Privacy and CPFP

The Canada Press Freedom Project (CPFP) recognizes the importance of protecting the privacy of your personal information. This page covers personal information collected by CPFP. Some personal information that falls outside the scope of applicable privacy legislation is not subject to this privacy policy, such as personal information CPFP may use for journalistic purposes and information used for business purposes.

If there are changes in our personal information practices we will update this policy and provide notice on the CPFP site that the policy has been updated.

 

WHAT INFORMATION WE COLLECT WHEN YOU USE THE CANADA PRESS FREEDOM PROJECT SITE

 

CPFP uses your personal information to offer and provide you services. They include:

  • to fulfill your request for access to our site;
  • to make improvements to our site and if we develop new related sites;
  • to communicate with you;
  • to maintain and improve the security of our sites and to detect and prevent fraud;
  • to facilitate the general management and administration of the CPFP site, including to meet relevant regulatory, legal, insurance, audit, security and processing requirements.

Certain information is collected automatically when you visit the CPFP site through the use of cookies and similar technologies: your IP address, usage information such as page requests, browser type, and operating system using cookies and other similar technologies. When you view our site using a mobile device your device hardware type and operating system, unique device identifier, IP address, language settings, and the date and time the app accesses our servers are collected. Information about your use of our site, such as the pages most read, time and duration of use, search terms, and other information about your interaction with the site may be analyzed. We use this information to provide basic functionality; evaluate, monitor and improve our site; and detect fraud.

If you provide your express consent, some devices can transmit your location data. If you choose to share location data with CPFP you will be able to turn off such data collection at any time through the privacy or location settings on your mobile device. 

Our site uses web analytics services such as Google Analytics which uses cookies to help us analyze how visitors use our sites. The information generated by the cookie about your use of our sites (including your IP address) will be transmitted to and stored by a Google server. Google uses this information to evaluate your use of the sites, to compile reports on site activity for us and to provide us with other information relating to site activity and internet usage. 

For more information about Google Analytics or to prevent the storage and processing of this data (including your IP address) by Google, you can download and install its opt-out browser plug-in. Additional information about Google Analytics’ data privacy and security is available on Google’s privacy and terms page.

 

MORE INFORMATION ABOUT COOKIES AND OTHER SIMILAR TECHNOLOGIES

 

CPFP uses cookies and other commonly used technologies such as JavaScript, web beacons, device identifiers, and pixel tags to collect automated information. Cookies are small text files containing a unique identifier that are placed in your browser in order to store information about your web browsing and usage of our site. For example: user IDs for visitors logged-in to the CPFP site, device IP address and usage data. 

Most browsers are initially set up to accept cookies, but offer a number of ways to control cookie preferences should you wish to withdraw your consent or limit the collection of your information by disabling cookies. Typically, users can: disable all cookies (not recommended), require approval each time a site attempts to place a cookie, remove cookies manually or have them deleted automatically after a certain period. For step-by-step instructions on how to modify cookie preferences, please consult your browser’s support documentation. You can find instructions for commonly used browsers here:

CPFP does not require you to accept cookies but disabling cookies on your browser may reduce the functionality of elements of our site.  

If you navigate away from our site, for example, by clicking on a link in a story on the CPFP site, other parties may also place a cookie in your browser. The use of such cookies is governed by the privacy policies of those other parties. CPFP does not control, nor is responsible for the activities or practices of such other parties.

 

DONATIONS TO J-SOURCE

 

Financial donations to the Canada Press Freedom Project are made through the websites of Carleton University and Toronto Metropolitan University. Privacy conditions related to donations are covered by the policies of Carleton University and Toronto Metropolitan University

 

SECURITY AND STORAGE

 

CPFP has in place measures to protect the information we collect from loss, theft, and unauthorized access, disclosure, copying, use, or modification.

CPFP uses Google software and  tools to collect and store data and to drive its aggregation on our website. All data collected by CPFP remains the property of CPFP. It is not sold to third parties. 

While in transit data is encrypted at several levels. Google forces HTTPS (Hypertext Transfer Protocol Secure) for all transmissions between users and Google Workspace services and uses Perfect Forward Secrecy (PFS) for all its services. Google also encrypts message transmissions with other mail servers using 256-bit Transport Layer Security (TLS) and utilizes 2048 RSA encryption keys for the validation and key exchange phases. This protects message communications when client users send and receive emails with external parties also using TLS. PFS requires that the private keys for a connection are not kept in persistent storage. Anyone who breaks a single key can no longer decrypt months’ worth of connections; in fact, not even the server operator is able to retroactively decrypt HTTPS sessions.

This ensures that messages are safe not only when they move between CPFP and Google’s servers, but also as they move between Google’s data centres. Data that is deleted by CPFP is removed from Google servers.

Customer data that is uploaded or created in Google Workspace services is encrypted at rest. Google  has also enabled HTTPS for all of Google Workspace services so that your data is encrypted when traveling from CPFP to Google and also while in transit between Google data centres. This includes:

  • Gmail—Messages and attachments
  • Drive—Files in Drive and all file metadata (e.g. titles and comments)
  • Docs—Content authored by the owner or collaborators of the document
  • Sheets (including Forms)—Content authored by the owner or collaborators of the spreadsheets

 

LEGAL REQUESTS AND DISCLOSURES

 

We will challenge any requests for site user information we consider illegitimate. Should third parties solicit the disclosure of your personal information, we will do everything in our power to protect it. If we are required by law to respond to a request to provide information you submit to us, we will make every effort to contact you by email to let you know we have received a request and seek your advice and assistance in responding. Should you decide not to challenge such a request, we may be required by law to provide it to the requesting third party.

If Google receives a government data request for Cloud customer data, it is Google’s policy to direct the government to request such data directly from the Cloud customer. Google has a process for evaluating and responding to government requests, including CLOUD Act data requests issued pursuant to a CLOUD Act executive agreement. It has a team that reviews and evaluates each request it receives to make sure it satisfies legal requirements. When compelled to produce data, Google notifies enterprise customers before any information is disclosed, unless such notification is prohibited by law or except in emergency situations involving a threat to life. Google will, to the extent allowed by law and by the terms of the request, comply with a customer’s reasonable requests regarding its efforts to oppose a request.

The CPFP is hosted by United States-based Pagely Inc. Personal information on the CPFP site hosted through Pagely is stored in Canada. All requests to Pagely for personal information from the CPFP site are forwarded to CPFP for response. Pagely does not respond to requests for information.

 

HOW TO CONTACT J-SOURCE

 

If you have any questions or concerns about this privacy notice or our privacy practices, you may contact CPFP at cpfp@j-source.ca