Privacy Policy

Updated April 2026

At the Royal Architectural Institute of Canada (“RAIC”), we respect the privacy of the individuals who interact with us and are committed to keeping personal information accurate, confidential, and secure. This Privacy Policy explains how the RAIC collects, uses, discloses, retains, and safeguards personal information in the course of its operations.

1. Introduction

The RAIC is a membership-driven association that provides services to its members and the broader architectural community and advocates on behalf of the profession of architecture at a national level.

In the course of administering memberships, processing event registrations, handling sponsorships, fulfilling online purchase orders, managing awards and scholarships, recording continuing education activities, and providing other services, the RAIC may collect personal information with consent where required by law.

“Personal Information”means information about an identifiable individual. This information may include the individual’s name, home address, age, date of birth, gender, payment information, employment information, professional registration information, education information, and other information that can identify that individual.

Personal information does not generally include an individual’s title, business address, or business telephone number when that information is used solely for business contact purposes.

2. The Ten Principles of Privacy

The RAIC Privacy Policy is intended to align with the Ten Fair Information Principles set out in the Personal Information Protection and Electronic Documents Act (PIPEDA).

This Privacy Policy describes how the RAIC applies the Ten Fair Information Principles to the collection, use, disclosure, retention, safeguarding, and access rights associated with personal information. RAIC employees who have access to personal information must comply with this Privacy Policy and receive regular privacy and security training appropriate to their roles.

Principle 1 – Accountability

The RAIC maintains policies, procedures, and training programs to support compliance with applicable privacy laws and to ensure ongoing monitoring and improvement of its privacy practices.

The RAIC is accountable for personal information in its custody or under its control, including personal information processed on its behalf by third-party service providers. The RAIC has designated a Privacy Officer responsible for overseeing compliance with this policy and applicable privacy legislation.

Principle 2 – Identifying Purposes

The RAIC will identify the purposes of collecting personal information at or before the time the information is collected.

The RAIC collects personal information for the following reasons:

to administer membership applications, renewals, and member services;
to process orders, payments, donations, and other transactions;
to register individuals for courses, conferences, webinars, and other events;
to record and administer continuing education or professional development activities;
to provide publications, subscriptions, and communications related to professional practice, programs, products, services, and events;
to administer scholarships, honours, awards, and similar programs; and
to meet legal, regulatory, accounting, audit, and operational requirements.

Principle 3 – Consent

The RAIC will obtain consent for the collection, use, and disclosure of personal information where required by law. Consent processes will be designed to be meaningful, so that individuals can reasonably understand what personal information is being collected, how it will be used or disclosed, and any significant risks of harm that may result. Consent may be obtained through membership applications, renewals, event registrations, order forms, donation forms, online transactions, or other interactions with the RAIC, depending on the purpose for which the information is collected. If an individual does not provide consent for a disclosure that requires consent, the RAIC will not disclose that personal information for that purpose unless permitted or required by law. Consent for disclosure to third parties will be obtained expressly where required by law and, for disclosures that are outside an individual’s reasonable expectations, will be obtained through clear, separate, and understandable consent language.

Depending on the circumstances, the RAIC may rely on different forms of consent:

Express consent, where an individual clearly agrees to the collection, use, or disclosure of personal information (for example, by checking a box or signing a form);
Implied consent, where consent can reasonably be inferred from an individual’s actions or relationship with the RAIC; and
Exceptions to consent, where the RAIC may collect, use, or disclose personal information without consent where permitted or required by law, including for legitimate operational, legal, or security purposes.

An individual may withdraw consent, subject to legal or contractual restrictions and reasonable notice, by contacting the RAIC. For clarity, communication preferences for newsletters, promotions, or other optional communications do not apply to legally required governance notices and voting materials described in this policy.

The RAIC may collect, use, or disclose personal information without knowledge or consent only where permitted or required by applicable law, including in circumstances involving legal requirements, fraud prevention, security, or other legitimate business purposes.

Mandatory Governance Communications for Voting Members
The RAIC is legally required to send certain governance-related notices and materials to members who are entitled to vote under applicable corporate legislation, including the Canada Not-for-profit Corporations Act, as well as the RAIC’s articles and by-laws.

These communications may include notices of annual general meetings, special meetings, voting materials, financial statements, and other documents required for the exercise of membership rights and corporate governance.

A voting member cannot opt out of receiving these mandatory governance communications while they remain entitled to vote. Communication preferences, including preferences relating to newsletters, promotions, or other optional communications, do not apply to notices or materials that the RAIC is required by law to provide.

Where permitted by applicable law and the RAIC’s by-laws, the RAIC may deliver these communications by mail, email, or other authorized electronic means. Members are responsible for maintaining accurate contact information so that the RAIC can meet its legal notice obligations.

If a member no longer wishes to receive these communications, they must cease to hold voting membership in accordance with the RAIC’s governing documents.

Principle 4 – Limiting Collection

The RAIC will limit the collection of personal information to what is necessary for the purposes it has identified. Personal information will be collected by fair and lawful means.

The RAIC collects personal information that includes, but is not limited to:

Home address;
Date of birth;
Payment and transaction information;
Education information, such as date of graduation, institution and proof of graduation;
Professional registration information including jurisdiction, licence details; and,
Financial information where required for scholarships, awards, sponsorships, sales or other authorized purposes.

Where required by law, the RAIC will obtain consent for the use of cookies and similar technologies, including through cookie banners or preference tools. Users may manage their cookie preferences through browser settings, device settings, or consent tools made available by the RAIC. Certain essential cookies required for the operation and security of the website may not be disabled.

The RAIC uses this information to support website functionality, security, analytics, and service improvement. Where required, the RAIC will provide appropriate notice or choice in relation to cookies and similar technologies. The RAIC may, from time to time, collect information through surveys. Where surveys collect personal information, the RAIC will identify the purpose of the collection and use the information only for the purposes described at the time of collection, unless otherwise permitted or required by law. Survey results that are published will be aggregated, anonymized, or otherwise presented in a manner that does not identify individuals.

Principle 5 – Limiting Use, Disclosure and Retention

Personal information will be used or disclosed only for the purposes for which it was collected, for purposes reasonably related to those purposes, with the individual’s consent, or as otherwise permitted or required by law. Personal information will be retained only for as long as necessary to fulfill the identified purposes and to meet legal, regulatory, accounting, audit, and operational requirements. Retention periods vary depending on the type of information and its purpose and may include defined retention schedules for categories such as membership records, financial records, event registrations, and program participation. Where feasible, the RAIC will de-identify or anonymize personal information for research, statistical, or reporting purposes rather than retaining identifiable information.

When no longer required, personal information will be securely destroyed, deleted, or anonymized in accordance with RAIC records management practices. Records relating to membership applications, renewals, donations, and financial transactions will be retained for at least seven years where required for tax, accounting, audit, or regulatory purposes.

With whom we share your personal information

(i) RAIC employees

In the course of daily operations, access to personal information is limited to employees, contractors, or authorized representatives who require the information to perform their duties.

Unauthorized access to, or use of, or disclosure of personal information is prohibited and may result in disciplinary action, termination of employment or contract, or other appropriate measures.

(ii) Third Parties

Where a member has provided explicit, opt-in consent for that specific purpose, the RAIC may make available limited member contact information. RAIC may also share personal information with third-party service providers that support its operations, including payment processors, event platforms, learning management systems, website providers, mailing houses, and other service providers. These service providers are authorized to use personal information only as necessary to provide services to the RAIC or as otherwise permitted or required by law. The RAIC requires third-party service providers to implement appropriate privacy and security safeguards and to protect personal information in a manner consistent with this Privacy Policy and applicable law. The RAIC remains responsible for personal information transferred to third parties and takes reasonable steps to ensure that such information is protected while in their custody.

Personal information may be stored or processed in Canada or other jurisdictions, depending on the service provider used. Where personal information is processed outside Canada, it may be subject to the laws of that jurisdiction.

Before transferring personal information to a service provider outside Canada, the RAIC conducts appropriate due diligence and implements contractual and technical safeguards designed to ensure a level of protection comparable to that required under applicable Canadian privacy laws. Individuals may request additional information about cross-border data transfers by contacting the RAIC Privacy Officer. The RAIC will include a member’s information for this purpose only with the member’s express consent, and only for the specific purpose for which that consent was provided. A member may withdraw this consent at any time by contacting the RAIC at the contact information set out below.

Principle 6 – Accuracy

The RAIC will take reasonable steps to keep personal information as accurate, complete, and up to date as necessary for the purposes for which it is used. Individuals are encouraged to update their personal information through the RAIC’s online services where available or by contacting the RAIC in writing or electronically. The RAIC will make requested updates within a reasonable period.

Principle 7 – Safeguarding Personal Information

Personal information is protected by safeguards appropriate to its sensitivity, including administrative, technical, and physical measures. These safeguards may include role-based access controls, passwords, encryption where appropriate, staff training, contractual protections with service providers, and secure storage practices. The RAIC provides access to certain services and information through online accounts and portals. To reduce the risk of unauthorized access, users are required to authenticate using account credentials and any additional security measures implemented by the RAIC from time to time. The RAIC uses technical safeguards designed to protect personal information from unauthorized access, use, disclosure, loss, or theft. These safeguards may include secure hosting arrangements, access restrictions, network security controls, logging, monitoring, and vendor oversight. Where personal information is stored or processed by third-party providers, the RAIC takes reasonable steps to require comparable protections. Paper records containing personal information are stored in locked cabinets or other secure storage areas with access limited to authorized personnel. In the event of a breach of security safeguards involving personal information, the RAIC will assess the risk of harm, notify affected individuals and the Office of the Privacy Commissioner of Canada where required by law, and keep records of breaches in accordance with applicable legal requirements.

Principle 8 – Openness

The RAIC will make information available about the policies and practices it uses to manage personal information. This Privacy Policy will be made available on the RAIC website and in other formats on request where reasonably required.

Principle 9 – Individual Access

Upon written request, an individual will be informed of the existence, use, and disclosure of their personal information and will be given access to that information, subject to any legal exceptions. Individuals may also request corrections to their personal information where it is inaccurate or incomplete. Where applicable, individuals may request information about how their personal information has been used or disclosed, including the categories of third parties to whom it has been disclosed. Access may be provided in person, electronically, or by other reasonable means. The RAIC will respond within the time required by applicable law.

Principle 10 – Challenging Compliance

Individuals may challenge the RAIC’s compliance with this Privacy Policy or applicable privacy requirements. The RAIC will receive, investigate, and respond to privacy-related complaints and questions in a timely manner. Individuals may contact the RAIC Privacy Officer to raise concerns, request access to personal information, request corrections, or seek additional information about the RAIC’s privacy practices.

RAIC Privacy Officer (designated staff member)
Royal Architectural Institute of Canada
6118 James Bell Drive
Manotick, ON K4M 1B3
613-241-3600
info@raic.org

The Privacy Officer is responsible for overseeing compliance with this Privacy Policy and applicable privacy legislation and may delegate operational responsibilities as appropriate. If an individual is not satisfied with the RAIC’s response, they may contact the Office of the Privacy Commissioner of Canada or any other appropriate regulatory authority.

Third-Party Ad Networks

The RAIC may use third-party advertising, analytics, and social media tools to deliver or measure communications on its website and on third-party platforms. These tools may be used to measure the effectiveness of communications, understand website use, and, where applicable, deliver content or advertising that may be relevant to users. Third-party service providers may use cookies, pixels, tags, scripts, or similar technologies to support analytics, communications, or advertising functions. Information collected by third-party platforms or service providers is subject to the privacy policies of those third parties, in addition to any applicable RAIC policies where relevant. The RAIC may share limited information with third-party service providers where necessary to support communications, analytics, or advertising activities and where permitted by law.

Users can manage cookie and advertising preferences through browser settings, device settings, cookie consent tools where available, and the privacy controls offered by relevant third-party platforms.

Online Behavioral Advertising and How You Can Opt-Out

The RAIC and its service providers may use cookies and similar technologies to understand how users interact with RAIC websites and communications, to improve digital services, and, where applicable, to support advertising or remarketing activities. Users can manage these technologies through browser settings, device settings, consent tools where available, and platform-specific privacy controls. For more detailed information, please refer to the RAIC’s website cookie notice, where available.

Data Breaches and Security Incidents

The RAIC has procedures in place to respond to actual or suspected privacy breaches and security incidents. Where a breach of security safeguards involving personal information creates a real risk of significant harm, the RAIC will report the breach to the Office of the Privacy Commissioner of Canada, notify affected individuals, and notify other organizations or government institutions where required or appropriate to reduce the risk of harm. The RAIC will also keep records of breaches as required by law.

Policy Updates

The RAIC may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, services, or privacy practices. The most current version will be posted on the RAIC website.