Digital Main Street Privacy Policy

DIGITAL MAIN STREET – PRIVACY POLICY

At the Toronto Association of Business Improvement Areas (“TABIA” or “we”), we recognize the importance of your privacy. We are committed to using your personal information responsibly and only to the limited extent needed to serve you better.

Digital Main Street is a TABIA project initiated to assist main street businesses in connecting to and adopting the right digital tools and technologies to help them grow and compete.  We have completed this Privacy Policy specifically for that platform.   In this policy, the term “DMS” means TABIA’s web-based platform for providing community networking resources, training in digital marketing, social media, and sales data analytics to our clients operating under the name “Digital Main Street”.   The term “DMS Site” means the website located at www.digitalmainstreet.ca.  

 

Application of DMS Privacy Policy

This Privacy Policy regulates how we internally use, protect and disclose to third parties during commercial activities any personal information within our possession collected from you through your use and access of the DMS Site. This Privacy Policy applies to our directors, officers, partners, employees, contractors and authorized representatives (“Staff”).  It is at all times subject to the requirements of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”).  Additionally, how we use or disclose your personal information may also be subject to the requirements of Canada’s Anti-Spam Legislation, S.C. 2010, c. 23 (“CASL”).   Any terms not defined herein have the meaning that PIPEDA attributes to them, and this Privacy Policy is meant to be consistent with PIPEDA, or where PIPEDA is silent on a matter then CASL.

 

Governing Law

This Privacy Policy is governed by the laws of Ontario and the laws of Canada as applicable herein.  It is not a contract and will be treated as a non-contractual set of policies and practices binding on Staff of our Ontario or Canadian entity under Principle 4.1.4 (PIPEDA, Schedule 1).

 

Accountability for Your Privacy

Our Privacy Information Officer is responsible for ensuring that Staff complies with this Privacy Policy. He or she can be contacted at: 

Toronto Association of Business Improvement Areas

Digital Main Street

215 Spadina Avenue, Suite 400

 Toronto, Ontario, M5T 2C7

 

 Attn:  Privacy Information Officer

 E-Mail: [[email protected]]

 

The identity of our Privacy Information Officer is available upon written request as required by Principle 4.1.2 (PIPEDA, Schedule 1). 

Privacy Team

The Privacy Information Officer is always a single individual who is an Officer of TABIA.  The Privacy Information Officer heads our Privacy Team and may delegate some of his/her duties to one or more members on that team from time to time. 

 

Responsibilities of Privacy Team

The Privacy Team is responsible for, 

  • implementing procedures contained in this Privacy Policy into the DMS Site in order to protect personal information;
  • training our Staff to comply with this Privacy Policy and PIPEDA and communicating to Staff information about changes and updates to DMS policies and practices relating to personal information; and
  • enforcing this Privacy Policy and correcting any potential or actual instances of breach when operating DMS; and
  • reviewing and responding to any communication or notice relating to this Privacy Policy or PIPEDA with respect to DMS.     

The initial response to a privacy-related inquiry must be in writing and must include the name and contact details of the Privacy Team member providing the response.   

Our Purpose

When administering DMS, TABIA collects, uses, and discloses personal information for the following purpose: 

  1. TABIA does not collect personal information directly from individuals. However, TABIA does receive personal information from businesses and organizations that create a profile on the DMS Site, and use the DMS Site to engage in Digital Transformation learning and activities.  Such information can include names, addresses, and contact information.
  1. TABIA uses information by aggregating qualitative information, anonymizing that information, and then displaying that information in the form of charts, graphs, dashboards and metrics (“DMS Metrics”). Thsis is an analysis of aggregated, non-personally-identifiable data to characterize the digital adoption and change over time of the small business community.
  1. TABIA uses DMS Metrics to provide a Digital Roadmap, recommendations and content to build the capacity of members to meet their digital and business goals.
  1. TABIA uses any information it gathers to design, monitor, update, amend and improve any TABIA programs made available on the DMS Site.
  1. TABIA generally shares aggregated, non-personally-identifiable data and high-level metrics of website usage (traffic, unique visits, clicks, etc.) to Digital Main Street Partners.

(“Purpose”)

 

If we change the purpose set out above we give notice of the change on our website and we will post an updated Privacy Policy.  

Information We Collect and Use  

To fulfill our purpose, we may collect the following kinds of personal information: 

  1. Individual customer’s name, home address, home telephone number and email;
  2. Business address information, business owners’ names, business emails, and business phone numbers for an individual’s employer;
  3. DMS account and associated local Toronto Business Improvement Area information, along with data on an individual’s use of DMS tools and metrics; and
  4. Third-party sales data analytics information, which may include aggregated, anonymized credit or debit card or other aggregated, anonymized electronic or digital means of transaction.

TABIA collects information from its registered users on DMS through an “onboarding survey,” but will not share this information to the extent that it is restricted by PIPEDA or unnecessary to advance our stated Purpose. TABIA will never sell your personal information to third parties.

We can collect and store this information on paper, either on standard forms or on documents we generate in the ordinary course of our business, all of which are placed in paper file. We can also collect information electronically (via the Internet, manually entered or scanned) and store this information on a secure server. 

 

Collection and Use as a Third Party for Processing

TABIA does not use the DMS Site to collect personal information directly.  Instead, it relies on DMS business to collect that information and upload it when creating community profile on the DMS Site and using the site’s features in the ordinary course. This can include transaction information.  

As contemplated in Principle 4.1.3 of Schedule 1 to PIPEDA, TABIA considers itself a “third party for processing” in these circumstances.   TABIA expects all of the businesses participating in DMS to fully comply with the requirements of PIPEDA and CASL.  

Cookies

As permitted by section 10(8) of CASL, when you visit our website, we may place a “cookie” on the hard drive of your computer to track your visit.  A cookie is a small data file that is transferred to your hard drive through your web browser and can only be read by the website that placed the cookie on your hard drive.  The cookie acts as an identification card and allows ours website to identify you and to record your passwords and preferences. 

The cookie allows us to track your visit to DMS Site so that we can better understand your use of our website so that we can customize and tailor DMS Site to better meet your needs.  Most browsers are set to accept cookies but you can usually change this if you so desire.  It should be noted that if cookies are not accepted, you may be unable to access a number of web pages found on DMS Site.

Links to Other Websites

From time to time, we may introduce on DMS links to other sites run by third parties not affiliated with TABIA, including websites of various organizations participating in DMS.  We would encourage you to review the privacy policies on those sites before providing your personal information.  They may be less stringent than ours.  Please note that we do not accept responsibility for the privacy practices, policies or actions of those third parties. 

 

Obtaining Consent

Implied Informed Consent

When collecting, using and disclosing personal information about you, we rely on your implied consent when you give us your personal information on request of your own free will.  This is provided that we collect that information in the ordinary course of our business in accordance with our Purpose.  

Express Informed Consent

When PIPEDA allows us to proceed without consent, or we imply your consent (as discussed above), we do not seek express consent.  In all other cases, our Staff will contact you (either by telephone, e-mail or in person), identify a new purpose for which we need your information and seek your express consent.  We do not collect personal information from children (anyone under 18) over the telephone or in person without a parent’s express oral consent. 

If we are collecting the information online, we will request that you supply personal information in fields on web pages containing a link to this Privacy Policy. You will be able to expressly consent by checking a checkbox and submitting the information electronically.  We do not knowingly collect information from children (anyone less than 18 years old).  However, when collecting personal information electronically (by web-form or e-mail) we do not verify the age of the person from whom we are collecting. In the absence of any indication to the contrary, we will assume anyone supplying us with information online is over 18 years of age. Parents are strongly encouraged to discuss responsible internet use and personal information disclosure with their children.  

Withdraw Consent

You can withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by sending an e-mail or a fax to our Privacy Information Officer at the contact information above.  In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide products or services to you.  We will inform you of any implications connected to withdrawing your consent. 

If you have asked us to put you on an email mailing list to provide you with certain information on a regular basis, and such emails constitute “Commercial Electronic Messages” under CASL, you may ask us to remove you from the list at any time (using the unsubscribe instructions provided with each email and on the site where you signed up).

Limiting Collection, Use, Disclosure and Retention

We use our best efforts to limit the personal information we collect, use and disclose solely those details we need to fulfill our Purpose. We have designed our standard forms only to collect the information that we foresee we will need.  We do not collect, use and disclose personal information using deceptive, fraudulent or unlawful means, and we do not conduct video surveillance.

Need-to-Know Disclosure

When using and disclosing information to third parties like printers, consultants, professionals and suppliers, we only disclose on a need-to-know basis.  Also, we only do so with the appropriate contractual safeguards as contemplated in Principle 4.1.3 of Schedule 1 of PIPEDA. 

Retaining Records

We keep records of the work performed and services provided by us in accordance with applicable regulatory requirements and professional standards. These records may include personal information. Our records are stored with safeguards against inappropriate or unauthorized access. We retain contact information about individuals for the period of time the individual subscribes to our newsletters, blogs and seminars and does not opt-out or continues to respond to such services.

Destruction of Personal Information

We destroy electronic information by deleting it and, when hardware is discarded, we ensure that the hard drive is physically destroyed.

Ensuring Accuracy

In order to fulfill our Purpose to a high quality standard, we ask you to update your personal information and maintain appropriate contact preferences from time to time.  You also have the right to contact us in order to verify that the information we have on file is accurate. 

 

We do not, as a practice, contact you in order to ensure that the personal information we have in accurate.  We may take reasonable steps to do so when using that information in course of providing you with an ongoing product or service, provided our Staff is in regular contact with you.  Otherwise, we strongly encourage you to contact us and ensure that the information we have in your file is up-to-date. 

 

Our Safeguards to Protect You

We respect the privacy of our customers/clients and employees and will protect that privacy as vigorously as possible. The methods we use include:

  • Storing personal information in electronic files that are secure and to which access is restricted.  We do not store personal information in paper form using physical files; and
  • Password-protected computers (including on laptops, desktops and smart-phones) and the use of technology safeguards, such as firewalls, encryption and intrusion detection, to prevent hacking or unauthorized computer access.

Unfortunately, no data transmission over the Internet or by electronic mail can be guaranteed to be 100% secure. As a result, we cannot ensure, warrant or represent that any information transmitted to us electronically will always be protected.

Mobile Devices and Remote Access

When using laptops and mobile devices outside the office, we are required to take reasonable steps to ensure that these devices are not lost or stolen. These devices may not be stored in vehicles or left unattended for any reason while out of the office. 

Staff may also remotely access the office network from a personal computer. Such access is only permitted if the computer has technology safeguards equal to, or better than, those on the computers belonging to our organization. Under no circumstances may Staff store data from our office network on a personal computer. 

Regular Review of Safeguards

We recognize that technology and security measures evolve at a remarkable pace so at TABIA we annually review our personal information safeguards with our Information Technology consultants and in-house experts. We want to ensure that our safeguards exceed industry best-practice. 

Data Breach

Despite our safeguards and our best efforts, it is still possible that someone could infiltrate our systems and take personal information.   In the event of such a data breach, TABIA adheres to the breach reporting requirements set out in PIPEDA (or the regulations thereto).   This can include directly notifying you where we determine, in our reasonably exercised discretion, that there is a real risk of significant harm. 

We will also investigate the nature and cause of the breach and take whatever steps we deem necessary to improve our safeguards and minimize the chances of the breach occurring again

 

Open Privacy Practices

It is our practice to post the most up-to-date version of this Privacy Policy on our website at www.digitalmainstreet.ca.

Your Ability to Access Your Information

You may review any personal information we have on you in our files by making a written request to our Privacy Information Officer at the address above.   

Please include sufficient details in your request about the type of information that you would like to see about yourself.  Please sign your request and send it by regular mail and we will contact you within 30 days of receipt.  Please note that we only respond if you are making a request relating to your own personal information.  We will not grant access to personal information about someone else. 

We will be pleased to provide you with access to your personal information as long as it does not fall within an express PIPEDA exception.  Examples of such exceptions include information protected by solicitor-client privilege; information generated in the course of a formal dispute resolution process; information about another individual where disclosure would reveal confidential commercial information; or information disclosed to the police or other lawful authorities where we are required to withhold disclosure. 

Costs and Fees

Please note that summary information is available on request, subject to the terms above, but more detailed requests requiring archive or other retrieval costs may be subject to our normal professional and disbursement fees. 

Questions or Concerns

Should you have any questions or concerns about this Privacy Policy or how we handle your information-access request, please direct them to our Privacy Information Officer.  He or she will be pleased to respond and if necessary investigate the matter. 

We reserve the right to change our Privacy Policy at any time by posting a new version on our web site.  In the event of a conflict between this version and another, the version that is later in time prevails. 

Version of December 12, 2018 as of 3:08:33 PM (EST)

Ready to get started?

-or-