Important Update: Canada Post Strike & Shipping Guidelines. Learn More.
Last Updated: January 16, 2023
CSI respects and values your privacy. This Privacy Policy explains how we collect your Personal Data (defined below) on those web sites of CSI that post or link directly to this Privacy Policy (collectively, the “Site”) and through offline means, how we use, disclose, and protect such data, and the choices you have concerning our use of such data. Please read this Privacy Policy carefully. CSI may from time to time update this Privacy Policy. Any changes to this Privacy Policy will become effective when we post or link to the revised Privacy Policy on the Site. Any significant changes to the way we collect or use Personal Data will be highlighted on the homepage of the Site in advance. Please review the “Last Updated” legend at the top of this page to determine when this Privacy Policy was most recently revised.
For the purposes of this Privacy Policy, “CSI”, “we”, “us”, and “our” means Moody’s Analytics Global Education (Canada), Inc., which operates under the brand name Canadian Securities Institute or CSI.
You do not have to provide us with any Personal Data to visit the public portions of the Site. However, if you choose to withhold requested information, you may not be able to visit all sections or use all features of the Site, or access the educational services offered by CSI.
This Privacy Policy shall also apply to any CSI mobile application and other forms of CSI online activity that reference this Privacy Policy. In such instances, the term “Site” shall include the applicable mobile application or other CSI online activity whenever that term is used herein.
Personal data is information that identifies you or can be used to identify or contact you, e.g., your name, email address, address, or phone number (“Personal Data”). We may need to collect and process Personal Data in order to provide requested information, products or services to you (including the Site) or because we are legally required to do so.
We use Personal Data transparently and in compliance with applicable law for legitimate business purposes, including the following:
We use cookies and similar technologies (collectively, “Cookies”) on our websites
Essential Cookies are necessary for the Site to function and cannot be switched off without affecting the use of the Site. Essential Cookies are usually only set in response to specific actions you take on the Site, such as retaining search results where you use an internal search function or setting your Cookies preferences.
Essential Cookies seldom collect and use any Personal Data, though they may contain an ID code which allows the Site to distinguish you as an individual visitor from all other visitors on the Site at the same time. These types of unique ID code are used to maintain a server session to enable functions you have requested. Essential Cookies are typically session Cookies and only retain data for the duration of your visit to the Site.
We use essential Cookies as we believe it is in both our and your legitimate interests to enable the Site to work properly.
Moody’s uses functional Cookies to understand how the Site is used and to customise and enhance the Internet experience of users. When you revisit the Site, Moody’s may recognise you by a functional Cookie and customise your experience. For example, once you have completed the registration process, a functional Cookie will be used to avoid you having to register again. We believe functional Cookies add value to the user experience. The retention period of Functional Cookies varies from the duration of your visit to the Site up to two years, depending on the purpose of the Cookie.
We use performance Cookies to collect and/or track information such as demographic information, domain names, computer type, browser types, screen resolution, and other statistical data involving the use of the Site. We use performance Cookies to help us understand who uses the Site and to improve and market it, as well as our other services.
We also use performance Cookies in connection with Site pages and email messages in certain formats to, among other things, track the actions of Site users and email recipients, to determine the success of marketing campaigns and to compile statistics about Site usage and response rates. When used in email messages in certain formats, performance Cookies tell us whether and when the email has been opened.
We use Google Analytics to collect and analyse information about Site use and to report on activities and trends. Google Analytics may also collect information regarding your use of other websites, apps and online resources. The data we receive from Google Analytic Cookies is aggregated and anonymous, it is not personal data. However, Google may process personal data about you to provide us with aggregated data about our Site visitors. You can learn more about Google’s practices here, and opt out of Google Analytics by downloading the Google Analytics opt-out browser add-on.
When you visit and interact with the Site, we collect Internet Protocol (IP) addresses. Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). This number is identified and logged automatically in our server log files whenever you visit the Site, along with the time(s) of your visit(s) and the page(s) that you visited. We use IP addresses to understand how the Site is used by our users, to improve the Site and to enhance user experience of the Site. We may also derive your approximate location from your IP address.
The retention period of performance Cookies varies from the duration of your visit to the Site up to two years, depending on the purpose of the Cookie. For example, a Cookie set for 24 hours to count you as a unique visitor to the Site on that day, or a Cookie set for two years, to remember you as a returning visitor.
On certain pages, we use third-party advertising companies to serve advertisements regarding our products and services that may be of interest to you when you access and use the Site, our apps and other websites or online services, based on information relating to your access to and use of the Site and other websites or online services on any of your devices. To do so, these advertising companies place or recognise a unique Cookie on your browser, including using pixel tags. Advertising Cookies store unique IDs that are associated with a profile on our advertising partners’ servers. These profiles record your browsing behaviour and actions linked to your browsing information, such as actions you take on the Site (links clicked, or buttons clicked), as well as technical specifications about your device and your location (based on your IP address). Google’s advertising Cookies may also link to your Google ID, if you are logged into your account while on our Site, building a detailed profile about you. The retention period of advertising Cookies varies typically from 30 days to 9 months, depending on the length of our specific advertising campaigns.
We also may use social media Cookies linking to ‘Like’ buttons and ‘Share’ buttons on social media. We use advertising and social media Cookies to show you relevant, not irrelevant, ads, and avoid you being repeatedly shown the same ad, and to enable you to ‘Like’ or ‘Share’ our content on social media. Social media Cookies collect your IP address and browser string and send this back to the social media site that embedded the Cookie, enabling the social media site to recognise that you have visited our Site. This applies irrespective of whether you have an account with that social media site.
The retention period of targeting Cookies varies from the duration of your visit to the Site up to two years, depending on the purpose of the Cookie.
(1) Website infrastructure and service suppliers – We use third-party website infrastructure and service suppliers to help us build and manage our Site. We use third-party media agencies, ad exchanges and ad networks to manage our Cookies. Cookie data is stored securely on these suppliers’ servers. Our service providers have been carefully selected and commissioned by us, are contractually bound by our instructions, and will not process your data for any other purposes.
(2) Verification – We may use third-party services to verify that you are a human user. Any information collected as part of such verification is subject to the privacy notice of the third-party service provider.
(3) Third-party cookies setters – We use third parties for performance, functional, and, in some cases, targeting cookies.
We do not respond to browser do-not-track signals at this time.
We may disclose Personal Data for the following purposes:
If you would like to receive more information on the third parties with whom we share your Personal Data, please contact us by using the information provided in the “Contact Information for CSI” section below.
We give you choices regarding our use and disclosure of your Personal Data for marketing purposes.
We will comply with your request(s) as soon as reasonably practicable, and in accordance with applicable law. Further, please note that requesting us not to share your Personal Data with affiliates or unaffiliated third parties may result in you no longer receiving any marketing emails from CSI. Please also note that if you choose not to receive marketing-related messages from us, we may still send you important administrative messages, and you cannot elect to stop receiving such administrative messages, unless you choose to stop receiving services from us.
You may also indicate your choices regarding marketing-related emails by contacting us via postal mail or telephone using the information in the “Contact Information for CSI” section below, or if you have a Site profile/account, by changing your preferences on your Site profile/account at any time.
Note that from time to time, CSI receives education verification requests from third parties seeking information regarding our students’ academic records. Other than as set out herein, CSI will not provide such information to third parties unless you have affirmed the IRCF referred to above.
If you would like to request to review, correct, update, suppress, delete or otherwise limit our use of your Personal Data that has been previously provided to us, or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us using the information in the “Contact Information for CSI” section below. We will respond to your request consistent with applicable law. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and consistent with applicable law. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting the change or deletion.
The Site may contain links to other Internet web sites, including social media sites and third-party hosted collaboration tools. These linked sites are not under CSI control. We provide links only as a convenience, and CSI does not endorse or control, and is not responsible for, the privacy practices or the content of these linked sites. If you provide any Personal Data through any third-party web site, or choose to communicate with us using third-party collaboration tools or other social media platforms, your transaction will occur on that third party’s web site (not the Site) and the Personal Data you provide will be collected by, and controlled by the privacy policy of, that third party. We recommend that you familiarize yourself with the privacy policies and practices of any such third parties. PLEASE NOTE THAT THIS PRIVACY POLICY DOES NOT ADDRESS THE PRIVACY OR INFORMATION PRACTICES OF ANY THIRD PARTIES, INCLUDING, WITHOUT LIMITATION, AFFILIATED ENTITIES THAT DO NOT POST OR LINK DIRECTLY TO THIS PRIVACY POLICY.
CSI has established appropriate organizational and technical measures, including external third-party audits for particular products and services, to protect Personal Data within our organization from loss, misuse, or unauthorized access, disclosure, alteration or destruction. CSI has processes and procedures for suspected privacy breaches to notify regulators and affected individuals where required in accordance with applicable law. CSI requires applicable vendors that process Personal Data on its behalf to complete privacy and security assessments and be bound by contractual terms.
CSI will use Personal Data only in ways that are compatible with the purposes for which it was collected, authorized by this Privacy Policy, or authorized by you. CSI will take reasonable steps to ensure that Personal Data is relevant to its intended use, and is accurate, complete, and current (as provided by you). CSI depends on you to update or correct your Personal Data whenever necessary.
We will retain Personal Data about you for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.
If you are located in the European Economic Area (“EEA”) or the UK: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available on the EU Commission’s adequacy list online). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission and the UK, to protect your Personal Data. You may obtain a copy of these measures by contacting us using the information provided in the “Contact Information for CSI” section below.
If you are located in other countries, we will also ensure that we have appropriate legal grounds to perform cross-border transfers of your Personal Data. Where required in certain jurisdictions, we comply with requirements on initial processing of Personal Data with the use of databases located in the country of collection of your Personal Data.
This Site is not directed to individuals under the age of eighteen (18), and we request that these individuals do not provide Personal Data through this Site.
Unless we specifically request for information to comply with applicable anti-money laundering laws and other applicable laws, we ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., social security numbers, passport numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through this Site or otherwise to us.
Customer Support:
Questions or concerns regarding CSI data protection practices should be addressed to:
Legal Department
Moody’s Corporation
7 World Trade Center at 250 Greenwich Street
New York, NY 10007
Phone: +1-212-553-1653 or 1-866-995-9659
E-mail: privacy@moodys.com
If you choose to contact CSI via e-mail about this Privacy Policy, please mark the subject heading of your e-mail “CSI Privacy Inquiry.”
In accordance with applicable laws, you may lodge a complaint with the data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs.
In those countries where we are required to have appointed a data protection officer, you may contact our Data Protection Officer by sending an e-mail to privacy@moodys.com with the subject heading “DPO Inquiry.”