Welcome to the Thermal Environmental Comfort Association ("TECA", "we", "us", "our") website. This website, together with our directly-affiliated or subsidiary websites, is collectively referred to as the "Website". The Website allows, among other things, for Website users to order and receive certain products and software, and for holders of registered user accounts to register for certain courses and access a members-only area (the "Services"). For the purposes of this Privacy Policy, all users of the Website are "Users", irrespective of their level of access to the Website, Services and/or any materials contained therein.
Specific Services are described in greater detail below.
This Privacy Policy and our practices regarding the collection, use, disclosure and/or retention of PII have been designed to comply with the Province of British Columbia's Personal Information Privacy Act, SBC 2003, c. 63 as amended from time to time ("PIPA") and to meet or exceed the relevant guidelines and standards published by the Office of the Information and Privacy Commissioner of British Columbia.
PURPOSE
TECA is committed to protecting the privacy of the Users of this Website and seeks to provide all Users with a safe and secure User experience. This Privacy Policy sets out and describes: our privacy practices; how we collect, use, disclose, retain and/or treat a User's personally identifiable information during their use of or access to this Website and the Services; and, the part that Users themselves play in safeguarding their PII while using this Website and/or accessing the Services.
CONSENT
By accessing the Website and/or using the Services, all Users of the Website agree that they:
(a) consent to the conditions as set out in this Privacy Policy, and
(b) consent to the collection, use, retention, and disclosure of their personal information, if and as applicable, as set out herein.
If a User does not agree with this Privacy Policy, a User's only recourse is to immediately cease using the Website and/or Services.
WHAT IS PERSONALLY IDENTIFIABLE INFORMATION?
For the purposes of this Privacy Policy, "PII" or "personally identifiable information" means information collected which, either on its own, or in combination with other information, identifies a particular person. In the event we collect information which does not on its own directly identify a User, but such information is combined with the PII of a User, TECA treats any such combined information as PII.
ACCESS TO AND USE OF THE WEBSITE BY USERS
Users may use or access portions of the Website without submitting any PII. However, Users seeking to order and receive certain products and/or software may be required to provide certain PII in order to complete those transactions. Further, to access certain Services and to register for courses, Users will be required to create a user account with us (each, a "User Account"), and in doing so, will be required to provide us with certain PII and/or other identification information, in addition to agreeing to this Privacy Policy. Only Users with a valid, current User Account will be provided access to a secure online portal and platform (the "Portal") hosted on, or otherwise connected to, the Website.
COLLECTION AND USE
When you access the Website, create a User Account and/or use our Services, TECA may collect certain information about you, your device, your interaction with the Website and/or Portal, and information necessary to provide and improve upon our Services, analyze the effectiveness of the Website and Portal and their function and content, and to identify potential threats and vulnerabilities. Generally, PII is obtained via User-inputted entries in web-based forms on the Website, however, some PII may occasionally be collected by way of offline forms completed by individuals and provided to TECA. Other (non-PII) information may be recorded automatically by our servers.
In order to optimize our Website, Portal, and/or Services and provide Users with a better user experience, we may collect certain User Data about Users:
PERSONAL DATA WE COLLECT
We only collect data that helps us achieve the purposes set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying a User first, and wherever required, obtain such User's consent in advance.
We will only collect PII that a User knowingly and willingly provides to us, for example, during onboarding when creating a User Account, or when a User makes a purchase through our Website and/or the Portal.
User Account Information
When a User creates a User Account, we collect certain Personal Data, including PII, which may, but does not necessarily, include all of the following:
Product Orders
Users seeking to order certain products, such as Quality First Manuals and/or Quality First Companion Software, from TECA are required to provide certain limited Personal Data. Users holding User Accounts may also take advantage of certain Member Prices, as applicable, on the products we sell, which requires sign-in to their User Accounts.
At the time of checkout, TECA may collect some or all of the following information:
Course Registrations
Users seeking to take courses from TECA are required to provide certain limited Personal Data. Users holding User Accounts may also take advantage of certain Member Prices, as applicable, on the courses we offer, which requires sign-in to their User Accounts.
At the time of checkout, TECA may collect some or all of the following information:
DATA COLLECTED AUTOMATICALLY
TECA, now or in future, may, but will not necessarily, collect the following Log Information in respect of (a) User(s) when accessing the Website and/or Portal: a User's Internet Protocol address ("IP Address"); browser type; operating system of the device used to access the Website and/or Portal; referring URLs; number of clicks; how Users interact with links on the Website; domain names associated with a User's internet service provider; pages viewed; and, similar information.
HOW WE USE PERSONAL DATA
Data collected via our Website will only be used for the purposes specified in this Privacy Policy and/or indicated on the relevant pages of our Website. TECA will not use a User's Personal Data beyond what we disclose in this Privacy Policy.
User Account Information
When a User creates a User Account, we retain certain Personal Data and login information from such User to: verify their identity as they use the Portal; allow the User to access certain User Account Data in their User Account (and to update same, if and as required); access records of certifications completed by such User; and, to access a history of purchases made while logged in to their User Account. Limited Personal Data provided in respect of User Accounts is used by TECA to maintain a publicly searchable database of active members.
All Personal Data of users is stringently protected in accordance with this Privacy Policy. Only the last 4 digits of a payment card number are stored unencrypted to identify the card used in an audit situation. Only persons authorized by TECA may access such Personal Data in any event.
Product Orders
Users who order certain Products from TECA provide certain Personal Data to us, which is used by TECA solely for the purposes of completing those transactions. All Personal Data of users is stringently protected in accordance with this Privacy Policy. Only the last 4 digits of a payment card number are stored unencrypted to identify the card used in an audit situation. Only persons authorized by TECA may access such Personal Data in any event.
Course Registrations
When a person signs up for a class, a User Account is created for them. We retain certain Personal Data from such User to: contact them for course instruction; mailing of course materials, certificates, stamps issuance; renewal of certifications; access records of certifications completed by such User; and, to access a history of purchases made. Limited Personal Data provided in respect of User Accounts is used by TECA to maintain a publicly searchable database of active members. All Personal Data of Users is stringently protected in accordance with this Privacy Policy. Only the last 4 digits of a payment card number are stored unencrypted to identify the card used in an audit situation. Only persons authorized by TECA may access such Personal Data in any event.
WHO WE SHARE PERSONAL DATA WITH
TECA utilizes the third-party payment processor, MONERIS, to collect payments for our Products and Services. For more information about how Moneris handles end-user and other customer data, please see Moneris' Privacy Statement respecting Moneris' collection, use, and disclosure of personally identifiable information in the course of providing services to its merchants at https://www.moneris.com/en/legal/privacy-statement. By making purchases via the TECA Website or Portal, you agree to be bound by the Moneris' Privacy Statement and relevant ancillary policies.
OTHER DISCLOSURES
TECA uses this Website and/or the Portal to collect, and may use and disclose, a User's Personal Data, including PII, in order to deliver our Services only, and will only keep such Personal Data only for as long as legitimately necessary to deliver those Services. TECA WILL NOT SELL PERSONAL DATA ABOUT USERS TO THIRD PARTIES.
TECA enters into agreements with industry allies to partially fund certain courses. Part of this agreement results in sharing user names and company names when the promotion ends. When a promotion code is used for funding assistance to a user, there will be a disclosure of this agreement while registering for the course.
We will not otherwise disclose your Personal Data unless we have your express consent or are required or permitted by law to do so. PIPA permits or may require our disclosure of a User's Personal Data without express consent where, for example, such disclosure is clearly in a User's personal interest and their consent cannot be obtained in a timely way. TECA may also be permitted or required to disclose your Personal Data without your expressed consent in other exceptional circumstances, such as when required by law or legal process (such as a court order or subpoena), or to address actual or threatened illegal or harmful conduct. In general, TECA will limit the amounts and types of Personal Data that we collect from you to that which is necessary for providing our Services.
LINKS TO OTHER WEBSITES
The Website, the Portal, and/or Products or Services offered through same may contain links to other websites that are controlled by third parties. TECA is not responsible for any of the content, user terms, or privacy policies for websites that we do not own or control. Users are strongly advised to read the terms and policies of all websites they visit or mobile apps they use.
OUR RECORD RETENTION AND DESTRUCTION PRACTICES
TECA retains Personal Data for as long as is required for us to deliver our products and services, maintain our database of active members, and maintain transaction and financial records as required by applicable law. Any retention of Personal Data by TECA is done in accordance with our obligations under PIPA and any other legislation or regulation applicable to us with respect to the handling of Personal Data.
Personal Data shall only be kept by TECA for as long as is reasonably necessary to fulfill the purposes for which such Personal Data was collected, or as required by applicable laws or regulations.
TECA may be permitted to retain Personal Data for a longer period whenever a User has given consent to such processing, so long as such consent is not withdrawn. Furthermore, there may be circumstances in which TECA may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of a court, tribunal, government or other such authority.
HOW WE PROTECT YOUR PERSONAL DATA
Security of the Personal Data of Users, and any PII therein, is of the utmost importance. When a User submits sensitive information through the Website or Portal, that information is rigorously protected.
TECA has imposed stringent safeguards to protect the Personal Data of Users, including PII, in our custody or control, or accessible to a User via the Website and/or through the Portal. We use the strongest available browser encryption, and security measures have been integrated into the design, implementation, and operation of the Website and the Portal. We use a combination of firewall barriers, encryption techniques (https) and authentication procedures, among others, to protect User Accounts and systems from unauthorized access. We utilize up-to-date anti-malware software as well as audit trails to record User access. Our cloud services are secure and the computers and servers in which we store Personal Data are kept in a secure environment, in secure facilities.
Our employees with access to Personal Data are required at all times to maintain the confidentiality of the Personal Data of Users and may not use such Personal Data for any unauthorized purposes whatsoever. Our Website Admin staff will only log into the Website and/or any databases in which Personal Data is stored through encrypted password authentication. Only employees who require access to sensitive information to perform a specific job (for example, certain billing functions, or confirming registrations for courses or records of course completion) may granted access to Personal Data, and in such events, only such Personal Data as is required to perform such functions. Such employees are bound by strict confidentiality agreements and a breach of this Privacy Policy would result in serious discipline, up to and including the employee's termination.
This is all done to prevent any loss, misuse, unauthorized access, disclosure or modification of a User's Personal Data in our custody or control.
The contact information for our Privacy Officer is below and you may contact our Privacy Officer with any questions or concerns about how TECA is handling your Personal Data.
While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet ,as a whole, can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is commercially reasonable in the circumstances.
PERSONAL DATA OF MINORS
We do not knowingly collect or use personal data from individuals under 18 years of age. If we learn that we have collected personal data from an individual under 18 years of age, the personal data will be deleted as soon as possible.
COOKIES
Cookies are small pieces of data stored in text files that are saved on your computer or devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a temporary "session cookie") or for multiple repeat visits (using a "persistent cookie").
TECA, generally, and this Website and the Portal do not use cookies. However, your web browser may generate cookies for the purposes of enhancing your experience using it. You can change your browser's settings to delete cookies that have already been set and to not accept new cookies; however, please note that if you delete cookies or do not accept them, that may impact your experience of other websites. To learn more about how to do this or to learn more about cookies, please visit www.internetcookies.com.
HOW YOU CAN PROTECT YOUR PERSONAL INFORMATION WHEN USING THE WEBSITE
You must also do your part to protect and safeguard your Personal Data when using the Website and/or the Portal. We strongly advise that you:
In any event, TECA is not responsible for any breaches of your privacy rights by third parties resulting from your failure to adhere to the above guidelines.
PRIVACY OFFICER; OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER OF BC
TECA has designated a Privacy Officer who is responsible for coordinating our compliance with this Privacy Policy and with TECA's obligations generally under PIPA. The contact information for our Privacy Officer is as follows:
ATTENTION: [Sigrid Bradbury], Privacy Officer
EMAIL: [members@teca.ca]
ADDRESS: [PO Box 73105, Evergreen RO, Surrey, BC, V2R 0J2]
We are committed to having an accessible and responsible complaint handling process in place to ensure you can express concerns about compliance with PIPA. Any complaints, disputes, or other feedback concerning our privacy practices, procedures, and this Privacy Policy can be submitted directly to our Privacy Officer. Where appropriate, we will provide a written response to you and may amend our privacy practices and procedures or this Privacy Policy in response to your or others' concerns.
If you have raised a concern with our Privacy Officer and are not satisfied in how performed its duties under PIPA or wish to seek a review of TECA's response to your privacy concern, or wish to make an access or correction request, you can contact the Office of the Information and Privacy Commissioner of British Columbia ("OIPC").
OIPC Website: https://www.oipc.bc.ca
OIPC Telephone: (250) 387-5629
OIPC Email: info@oipc.bc.ca
PRIVACY BREACH RESPONSE
TECA shall use our best efforts to ensure that unauthorized parties will not access or obtain collected Personal Data in contravention of this Privacy Policy. However, due to the potential for interception, loss, or alteration of information transmitted over the internet, we cannot and do not guarantee complete confidentiality and security of Personal Data. Users acknowledge and agree that any information they communicate to us over the internet is at their own risk.
The security of Personal Data in our custody or control is important to us. Please advise our Privacy Officer immediately on becoming aware of any incident involving the loss of, unauthorized access to, or disclosure of Personal Data that is in our custody or control.
Employees of TECA will immediately report any breach of privacy, or suspected breach of privacy, to TECA's Privacy Officer on discovery of same. A breach of privacy includes: unauthorized external or internal access to our physical records or electronic records; misdirected communications, including mail, fax, and electronic communications; and, the loss or theft of physical records or electronic records stored on data storage devices.
TECA's Privacy Officer will coordinate a review of the matter with our management team and investigate all reported privacy breaches or suspected privacy breaches. If we become aware of a privacy breach concerning the Personal Data of (a) User(s), we will notify the affected party (or parties) in accordance with our obligations under PIPA, and may report the breach to the OIPC or to the appropriate authorities, including the police, as the case may be.
AMENDMENTS TO THIS PRIVACY POLICY
TECA may, from time to time, and in its discretion, amend this Privacy Policy. In doing so, TECA will post the updated Privacy Policy to the Website, and will updated the "Last Updated" field at the top of this Privacy Policy. If any changes made to this Privacy Policy are material (i.e., involve changes to the substantive content), TECA will, to the extent it is able, endeavour to provide notice of such changes via email or other telecommunications media (provided a User has a User Account with us), as well as via the posting of such notice on the Website. In any event, TECA recommends that Users periodically review our Privacy Policy to ensure that they are notified of any updates.
