ActiveDec 2025

Privacy Policy

How CAFE collects, uses, and protects information on the Certification Platform.

CAFE treats privacy as a governance responsibility. Your information is collected for certification purposes, protected by Canadian law, and handled with care.

Information We Collect

For Certification

  • Name and contact information
  • Professional qualifications and history
  • Continuing education records
  • Certification status and standing

For Platform Operation

  • Account access credentials
  • System logs and security records
  • Communication records
  • Consent and preference settings

How We Use Information

Information is used for the purposes for which it was collected. This includes:

  • 1Administering certification, renewals, and continuing education
  • 2Enabling public verification of credentials
  • 3Communicating about certification status and requirements
  • 4Maintaining system security and audit records
  • 5Meeting legal and regulatory obligations

Public Directory Visibility

Certificants may choose to appear in the public CFC directory. Directory visibility is optional and controlled through your profile settings.

NameCity/ProvinceOrganization (optional)Specializations (optional)

You control what appears. Changes take effect immediately.

Data Protection

Canadian Jurisdiction

All data is stored and processed in Canada, subject to Canadian privacy law.

Access Controls

Role-based access, audit logging, and encrypted transmission protect your information.

Data Minimization

We collect only what is necessary for certification and governance purposes.

Individual rights and collective rights

CAFE applies two distinct layers of rights protection. Individual privacy rights of CFC designees, candidates, and accredited members are governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable provincial private-sector privacy law where it has precedence. Collective rights of First Nations, Métis, and Inuit Peoples are governed by distinct Indigenous data sovereignty frameworks: the First Nations Principles of OCAP stewarded by the First Nations Information Governance Centre, Métis articulations including the Consolidated Métis Nation Data Strategy and the Saskatchewan Métis Health Research and Data Governance Principles, and the National Inuit Strategy on Research stewarded by Inuit Tapiriit Kanatami.

These two layers are distinct. Individual consent under PIPEDA does not satisfy collective consent at the Nation or community level. Where both layers apply, CAFE applies both.

Full detail appears in the Data Sovereignty Statement, which sets out CAFE’s recognition of these frameworks, our oral disclosure model for designees, our hosting choices, and our standing invitation for engagement from rights-holder bodies.

Your Rights

Under Canadian privacy law, you have the right to:

  • Access the personal information CAFE holds about you
  • Request correction of inaccurate information
  • Withdraw consent for optional uses
  • File a complaint with the Privacy Commissioner of Canada

Some information must be retained for certification integrity and audit purposes.

Retention

Certification records are retained for as long as necessary to maintain the integrity of the certification system. This includes historical records required to verify past credentials. Non-essential information is removed when no longer needed.

Contact

For privacy questions or to exercise your rights:

@certification@cafe-acaf.org

OCAP® is a registered trademark of the First Nations Information Governance Centre (FNIGC). Learn more about OCAP® or visit fnigc.ca.