Last Modified 08_31_2023
This Privacy Policy (the "Policy”) sets out how Grand River Post Secondary Education Office ("GRPSEO” "we,” "us,” or "our”) uses and protects any personal information that students ("you,” "your”) share with us, including registration with us, use of our website, provision of content to our website and publications, submission of applications for funding, uploading or other provision of information for any purpose, participation in surveys, requesting services, and other activities. Our services to the Six Nations of the Grand River Territory and Six Nations of the Grand River Band members include recording and processing information relating to academic standing, administering funding, sharing information about other sources of funding, tracking grades and academic results, and other services that we may offer in future. These are all referred to herein as "Services”. This Policy governs your access to our Services. We respect your trust in us to use, store and share your information. In this notice, we explain how we collect personal information about you, how we use it and how you can interact with us about it. Nothing in this Policy affects any confidentiality agreement we have with you. GRPSEO is committed to protecting your privacy and to using your information only in ways that are permitted and needed for our mandate to help Six Nations of the Grand River Territory Band members. By using our Services, you consent to the data practices described in this Policy. Each time you use the Services, the current version of this Policy will apply. Accordingly, when you use the Services, you should check the date of this Policy (which appears at the top) and review for any changes since you last reviewed the Policy. For purposes of this Policy, "personal information" means information that can identify either you or another individual directly or through reasonably available information. This does not include anonymized or aggregated data, provided that the anonymized or aggregated data cannot be used to re-identify an individual.
1. Personal information we collect
The type of personal information we collect is reasonably connected to the Services provided by GRPSEO. We do not collect information that is not relevant to our Services. For example, we need to collect the following information:
(a) your name, age, and contact information;
(b) your Social Insurance Number/Social Security Number and Six Nations Band Registry 10 digit number
(c) your gender identity if you wish to share it with us;
(d) name(s) and contact information of family member(s), if required;
(e) financial information where that information is relevant to the Services;
(f) current and historical academic information;
(g) disabilities and health conditions, where relevant to our Services; and
(h) any other personal information you voluntarily provide when you use our Services.
We collect your personal information directly from you and may also receive information from your family members, your school, and government sources, and so the personal information we have about you will likely be more than just the personal information that you disclose to us.
2. Use of your personal information
GRPSEO collects and uses your personal information only to operate the Services for your benefit and the benefit of Six Nations of the Grand River Band members, and to deliver the Services you have requested. The uses to which we put your personal information may include the following:
(a) processing financial assistance for you;
(b) scheduling meetings;
(c) providing you with support pertaining to your academic progress;
(d) determining appropriate universities, colleges and other post secondary institutions that might be suitable for you;
(e) reporting academic, financial and other relevant information to post secondary institutions and Indigenous Services Canada;
(f) contacting you about the Services you have requested; and
(g) internal record keeping.
We may also use personal information to:
(h) notify you about changes to our Services;
(i) enforce our terms, conditions and policies;
(j) to carry on internal operations, including troubleshooting, data analysis, testing, research, security, fraud detection, account management, and research purposes;
(k) ensure safety and security in case of any crime and misuse of our Services;
(l) assist you when you contact us, including directing your questions to appropriate individuals, investigating and addressing any of your concerns and monitoring our support responses;
(m) in order to comply with our legal obligations, to protect our legal interests and as necessary to perform tasks in the public interest or to protect the vital interests of our users and other people; and
(n) create anonymized data, which is information that cannot reasonably be connected to any identifiable individual (and which is therefore no longer personal information).
3. Disclosure to third parties
(a) In order to provide the Services, personal information may be shared and transferred to providers of bursaries and scholarships, First Nations support services on campus, financing providers, and post secondary institutions that you attend. We share only the personal information and content that is reasonably necessary for the Services.
(b) We may also disclose personal information to third parties under special circumstances to i) comply with any legal requirements, judicial proceedings, court order or legal process served on GRPSEO or its affiliates; ii) to investigate a possible crime, such as fraud or identity theft; iii) when we believe it is necessary to protect rights, property or safety; or iv) as otherwise required or permitted by law, including any contractual obligations of GRPSEO.
4. Opt-out
(a) You may withdraw your consent for our use and collection of your personal information at any time. However this may limit or even make it impossible for us to provide the Services. To opt out, you must contact us using the contact information set out at the end of this Policy.
(b) You may opt out of use of cookies through your browser settings (see more information on this in the Cookies section below).
5. Cookies
We may use cookies and other technologies (such as web beacons), as well as resettable device identifiers, for various reasons. We want you to be informed about our use of these technologies, and so this section explains the types of technologies we may use, what they do, and your choices regarding their use. Cookies are small data files that are commonly stored on your device when you browse and use websites and online services. Cookies often contain a unique identifier, allowing us to recognize you when you visit our website or use our Services again. This helps us more smoothly and effectively to provide you with the information you seek from us.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our Services and website or your experience with our website may be impaired or slow.
6. Controlling your personal information
You can request that any personal information stored by GRPSEO be deleted at any time and request that we stop certain personal information handling practices by contacting us at We may require you to provide certain information to verify that it is you making the request. If you ask us to delete your personal information, we will no longer be able to provide you with Services. We will not be able to delete any personal information that we are required by law to retain.
7. Children and Privacy
We do not knowingly collect personal information from children in connection with any Services provided through our Services, and our Services are not to be used by those under the age of 14. If we become aware that an individual under the age of 14 has provided personal information to us, we will immediately remove that information from our database.
8. How we protect personal information
We take the security of personal information very seriously. We use reasonable administrative, physical and technical safeguards to secure the personal information that you share with us. Despite these safeguards and other efforts to secure your information, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and inappropriately collect, access, steal or modify your or others’ personal information.
The security of your use of the Services partially relies on your protection of your own Internet connected devices. Please do not share your username or password or other identifiers with anyone, and please don’t make that information easy to find or simple to guess. In short, the security of the user profile that you create to interact with the Services relies on your protection of your login credentials. You are responsible for maintaining the security of your login credentials, including your password and for any and all activities that occur under your account.
Any email or communication purporting to be from GRPSEO requesting your password or asking you to provide sensitive account information should be treated as unauthorized and suspicious. Please report any such communications to us at If you believe that someone else has obtained access to your password, please change it immediately and report it to us by email at
9. Retention of your personal information
We only ever retain personal information for as long as is necessary for the Services and compliance with laws and contracts binding on us, and we have strict review and retention policies in place to meet these obligations. GRPSEO shall not retain data for longer than is necessary to fulfil the lawful purpose of data processing and for a period of time thereafter until legal rights and remedies have been exhausted.
10. Third party resources
The Services may direct you to third party resources, including websites and services that GRPSEO does not operate – for example those of universities, colleges, trade schools, banks, insurance companies and others. The privacy practices of these other websites and services will be governed by their own policies and once you have linked to these other resources, you should note that we do not have any control over those resources or what they do with your personal information.
GRPSEO encourages you to review the privacy policies and statements of any third parties before sharing your personal information so that you can understand how these parties collect, use and share your information. GRPSEO is not responsible for the privacy statements or other content on websites or services outside of Services or the GRPSEO website.
11. Changes to this Policy
GRPSEO may change this Policy from time to time by updating this page. GRPSEO encourages you to periodically review this Policy to be informed of how GRPSEO is protecting your information.
12. Contact information
GRPSEO welcomes your comments regarding this Policy. If you believe that GRPSEO has not adhered to this Policy or if you have questions relating to how GRPSEO handles your personal information, please contact us at