This Privacy Policy explains how Calgary Iranian Community Association (“CICA”, “we”, “us”, or “our”) collects, uses, discloses, safeguards, retains, and manages personal information when you visit our website, use our online services, register as a member, purchase tickets or products, make a donation, attend our events, or otherwise interact with us (collectively, the “Services”).

We aim to be transparent about our practices and to protect your personal information. This Privacy Policy should be read together with our Policies & Terms, including any event, ticketing, donation, or marketplace terms that may apply to specific transactions.

1) Scope

This Privacy Policy explains how Calgary Iranian Community Association (“CICA”, “we”, “us”, “our”) collects, uses, discloses, stores, and protects personal information.

This policy applies to:

• yycica.org and any subdomains, pages, forms, member portals, and related online services (the “Website”); and
• CICA’s offline activities where we refer you to this policy (for example, in-person events or registrations).

2) What is “personal information”?

“Personal information” generally means information about an identifiable individual. This can include your name, contact details, membership status, registration details, and transaction history.

3) What we collect

Depending on how you interact with CICA, we may collect:

A. Identity and contact information

• Name, email address, phone number
• Mailing/billing address
• Account identifiers (e.g., username) and account settings

B. Membership information

• Membership type/category, status (active/expired), start and renewal dates
• Household information for household memberships (only what is reasonably necessary to administer the membership)
• Eligibility confirmations (e.g., student/senior/newcomer verification), where applicable and limited to what is reasonably necessary

C. Event, program, and ticket information

• Registrations, ticket types, QR codes, check-in/verification records
• Guest/participant details you provide (e.g., guest name; age band where required)
• Dietary preferences or meal selections (only if you choose to provide them)

D. Donations and payment information

• Donation amount, sponsorship selections, confirmations/receipts
• Transaction identifiers and payment status
  Important: Payment card details are generally handled directly by our payment processors. We do not intentionally store full credit-card numbers on our servers.

E. Communications

• Messages you send to us (email/forms), support requests, and correspondence
• Marketing preferences (opt-in/opt-out)

F. Technical/usage information (Website)

• IP address, device/browser type, pages viewed, timestamps
• Approximate location (city/region) inferred from IP
• Cookies and similar technologies (see Section 9)

4) How we collect information

We collect personal information when you:

• Create or manage an account
• Purchase or renew a membership
• Register for events/programs, buy tickets, redeem offers, or donate
• Complete forms, surveys, waivers/consents, or volunteer onboarding documents
• Contact us (email, phone, or website form)
• Use the Website (via cookies and analytics)

5) Why we collect and how we use information

We use personal information for purposes a reasonable person would consider appropriate in the circumstances, including:

A. Delivering services you request

• Creating and administering accounts and memberships
• Processing registrations, tickets, donations, and payments
• Sending confirmations/receipts and account notices
• Verifying membership status for member benefits and access control

B. Operating events and programs

• Managing attendance, check-in/verification, guest lists where applicable
• Safety planning and accommodation support (only what you choose to share; you may withhold non-required details)

C. Communicating with you

• Administrative/transactional communications (receipts, confirmations, event logistics, policy updates)
• Responding to inquiries, support requests, and complaints

D. Improving and securing operations

• Maintaining the Website and preventing fraud/abuse
• Debugging, auditing, and improving performance and user experience
• Keeping operational and financial records for accountability

E. Marketing and community updates (with appropriate consent)

• Sending newsletters, promotions, or partner offers where permitted and based on your consent choices
  You can unsubscribe from marketing messages at any time. Administrative/transactional messages may still be sent when necessary.

6) Consent and your choices

By providing personal information to CICA, you consent to its collection, use, and disclosure as described in this policy, unless a legal exception applies.

You may withdraw consent for certain uses (for example, marketing). However, withdrawal may be limited where we must retain or use information for legal compliance, security, accounting, or dispute resolution.

7) When we disclose personal information

We do not sell personal information.

We may disclose personal information:

A. To service providers

We may share personal information with vendors who help us operate (e.g., payment processors, website hosting, email delivery, analytics). Service providers are expected to protect personal information and use it only as necessary to provide services to us.

B. To partners/venues for events or programs (as needed)

For example, for check-in lists or capacity/safety management—limited to what is reasonably necessary.

C. For legal and safety reasons

Where required or permitted by law, including to comply with legal processes, investigate fraud, or protect the rights and safety of individuals and CICA.

D. With your direction or consent

For example, if you ask us to share information with a specific person or organization.

8) Cross-border processing

Some service providers may process or store personal information outside Canada. When information is processed outside Canada, it may be subject to the laws of that jurisdiction.

You may contact us (see Privacy Contact) for information about our policies and practices regarding service providers outside Canada.

9) Cookies and analytics

We use cookies and similar technologies to:

• Keep sessions working and remember settings
• Understand Website traffic and improve performance
• Help detect fraud/abuse and maintain security

You can control cookies through your browser settings. If you block certain cookies, parts of the Website may not function properly.

10) Security safeguards

We use reasonable safeguards appropriate to the sensitivity of the information, which may include:

• Role-based access controls
• Secure communications (HTTPS) where available
• Least-privilege access for staff/authorized volunteers
• Vendor and platform controls where appropriate

No method of transmission or storage is 100% secure. You are responsible for keeping your login credentials confidential.

11) Retention

We retain personal information only as long as necessary for the purposes described above and as required by law (e.g., accounting, audit, and dispute resolution). We then securely delete, anonymize, or de-identify information where feasible.

12) Access and correction

You may request access to, or correction of, your personal information.

How to request: Email info@yycica.org with the subject line:
“Privacy Request – Access/Correction”
We may request information to verify your identity.

13) Privacy breaches

If a privacy breach occurs (loss, unauthorized access, or unauthorized disclosure), we will take reasonable steps to contain and investigate it.

Where required by law, we will notify the appropriate regulator and affected individuals when there is a real risk of significant harm (or other applicable legal threshold), and we will keep breach records as required.

14) Children and minors

Our Website and services are generally intended for adults. Some events/programs may allow minors with a parent/guardian’s consent. If we collect a minor’s information (e.g., for registration or safety), we limit it to what is necessary and handle it with additional care.

15) Third-party links

Our Website may link to third-party websites. Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.

16) Changes to this policy

We may update this Privacy Policy by posting a revised version and changing the effective date. If changes are material, we may provide additional notice (e.g., a website notice or email).

17) Questions and complaints

If you have questions or complaints, contact us at info@yycica.org