Privacy Policy

CAIMUN is dedicated to protecting your privacy rights. This policy governs which information and data we collect, why it is collected, and how it is managed. This policy applies to the entire Canada International Model United Nations organization, its subsidiaries, and affiliates. We have created this policy to demonstrate our efforts in protecting your privacy and to explain our data protection and management processes in a clear, simple manner. It is deliberately written to be as short, concise, and direct as possible—avoiding legalese and other unnecessary padding.

Summary

Here’s a brief summary of this policy: We believe you have a right to privacy. CAIMUN will never share or sell your personal information to any third parties, data brokers, or advertisers. All personal information and data is securely stored in CAIMUN’s custody. We maintain strict internal regulations regarding access and handling of personal information by our staff, and only the minimum amount of data necessary for each staff member to do their respective job is accessible to them. We collect the minimum amount of information necessary to deliver an amazing conference experience. To submit a data deletion request, which we will happily comply with, please contact us here.

Information We Collect

When you register to attend CAIMUN as a delegate, staff member, sponsor teacher, adult chaperone, observer, or media team member, you transmit personal information to us. This data is collected either actively—meaning we ask for it—or it is collected passively, meaning it is automatically logged by the services and software we use in our operations.

The following is a list of the personal information we actively collect:

Name (preferred), email address, date of birth, physical address, phone number, payment information, emergency contact information.

We may also passively collect other data such as your IP address and email communications with us. Passively collected data is automatically and unintentionally logged and stored by the software and services we use. For example, all emails being sent to a CAIMUN inbox will be stored in that inbox unless deleted, thus constituting a form of data collection. Likewise, JotForm, our registration form service, automatically collects the IP address of the form submitter. Which data is passively collected varies across the software and services we employ. Although this data isn’t actively collected, it still gets deleted when you submit a deletion request.

Third Party Data Collection & Sharing

Although we will never share or sell your personal information with or to third parties or data brokers, we interact with third party services in order to deliver the conference. These services may collect participants’ data in order for us to use them. However, we share the minimum amount of information necessary to conduct business with these services. Note that when we say “share,” we do not explicitly hand your information to these companies. Instead, it is simply inputted into their software services so that we may use it to your benefit. Keep in mind, only the minimum amount required for use is ever inputted. Except when the law does not allow, we are always in full control of your data when it is “shared” with these services, and it is deleted upon request.

Here is an exhaustive list of the third parties that we do business with that may hold your data, which data is shared, and why:

  • Stripe: Stripe is our payment processing service. Your financial data such as credit card information is securely processed and stored with Stripe when you make a payment to CAIMUN for registration fees. Financial information is never stored in CAIMUN’s own data servers, and we have limited access to the information stored by Stripe. Stripe does not share customer data with third parties. They are a well-trusted and established brand with industry-standard security practices. As a financial institution, Stripe is subject to stringent government and regulatory oversight, much like a commercial bank. We are confident they will not misuse or inappropriately handle customer data.

    • Deletion policy: Unfortunately, we are not able to delete financial information from Stripe when responding to data deletion requests as it is both not solely in our custody and Stripe is bound to special financial data processing laws which require retention periods.

  • JotForm: JotForm is our form provider service and is used to create all our application and registration forms to collect information from you. Information that you transmit to CAIMUN travels through JotForm to get to us and so that we may process it. JotForm indefinitely stores the information you submit on their servers (which is fully accessible to us), and we also store a copy on our end. For example, when you submit the delegate registration form, that data travels through JotForm to get to us and it remains with JotForm (so that we can view it) until we delete it.

    • Deletion policy: When you submit a CAIMUN data deletion request, any of your personal information held with JotForm is also deleted as we have direct access and full custody of the data they store.

  • Mailchimp: Mailchimp is the software we use to send out emails such as marketing campaigns and vital pre-conference information to our several hundred attendees. The only personal information that is ever inputted into Mailchimp is your name and email for contact purposes. It is stored there indefinitely until we delete it.

    • Deletion policy: When you submit a CAIMUN data deletion request, any of your personal information held with Mailchimp is also deleted as we have direct access and full custody of the data they store.

  • The Hyatt Regency Hotel: As the host of the conference, the hotel requires us to provide them with the names of the participants staying in each guestroom. No other information is provided to the hotel. We are currently communicating with the hotel to establish a concrete deletion policy. This section will be updated accordingly soon.

Purpose of Collection

CAIMUN collects your personal information for the purposes of flawlessly planning and executing the conference and delivering you and other participants an exceptional experience. We make an effort to collect as little information as possible and to collect the minimum amount of information required to run the conference.

Data Management, Storage, and Access

We will never sell or share any of your information to third parties, data brokers, or advertisers unless required by law in CAIMUN’s jurisdiction, such as by court order where compliance is a legal requisite. We have never received any such request to date. All data in our custody is stored either on our secure server or securely with one of the aforementioned third parties. Access to data in CAIMUN’s custody is regulated. CAIMUN maintains a strict internal policy against misuse and inappropriate handling of personal data by our staff. We assure that all data in our custody is securely managed and only accessible to the individuals who require it to execute their specific duties in their role on our staff. No one is given access to personal information they don’t necessarily need to do their jobs.

The Secretariat and Committee Staff only have access to the minimum amount of personal information relevant to executing their duties. For example, as a delegate this would include the Secretariat having access to your name, email, date of birth, phone number, and emergency contact information for a number of communication, verification, and safety reasons. Committee Staff would have access to your name and email address in order to communicate with delegates in their committee, receive position papers, and take attendance at the conference.

Any data that the Secretariat or Committee Staff may have access to is exclusively relevant to the current conference iteration. Upon conclusion of that iteration, all access to personal data is immediately revoked, restricted, and archived by the Board of Directors. For example, the CAIMUN 2020 Secretariat would not have access to personal information from past CAIMUN iterations, and upon the conclusion of the conference, CAIMUN 2020 personal information would become restricted and archived.

Access to this data by any of the aforementioned third parties is possible while it is in their partial custody. For more information on this, you will have to consult each party’s privacy policy.

Right to be Forgotten/Have Personal Data Deleted

Even if you hand over your data to us, we still believe it belongs to you. By default we retain all data indefinitely as a matter of record keeping, analytics, and other legitimate interests. However, you may at any time submit a request to us at privacy@caimun.ca expressing your desire for your personal data to be deleted. Once received and after verifying your identity as the owner of said data, we will delete all personal information associated with your name and email address from our possession, both that actively and passively collected. If we encounter personal information in the future that we failed to delete from a previous deletion request, we will delete it as we come across it. Please note that some information may not be deleted either as required by applicable law or as it is not in our full custody. Circumstances in which this is the case have been stated prior in this policy.

Additional Potential Third Party Data

The list we provided earlier of who we share data with in order to execute the conference is exhaustive. However, there are third parties services that CAIMUN employs but that we do not share information with that may passively collect your data when you interact with them. Although this is less applicable to CAIMUN’s practices, we believe you should have a right to know wherever it concerns us.

Squarespace: Squarespace is our website host. Although we don’t input or share any information whatsoever with Squarespace, it is possible that when you visit our website, Squarespace may automatically log your IP address, number of visits, link clicks, and other analytics. Generally, websites contain trackers and other cookies to trace your internet activity in order to better target advertising to you. These trackers can sometimes amount to over 100 in a single website. As a privacy-conscious organization, we’ve coded our website to eliminate as many trackers as possible. However, Brave analytics indicates that there may be up to two “trackers” still active on our website. At the moment, we’ve been unable to eliminate these; but we are actively trying our best to. If you would like to take your own action to block these trackers, we recommend using the Brave web browser, a privacy-oriented browsing application that will let you block these on any website, including ours.

  • Deletion policy: We unfortunately do not have direct access or custody of this data, and we thus cannot delete it. However, it is most likely pseudo-anonymized and is not affiliated with your name or email address. Please consult the Squarespace privacy policy.

Meta: Meta is the parent company of Facebook and Instagram. These are two social media platforms on which we have accounts for marketing and conference news sharing purposes. Although we do not input or share any information whatsoever with Meta, Facebook, or Instagram, they may passively log and collect some information about you when you visit our social media pages on those platforms.

  • Deletion policy: We unfortunately do not have direct access or custody of this data, and we thus cannot delete it. Please see the Meta privacy policy.