Privacy Policy

Introduction

The privacy of your personal information is important to the Energy Futures Lab, a Solution Space of The Natural Step (Canada) Inc (herein known as TNS Canada). 

This Privacy Policy governs the collection, use, and disclosure of personal information by TNS Canada on our websites https://energyfutureslab.com/ and their subdomains.

We are committed to protecting the privacy and confidentiality of personal information in compliance with the mandatory requirements and your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

What personal information do we collect about you?

TNS Canada collects personal information from you when you provide it to us directly, and indirectly through your use of our websites. This information may include the following kinds of personal information:

• information you provide to us in order to sign up for our newsletters (e.g. your name, email address, phone number and company);
• information that you provide for the purpose of registering or creating a user account; 
• information collected automatically using Google Analytics (e.g. usage, session information, IP addresses, browser characteristics (User Agent), and timestamp);
• records of your interactions with us (e.g. if you reach out or request support via email or another method).

In addition, this website utilizes the LinkedIn Insight Tag, which enables the collection of data regarding LinkedIn members’ visits, including the URL, usage, session information, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching LinkedIn members across devices), and direct identifiers are removed by LinkedIn within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted by LinkedIn within 180 days. LinkedIn only shares aggregate, anonymized data with us, and not the personal information of its members. We do not attempt to disaggregate data that LinkedIn reports in aggregate (and the same is true of how we treat Google Analytics data).

Other than the LinkedIn Insight Tag, we do not collect user-specific cookies (i.e. cookies are used to provide functionality without any personal information) and do not share user-specific information between our websites or technology providers, other than as explicitly stated below. Other than the LinkedIn Insight Tag, we do not collect or deploy 3rd party cookies.

We do not combine non-personally identifiable information collected through third-party tracking with any personal data you provide us to sign up for our newsletters. We only collect personal information that is relevant and necessary for the purposes identified in this Policy or as required by law.

If you don’t wish to have your activity tracked on our website, we respect the Do Not Track setting in your browser.

What do we use this personal information for?

Depending on how you use our websites, your interactions with us, and the permissions you give us, we may use your personal information to:

• send you marketing communications (MailChimp, Vertical Response, and directly through our email provider Google Workspace) where you have opted-in and given explicit consent;
• communicate with you with respect to your participation or potential participation in our work;
• comply with our legal and regulatory obligations;
• administer our websites and maintain and monitor their usage;
• personalise our websites for you and to show you content we think you will be most interested in, based on your browsing activity on our sites;
• investigate any complaints or contraventions of our terms and conditions; and
• for security purposes, to investigate fraud and where necessary to protect ourselves and third parties.

Our usage of the LinkedIn Insight Tag provides us with reports (which do not identify its members) about our website audience and advertising performance, including aggregate audience insights that we may use to improve our advertising relevance and reach. We may also use information about LinkedIn member visits to this website to target advertisements on LinkedIn to members who have visited this website (retargeting) – this is done without identifying the LinkedIn member. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.

We do not use personal information for any other purpose unless we obtain consent or as required by law. 

Who do we share your personal information with?

TNS Canada may share your personal information with third parties in the following circumstances:

• with our suppliers and service providers where they provide services to us which involves them handling personal information on our behalf, including but not limited to Airtable, Celonis, Google Workspace, LinkedIn, MailChimp, Softr, Vertical Response, and Zapnito subject to appropriate confidentiality and security safeguards;
• with our professional and legal advisers;
• with employees of TNS Canada, Smart Prosperity Institute, and related entities;
• with third parties engaged in fraud detection or prevention;
• with law enforcement or other governmental authorities, when legally required to do so; and
• in the event that the assets of the TNS Canada are acquired by another entity, personal information may be transferred to the acquiring party;

We do not sell, rent, or trade personal information to third parties for their marketing purposes.

Securing and retaining your personal information

TNS Canada will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information. We retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We store all personal information on secure servers provided by our service providers, with security standards aligned with the following technical specifications:

• Require strong authentication and long passwords (per OWASP authentication cheat sheet)
• Cloud services must be ISO 27001 certified
• All data transferred over the internet must use TLS 1.2 or higher with a RSA public key of a minimum size of 2048 bits (HTTPS)
• Enterprise-grade security on the application, at a minimum adequately defending against application security vulnerabilities in the OWASP Top 10 (https://owasp.org/www-project-top-ten/)

Access and corrections to your personal information

We provide your self-service access to some of your personal information, and a manner with which to update it, directly on MailChimp and Vertical Response. To access other information not available through these self-service means, or to address any concerns about the handling of personal information, you may contact our Privacy Officer using the contact information provided below.

Updating this statement

We may update this Policy from time to time to reflect changes in our practices or legal requirements. The updated Policy will be posted on our websites, and the effective date will be indicated.

You should check these pages occasionally to ensure you are familiar with any changes.

Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer, the VP Systems, Planning & Special Projects at privacy@naturalstep.ca.