The Government of Canada and the Canada Revenue Agency (CRA) are committed to providing websites that respect the privacy of visitors. This privacy notice summarizes the privacy practices for the CRA's online activities.
All personal information collected by this institution is governed by the Privacy Act. This means that you will be informed of the purpose for which your personal information is being collected and how to exercise your right of access to that information.
Your privacy and the Internet
The nature of the Internet is such that web servers automatically collect certain information about a visit to a website, including the visitor's Internet Protocol (IP) address. IP addresses are unique numbers assigned by Internet Service Providers (ISP) to all devices used to access the Internet. Web servers automatically log the IP addresses of visitors to their sites. The IP address, on its own, does not identify an individual. However, in certain circumstances, such as with the co-operation of an ISP for example, it could be used to identify an individual using the site. For this reason, the Government of Canada considers the IP address to be personal information, particularly when combined with other data automatically collected when a visitor requests a webpage such as the page or pages visited, date, and time of the visit.
Unless otherwise noted, the CRA does not automatically gather any specific personal information, such as name, telephone number, or email address from those who visit our webpages. We would obtain this type of information only if you supply it to us, for example, by email, or by filling in a contact form, or when you file an electronic tax return online, or conduct other online transactions with us. When we collect personal information from you during an online transaction, we explain why we are doing so and how you can exercise your right to access that information. The explanation we provide is often in the form of a privacy notice or statement. In cases where services are provided by organizations outside of the Government of Canada, such as social media platforms or mobile applications, IP addresses may be recorded by the web server of the third-party service provider.
Communicating with the Government of Canada
If you choose to send the CRA an email or complete a feedback form online, your personal information is used by the agency in order to respond to your inquiry. The information you provide will only be shared with another government institution if your inquiry relates to that institution. The CRA does not use the information to create individual profiles nor does it disclose the information to anyone other than to those in the federal government who need to provide you with a response. Any disclosure of your personal information is in accordance with the Privacy Act.
Emails and other electronic methods used to communicate with the CRA are not secure unless it is specifically stated on a webpage. Therefore, it is recommended that you do not send sensitive personal information, such as your social insurance number or your date of birth, through non-secure electronic means.
Personal information from emails or completed feedback forms is collected pursuant to section 5 of the Canada Revenue Agency Act. Such information may be used for statistical, evaluation and reporting purposes and is included in Personal Information Bank (PIB) Public Communications (CRA PSU 914).
Third-party social media
The CRA's use of social media serves as an extension of its presence on the web. Social media account(s) are public and are not hosted on Government of Canada servers. Users who choose to interact with us via social media should read the terms of service and privacy policies of these third-party service providers and those of any applications you use to access them. The CRA uses Twitter, YouTube, LinkedIn, and Facebook.
Personal information that you provide to the Government of Canada via social media account(s) is collected under the authority of the section 5 of the Canada Revenue Agency Act. This information is collected to capture conversations (for example, questions and answers, comments, "likes," retweets) between you and the CRA. It may be used to respond to inquiries, or for statistical, evaluation, and reporting purposes. Comments posted that violate Canadian law will be deleted and disclosed to law enforcement authorities. Comments that violate our rules of engagement will also be deleted. The personal information is included in Personal Information Bank Outreach Activities (CRA PSU 938).
Improving your experience on Government of Canada websites
Digital markers (including cookies)
A digital marker is a resource created by the visitors' browser in order to remember certain pieces of information for the web server to reference during the same or subsequent visit to the website. Examples of digital markers are "cookies" or HTML5 web storage. Some examples of what digital markers do are as follows:
- they allow a website to recognize a previous visit each time the visitor accesses the site;
- they track what information is viewed on a site, which helps website administrators ensure visitors find what they are looking for.
The CRA uses sessional and persistent digital markers on some portions of its website. During your online visit, your browser exchanges data with the CRA's web server. The digital markers used do not allow the CRA to identify individuals.
You may adjust your browser settings to reject digital markers, including cookies, if you so choose. However, it may affect your ability to interact with the CRA's website.
Web analytics is the collection, analysis, measurement, and reporting of data about web traffic and visits for purposes of understanding and optimizing web usage. Information in digital markers may be used for the purpose of web analytics to remember your online interactions with the CRA's website.
The CRA uses web analytics tools to improve its website. When your computer requests a CRA webpage, our institution collects the following types of information for analytics purposes:
- the originating IP address (which is not stored or retained in a format that can be used to identify a visitor)
- the date and time of the request
- the type of browser used
- the page(s) visited
The CRA carries out web analytics using services from the third-party service providers, Adobe Systems Inc. (Adobe Analytics) and WebTrends.
The CRA uses WebTrends internally and retains information collected for web analytics for a maximum period of 18 months. After this period, the information must be disposed of in accordance with the Standard on Privacy and Web Analytics and as authorized by the Librarian and Archivist of Canada. The information is not disclosed to an external third-party service provider.
The CRA also uses Adobe Analytics which is based in the United States of America (USA), which means that the personal information collected is transmitted outside of Canada and may be subject to USA laws, including the USA Patriot Act. In addition, Adobe operates servers in other countries on which the web analytics data may be processed. Consequently, the data may be subject to the governing legislation of the country where it is processed. For Adobe Analytics, the Government of Canada has specified that personal information can only be stored on servers in Canada, the United States, the European Union, Australia, Israel, New Zealand, Norway, and Switzerland.
For more information about the privacy policies of these service providers, please visit their individual websites or use the following links:
To track visits for web analytics, Adobe Analytics require the use of digital markers (“cookies”). If you wish, you may opt out of having your visit tracked by:
- downloading and installing a browser add-on from Adobe that prevents your visit data from being used.
To further protect information about visitors the CRA uses a feature from Adobe that hides part or all of the IP address of a visitor before it is stored.
Information used for the purpose of web analytics is collected pursuant to the Standard on Privacy and Web Analytics. Such data may be used for communications and information technology statistical purposes, audit, and evaluation, research, planning, and reporting. For more information on how your privacy is safeguarded in relation to web analytics, see the Standard on Privacy and Web Analytics.
Protecting the security of Government of Canada websites
The CRA employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. This software receives and records the IP address of the computer that has contacted our website, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our site unless an attempt to damage the site has been detected.
This information is collected pursuant to section 161 of the Financial Administration Act. The information may be shared with appropriate law enforcement authorities if suspected criminal activities are detected. Such information may be used for network security related statistical purposes, audit, evaluation, research, planning, and reporting and is included in Personal Information Bank Security Incidents (CRA PSU 939).
Inquiring about these practices
Any questions, comments, concerns or complaints you may have regarding the administration of the Privacy Act and privacy policies regarding the CRA's web presence may be directed to our Access to Information and Privacy Coordinator by email to ATIP-AIPRP@cra-arc.gc.ca, by calling 613-960-5393 (Ottawa area) or 1-866-333-5402, or writing to the following address:
Director, ATIP Directorate
Canada Revenue Agency
555 MacKenzie Avenue, 5th Floor
Ottawa ON K1A 0L5
If you are not satisfied with the CRA's response to your privacy concern, you may wish to contact the Office of the Privacy Commissioner by telephone at 1-800-282-1376.
Report a problem or mistake on this page
- Date modified: