Data Privacy
(Datenschutz)
Data Privacy Statement
Competence Development Network LLP
1103 - 11871 Horseshoe Way
Richmond, BC V7A 5H5
Canada
Registry LL03276
Effective Date: January 2, 2026
Last Updated: January 2, 2026
1. Introduction
Competence Development Network LLP ("we," "us," "our," or "the Organization") is committed to protecting the privacy of individuals whose personal information we collect, use, and disclose in the course of our business operations. This Data Privacy Statement ("Statement") explains how we handle personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR), and applicable provincial privacy legislation.
We provide professional services in organizational development, capability and learning design, leadership development, coaching, and consulting. We recognize that trust is fundamental to our relationship with clients, coaching participants, employees, and other individuals who interact with our organization.
2. Scope and Application
This Statement applies to all personal information collected, used, disclosed, and retained by Competence Development Network LLP in the course of our commercial activities, including:
· Client engagements and service delivery
· Coaching and training programs
· Employee management and Human Resources practices
· Marketing and business development communications
· Website and digital platform interactions
· Service provider and vendor relationships
· Job applications and recruitment
Personal information is defined as any information about an identifiable individual, excluding business contact information (business title, business address, business telephone number, and business email address) and publicly available information.
This Statement does not apply to:
· Information that is aggregated and anonymized in a way that cannot be attributed to any identifiable individual
· Information that is publicly available and not linked to identifiable individuals
· Solicited or unsolicited business communications that do not contain personal information
3. Personal Information We Collect
Depending on the nature of our relationship with you, we may collect the following categories of personal information:
3.1 Information Provided Directly by You
· Contact Information: Name, email address, phone number, physical address, professional title
· Professional Information: Educational background, qualifications, certifications, work experience, professional affiliations
· Communication Information: Correspondence, feedback, meeting notes, survey responses
· Payment Information: Billing address, payment method details (processed securely through third-party providers; we do not directly store credit card data)
· Engagement Information: Preferences regarding service delivery, scheduling information, accessibility requirements
3.2 Information Collected Automatically
· Website and Digital Platform Data: IP addresses, cookie identifiers, browsing behavior, pages visited, duration of visits, referring websites
· Device Information: Device type, operating system, browser type
· Email Communications: Open rates, link clicks, engagement metrics
· Usage Analytics: Interaction patterns with our digital tools and platforms
3.3 Information Received from Third Parties
· Employer or Client Information: Information provided by your employer or referring client organization for coaching or training engagements
· Professional References: Information from professional colleagues or references you nominate
· Payment Processors and Service Providers: Transaction data, verification information
· Publicly Available Sources: LinkedIn profiles, professional directories, published work
3.4 Sensitive Personal Information
We recognize that some engagements (particularly coaching and development work) may involve sensitive personal information. Where such information is provided voluntarily:
· Participation is entirely voluntary and informed by clear consent
· Such information is handled with enhanced confidentiality safeguards
· Data is retained only as long as necessary for the specific engagement
· You retain the right to withhold or limit disclosure of sensitive information
4. Legal Basis and Purposes for Processing
4.1 PIPEDA Compliance (Canadian Operations)
Under PIPEDA, we collect, use, and disclose personal information only with your knowledge and consent, except where limited exceptions apply. Our processing purposes are:
Service Delivery and Contract Fulfillment
· Providing coaching, training, consulting, and organizational development services
· Delivering tailored professional development programs
· Conducting assessments, evaluations, and feedback sessions
· Managing client relationships and project administration
· Billing, invoicing, and financial administration
Business Operations
· Managing Human Resources functions (recruitment, employment administration, payroll, benefits)
· Maintaining business records and accounting
· Ensuring workplace health and safety
· Managing vendor and service provider relationships
· Protecting our legal and financial interests
Communication and Marketing
· Sending service updates, newsletters, and relevant content
· Conducting surveys and gathering feedback
· Marketing our services (with appropriate consent)
· Responding to inquiries and providing customer support
· Maintaining business contact lists
Legal and Compliance
· Complying with legal obligations and regulatory requirements
· Responding to legal processes (subpoenas, court orders)
· Protecting against fraud and security incidents
· Establishing, exercising, or defending legal claims
Research and Service Improvement
· Analyzing service effectiveness and client outcomes
· Improving our service offerings and delivery methods
· Conducting quality assurance activities
· Supporting research initiatives (with informed consent)
4.2 GDPR Compliance (EU Data Subjects)
For individuals located in the EU or whose data is processed in an EU context, we rely on the following legal bases:
· Contractual Necessity: Processing necessary to fulfill service agreements
· Consent: Explicit, informed consent obtained for specific purposes
· Legal Obligation: Compliance with applicable laws and regulations
· Legitimate Interests: Protecting our business, ensuring security, and service improvement (balanced against your privacy rights)
· Performance of Public Task: Where applicable to organizational development in institutional contexts
5. Consent and Choice
5.1 How We Obtain Consent
We obtain consent for personal information collection and processing in the following ways:
· Express Consent: Clear, explicit consent provided through signed agreements, consent forms, or digital opt-in mechanisms
· Implied Consent: For less sensitive information where you reasonably expect we will collect and use data (e.g., contact information to fulfill service requests)
· Sensitive Information: Enhanced consent procedures apply, typically requiring express, documented consent
You will be informed of the purposes for which we are collecting, using, or disclosing your personal information at or before the time of collection.
5.2 Your Rights to Withdraw or Modify Consent
You have the right to:
· Withdraw consent at any time by notifying us in writing
· Opt out of specific uses of your information (e.g., marketing communications, analytics)
· Refuse to provide personal information, though this may limit our ability to provide certain services
Withdrawal of consent does not apply retroactively to information already collected and legitimately used. Where we process information under alternative legal bases (legal obligation, contractual necessity), withdrawal of consent does not prevent continued processing under those bases.
5.3 Marketing and Promotional Communications
· You may opt out of marketing emails and newsletters at any time by following unsubscribe instructions or notifying us directly
· We will not share your contact information for third-party marketing without explicit consent
· Email marketing will include clear identification of the sender and mechanism for opting out
6. How We Use Your Personal Information
6.1 Service Delivery and Professional Engagement
We use personal information to:
· Deliver coaching, training, consulting, and development services tailored to your needs
· Conduct assessments, evaluations, and progress monitoring
· Provide feedback and recommendations
· Schedule engagements and manage logistics
· Create service documentation and engagement records
· Follow up on outcomes and service effectiveness
6.2 Business Administration
· Invoice and collect payment for services rendered
· Maintain client and vendor databases
· Manage contractual obligations
· Respond to inquiries and provide customer support
· Maintain financial and accounting records
6.3 Improvement and Innovation
· Analyze feedback and outcomes to improve service quality
· Develop new service offerings and programs
· Conduct quality assurance and performance monitoring
· Support research and evidence-based practice development
6.4 Communication
· Send transactional communications (service confirmations, billing)
· Provide updates about service changes or important information
· Distribute newsletters, articles, and relevant professional content
· Conduct client satisfaction surveys
6.5 Legal and Security
· Prevent and investigate fraud, security threats, or illegal activity
· Protect our legal rights and assets
· Respond to legal processes and comply with legal requirements
· Establish or defend claims
7. How We Protect Your Information
7.1 Security Measures
We implement appropriate technical, organizational, and administrative safeguards to protect personal information against unauthorized access, modification, loss, or disclosure. These measures include:
Technical Safeguards:
· Encryption of data in transit (HTTPS/TLS for websites and email)
· Encryption of sensitive data at rest
· Firewalls and network security infrastructure
· Regular security audits and vulnerability assessments
· Secure authentication mechanisms (passwords, multi-factor authentication)
Organizational Safeguards:
· Access controls limiting employee access to personal information to business-need-only basis
· Confidentiality agreements with all employees and contractors
· Staff training on privacy and data security practices
· Secure document storage and disposal procedures
Administrative Safeguards:
· Privacy policies and procedures documented and regularly reviewed
· Designated accountability for privacy compliance
· Privacy impact assessments for new initiatives
· Incident response and breach notification procedures
7.2 Limitations on Our Safeguards
While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is absolutely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any passwords or access credentials provided to you.
7.3 Data Retention and Secure Disposal
We retain personal information only as long as necessary to fulfill the purposes for which it was collected or as required by law. When information is no longer needed:
· Business records are retained according to legal requirements and business necessity (typically 6-7 years for financial and legal purposes)
· Client files and engagement records are retained for 3 years following the completion of services
· Marketing lists are retained only as long as consent remains valid
· Information is securely destroyed through shredding, deletion, or other secure methods preventing recovery
You may request deletion of your personal information at any time, subject to legal retention requirements and ongoing contractual obligations.
8. Disclosure and Sharing of Personal Information
8.1 When We Share Information
We may disclose your personal information in the following circumstances:
Service Delivery Partners:
· Co-facilitators, contractors, or subcontractors involved in delivering services (e.g., specialized trainers, assessment specialists)
· All service partners are bound by confidentiality agreements
Business Associates:
· Hosting providers and cloud service providers (email, file storage, project management platforms)
· Payment processors and financial service providers
· Accounting and legal service providers
· CRM systems and project management software providers
Client Organizations:
· With your consent, we may share relevant information with your employer or referring organization (e.g., program completion, skill assessments)
· The scope of disclosure will be clearly communicated
Legal Requirements:
· When required by law, court order, or regulatory authority
· To investigate or prevent illegal activity, fraud, or security threats
· To establish, exercise, or defend legal claims
Business Transitions:
· In the event of merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred as part of the transaction (you will be notified of such changes)
8.2 International Data Transfers
Our organization operates across multiple jurisdictions (Canada, Germany, Spain) and may engage service providers in various countries. When personal information is transferred internationally:
· We ensure adequate safeguards and legal protections are in place
· For EU data subject transfers, we rely on adequacy decisions, standard contractual clauses, or other EU-approved mechanisms
· You will be informed of international transfers that may occur
8.3 Restrictions on Sharing
We do NOT:
· Sell personal information to third parties for marketing or commercial purposes
· Share information with unaffiliated organizations for their independent marketing purposes without explicit consent
· Disclose sensitive or confidential information beyond what is necessary for stated purposes
· Share information with government agencies except as required by law
9. Individual Rights and Data Access
9.1 Rights Under PIPEDA
If you are a Canadian resident, you have the following rights:
Right of Access:
· You may request access to personal information we hold about you
· We will provide information in a form you can understand
· Requests must be made in writing to our Privacy Officer
Right to Correction:
· You may request that inaccurate or incomplete information be corrected
· We will investigate and update records as appropriate
· We may include your correction request in our records if we do not agree that information is inaccurate
Right to Refuse or Withdraw Consent:
· You may refuse to provide information or withdraw consent previously given
· This will not result in refusal of service unless the information is essential to service delivery
Right to Complaint:
· If you believe we have breached your privacy rights, you may file a complaint with the Office of the Privacy Commissioner of Canada
9.2 Rights Under GDPR
If you are an EU resident or your data is processed in a GDPR context, you have the following rights:
Right of Access:
· You may request confirmation of whether your personal information is being processed
· You may request a copy of your personal information in an accessible format
Right to Rectification:
· You may request correction of inaccurate or incomplete information
Right to Erasure (Right to Be Forgotten):
· You may request deletion of your personal information, subject to legal retention requirements
· This right does not apply where processing is necessary for legal obligations or legitimate interests
Right to Restrict Processing:
· You may request that we limit the processing of your information to specific purposes or storage only
Right to Data Portability:
· You may request your personal information in a structured, commonly used, machine-readable format
· We will transmit this information to another organization if requested
Right to Object:
· You may object to processing based on legitimate interests or direct marketing
· We will cease processing unless compelling legitimate grounds override your objection
Right to Withdraw Consent:
· You may withdraw consent at any time
· Withdrawal does not affect the lawfulness of processing based on prior consent
Right Not to Be Subject to Automated Decision-Making:
· You have the right to request human review of automated decisions that significantly affect you
Right to Lodge a Complaint:
· You may file a complaint with your national data protection authority
9.3 How to Exercise Your Rights
To exercise any of these rights, please contact our Privacy Officer in writing:
Privacy Officer Frank Busch
Competence Development Network LLP
1103 - 11871 Horseshoe Way
Richmond, BC V7A 5H5
Canada
Email: admin (at) cdn .coach
We will:
· Acknowledge your request within 5 business days
· Respond substantively within 30 days (or within the timeframe specified by applicable law)
· Provide information in a clear, accessible format
· Not charge a fee unless your request is manifestly unfounded or excessive
10. Children and Young Persons
Our services are intended for adults and are not knowingly directed to individuals under 18 years of age. We do not intentionally collect personal information from children or minors without parental or guardian consent.
If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information and notify the parent or guardian.
For coaching or training services involving young persons in educational or organizational contexts, we will obtain appropriate consent from parents, guardians, or institutional representatives as required.
11. Third-Party Links and Services
Our website and communications may contain links to third-party websites, applications, and services. This Statement applies only to personal information collected by Competence Development Network LLP. We are not responsible for the privacy practices of third-party websites or services.
We recommend reviewing the privacy statements of any third-party services before providing your personal information. When you click links to third-party sites, you are subject to their privacy policies, not ours.
12. Cookies and Tracking Technologies
12.1 Use of Cookies
Our website may use cookies and similar tracking technologies to:
· Enhance user experience and website functionality
· Remember user preferences and login information
· Analyze website traffic and user behavior
· Serve targeted content and marketing
12.2 Types of Cookies
· Essential Cookies: Required for basic website functionality
· Performance/Analytics Cookies: Used to understand how visitors use our website
· Marketing/Tracking Cookies: Used to deliver targeted content and advertising
12.3 Cookie Consent
We obtain appropriate consent for non-essential cookies before they are deployed. You may:
· Accept or reject cookies through our cookie banner
· Adjust cookie preferences through your browser settings
· Clear cookies at any time
13. Automated Decision-Making and Profiling
We do not currently use automated decision-making processes (such as machine learning algorithms) that produce legal or similarly significant effects for individuals. However, if we implement such technologies in the future, we will:
· Notify you of the use of automated decision-making
· Provide information about the logic and consequences of automated decisions
· Offer the right to human review and challenge of automated decisions
· Implement appropriate safeguards to ensure fairness and accuracy
14. Privacy by Design and Data Protection Impact Assessments
We are committed to implementing privacy by design principles in our business processes and service development. For new initiatives involving significant personal information processing (particularly automated processing, large-scale collection, or sensitive data), we conduct Data Protection Impact Assessments to:
· Identify privacy and security risks
· Implement mitigation measures
· Document compliance approaches
· Ensure appropriate safeguards are in place before implementation
15. Data Breaches and Incident Response
15.1 Breach Definition and Response
A personal information breach is defined as an unauthorized or accidental access, disclosure, modification, loss, or destruction of personal information. Upon discovering a breach that poses a risk to the privacy of affected individuals, we will:
· Investigate the breach and assess the scope and risk
· Notify affected individuals within 30 days (or as required by law)
· Provide notification to regulatory authorities where required
· Take corrective measures to prevent recurrence
· Document the incident and response measures
15.2 Breach Notification
Breach notifications will include:
· Description of the incident and types of information involved
· Likely consequences for affected individuals
· Measures we have taken or will take to address the breach
· Our contact information for inquiries
· Recommendations for individuals to protect themselves
16. Accountability and Privacy Governance
16.1 Designated Privacy Officer
We have designated a Privacy Officer responsible for:
· Overseeing privacy compliance and PIPEDA/GDPR implementation
· Responding to privacy inquiries and complaints
· Conducting privacy training and awareness initiatives
· Reviewing and updating privacy policies
· Investigating privacy breaches and managing incident response
Privacy Officer Contact:
Frank Busch
Competence Development Network LLP
1103 - 11871 Horseshoe Way
Richmond, BC V7A 5H5
Canada
Email: admin (at) cdn .coach
16.2 Privacy Training
All employees, contractors, and service providers handling personal information receive training on:
· Privacy rights and obligations
· Our privacy policies and procedures
· Data protection best practices
· Confidentiality and security requirements
· Incident reporting procedures
16.3 Compliance Monitoring
We regularly:
· Audit privacy compliance across business units
· Review and test security measures
· Monitor vendor compliance with privacy obligations
· Update policies to reflect legal and regulatory changes
· Track and respond to privacy complaints
17. Updates to This Statement
We may update this Data Privacy Statement to reflect:
· Changes in our business practices or services
· Evolution of privacy laws and regulations
· New technologies or data handling approaches
· Feedback from clients and stakeholders
We will notify you of material changes by:
· Posting updates on our website
· Sending notice to clients with ongoing engagements
· Indicating the "Last Updated" date clearly on this Statement
Your continued use of our services following updates indicates acceptance of the revised Statement.
18. Contact Information
For questions about this Data Privacy Statement or to exercise your privacy rights, please contact:
Competence Development Network LLP
Address:
1103 - 11871 Horseshoe Way
Richmond, BC V7A 5H5
Canada
Registry: LL03276
Privacy Officer:
Frank Busch
Competence Development Network LLP
1103 - 11871 Horseshoe Way
Richmond, BC V7A 5H5
Canada
Email: admin (at) cdn .coach
General Inquiries:
Email: office (at) cdn. coach
Telephone: +1 604-272-6960 x100
Website: www. cdn. coach
Complaints:
If you believe we have not complied with your privacy rights or this Statement, you may:
1. Contact our Privacy Officer to attempt resolution
2. File a complaint with the Office of the Privacy Commissioner of Canada:
o Website: www.priv.gc.ca
o Telephone: 1-800-282-1376
o Mailing Address: Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, QC K1A 1H2
3. For EU residents, file a complaint with your national data protection authority
19. Glossary of Key Terms
Personal Information: Any information about an identifiable individual (excluding business contact information and publicly available information).
Processing: Any operation performed on personal information, including collection, use, disclosure, storage, or deletion.
Consent: Freely given, specific, informed, and unambiguous indication of agreement to personal information processing.
Data Subject: An identifiable individual whose personal information is being processed.
Data Controller: An entity that determines the purposes and means of personal information processing (Competence Development Network LLP in most contexts).
Data Processor: An entity that processes personal information on behalf of a controller (e.g., service providers, hosting providers).
PIPEDA: Personal Information Protection and Electronic Documents Act—Canadian federal privacy legislation.
GDPR: General Data Protection Regulation—EU privacy legislation applicable to processing of EU residents' personal data.
Breach: Unauthorized or accidental access, disclosure, loss, or destruction of personal information.
Privacy Impact Assessment: Evaluation of privacy and data protection implications of business initiatives.
20. Appendices
Appendix A: Service-Specific Privacy Information
For Coaching and Development Services:
· Personal information shared in coaching relationships includes sensitive professional and personal information
· Information is kept strictly confidential between coach and coachee
· Sharing with employers occurs only with explicit consent
· Coaching records are retained for 3 years post-engagement
For Training and Educational Programs:
· Participant information is used to customize program content
· Assessment results are shared with participants and, with consent, with employers
· Participation lists and communications may be shared with co-facilitators
· Program evaluation data is anonymized and aggregated for improvement purposes
For Consulting and Organizational Development Services:
· Client organizations control disclosure of engagement results
· Employee or team data collected for assessments is handled confidentially
· Reports may be shared only with authorized client representatives
· Research based on anonymized project data may be used to develop service offerings
End of Data Privacy Statement
This Statement reflects our commitment to privacy protection and regulatory compliance. It demonstrates our respect for the personal information entrusted to us and outlines our obligations and your rights regarding your data.
Document Version: 1.0
Approval Date: January 2, 2026
Scheduled Review Date: January 2, 2027
Owner: Privacy Officer, Competence Development Network LLP
