Toronto French Academy (TFA) Privacy Policy
16706282 CANADA INC.
Last updated – 16 July 2025
1 Introduction
Toronto French Academy (“TFA,” “we,” “our,” or “us”) is committed to protecting the privacy of every learner, parent, tutor, applicant, website visitor, and business partner (collectively, “you”). This Privacy Policy explains what personal information we collect, how and why we use it, the circumstances in which we may share it, and the choices and rights you have. It has been drafted to comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial equivalents, and anticipates upcoming changes under the proposed Consumer Privacy Protection Act (CPPA) . Where we interact with residents of the European Economic Area or the United Kingdom, we also follow the core principles of the GDPR. Our electronic marketing adheres to Canada’s Anti-Spam Legislation (CASL) .
2 Scope
This Policy applies to all personal information we process in the course of offering French-language education, whether collected through our websites, learning platforms, mobile apps, social-media pages, advertising campaigns, payment portals (including Stripe and Square), Google Workspace tools, HubSpot, or directly in class.
3 Definitions
- Personal information means any information about an identifiable individual, such as name, email, phone number, billing details, IP address, learning progress, or voice/video recordings of classes.
- Processing includes collecting, storing, using, disclosing, or otherwise handling personal information.
- Tutor Portal / Student Portal / Admin Portal are the online environments through which tutors, students, and TFA staff interact with course materials and scheduling tools.
4 Information We Collect
We collect only the information reasonably required to operate our academy, including:
- Identity & contact data: name, mailing address, email, phone, date of birth.
- Enrollment & academic data: joined date, class schedules, attendance records, homework submissions, grades, exam scores, student goals.
- Payment data: credit-card token (on file with Stripe or Square), payment history, transaction IDs, outstanding balances.
- Technical data: IP address, device identifiers, browser type, cookies, and log files.
- Marketing data: inquiry forms, lead-generation campaign data, referral source, and consent preferences.
- Candidate data (for tutor or staff applicants): résumé, interview notes, reference checks.
- Audio-visual data: class recordings (for quality assurance and student review).
5 How We Collect It
Personal information is obtained:
- Directly from you when you complete an enrollment form, join the wait-list, schedule a demo, pay for classes, submit homework, apply for a job, or contact us.
- Automatically via cookies, pixels (e.g., Meta, Google), and analytics tags when you browse our websites or learning platforms.
- From third-party integrations such as Google Calendar (to show class times), Google Sheets (to store lead data), Calendly (booking), HubSpot (CRM), and payment processors.
6 Why We Use It
We process your information to:
- Provide, personalise, and administer language-learning services.
- Schedule classes, notify you of changes, and maintain attendance.
- Process payments, issue invoices, and recover amounts owing (we reserve the right to charge the card on file for any outstanding balance in accordance with our Terms & Conditions).
- Deliver account, service, and billing notifications.
- Maintain academic records and progress reports.
- Improve curricula, tutor performance, websites, and apps through analytics.
- Authenticate users and secure our portals.
- Conduct marketing, promotions, and remarketing (with CASL-compliant consent and opt-out mechanisms).
- Screen tutor and staff applicants and manage human-resource files.
- Detect fraud, enforce our policies, and comply with legal obligations.
7 Legal Bases for Processing
Under PIPEDA, we rely on explicit or implied consent, contractual necessity (e.g., delivering classes you purchased), or another lawful exception. For GDPR-covered users, our legal bases include consent, performance of a contract, legitimate interests (e.g., internal analytics), and compliance with legal duties.
8 Your Consent & How to Withdraw
By enrolling, submitting a form, creating an account, or clicking “I Agree” at checkout, you consent to the collection, use, and disclosure of your personal information as described here. You may withdraw consent at any time by emailing torontofrenchacademy@gmail.com or by adjusting your communication preferences. Withdrawal may affect our ability to provide certain services (e.g., access to classes).
9 Cookies & Tracking Technologies
We use first- and third-party cookies and similar technologies for: session management, performance analytics (Google Analytics 4), targeted advertising (Meta Pixel, Google Ads), and security. You can refuse or delete cookies through your browser settings, but some site functions may fail.
10 Payment Information
TFA itself never stores full credit-card numbers. Payments are handled by Stripe and Square, which tokenize and secure your card data in compliance with PCI-DSS standards. We can initiate future charges for subscription renewals, instalment plans, or outstanding balances, as set out in our billing policy.
11 Disclosure to Third Parties
We do not sell or rent your personal information. We share it only:
- With trusted service providers (cloud hosting, email, analytics, payment processors, video-conferencing platforms) bound by confidentiality and security obligations.
- With government authorities if required by law, court order, or to protect our rights.
- With prospective purchasers in connection with a corporate transaction (subject to confidentiality agreements).
12 Cross-Border Transfers
Many of our cloud vendors operate in the United States, European Union, and India. Your information may therefore be transferred to—and stored on—servers located outside Canada. Such transfers are permitted under PIPEDA provided we use contractual and technical safeguards to ensure comparable protection.
13 Retention
We retain personal information only as long as necessary for the purposes outlined above, or as required by tax, accounting, and education regulations. Typical retention periods:
- Student files: 7 years after final class.
- Tutor HR records: 7 years after employment ends.
- Payment data: 7 years for audit compliance.
- Marketing leads: 24 months of inactivity, unless you re-engage or extend consent.
14 Security Measures
We employ industry-standard administrative, technical, and physical safeguards, including encryption in transit (TLS 1.3), role-based access controls, two-factor authentication for staff, regular penetration testing, and secure off-site backups. Despite these measures, no method of transmission or storage is 100 % secure, and you acknowledge this residual risk.
15 Your Rights
Subject to exceptions under PIPEDA and applicable provincial or foreign laws, you have the right to:
- Access the personal information we hold about you.
- Rectify inaccurate or incomplete data.
- Delete or anonymise information that is no longer required (right to erasure where legally available).
- Port data to another provider in a structured, commonly-used format, where technically feasible.
- Contest automated decisions that significantly affect you.
To exercise any of these rights, email torontofrenchacademy@gmail.com with proof of identity.
16 Marketing Communications
We send class reminders, billing notices, and promotional offers by email, SMS, or WhatsApp. Every marketing message includes an unsubscribe link or STOP reply option, as required by CASL. Transaction-related notices are mandatory and not subject to opt-out.
17 Children’s Privacy
Our services are primarily directed to adults. For minors under the age of 13, we collect information only with verifiable parental or guardian consent, and we limit use to educational purposes.
18 Automated Decision-Making
We do not rely on fully automated profiling that produces legal or similarly significant effects. Certain analytics insights (e.g., identifying disengaged students) may prompt human review and outreach.
19 Changes to This Policy
We may update this Privacy Policy from time to time to reflect operational changes or legal requirements. Material changes will be announced on our website or via email 30 days before they take effect. Your continued use of our services after that date constitutes acceptance of the revised Policy.
20 Contact Us
If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact:
Privacy Officer
Toronto French Academy (16706282 CANADA INC.)
Email:torontofrenchacademy@gmail.com