases we think you should know as you read this Policy.
“Data Protection Laws” refers to the laws that are designed to protect your personal information and privacy in the place where you live. These include (1) “PIPEDA” (the Personal Information Protection and Electronic Documents Act), which is the Canadian Data Protection Law that applies to our activities in Canada outside Quebec; (2) the Act Respecting the Protection of Personal Information in the Private Sector (the “Quebec Privacy Act”) as amended by Law 25, which applies to our activities in Quebec; (3) any other applicable data protection law. The CORDS Consortium is committed to adhering to all the Data Protection laws.
Under PIPEDA, the CORDS Consortium “collects, uses, and discloses” your personal information. Under the Quebec Privacy Act, the CORDS Consortium “collects, holds, uses or communicates to third persons” your personal information. Those phrases (or their variations) may be used interchangeably in this Policy.
“Personal information” – this is information we collect from you or about you and which is defined in PIPEDA as “information about an identifiable individual.” Under the Quebec Privacy Act, it is defined as “any information which relates to a natural person and allows that person to be identified either directly or indirectly.” It can be as simple as your name or your email, or something more complicated like an online identifier (usually a string of letters and / or numbers) that gets attached to you.
The Platform is owned and operated by the “CORDS Consortium”, a contractually-formed non-profit consortium comprised of the following legal entities: (i) Magnet at Toronto Metropolitan University; (ii) 14173317 Canada Association (operating as Mentor Canada); and (iii) Findhelp Information Services (collectively, the “Consortium Members”). Where the present Policy refers to the “CORDS Consortium” it may refer to any and all of the Consortium Members and / or their respective affiliates, subsidiaries, parent companies, shareholders, officers, directors, employees, agents, partners, principals, representatives, successors and assigns (collectively “Representatives”), depending on the context. Any reference to “we”, “our”, or “us” in this Policy shall also refer to the CORDS Consortium, the Consortium Members and / or their respective Representatives. Any reference to “we”, “our”, or “us” in this Policy shall also refer to the CORDS Consortium.
Under PIPEDA, the CORDS Consortium is an “organization”; under the Quebec Privacy Act, the CORDS Consortium is an “enterprise”.
If you want to ask us anything about what’s in this Policy, or anything else privacy- or data-related, or exercise any of your available privacy rights, you can contact our Privacy Officer at:
CORDS Consortium Privacy Officer
privacy@cords.ai
or:
CORDS Consortium Privacy Officer
c/o Findhelp Information Services
1000-1 St. Clair Ave. W.
Toronto, ON
M4V 1K6
You have the following rights regarding your personal information held by the CORDS Consortium, and other rights. Please note that not necessarily all of these rights may be available to you; this depends on the Data Protection Laws where you are located that apply to you.
If you wish to exercise any of these rights, please contact our Privacy Officer at the contact information above, or refer to the relevant sections further in this Policy.
Please note that if you request erasure of your personal information, we shall do it to the extent feasible; however, the CORDS Consortium reserves the right to retain some of your personal information for a reasonable time in order to satisfy certain legal obligations or under a legal procedure of any sort. Furthermore, deletion of your personal information may prevent you from using all or a portion of the Platform.
The CORDS Consortium limits the amount of personal information we collect to only what is necessary and appropriate for the identified purposes. We will not use or disclose your personal information for purposes other than those for which it was collected, except with your consent or as permitted or required by applicable law.
In the table below, please find all the personal information we may collect from you directly, and what we use it for. Under PIPEDA and the Quebec Privacy Act, the legal basis for our collection and use of this personal information is your informed consent, and by submitting this personal information you acknowledge having granted this consent to the CORDS Consortium. In the event you withdraw your consent to use such personal information, you may no longer be able to access or use some of the Platform.
| Personal Information category | Personal Information collected | What we use it for |
| Search information | Your location and search queries | To provide you with relevant search results to your queries; and to use it to improve the Platform generally and transfer it to certain partners, both of which are discussed further below in this Policy |
| Platform Account information | Your email address | To create a Platform account for you, to communicate with you about your account, and to control your access to the Platform |
Sometimes we get personal information about you from third parties. This table explains the details about this personal information – what it is, where it came from and what we do with it. Under PIPEDA and the Quebec Privacy Act, the legal basis for our collection, use and disclosure of this personal information is your informed consent, and by using the Platform, you agree that you have granted such consent. None of this data comes from publicly-available sources.
| Personal information category | Personal information collected by the third party | Who collects the personal information | What we and/or the third party use it for |
| Search information | Your location | Certain third-party providers of location information such as Google Maps | To provide you with search results to your queries that are geographically relevant to you |
To the extent that analytics identifiers and IP addresses are generated by or collected from third parties, these may be considered personal information collected from third parties, and you can find details about that further below in this Policy.
It is possible that certain of your search queries are considered sensitive personal information under the Data Protection Laws, and they will be treated with the heightened sense of security and privacy the Data Protection Laws require.
We routinely share some of your personal information with certain types of third parties who are identified in the table below along with what they do with it. Please note that some of those third-party recipients may be based outside your home jurisdiction. If you are in Quebec, please see the “Transfer of Your Personal information Outside of Quebec” section further down in this Policy for information on how we safeguard your personal information when this occurs.
We will share personal information with law enforcement or other public authorities if: (1) we are required by applicable law in response to lawful requests, including to meet national security or law enforcement requirements; (2) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person, or any violation of the Terms of Use that apply to you; or (3) if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Platform infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Platform infrastructure or the Platform generally).
We may also share personal information: (1) to a parent organization, subsidiaries, joint ventures, or other organizations under common control with a Consortium Member (in which case we will require such entities to honour this Policy); (2) if the CORDS Consortium or any of its Members merges with another entity, is subject to a reorganization, sells or transfers all or part of its business, assets or shares (in which case we will require such entity to assume our obligations under this Policy, or inform you that you are covered by a new privacy policy).
We will never share your personal information with other third parties except under these circumstances. We do not sell or rent your personal information to any third party for direct marketing purposes or any other purpose.
| Personal information category | Who we transfer it to | What they do with it |
| Search information | Companies that provide the infrastructure for the Platform, specifically Amazon AWS | Store it so that we may retrieve it to perform the functions described above |
| Search information | Our partners, but only for specific purposes as described in this Policy | Improve their own data and services and provide the Platform via their own websites, as described more fully in the Limited Gathering of Information section below |
| Platform Account information | Companies that provide the infrastructure for the Platform, specifically Amazon AWS | Store it so that we may retrieve it to perform the functions described above |
| Analytics identifiers and IP addresses | Companies that provide data analytics such as Google Analytics | Provide us with analytics as to how the Platform are used and to trace fraudulent activities, as further detailed in the Limited Gathering of Information section below |
The CORDS Consortium automatically collects certain information using the “Third-Party Analytics Programs” Google Analytics, Hotjar, and our own internal analytics program to help us understand how our Users and other individuals use the Platform, but none of this information identifies you personally, except via an alphanumeric string. For example, each time you visit or use the Platform or log in to the Platform, we automatically collect (as applicable): your IP address, browser and computer or device type, access times, the web page from which you came, the web page(s) or content you access, external links you click on, other engagement information, and other general related information. We use information collected in this manner only to better understand your needs and the needs of Platform Users in the aggregate, and to share aggregated (i.e. non-identifiable) information with our partners. The CORDS Consortium also makes use of information gathered for statistical purposes to keep track of the number of visits to Platform, the specific pages on the Platform, and users with a view to introducing improvements to the Platform.
Your IP address and other relevant information we collect using the Third-Party Analytics Programs may be used in order to trace any fraudulent or criminal activity, or any activity in violation of the Terms of Use that apply to you.
Search queries and your location are provided to three types of CORDS Consortium partners, but in some circumstances this information is anonymous and aggregated and cannot identify you in any way, and in other cases it is only your location and search query that is revealed. We transfer it to our Data Partners and Community Partners so that they can provide the Platform through widgets on their own websites. These Data Partners and Community Partners (who receive non-aggregated data), along with our Analytics Partners (who receive aggregated data), receive this data to improve their own data and services, and for educational and research purposes. All these partners are forbidden by contract to use this information for any commercial purpose, or to reveal any personal information to third parties.
The CORDS Consortium uses Amazon Simple Email Service to communicate with you about the Platform, (the “Email Service Provider”). Personal information (your email address) is transferred to the Email Service Provider in order for the emails to be sent out properly. Your personal information is only used to send out emails; the Email Service Provider does not use this personal information for any other purpose, and will not transfer or sell your personal information to any other third party. For more information, please refer to Amazon AWS’ privacy policy.
Generally our emails are related to Platform functions will not have an opt-out option as they are necessary for the use of the Platform or other Platform.
The CORDS Consortium’s practices in regards to its email are designed to be compliant with anti-spam laws, including the law unofficially called “CASL”, or Canada’s Anti-Spam Law (S.C. 2010, c. 23) and the American CAN-SPAM Act. If you believe you have received email in violation of these laws or any other anti-spam law, please contact us using the contact information further up in this Policy.
The CORDS Consortium uses tracking technology (“cookies” and related technology such as tags, pixels and web beacons) in the Platform, and by interacting with the Platform you agree to their use. Cookies are small text files placed on your computer or device when you visit a website or use an online service, in order to track use of the site or service and to improve the user experience by storing certain data on your computer or device.
By default, all non-necessary cookies are turned off when you first visit the website; you can use our cookie management tool in the cookie banner presented to you to accept or decline categories of cookies.
Specifically, we use cookies and related technologies for the following functions:
Your browser or device can be set to refuse cookies or delete them after they have been stored. You can refer to your browser’s or device’s help section for instructions, but here are instructions for the most commonly-used browsers and operating systems:
Please note that deleting or blocking certain cookies may reduce your user experience by requiring you to re-enter certain information, including information required to use certain of the Platform. Furthermore, deleting certain cookies may prevent certain functions, or the entirety of the Platform, from working at all.
We have implemented very strict technical and organisational procedures for ensuring that, by default, only personal information which are necessary for each specific purpose are collected, used and disclosed by us. These procedures prevent your personal information from being lost; or used or accessed in any unauthorised way. Examples of such procedures include restricted access to offices, training of personnel, using passwords and well-defined internal policies and information technology practices.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory authority of a suspected data security breach where the Data Protection Laws requires us to do so, and within the time frame required by the applicable Data Protection Law.
The CORDS Consortium uses only industry best practices (physical, electronic and procedural) in keeping any data collected (including personal information) secure. In addition, we use third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to operate the Platform, and these third parties have been selected for their high standards of security, both electronic and physical. For example, the CORDS Consortium uses vendors such as Amazon AWS, a recognized leader in secure data, for hosting of the Platform and related data, and storage of data including personal information.
All information, including personal information, is transferred with encryption using Secure Sockets Layer (“SSL”) or Transport Layer Security (“TLS”), robust security standards for Internet data transfer and transactions. You can use your browser to check the CORDS Consortium’s valid SSL security certificate on the Platform.
In addition to the measures to protect your personal information described in the previous section, we have drafted and implemented certain internal procedures and policies regarding personal information, including the following:
For our Quebec users and visitors, we endeavour to keep your personal information in Quebec. However, certain of our third-party service providers are in other provinces or countries where your personal information may be transferred. When this happens, we do the following to safeguard your personal information:
Furthermore, any time we are considering sending your personal information outside Quebec to a third party who is not a service provider, we will perform a PIA. If the PIA does not meet our standards and the standards required by the Quebec Privacy Act, we will not transfer your personal information to such third party.
If you are in Canada outside Quebec and you are not satisfied with the response received or the actions taken by our Privacy Officer, you can make a complaint to the Office of the Privacy Commissioner of Canada. Instructions on how to do so can be found on their website. In Quebec you can make a complaint to the Commission d’accès à l’information du Québec with information found on their website.
Your personal information will only be kept for as long as it is necessary for the purpose needed for that processing. For example, we will retain your Platform Account Information only for as long as you have an account with us to use the Platform.
We may have to keep your personal information for a longer period of time to satisfy our requirements under any applicable law.
The CORDS Consortium uses certain automated decision-making processes in providing the Platform, specifically to provide relevant answers to your plain-language queries. Furthermore, results from your search queries and other related information, such as what search results you click on, are used to improve the Platform to provide better search results for all Platform Users. Except for your location, no personal information is involved in this process.
The Platform is not intended for children under the age of 16. We do not knowingly collect any personal information from a child under 16. If we become aware that we have inadvertently received personal information from a person under the age of 16 through the Platform, we will delete such information from our records.
The date at the top of this page indicates when this Policy was last updated. Every now and then, we will have to update this Policy. You can always find the most updated version at this URL, and we will always post a notice on our Platform if we make big changes. If you have an account to use the Platform, we will also email you to tell you the Policy has been updated, and what the important changes are.
Thanks for reading! Please keep your personal information safe; we promise to do the same.