Introduction

This Privacy Policy together with the relevant Terms and Conditions and any other documents referred to sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. If you would prefer your personal data is not used in the manner described in this policy, you should not use our websites or services. The data controller is Business Improvement Solutions Inc. doing business as BIS Safety Software, 261 Seneca Road, Sherwood Park, Alberta, Canada, T8A 4G6, and the Privacy Policy applies to this company and its affiliates and subsidiaries who will be referred to as “we”, “us” or “our” in this policy.

Summary 

This Privacy Policy informs you how we protect your privacy. The Privacy Policy applies to our company, affiliates and subsidiaries who will be referred to as “we”, “us” or “our” in this policy. It describes how we collect and use personal information in our business, on our websites, in electronic communications, and in the social media services used to direct you to our websites.

We comply with Canadian, United States of America, European, and other international privacy law including: the Alberta Personal Information Protection Act (PIPA), the British Columbia Personal Information Protection Act, the Ontario Freedom of Information and Protection of Privacy Act, the Quebec Private Sector Privacy Act, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation (CASL), the California Consumer Privacy Act (CCPA), the United States of America Children’s Online Privacy Protection Act (COPPA), the Australian Privacy Act 1988, the European Union General Data Protection Regulation (EU GDPR), and the European Union Directive on Privacy and Electronic Communications (EU e-privacy Directive), the United Kingdom Data Protection Act 2018, the New Zealand Privacy Act 2020, and other applicable privacy law as amended from time to time all of which are referred to as “privacy law”.

There may be links from our websites to other websites. However, this Privacy Policy applies only to our websites; it does not apply to any third-party websites which may be linked to our websites. We do not endorse and are not responsible for linked third-party websites. Please check on those linked websites for their privacy policies and make any inquiries with them.

Your continued use of our services and websites signifies your acknowledgement and consent to our Privacy Policy now and in the future. Our Privacy Policy is periodically updated; we will include dates of changes in the policy, so you know when changes have been made. For a change which significantly alters the meaning of anything in the policy, we may notify you of the changes on your next login or may ask you to reaccept the policy before continuing.

Collecting Information for our Services

We collect your personal information to provide services to you. The types of information we collect are:

• Information you give us: We collect information so we may contact you, assist you, provide you with information about our services, and provide services to you.
• Automatic information: We may automatically collect certain types of information when you electronically interact with us.
• Information from other sources: We might collect information about you from other sources, including third-party service providers, and publicly available sources.

Personal information that you provide may include the following: your name, email address, physical location, postal address, phone number, birthdate, driver’s licence, social insurance number, social security number, Internet Protocol address, banking or credit information, employment history and information, health information, and educational and training history.

We may collect personal information:

• Voluntarily provided to us by you through our websites, direct communications (for example, meetings or trade shows), and electronic communications including social media, surveys, webinars, search functions, questionnaires, feedback, and various forms, including contact, information, and requests for demonstration forms;
• When you have entered our websites while performing online searches or seeking health and safety training;
• When we have received a business referral to you, or you may be a member of an organisation that is an existing business associate of ours;
• When you or your organisation provide us with personal information in order to purchase our services, resell our services, provide courses and products to include in our services, create accounts, or become registered users of our services; and
• When we ask you to provide identifying information if you want a demonstration or to use our services, to assist you with a registered user account, or to resolve complaints or concerns.

If you become a registered user on your own behalf, you will create a password for your account. If your organisation creates an account for you, you or your organisation may create a password for your account. We encrypt all passwords. You or your organisation, as applicable, will be responsible for protecting the password. Through our software, we may provide your organisation with options to block, encrypt or otherwise secure certain sensitive information (for example, your social insurance number or social security number). You or your organisation, as applicable, are responsible for using these options. Passwords will be automatically encrypted with no access to anyone other than the password creator.

We usually will not change your personal information, and usually only delete information with your consent or the consent of your organisation, unless required to do so by law or to prevent illegal activity.

How We Use Personal Information

We use your personal information to operate, and to provide and improve our business and services. Our purposes for using personal information are as follows:

Provide services: We use your personal information to provide and deliver our services and third-party courses and products; and to process transactions related to those services, courses and products including registering you as a user, receiving payments, providing training, and verifying your certificates.

Measure, support, and improve services: We use your personal information to analyse performance, fix errors, measure your usage, provide support, and improve and develop our services.

Recommendations and personalization: We use your personal information to recommend services that might be of interest to you, identify your preferences, and personalise your experience.

Comply with legal obligations: In certain cases, we may have a legal obligation to collect, use, retain, or delete your personal information.

Communicate with you: We use your personal information to communicate with you in relation to our services and to respond to your requests, including by mail or electronically (for example by phone, text, video, email, VOIP, internet messaging, social media, or webinars).

Marketing: We use your personal information to market and promote our services, which may now or in the future use interest-based or personalised targeted ads. We may use interest-based ads to display features, courses, products, and services that might be of interest to you. We may use cookies and other similar technologies which enable us to understand the effectiveness of the interest-based ads by measuring what ads are clicked or viewed, and to provide you with more useful and relevant ads.

Fraud, abuse prevention and credit risks: We may use your personal information to detect and prevent fraud and abuse in order to protect you and the security of our services. We may use algorithms and scoring methods to assess and manage security, and financial and credit risks.

Cookies

To enable our systems to recognize and provide you with services, we may use cookies and other similar technologies to recognize your browser or device, learn more about your interests, and provide you with important features and services including:

• Recognizing you when you sign in, which allows us to provide you with recommendations, display personalised content, and provide customised services;
• Keeping track of your specific preferences, such as language and configuration preferences;
• Conducting research and diagnostics to improve our offerings;
• Measuring and analysing the performance of our services;
• Preventing fraudulent activity and improve security; and
• Delivering content relevant to your interests.

Some cookies may be deleted at the end of your browsing session, while other cookies may persist between sessions.

Examples of the information we may collect through cookies include:

• Network and connection information, such as the Internet Protocol address used to connect your computer or other device to the internet, and information about your internet service provider;
• Computer and device information, such as device, application, or browser type and version, browser plug-in type and version, operating system and time zone setting;
• The location of your computer or device;
• Authentication and security credential information;
• Content interaction information, such as content and course downloads, streams, and playback details, including duration and number of simultaneous streams and downloads; and
• The full Uniform Resource Locator (URL) clickstream to, through, and from our websites and services, content and courses you viewed or searched for, page response times, download errors, and page interaction information.

Our cookies may allow you to take advantage of some essential and useful features; blocking some types of cookies may impact your experience of our websites. You can manage browser cookies through your browser settings. The ‘Help’ feature on most browsers will tell you how to remove cookies from your device, prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire. Check the support site for your browser to understand privacy settings available to you. If you block or reject some of our cookies through your browser’s settings, you might not be able to use certain offerings that require you to sign into an account and some features and services may not work. You might also have to manually adjust your preferences or settings every time you visit our websites. If your browser includes Intelligent Tracking Prevention (ITP), preferences specific to our websites may reset on an ongoing basis. These resets are managed by your browser, not by us.

How We Share Personal Information

Personal Information about our customers and registered users is an important part of our business. We do not sell this personal information to others. We may share personal information with registered users within your portal and with third-party service providers who follow policies and practices at least as protective as described here. We will not give a third party with whom we share your information an independent right to share or disclose your information with any other person, group, or company outside of their own professional advisors and affiliates.

We have contractual relationships with third parties who provide content, courses, and products which you may access through our software. These third-party providers are subject to our Privacy Policy. If you wish to access the content, courses, and products, you may need to share your personal information with these third parties.

We may share the information and documents we have collected from you with third-party service providers, third-party suppliers, third-party course purchasers, governing bodies, and record validators to perform certain functions on your behalf which may include: delivering, supporting and upgrading technology, software and hardware; sending communications; processing credit card and other payments; assessing compliance risks; analysing and processing data; providing marketing and sales assistance; providing customer relationship management; providing content, courses, and products; tracking, validating and administering your course records; maintaining our software and systems; performing security and audit functions, and data processing, storage and security.

We host, record, and publicly share educational electronic meetings, such as webinars, that collect and display personal information limited to names, email addresses, names of employers, images, voices, and any information participants disclose.

As we continue to develop our businesses, we might sell our businesses or services. In such transactions, personal information may be one of the transferred assets but remains subject to this Privacy Policy. We may release accounts and other personal information when that release is required to comply with the law, to apply or enforce our terms and agreements, or to protect the rights, property and security of our customers and others. This may include exchanging information with other companies and organisations for security, fraud prevention and detection, and credit risk reduction.

Examples of Information Collected

Information You Provide

You provide information to us when you:

• Search for, subscribe, purchase, register or use our software and services;
• Use services purchased for you by another individual or organisation, which may allow the purchaser to access information related to the purchase such as your name, the course, the course status, the mark, and certificates of completion;
• Communicate with us (for example, by mail, or electronically, such as by phone, text, video, email, VOIP, internet messaging, social media or webinars);
• Complete an information request or request for demonstration form;
• Post on our websites or participate in community features or webinars;
• Register and administer user accounts, or participate in a course or training;
• Configure your settings, provide access permissions, or interact with our services;
• Activate an account under an organisation, which may provide the organisation with administrative access to your account information and the ability to register you for courses; track and validate your course marks, certificates of completion, and training history; and update your records and information;
• Sell, purchase or use third-party content and courses through our software and services;
• Access third-party content and courses, which may require sharing with a third-party provider information such as your name, purchase information, photo or video identification, training records, course marks and certificates of completion;
• Access third-party content and courses, which may require sharing with a certification body information such as your name, purchase information, photo or video identification, training records, course marks and certificates of completion;
• Access third-party content and courses, which may include authorising a third-party individual or organisation to verify the existence and status of your certificates and training and communicate with you via our website;
• Use the SafeTapp application, which may collect location data and allows third parties to access your name, registration, course marks, or certificates of completion when presented with a QR code or your identification information; or
• Authorise us to verify to third parties the validity and status of your certificates when they enter your last name and certificate number into the public certificate verification process on our website.

Depending on how you use our services, third-party content and courses or interact with us, you might provide such information as:

• Your name, email address, physical location, device location, postal address, phone number, and contact information;
• Payment information, including credit card or banking information;
• Information about your location or organisation;
• Your username and authentication and security credential information;
• Your training records, course marks, and certificates of completion;
• Your image, and video and voice recordings;
• Identity information, including government-issued identification;
• Corporate and financial information and tax identifiers; and
• Feedback, inquiries, customer service requests, phone conversations, chat sessions and emails.

Automatic Information

We collect information automatically when you:

• Visit our websites, or interact with or use our software, app, or services;
• Open content and courses in our software or download content and courses;
• Open emails or click on links in emails from us;
• Attend our webinars; or
• Electronically communicate with us.

Examples of the information we may automatically collect include:

• Network and connection information, such as the Internet Protocol address used to connect your computer or other device to the internet and information about your internet service provider;
• Computer and device information, such as device, application, browser type and version, browser plug-in type and version, operating system, and time zone setting;
• Location of your computer or device;
• Authentication and security credential information;
• Content interaction information, such as content and course downloads, streams and playback details;
• Metrics, such as offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, Single Sign On (SSO) activity, and other logs;
• Full Uniform Resource Locator (URL) clickstream to, through, and from our website (including date and time), content and courses you viewed or searched for, page response times, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs);
• Email addresses and phone numbers used to contact us; and
• Identifiers and information contained in cookies.

Information from Other Sources

Examples of information we may receive from other sources include:

• Marketing lead and sales generation information, including your name, email address, postal address, physical location, phone number, and other contact information;
• Subscription, purchase, support, or other information about your interactions with other products and services;
• Search results and links, including paid listings; and
• Banking, credit history and payment information.

Information You Can Access

Examples of information you may be able to access through our services include:

• Your name, email address, physical location, postal address, phone number, and other contact information;
• Username, aliases, roles, and other authentication and security credential information;
• Your subscription, purchase, usage, billing, and payment history;
• Payment settings, such as payment instrument information and billing preferences;
• Third-party course completion information, including training records, course marks and certificates of completion;
• Education, training, and employment information; and
• Email communication and notification settings.

Location of Personal Information

Your personal information is stored in Canada on third-party data servers (for example, AWS Canada). Limited personal information collected and publicly shared from recorded webinars may be stored in third-party data servers located in the US or Canada.

Securing Information

We design our systems with your security and privacy in mind, including providing you with options to secure your personal information. We maintain compliance programs that support and validate our security controls. We use software, security, and encryption protocols to protect the security of your information. These protocols may be used during electronic communications, during transmission with our websites, or for our services. We maintain physical, electronic, and procedural safeguards for the collection, storage, disclosure, and deletion of personal information. Our security procedures mean that we may require proof of identity before we disclose personal information or provide certain services to you.

Access and Choice

Subject to your organisation’s restrictions, you may be able to view, update, and delete your account information and control how you interact with and use our services. Your services may include settings that provide you with options for how your information may be viewed, used, encrypted, or secured. If you want to add, update, or delete information related to your account, we usually don’t keep a copy of the prior version. The Help feature on most browsers and devices will tell you how to prevent your browser or device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

 Retention of Personal Information

We keep your personal information to communicate with you to enable your continued use of our services for the purposes described in this Privacy Policy or as may be required by law. How long your personal information may be retained varies depending on the use, but our retention of your personal information will be consistent with applicable laws.

Our Data Security and Compliance Program

Our data security and compliance program helps customers understand the robust controls we have in place to maintain data security and compliance on our servers and with any third-party service providers. We meet Payment Card Industry requirements and use reputable third-party payment processors (for example, Moneris) to process payments in our ecommerce store. We meet data and security requirements including those of the Payment Card Industry and the System and Organization Controls (SOC) 2 Trust Services Criteria. Our data security and compliance certifications and attestations are assessed by independent auditors, and result in certifications, audit reports, or attestations of compliance. Our customers and users are also responsible for complying with applicable data security laws and regulations. We have functionality (such as encryption and security features) and legal agreements that support customer and user compliance.

Your Rights

You have a number of rights under privacy law which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you. These include:

• the right to ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
• the right to request correction of inaccurate personal information we hold about you;
• the right to restrict our use of your personal information;
• the right to request deletion of personal information:
• that is no longer necessary for the purposes underlying the processing,
• where consent for the information being processing has been withdrawn, or
• when processing is not in compliance with applicable legal requirements;
• the right, in certain cases, to receive a machine-readable copy of your personal information;
• the right to request portability of personal information that you have provided to us where the processing of such personal information is based on consent and is carried out by automated means;
• the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way; and
• the right to object to our use and processing of your personal information.

Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.

If you are seeking to exercise any of these rights, please contact us using the details in the Contacts, Notices and Revisions section below. We will handle any request to exercise your rights in accordance with applicable privacy law and any relevant legal exemptions.

You may also have the right to complain to a local authority if you think we have processed your personal data in a manner which is unlawful or breaches your rights. If you have such concerns, we kindly request that you contact us first (using the contact details in the Contacts, Notices and Revisions section below) so that we can investigate and do our best to resolve your concerns.

Specific Privacy Disclosures

California Consumer Privacy Act

These disclosures are pursuant to the California Consumer Privacy Act.

Categories of personal information collected or disclosed for a business purpose: The personal information that we may collect, or may have collected from you or disclosed in the preceding twelve months, fall into the following categories depending on how we may have engaged with you:

• Direct identifiers, such as your real name, alias, postal address, social security number, driver’s licence and passport information, and signature;
• Indirect identifiers such as cookies and other similar technologies, phone numbers, Internet Protocol addresses, and account names;
• Biometric data, such as images, and audio and video recordings;
• Geolocation data, such as physical location information from computers, smartphones and other devices;
• Internet activity such as browsing history, search history, data on interaction with a web page, application or advertisement;
• Sensitive information such as personal characteristics, behaviour, employment, and education information; and
• Professional or employment related information; education information, including enrollment status, fields of study, degrees, training, honours, awards, course marks and certificates of completion.

Depending on how you may engage with our services, further categories of personal information disclosed for a business purpose include:

• Commercial information, such as the details of a product or service, if a third-party service provider is assisting to provide that product or service to you;
• Internet or other electronic network activity information, for example if a third-party service provider gathers security reports;
• Biometric information, such as your image, voice or video recording, for example if you participate in identity verification by a third-party service provider;
• Electronic communications if a third-party service provider reviews recordings of customer interactions for quality assurance purposes; and
• Professional or employment-related information, for example if we provide information to a third-party service provider for registration or verification of marks or certificates received.

Your rights: You have the right under the California Consumer Privacy Act to request information about the collection of your personal information by us, access your personal information, or request deletion of your personal information.

No sale of personal information: We have not sold personal information of consumers, as those terms are defined under the California Consumer Privacy Act.

No discrimination: We will not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act.

European Union

Controller of Personal Information: We may be the data controller or data processor of personal information collected or processed through our business, websites, and services.

Processing: We process your personal information on one or more of the following legal basis:

• As necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide our services, to respond to requests from you, or to provide customer support;
• We have a legitimate interest where the processing is necessary for us to conduct our business, but not where our interests are overridden by your interests, as further described in this Privacy Policy;
• Where we process personal information which you have already made public or where it is considered public information;
• As necessary to comply with relevant law and legal obligations, including responding to lawful requests and orders; or
• With your consent.

Your Rights: Subject to applicable laws, you may exercise rights pertaining to your personal information as described above.

Transfers outside of the European Economic Area or EEA: When we transfer your personal information outside of the EEA, we do so in accordance with the terms of this Privacy Policy and applicable data protection law.

Children’s Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act (COPPA) of 1998 enacted by the United States Congress prohibits unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personal information on the internet from and about children 12 years or under. BIS does not usually offer its services to children 12 years or under. In very limited circumstances a person may buy certain services for children 12 years or under. If you believe that a child 12 years or under has provided us personal information without parental consent, please contact us, and we will delete that information.

Canada’s Anti-Spam Legislation (CASL)

Consistent with the Privacy Policy described here, you have authorised us to communicate with you in writing, or electronically, such as by email, social media, text, phone, or any form of electronic and internet-based methods using computers, smart phones, mobile or handheld devices, phone, or any future devices. You may unsubscribe anytime by either clicking an unsubscribe button; directly contacting us by phone, mail, or email; or providing reasonable notice by any other means.

Contacts, Notices and Revisions

If you have any concern about your privacy or want to contact one of our third-party data processors, please contact us at our Privacy Management Program.

Privacy Management Program

ProEnviro

Phone: 1-888-kits247

Email: info@proenviro.ca

If you interact with our services on behalf of or through your organisation, then your personal information may also be subject to your organisation’s privacy practices, and you should direct privacy inquiries to your organisation.

Privacy Policy Change

If we alter our Privacy Policy, any changes will be posted on this page of our website with the date of the latest revision so that you are always informed of the information we collect about you, how we use it and the circumstances under which we may disclose it.