Personal Data Protection

The Certified Professional Trainers Network (CPTN) takes required precautions in the safe handling our customers personal data. We know that we are in a field which requires verification of personal data before services can be offered. In compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and European General Data Protection Regulation (GDPR).

We will strive to be compliant with the PIPEDA Checklist and GDPR Checklist.

Our Data Handling Operations

Network

  • We have penetration testing safe guards for attackers attempting to gain remote access to our server.
  • Our website is protected with the Sucuri Web Application Firewall service which deters various attacks.

Database

  • We keep a separate database of members and trainers online to allow public information to be controlled.
  • We have SQL Injection counter measures in place to terminate connections of malicious attempts to access data.

Accounts

  • CPTN CEC and Member ID information is retained for our records upon a member return.
  • Personal contact information is data wiped from our database within 12 months upon request.

Profile

  • We protect e-mail addresses from being harvested on the profile pages.
  • Profiles can be disabled while retaining partial listing without contact information.
  • Profiles can be deleted from the database and related file contents removed from the server.

Web Tracking

  • We do not have social media services embedding on our website.
  • We have Google statistics on our website limited to 3 months data retention.
  • We have web hosting access logs which reveals IP Address of visitors viewing each web page.
  • We have a Live Chat support feature which shows the IP Address of visitors viewing each web page.

Tip: You can uncover the services embeded on this website with the BuiltWith® profiling service.

Credit Card

  • Credit card information for automated transactions are processed through our e-commerce provider.
  • Credit card information submitted via mail-in forms are shredded after processing with our web terminal.
  • Credit card information over-the-phone is processed through a web terminal with our e-commerce provider.

Tip: You can view the processes of our e-commerce provider with the Bambora Developer guides.

Cookies

  • We use a cookie to track the state of the notification bar at the top of the website for announcements.
  • We do not use cookies or local storage functions on our website although we might in the future.

Note: Cookies help with remebering settings between web pages for the current browsing session.

Sessions

  • We use sessions which are discarded when the browsing session has ended.
  • Users can clear browser cache or logout of accounts which also discards session states.

E-mail Notification

  • We do not share e-mail account information with third parties.
  • E-mail submitted from our order, registration or contact forms will be tagged with IP Address information.

E-mail Tracking

  • We have an audit tracking mechanism which records each login attempt, failure, and pages accessed.

Online Forms

  • We have autocomplete which assists authenticated members with filling out time consuming forms.

Print and Mail-In Forms

  • We do not retain order information on file once processed. Information is shredded upon completion.

Newsletter

  • We will send messages on-behalf of a partner or affiliate on occasions.
  • You will be able to unsubscribe from the newsletters from their date of issue.

Tip: You can confirm that we are using SPF/DMARC/DKIM domain identification to deter e-mail fraud.

Tip: You can confirm the functions of our mailing platform with the MailerLite documentation.

Robots Rules

  • We have a robots configuration for web crawlers handling of images or specific pages with personal content.

Tip: You can confirm that specified page exclusions inactive trainers in our Robots Rules.

Note: The robots rules can be ignored with scrapers or data miners and is not possible to prevent.

TLS/SSL Certificates

  • We are using an SSL certificate on our site to protect web traffic information from being tampered.
  • We are using an SSL certificate for our e-mails with DKIM signature signing of outgoing messages.

Tip: You can confirm our TLS support with a TLS Checker tool.

DNSSEC

  • Our servers are capable of DNSSEC but do not have it enforced at our domain registrar at this time.

Tip: You can confirm support with the following DNSEC Debugger tool from VeriSign Labs.

Bug Reward Programs

Our site has been in production for a decade and has been scanned using various online and offline tools for exploits.

If a web exploit has been detected and reported with proper documentation. If after careful review of reported items and server logs are found to indicate no malicious actions, researchers will be offered a 15% discount on CPTN Workshops.

Our Data Protections Contact

The designated CPTN department to handle issues regarding data protection online will be Technical Support.