Personal Data Protection
The Certified Professional Trainers Network (CPTN) takes care in handling our customers personal data. We are in a field which requires verification of large volumes of personal data before services can be offered. The information collected can be used for identification and reporting. In compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and European General Data Protection Regulation (GDPR).
Our Data Handling Operations
- We have penetration testing safe guards for attackers attempting to gain remote access to our server.
- Our website is protected with the Sucuri Web Application Firewall service which deters various attacks.
- We keep a separate database of members and trainers online to allow public information to be controlled.
- We have SQL Injection counter measures in place to terminate connections of malicious attempts to access data.
- CPTN CEC and Member ID information is retained for our records upon a member return.
- Personal contact information will up for data wiping from our data within 24 months after expiration.
- We protect e-mail addresses from being harvested on the profile pages.
- Profiles can be disabled while retaining partial listing without contact information.
- Profiles can be deleted from the database and related file contents removed from the server.
- We do not have social media services embedding on our website.
- We have Google statistics on our website limited to 3 months data retention.
- We have web hosting access logs which reveals IP Address of visitors viewing each web page.
- We have a Live Chat support feature which shows the IP Address of visitors viewing each web page.
Tip: You can confirm this with the use of the following BuiltWith® online profiling service which reveals services.
- Credit card information for automated transactions are processed through our e-commerce provider.
- Credit card information submitted via mail-in forms are shredded after processing with our web terminal.
- Credit card information over-the-phone is processed through a web terminal with our e-commerce provider.
Tip: You can confirm the capabilities with the use of Bambora Help documentation from www.bambora.com.
- We use a cookie to track the state of the notification bar at the top of the website for announcements.
Note: Cookies help with remebering preferred settings between pages and can be purged after each session.
- We use sessions which will expire once the browser is terminated, cache is cleared, or account is logged out.
- We have logged conversations with IP Address and Host for a 1 month review period.
- We have deleted conversations involving Member ID or passwords or documentation upon ending chat.
- We have assigned a name to each conversation to improve the real-time support for returning customers.
- We are able to see a partial preview of the responses before it is submitted to assist with faster responses.
Tip: You can confirm the capabilities with the use of the Tawk Help Center documentation from www.tawk.to.
- We do not share e-mail account information with third parties.
- E-mail submitted from our order, registration or contact forms will be tagged with IP Address information.
- We have an audit tracking mechanism which records each login attempt, failure, and pages accessed.
- We have autocomplete which assists authenticated members with filling out time consuming forms.
Print and Mail-In Forms
- We do not retain order information on file once processed. Information is shredded upon completion.
- We will send messages on-behalf of a partner or affiliate on occasions.
- You will be able to unsubscribe from the newsletters from their date of issue.
Note: You can confirm using the GCA SPF/DMARC Checker which indicates anti-spoofing measures.
Tip: You can confirm the capabilities of our mailing with the use of the MailerLite documentation from MailerLite.
- We have a robots configuration for web crawlers handling of images or specific pages with personal content.
Note: This rule will often be ignored with archival services or web scrapers and is not possible to prevent. Instead we offer a consensual option for trainers to submit their profile for public listing with contact information and profile photo.
- We are using an SSL certificate on our site to protect web traffic information from being intercepted or tampered.
Bug Reward Programs
Our site has been in production for a decade and has been scanned using various online and offline tools for exploits.
- Accunetix Desktop
- Burp Suite
- Virus Total
If a web exploit has been detected and reported with proper documentation. If after careful review of reported items and server logs are found to indicate no malicious actions, researchers will be offered a 10% discount on CPTN Workshops.
Our Data Protections Contact
The designated CPTN department to handle issues regarding data protection online will be Technical Support.