Privacy Policy

International Business University (“IBU”, “the University”, “we”, “us”, or “our”) respects the privacy of its community and is committed to the protection of Personal Information belonging to its students, faculty, staff, alumni, donors, volunteers, directors, governors, and other individuals who interact with the University.

IBU collects, uses, and discloses Personal Information in the course of delivering its academic programs, operating its institutional services, hosting sponsored events such as workshops and seminars, managing admissions and enrolment, supporting teaching and learning activities (including online and virtual delivery), administering payments, responding to inquiries, and communicating institutional information, publications, news releases, and bulletins.

Personal Information may be collected through multiple channels, including but not limited to:

• Participation in academic programs and University services;
• Use of IBU’s website, online platforms, applications, Wi-Fi services, and digital tools;
• Completion of applications, registrations, forms, questionnaires, or surveys;
• Direct communications with the University; and
• Engagement with University-sponsored activities or events.

This policy provides the overarching framework that explains:

• What Personal Information IBU collects;
• How such information is collected, used, disclosed, stored, and protected; and
• The rights of individuals with respect to their Personal Information, including access, correction, and consent management.

This policy forms part of IBU’s broader institutional governance framework and supports the University’s obligations under applicable privacy legislation, regulatory requirements, and recognized best practices for data stewardship.

The purpose of this policy is to confirm International Business University’s (IBU’s) commitment to protecting the privacy of its community and to clearly articulate how the University fulfills this commitment in accordance with applicable statutes and regulations.

This policy establishes a transparent framework for the collection, use, disclosure, retention, protection, access, and correction of Personal Information in support of IBU’s academic mission, institutional operations, and service delivery.

The policy further aims to:

• Ensure that Personal Information is managed fairly, appropriately, and lawfully;
• Promote transparency and accountability in IBU’s data management practices;
• Inform individuals of their rights and choices with respect to Personal Information; and
• Provide assurance that Personal Information is handled in a manner consistent with legal obligations, regulatory expectations, and best practices in privacy protection.

International Business University (“IBU”) is committed to the fair, lawful, transparent, and responsible collection, use, disclosure, retention, and protection of Personal Information in support of its academic mission, institutional operations, and statutory obligations.

IBU shall manage Personal Information in a manner that:

• Complies with all applicable federal and provincial privacy legislation, regulations, and contractual obligations;
• Respects the privacy rights and reasonable expectations of individuals whose Personal Information is collected or processed by the University;
• Limits the collection, use, and disclosure of Personal Information to purposes that are identified, appropriate, and necessary for University operations or otherwise permitted or required by law;
• Ensures that Personal Information is accurate, complete, and up to date for the purposes for which it is used;
• Implements reasonable administrative, technical, and physical safeguards to protect Personal Information against loss, theft, unauthorized access, disclosure, copying, use, or modification; and
• Provides individuals with appropriate rights of access, correction, and consent management, subject to legal and operational limits.

Personal Information collected by IBU shall not be used or disclosed for purposes other than those for which it was collected, except where consent has been obtained, where required or permitted by law, or where necessary to fulfill the University’s academic, administrative, regulatory, or legal responsibilities.

IBU affirms its commitment to transparency and accountability in its data management practices and shall make this Privacy Policy publicly available. The University shall review and update this Policy periodically to ensure continued alignment with legal requirements, institutional practices, and recognized best practices in privacy governance.

This Privacy Policy applies to all Personal Information collected, used, disclosed, stored, or otherwise processed by International Business University (“IBU”) in the course of carrying out its academic, administrative, operational, and institutional activities.

Without limitation, this Policy applies to Personal Information relating to:

• Current, former, and prospective students;
• Applicants to academic programs and continuing education offerings;
• Faculty members, sessional instructors, and academic administrators;
• Staff, contractors, consultants, volunteers, and service providers;
• Alumni, donors, Board members, Governors, and committee members;
• Visitors to IBU campuses and participants in IBU-sponsored programs, events, workshops, and seminars; and
• Users of IBU websites, applications, Wi-Fi networks, learning platforms, and other digital or online services.

This Policy applies to Personal Information collected through any means, including but not limited to:

• Online platforms, websites, applications, learning management systems, and electronic communications;
• In-person, telephone, written, or electronic interactions;
• Academic, admissions, enrolment, financial, alumni, advancement, marketing, and regulatory processes; and
• Third-party service providers acting on behalf of IBU.

This Policy applies regardless of whether the Personal Information is collected, processed, or stored within Canada or transferred, accessed, or processed outside of Canada, subject to applicable legal requirements.

5.1 Personal Information

“Personal Information” is any information about an identified individual or an individual whose identity may be inferred or determined from such information.

5.2 Service Provider

“Service Provider” means any individual, entity (including vendors and marketing and joint venture partners), or agent of an entity, that receives, maintains, processes, or otherwise is permitted to access Protected Information through its provision of services to IBU (including its affiliates) or its students.

6.1 Reader Notice and Consent

Please read this Privacy Policy carefully to understand our policies and practices for processing and storing data. By interacting us, engaging with our website and otherwise providing your personal information to us, using our services, you accept and consent to our practices and the terms of this Privacy Policy. If you do not agree with any terms of this Privacy Policy, please do not use our Services or submit any Personal Information to us.

6.2 IBU`s Privacy Policy

This Privacy Policy includes the following sections. You should read the entire Privacy Policy; however, you may use the links below to be directed to the information you are seeking:

6.2.1 What is Personal Information?

What is Personal Information? Personal information is information about an identifiable individual.

6.2.2 What Personal Information We Collect

What Personal Information We Collect. The Personal Information IBU collects depends on how you interact with our Services, our website, or us. For example, we may collect information, such as your name, address, phone number, student number, grades and email address, IP address, social insurance number, driver’s license number, information you provide when you communicate with us, your payment information, and other information we are permitted or required to collect by applicable law. Personal Information does not include information about someone acting in a business or professional capacity such as IBU employee name, name of the department and position are not considered personal information.

6.2.3 How we Use Personal Information

How we Use Personal Information. We use personal information to provide our services, including to evaluate applications and registrations; to provide support and student services, to personalize content and experiences, for marketing and promotional purposes; to analyze and improve our services and operations; to protect our assets and operations and to comply with our legal obligations and to carry out any other legitimate and lawfully authorized purposes.

6.2.4 How we Collect Information Directly when you Contact us and Automatically when you Visit our Website, and Cookies

How we Collect Information Directly when you Contact us and Automatically when you Visit our Website, and Cookies. We collect information about you directly from you, from third parties, and automatically through your use of our Services or interactions with us. We may combine the information we collect from these various sources. To help us manage our services, website and for related purposes, the information we collect may include your name, contact details, date of birth, education history, financial information, employment status, photos, interests, demographic information, domain name, the time of visits, which pages of website are visited and what features and links are used, how users interact with our communications, IP address, internet service provider, operating system, web browser, and identity of the website visited immediately before coming to our website and other information.

6.2.5 How to Opt-Out of certain uses of your Personal Information

You can opt out of certain of our practices, including our email. Further covered in section 6.7 below.

6.2.6 How we Disclose Personal Information

How we Disclose Personal Information. We may disclose personal information to our service providers, to Statistics Canada, and for legal requirements.

6.2.7 How we Protect Personal Information

How we Protect Personal Information. We use technical, contractual, physical, and administrative security measures to help protect the Personal Information in our possession, but we cannot ensure or warrant the security of any Personal Information you provide to us.

6.2.8 We may Transfer Personal Information Outside of Canada

We may Transfer Personal Information Outside of Canada. By providing us with personal information, you understand and expressly agree that we may transfer some or all of that information to be stored or processed on servers located outside of Canada, including in [the United States] and [the UK].

6.2.9 Accessing and Correcting your Personal Information

Accessing and Correcting your Personal Information. Subject to certain limits, you may access, review, and request correction to the Personal Information of yours that we hold.

6.2.10 Children and Parents

Children and Parents. We do not intend to collect personal information about children under 13.

6.2.11 Third Party Websites

Third Party Websites. We are not responsible for the practices of third-party websites.

6.2.12 We may Change this Policy

We may Change this Policy. You should review this privacy policy from time to time. We may change it.

6.2.13 How to Contact Us

How to Contact Us. You may contact us by clicking “Request Info” on our website.

6.3 What is Personal Information?

“Personal Information” is any information about an identified individual or an individual whose identity may be inferred or determined from such information.

6.4 What Personal Information We Collect

IBU offers undergraduate education program(s) and courses to its students in Canada who are admitted to our program(s) based on our evaluation of their application, and other information we obtain in respect of it (“Services”). To provide our Services, we collect Personal Information as we describe in this Privacy Policy, and/or in any agreement or application, you have with us.

The Personal Information IBU collects depends on how you interact with us, our Services, or our website. For example, we may collect information, such as:

a) Your full name, and contact information such as your address, phone number, and email address,
b) Information you choose to provide when you communicate with us,
c) Information relating to your race, national or ethnic origin, first language, colour, disability, religion, age, sex, sexual orientation, or marital or family status of the individual;
d) Information relating to your educational, medical, psychiatric, psychological, criminal or employment history or your remuneration or about financial transactions;
e) Contact details including your home address, email address or telephone number;
f) Any identifying number, symbol or other identifier assigned to you; and
g) Other information we are permitted or required to collect by applicable law.

When you visit our website, https://ibu.ca/, we may collect information as described in section 4, “How we Collect Information Automatically when you Visit our Website, and Cookies.”

6.5 How We Use Personal Information

Personal information collected is used only for the purposes for which it is collected, for a consistent purpose and is not generally used or disclosed for any other purpose, except where permitted or required by applicable law or with your consent.

IBU may use the information we collect for the following purposes:

a) to evaluate the applications for making an admission decision and process tuition payment information;
b) to establish record of students for registration of applicants and following students’ performance in programs and courses;
c) to contact with students, their families, employees, alumni or donors when required;
d) to organize graduation activities for graduating students and their families;
e) for preparation of the Student, Staff and Faculty Directories;
f) for preparation of the annual Accreditation and Regulatory Reports;
g) for event notification to students, alumni and donors;
h) to include an individual on IBU mailing, email, and telephone lists;
i) to recommend particular products and services including counselling services;
j) to understand how visitors interact with our website and our advertising;
k) to improve our website and advertising;
l) to carry out other purposes that are disclosed to you and to which you consent; and
m) to carry out any other purpose permitted or required by law.

6.6 How we Collect Information Automatically when you Visit our Website, and Cookies

When you visit our website, or click one of our online advertisements, we may collect information such as:

• your domain name,
• the time of your visit,
• which pages of our website you visit and what features and links you click or use,
• how you interact with communications we send you, such as whether you open an email we send you,
• your Internet Protocol (IP) address,
• your Internet Service Provider (ISP),
• the Operating System (Windows, Macintosh, etc.) you use,
• the web browser (Netscape, Internet Explorer, etc.) you use, and
• the identity of the website you visited immediately before coming to our website.

This information is used to help us:

a) Manage our website,
b) Diagnose any technical problems,
c) Serve advertising on our website and on third party websites and social media;
d) Track click streams, measure, monitor, and report on website traffic and page views,
e) Determine how visitors arrive at our website and interact with our content, including determining which of our advertisements are the most effective,
f) Remember you if as you navigate through our site, and if you return too it, and
g) Improve the content of our website, and our advertising.

In browsing the internet, you will encounter a technology known as “cookies”. “Cookies” are files or pieces of information that may be stored on a computer/device’s hard drive when an individual visits a web site. Most Internet browsers are initially set to accept cookies. We may also use related technologies, such as web beacons, pixels, other storage technologies, and/or other similar devices. We may use cookies and such related technologies to enable you to use certain website features, improve website functionality, store and customize your preferences, recognize you when you return to our website, and monitor and maintain information about your use of our websites.

We may also work with third party companies to collect information about your use of our website through technologies such as cookies and related technologies so that we may better understand the use of our website. The third parties we work with may include:

• Google, which uses cookies and other technologies to collect and analyze information about the use of our website and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and resources. We may use this for impression reporting, and to learn, on an aggregate basis, about the demographics and interests of people who visit our website or click our advertising. You can learn about Google’s practices by going to https://policies.google.com/technologies/partner-sites and opt out of them by downloading the Google Analytics opt-out browser add-on, available at: https://tools.google.com/dlpage/gaoptout.
• From time to time, we may also use Facebook and Twitter tracking pixels and Site improve pixel for web optimization. Information collected includes, but is not limited to, data to track frequency of visits, pages visited, web browser used, and city of web visitor.
• We note that Google, Facebook and Twitter own and operate data centers around the world. To find out more about their data center locations and privacy policies, please see the following links:
  https://www.google.com/about/datacenters/inside/locations/index.html.
  https://www.facebook.com/policy.php https://twitter.com/en/privacy

6.7 How to Opt-Out of certain uses of your Personal Information

You can opt-out of certain of our use of Google Analytics; by using the link we provide in section 4 above.

You may also opt-out of receiving certain behavioral ads by visiting the Digital Advertising Alliance website at http://youradchoices.ca/.

If you receive commercial email from us, you may opt-out by using the ‘unsubscribe’ tool at the bottom of such messages.

For more assistance, or any questions, please contact us using the information in section 6.15 below.

6.8 How we Disclose Personal Information

To provide our Services, we may be required to disclose some of the Personal Information you provide to third parties. For example, we may work with service providers to help us operate our website, and process payments, and provide our Services. These entities may assist us with the processing of your Personal Information in the manners we describe in this Privacy Policy. For example, and without limitation, we may share Personal Information with education partners, Statistics Canada, providers of insurance and their underwriters and with other financial institutions for payment processing purposes.

We may also disclose or transfer your Personal Information as part of any actual or contemplated merger, sale, transfer of our assets, acquisition, financing, or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.

We may disclose your Personal Information as required under applicable law or in response to legal process (e.g., in response to a subpoena or court order).

We may also use, or disclose your Personal Information to third parties, if we have reason to believe that using or disclosing such information is necessary to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us, including if we deem it necessary or advisable for the purpose of collecting any debt you owe us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; (iv) to respond to claims asserted against us; or (v) to protect our rights, safety or property.

Lastly, we may disclose your Personal Information for any other purpose to which you consent.

6.9 How we Protect Personal Information

IBU uses technical, physical, and administrative security measures to help protect the Personal Information in our possession. Only staff members, IBU representatives, or third-party service providers needing access to Personal Information are provided access to such information and we limit their access to that needed for the purpose(s) they are carrying out.

Personal Information may be accessed by persons within our organization, or our third-party service providers, who require such access to carry out the purposes described in this Privacy Policy, and such other purposes as permitted or required by applicable law. Personal Information we collect is managed from our offices in [Toronto].

No security measures can provide absolute protection. As a result, we cannot ensure or warrant the security of any information you provide to us, and you provide Personal Information to us at your own risk. You should always take care how you handle and disclose your Personal Information and should avoid sending Personal Information through insecure email, Social Networks, or other Internet channels.

6.10 We may Transfer Personal Information Outside of Canada

Some or all of the Personal Information we collect may be stored or processed on servers located outside of Canada, [including in the United States, and the UK.] Data protection laws in the US or other countries may differ from those in Canada. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions.

By providing us with Personal Information, you understand and expressly agree that we may transfer it outside of Canada or your jurisdiction of residence. If you do not agree to the transfer of your Personal Information outside of Canada, do not provide us with Personal Information, or use our Services.

6.11 Accessing and Correcting your Personal Information

You may access, review, and request correction your Personal Information held by IBU. If you request access, we endeavor to provide the information in question within a reasonable time.

To protect against fraudulent requests for access to your Personal Information, we ask you for information to allow us to confirm that the person making the request is you or is authorized to access your information before granting access. For example, we may require you to verify your identity before you access your Personal Information.

We reserve the right not to change Personal Information if we disagree that it is incorrect, but we will append your requested alternative information. We may not provide access to Personal Information where permitted or required to deny access by the applicable law, for example, where the information requested would disclose the Personal Information, including opinions, of another individual or if it is subject to solicitor-client or litigation privilege.

6.12 Children and Parents

Our website is not directed at children, and we do not knowingly collect Personal Information from children under 13. If you are the parent or legal guardian of a child under 13 who has provided us with Personal Information themselves, you may ask to review or delete this information.

6.13 Third Party Websites

Our website may contain links to websites owned by third parties. These other websites may have their own privacy policies, terms and conditions that are not governed by this Privacy Policy. We are not responsible for the privacy practices, or the content of any website(s) owned and operated by third parties. Other websites may collect and treat information collected differently, so we encourage you to carefully read and review the privacy policy for each website you visit. Any links from our site to other websites, or references to products, services or publications other than those of IBU, do not imply the endorsement or approval of such websites, products, services or publications by IBU.

6.14 We may Change this Policy

We reserve the right to modify this Privacy Policy at any time. If we change this Privacy Policy, we will indicate the date this Privacy Policy was last amended. By accessing or using this website, our Services, or providing us with Personal Information after such changes, you consent to this Privacy Policy, as revised. Please periodically review this Privacy Policy so that you know what Personal Information we collect, how we use it, and with whom we may share it.

6.15 Requests for Managing Personal Information

Request for access to or correction of your personal information or to withdraw your consent, or any questions or concerns that you may have about the treatment of your personal information or this Privacy Policy, should be directed to the Registrar and Director of Enrolment Services and Student Success as follows:

International Business University

Attention: Swarna Bakshi Saini
Title: Registrar and Director of Enrolment Services and Student Success
Email: SSaini@ibu.ca

7.1 Accountable Authority (Policy Adherence and Review) 

The responsibility and authority for adherence and review of this policy resides with the Dean/Vice President (or designate), with that responsibility shared with IBU’s Academic Council, Board of Governors department chairs and faculty, as appropriate. 

7.2 Service Provider (Defined Role) 

Service Provider” means any individual, entity (including vendors and marketing and joint venture partners), or agent of an entity, that receives, maintains, processes, or otherwise is permitted to access Protected Information through its provision of services to IBU (including its affliates) or its students. 

7.3 Institutional Personnel and Service Provider Obligations 

All personnel at IBU, along with all service providers, are required to understand, adhere and comply to the Privacy Policy. 

7.4 Service Provider Assurance and Due Diligence 

IBU will take appropriate measures to ensure that any service provider accessing Personal Information is capable of complying with relevant data security laws and regulations. 

The confidentiality principles, lawful disclosure limitations, and privacy commitments governing the collection, use, and protection of Personal Information are established in the above sections of this Policy.

This section sets out the operational compliance procedures through which those principles are implemented, enforced, and monitored.

9.1 Internal Access Controls and Need-to-Know Basis

Personal Information shall be accessed only by staff members, IBU representatives, or third-party service providers who require such access to carry out authorized functions in support of IBU’s academic, administrative, regulatory, or operational purposes, as described in this Policy and as permitted or required by applicable law.

Access to Personal Information is restricted to the minimum necessary for the performance of assigned duties and is governed by role-based authorization controls.

9.2 Disclosure for Operational and Regulatory Purposes

Where disclosure of Personal Information is required to implement this Policy— including for accommodation measures, interim conditions, investigation processes, decision-making, corrective action, or regulatory reporting—information shall be shared only with those within the University who have a legitimate need to know for such purposes.

Where fairness or procedural requirements apply (including where a complaint, investigation, or dispute is involved), disclosure may include identification of relevant parties and material allegations, in accordance with applicable law and institutional procedures.

9.3 Disclosure Required by Law or Risk Mitigation

Notwithstanding the confidentiality commitments set out in this Policy, Personal Information may be disclosed where required or permitted by law, including but not limited to circumstances involving:

• compliance with subpoenas, court orders, statutory obligations, or regulatory requirements;
• reasonable grounds to believe that an individual is at imminent risk of self-harm;
• reasonable grounds to believe that an individual poses an imminent risk of harm to others; or
• reasonable grounds to believe that members of the University community or the wider public may be at risk of harm.
• In such circumstances, disclosure shall be limited to the minimum information necessary and shared only with appropriate authorities or services for the purpose of preventing harm or complying with legal obligations.

9.4 Investigations, Audits, and Enforcement

All members of the University community, including employees, contractors, and service providers, are required to cooperate with authorized investigations, audits, or compliance reviews relating to privacy, data protection, or alleged breaches of this Policy.

Where a breach of this Policy is suspected or confirmed, IBU may take corrective action, including administrative, contractual, academic, or disciplinary measures, in accordance with applicable University policies, procedures, collective agreements, and legal requirements.

9.5 Service Providers and Third-Party Compliance

Where Personal Information is accessed, processed, or stored by service providers, IBU shall take reasonable measures to ensure that such service providers are capable of complying with applicable data protection laws, contractual obligations, and the requirements of this Policy.

Service providers shall be permitted access only to the extent necessary to perform contracted services and shall be subject to appropriate confidentiality and security obligations.

IBU is committed to the ongoing evaluation, monitoring, and continuous improvement of its privacy management practices to ensure compliance with applicable legislation, regulatory expectations, and institutional commitments set out in this Policy.

10.1 Policy Effectiveness Monitoring

The effectiveness of this Privacy Policy shall be evaluated on a continuing basis through:

• monitoring compliance with internal privacy controls, access restrictions, and disclosure protocols;
• review of reported privacy incidents, complaints, disclosures, or suspected breaches;
• assessment of institutional practices related to the collection, use, disclosure, storage, and protection of Personal Information; and
• review of operational alignment with applicable privacy legislation, including the Freedom of Information and Protection of Privacy Act (FIPPA) and other relevant statutes.

10.2 Reporting and Institutional Oversight

An annual privacy report shall be prepared and provided to the Board of Governors, and where required, submitted to external authorities or regulators.

The report may include, in aggregated and non-identifiable form:

• the number and nature of requests for access to or correction of Personal Information;
• the number and nature of privacy-related complaints, disclosures, or incidents;
• actions taken to address identified risks, breaches, or compliance gaps;
• initiatives undertaken to improve privacy awareness, training, or safeguards; and
• an assessment of the implementation and effectiveness of this Policy.

No report produced under this section shall include Personal Information within the meaning of section 38 of the Freedom of Information and Protection of Privacy Act.

10.3 Continuous Improvement and Risk Mitigation

IBU shall use evaluation findings, audit outcomes, and incident reviews to:

• strengthen privacy safeguards and controls;
• enhance staff awareness, training, and guidance related to privacy obligations;
• update operational procedures and service-provider requirements; and
• reduce institutional, legal, reputational, and information security risks.
• Where deficiencies or emerging risks are identified, corrective actions shall be implemented in a timely and proportionate manner.

• Freedom of Information and Protection of Privacy Act (FIPPA)
• IBU Sexual Violence Policy
• Sexual Violence Procedures
• IBU Harassment and Discrimination Prevention Policy and Procedures
• Violent and Criminal Incident Response Procedures