Privacy Policy

Applies to: ThePFSI.com, related subdomains, and PFSI-managed online course/exam portals (collectively, the “Services”).

1) Who we are

Personal Fiduciary Standards International (“PFSI”) provides education and certification for individuals acting in personal fiduciary roles (e.g., Power of Attorney, Executor/Executrix, Trustee). For the purposes of applicable privacy laws, PFSI is the “controller” (EU/UK) and the “organization” (Canada) for personal information we collect through the Services.

Contact (all regions): privacy@thepfsi.com
Mailing address: 4-2131 Williams Parkway, Brampton, Ontario, Canada, L6S 5Z4

2) Scope

This Policy explains how we collect, use, disclose, transfer, and protect personal information when you interact with our website, register for the Personal Fiduciary Certificate (PFC), complete coursework/exams, request support, or otherwise use our Services.

3) What we collect

a) Information you provide directly

  • Account & profile: name, email, phone, password, language preference, country/region.
  • Course/exam: enrollment details, progress, test attempts/scores, certifications, CE credit confirmations (e.g., IAFE/Advocis).
  • Payments: handled by third-party processors; we receive limited billing details (e.g., status, last 4 digits, transaction ID).
  • Support & communications: messages, attachments, preferences, feedback, survey responses.
  • Uploads about others: If you upload or input information about principals, beneficiaries, or other third parties (e.g., to complete learning activities), you are responsible for having a lawful basis to do so and for sharing only what is necessary.

b) Information collected automatically

  • Device & usage: IP address, device identifiers, browser type/version, operating system, referring URLs, pages viewed, time on page, and general location (derived from IP).
  • Cookies/similar tech: session cookies, preference cookies, analytics. See Cookies & similar technologies below.

c) Information from third parties

  • Single sign-on / partner portals: Some identity assertions and attributes (e.g., name, email, org) necessary to create/maintain your account.
  • CE credit bodies / professional associations: confirmation of eligibility/credit issuance if required.
  • Service providers: fraud prevention, analytics, customer support, and payment processors may provide derived or reference data (e.g., risk signals, ticket IDs).

4) How we use personal information (purposes & legal bases)

We limit use to what is necessary to:

  1. Provide and improve the Services (course delivery, exam administration, certification, CE credits, support, troubleshooting).
    • Legal bases: contract necessity; legitimate interests (service quality); consent (where required).
  2. Operate our website and analytics (security, performance, understanding engagement to improve content and usability).
    • Legal bases: legitimate interests; consent for non-essential cookies (EU/UK).
  3. Verify identity and prevent abuse (fraud/cheating detection in exams, security monitoring).
    • Legal bases: legitimate interests; legal obligations.
  4. Issue certificates and CE confirmations (records of completion, verification to you and authorized bodies).
    • Legal bases: contract necessity; legitimate interests; legal obligations where applicable.
  5. Communicate with you (transactional emails, policy updates, service notices; with consent where required for marketing).
    • Legal bases: contract necessity; legitimate interests; consent (marketing/where required).
  6. Comply with laws and enforce rights (audits, accounting, responding to lawful requests, dispute resolution).
    • Legal bases: legal obligations; legitimate interests.

5) Disclosures (how we share information)

We may disclose personal information to:

  • Service providers/processors under contract (hosting, cloud infrastructure, learning/exam platforms, proctoring if used, analytics, email/SMS, customer support, payment processing, security/fraud prevention). They must keep it confidential, secure, and only use it as instructed.
  • Professional bodies/CE credit entities to issue or verify CE credits where you request or are eligible.
  • Partners (e.g., your employer/association/benefits sponsor) only where (i) you enrolled through them; (ii) sharing is necessary to deliver the program; and (iii) sharing is permitted by law and our agreements.
  • Authorities or other parties when required by law, in response to valid legal process, to protect rights, safety, or prevent fraud/abuse.
  • Business reorganization: in a merger, acquisition, or asset transfer, your information may transfer under this Policy’s protections.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. If that changes, we will update this Policy and provide required opt-out mechanisms.

6) International transfers

PFSI operates globally. We primarily host data in Canada and/or the United States and may process data in other countries where we or our processors operate. When transferring personal information from the EEA/UK to countries without an adequacy decision, we rely on appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum), plus supplementary measures as needed.

7) Data retention

We retain personal information only as long as necessary for the purposes described above, including:

  • Course/exam/certification records: retained to maintain accurate transcripts, verify credentials, and meet legal/association obligations.
  • Transactional/account records: retained for tax, accounting, security, and compliance periods.
  • Marketing preferences: retained until you opt out or delete your account.
    When no longer needed, we securely delete or anonymize data.

8) Security

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including access controls (“need-to-know”), encryption in transit and at rest (where applicable), secure development practices, staff training, and contractual confidentiality with vendors. No method of transmission or storage is 100% secure; please use caution when sending information electronically.

9) Your rights

Your privacy rights depend on where you live. Subject to legal limits, you may have rights to access, correct, delete, restrict, object, portability, and to withdraw consent.

EU/EEA & UK (GDPR/UK GDPR)

  • Rights: access, rectification, erasure, restriction, portability, objection, and consent withdrawal.
  • You may lodge a complaint with your local supervisory authority (e.g., CNIL, ICO).
  • Where we rely on consent, you may withdraw it at any time.

Canada (PIPEDA & provincial laws)

  • Rights: access and correction; information about our practices; challenge compliance.
  • You may contact the Office of the Privacy Commissioner of Canada (or provincial commissioners).

U.S. State Privacy Laws (e.g., CA/CPRA, CO, CT, UT, VA)

  • Rights may include: know/access, correct, delete, portability, and to opt out of “sale”/“sharing”/targeted advertising.
  • PFSI does not sell or share personal information for cross-context behavioral advertising and does not use sensitive personal information for inference-based profiling.
  • Authorized agents may make requests where permitted. We will verify your identity before responding.

How to exercise rights: email privacy@thepfsi.com. We will respond as required by applicable law.

10) Children’s privacy

The Services are not directed to children under the age of 13 (U.S.) or 16 (EEA/UK, where consent requirements apply). Do not provide us children’s data unless legally permitted and necessary (e.g., as part of a learning scenario with proper authority). If we learn we have collected personal information from a child contrary to law, we will delete it.

11) Cookies & similar technologies

We use cookies and similar technologies to operate our Website, remember preferences, enhance usability, analyze usage, and—where permitted—provide personalized experiences.

  • Strictly necessary cookies are required for the Website to function and cannot be disabled.
  • Preference, analytics, and marketing cookies are optional and used only with your consent where required (e.g., EU/UK).

For full details about the cookies we use, the third parties involved, and how to manage them, please see our Cookies Policy

12) Marketing communications

We send transactional emails (enrollment, receipts, exam notices, policy changes). With your consent where required, we may send informational or promotional communications about new languages, modules, or credentials. You can unsubscribe via the link in the message or by contacting us. We will continue to send essential service notices.

13) Payment processing

Payments are handled by third-party processors. PFSI does not store full payment card numbers. Processors handle your payment information under their own privacy/security standards (e.g., PCI DSS). We receive limited metadata (e.g., last 4 digits, token, payment status).

14) Information about others (when you act as a fiduciary)

If you provide information about another individual (e.g., a principal or beneficiary) as part of coursework or exercises, you confirm you have a lawful basis and share only what is necessary. Avoid uploading sensitive identifiers (e.g., government IDs, full account numbers) unless essential and permitted by law. Where possible, use anonymized examples.

15) Third-party links

The Services may link to third-party sites or platforms (e.g., CE bodies, professional associations). Their privacy practices apply to their sites; we encourage you to review their policies.

16) Changes to this Policy

We may update this Policy to reflect changes in our practices or legal requirements. Please check back regularly for any changes or updates.

17) How to contact us

Questions, requests, or complaints: privacy@thepfsi.com 

  • EU/UK users may also contact the relevant supervisory authority.
  • We will respond within the timelines required by applicable law.

Region-Specific Notice (California “CPRA” Summary)

Categories collected: Identifiers (name, email), internet/activity data (usage analytics), education data (course/exam records), and limited commercial information (transaction metadata).
Sources: You, your device, partners (e.g., SSO), service providers, CE bodies.
Purposes: As described in Sections 4–6.
Retention: As described in Section 7.
Selling/Sharing: We do not sell or share personal information for cross-context behavioral advertising.
Sensitive PI: We do not use Sensitive Personal Information to infer characteristics.
Rights & Requests: Access, correction, deletion, portability, opt-out (if ever applicable), and non-discrimination. Submit at privacy@thepfsi.com.