CVRP Privacy Policy and Website Security


The College of Vocational Rehabilitation Professionals (the “College”) is committed to maintaining the confidentiality and security of personal information. We are responsible for all personal information that is entrusted to us.


The College stores and maintains the personal information according to the ten principles of the Canadian Standards Association Model Code for the Protection of Personal Information (the “CSA Model Code”).


The privacy statement outlines the standards and guidelines by which the College adheres with respect to the personal information of its registrants.


This privacy policy does not apply to the personal information of employees of the College.


What is Personal Information?

Personal information is information about an “identifiable” individual, which includes names, addresses, telephone numbers, e-mail addresses, credit card information, or other contact information and personally identifiable data, date of birth, social insurance number, age, marital and financial status, race, national or ethnic origin, and religion. It also includes opinions about that individual.


The Ten Principles of the CSA Model Code as Applied by the College

  1. Accountability:

    The College is accountable for all personal information under its control, including information which it may transfer to a third party. The College collects, uses and discloses the information in accordance with its obligations under the College Procedures and the CSA Model Code. The Staff is trained about the policies and practices with respect to privacy and confidentiality.

    To fulfill this purpose, the College has designated an individual as a Privacy Officer who is responsible for everyday operation and control of the personal information as well as the College’s compliance with this Statement.

    The College from time to time discloses personal information to third parties for administrative and licensing purposes. Third parties are required to sign confidentiality agreements which reinforce the strict confidentiality obligations on them.

  2. Identifying Purposes:

    The College self-regulates the practice of vocational rehabilitation professionals with due regard to the public interest. The College uses personal information of its registrants to carry out this function. The purposes for which the College collects information include:

    • Registrants application

    • Certification examination

    • Maintain Public Registry

    • Credentials examination and verification

    • Registration Audit, Review and evaluation

    • Complaints and investigations (we ensure the confidentiality of the complainant and the registrants as set out in the College’s Complaints Procedure and Discipline Procedure publication policies)

    • Communication with Registrants

    • Demographics: research, analysis and planning

    • Correspondence information and documents with third party as required by our objectives and to interchange information with regulatory bodies worldwide

    • Compile statistics

    • Payment of annual fee

    • Surveys

    If the College wishes to use personal information for a purpose not identified, the new purpose will be identified and the College will seek consent prior to use, unless required or permitted by law.

  3. Consent:

    The College is dedicated to ensuring that registrants are aware of the purpose(s) for which personal information is gathered, the use of the information and reasons for disclosure. The College obtains consent from registrants for the collection, use and disclosure of personal information. In certain circumstances, the consent from the individual can be obtained after collection of the information but before use.

    The College will not, as a condition of the supply of goods or services, require that an individual consent to the collection, use, or disclosure of information beyond that required for legitimate and communicated purposes. Some information related to registration, competence and professional development must be provided as a condition of obtaining and maintaining one’s professional status.

    There may be circumstances where consent may be implied by the circumstances. In such cases, the purposes for the collection and use of personal information must be apparent and the College may only use the personal information for the apparent purpose. In such a case, the College will not use that information for any other purpose.

    The law provides certain exceptions to the usual requirement to obtain an individual’s consent. For example, an organization may collect and use personal information in circumstances where the collection and/or use of such information is clearly in the interests of the individual and consent cannot be obtained in a timely way. Similarly, personal information may be collected and used without the consent of the individual if the information is reasonably required to investigate a breach of an agreement, a violation of the law or investigations related to professional discipline and there is reason to believe that obtaining consent may compromise the availability or accuracy of such information.

    Registrants can withdraw consent anytime for the retention and use of personal information, but only to the extent that such consent withdrawal does not affect the ability of the College to carry out its regulatory functions. The College will inform the registrant of the implication of such withdrawal.

  4. Limiting Collection:

    The College collects personal information only to the extent necessary for the purposes identified. Personal information is collected in a fair and lawful manner.

  5. Limiting Use, Disclosure and Retention:

    The College does not sell or trade your personal information to third parties. Personal information is only used or disclosed for the purpose for which it was collected with the consent of the registrant or as required by law.

    The personal information of the registrant is retained as long as it is considered necessary according to the College’s Document Retention policy.

  6. Accuracy:

    The College is dedicated to maintaining your personal information in a form that is accurate, complete and current as is necessary for the fulfillment of the College’s purposes. Registrants are encouraged to contact the College and update any changes in their personal information, within 30 days of any change.

  7. Safeguards:

    The College takes reasonable steps to ensure that personal information is protected against loss, unauthorized access, use, disclosure and alteration. This protection applies to both electronic and hard copy form.

    The safeguards used by the College include:

    • Physical Measures: Locked filing cabinets, key-pads or locks to restricted areas, and alarm system in the office

    • Organizational Measures: Employees’ training, confidentiality agreements, and limited access on “need to know” basis

    • Technological Measures: Use of security software, password, firewall and encryption

    • Destruction Measures: Records and documents of the registrants are destroyed in a confidential manner like shredding of the paper records, wiped clean/deleting of the disc and physical destruction of hard drives

    • Third party obligations: Contractual privacy agreement with third parties. To ensure the protection of your personal information, third parties enter into legal contract and confidentiality agreement before the College uses their services

  8. Openness:

    The College is open about its policies and procedure and will provide registrants with specific information relating to the maintenance of the personal information. These policies are available by contacting the College Privacy Officer.

  9. Individual Access:

    Registrants may contact the Privacy Officer at any time to discuss access to personal information. Upon written request, access will be provided. A small fee may be applied to cover the cost of administration. In certain situations, such as legal or regulatory requirement, the College may not be able to offer you access to your personal information and will provide you with the reasons of denial. The College will correct or amend personal information that is shown to be incomplete or inaccurate.

  10. Challenging Compliance:

    The College Privacy Officer is responsible for overseeing compliance with this privacy policy. Any questions can be directed to the Privacy Officer who will respond to any concerns. We will investigate all complaints and will take appropriate action to resolve the issue to your satisfaction. We also welcome your comments and suggestions regarding this Privacy Policy.

Website Privacy and Security

The website uses cookies. The website server automatically logs information about visits to the website such as IP address, date, time and duration. This non-personal data is used for system administrative purposes, statistical analysis, and to update the website.


The College uses encryption technology and security certificates (https) on all web pages that require registrants or applicants to submit payment online. All transactions are handled by a third-party payment processor that meets strict security requirements.


The College takes reasonable steps to protect your personal information, but we are not responsible or liable for the security of your personal information on external websites to which we may provide links (i.e. Moodle, CEU on-line program links). External links are provided for the convenience of users. The College encourages registrants to read the privacy policies of all websites visited, especially if personal information is shared.


For more information on privacy practice at the College contact us at


This version of the Privacy Policy is effective as of July 31, 2015.


Revision to the Privacy Policy: Due to changes in technology and legal requirements, we will revise our policy from time to time and the College reserves the right to do so. We will post any revised version of this Privacy Policy on our website.