Privacy Policy

EventIQ Inc. (“EventIQ”) is a Canadian company headquartered in the Province of Alberta that services the needs of North American organizations, which are primarily not-for-profit organizations, that host, promote, conduct and administer events. One of our tenants of operational excellence is the methods and standards we provide around the protection of personal information both collected on behalf of and disclosed to our customers and other third parties in all of our business operations. The EventIQ Privacy Policy (“Privacy Policy”) is a formal statement of principles and guidelines concerning the minimum requirements for the protection of personal information provided by EventIQ Inc. to its employees, customers and other individuals whose personal information is collected by EventIQ. The objective of the EventIQ Privacy Policy is to promote responsible and transparent practices in the management of personal information, in accordance with the provisions of the Personal Information Protection and Electonic Documents Act (Canada), the Personal Information Protection Act (Alberta), the regulations enacted thereunder, and any other applicable legislation or regulations. EventIQ will continue to review its Privacy Policy to ensure it is relevant and remains current with changing technologies and laws. Most importantly, EventIQ wants to ensure it continues to meet the evolving needs of our employees, customers and other individuals whose personal information is collected by EventIQ.

Scope and Application

The ten principles, which form the basis of the EventIQ Privacy Policy, are interrelated and EventIQ shall adhere to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. The commentary in the EventIQ Privacy Policy has been tailored to reflect personal information issues specific to EventIQ. The scope and application of the EventIQ Privacy Policy are as follows:

  • The Privacy Policy applies to personal information about EventIQ customers and employees that is collected, used, or disclosed by EventIQ.
  • The Privacy Policy applies to the management of personal information in any form whether oral, electronic or written.
  • The Privacy Policy does not impose any limits on the collection, use or disclosure of the following information by EventIQ:
    • a customer’s name, address, telephone number and e-mail address, when listed in a directory or available through directory assistance;
    • an employee’s name, title, business address (including e-mail address) or business telephone or fax number; or
    • other information about the customer or employee that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act (Canada), the Personal Information Protection Act (Alberta) or other applicable legislation.
  • The Privacy Policy does not apply to information regarding EventIQ corporate customers; however, such information is protected by other EventIQ policies and practices, if any, and through contractual arrangements.
  • The application of the EventIQ Privacy Policy is subject to the requirements and provisions of Part 1 of the Personal Information Protection and Electronic Documents Act (Canada), the Personal Information Protection Act (Alberta), the regulations enacted thereunder, and any other applicable legislation or regulations.

Definitions

  • Collection – means the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
  • Consent – means a voluntary agreement to collect, use and disclose of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of EventIQ. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
  • Customer – means an individual who uses, or applies to use, EventIQ products or services, where such individual is n individual carrying on business alone as a sole proprietorship or in partnership with other individuals.
  • Disclosure – means making personal information available to a third party.
  • Employee – means an employee of EventIQ.
  • Personal information – means information about an identifiable customer or employee, but does not include aggregated information that cannot be associated with a specific individual. For a customer, such information includes a customer’s credit information, dependent information, medical information, and any personal preferences. For an employee, such information includes information found in personal employment files, performance appraisals, and medical and benefits information, but does not include the employee’s name, title, business address (including e-mail address) or business telephone or fax numbers.
  • EventIQ – means EventIQ Inc. and its subsidiary companies, as they may exist from time to time.
  • Third party – means an individual or organization outside EventIQ.
  • Use – means the treatment, handling, and management of personal information by and within EventIQ.
EventIQ Privacy Principles
PRINCIPLE 1 – ACCOUNTABILITY

EventIQ is responsible for personal information under its control and shall designate one or more persons who are accountable for EventIQ compliance with the following principles.

  • Responsibility for ensuring compliance with the provisions of the EventIQ Privacy Policy rests with the senior management of EventIQ, which shall designate one or more persons to be accountable for compliance with the Privacy Policy. Other individuals within EventIQ may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information.
  • EventIQ shall make known, upon request, the title of the person or persons designated to oversee EventIQ compliance with the EventIQ Privacy Policy.
  • EventIQ is responsible for personal information in its possession or control. EventIQ shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Principle 7).
  • EventIQ shall implement policies and procedures to give effect to the EventIQ Privacy Policy, including:
    • implementing procedures to protect personal information and to oversee EventIQ compliance with the EventIQ Privacy Policy;
      establishing procedures to receive and respond to inquiries or complaints;
    • training and communicating to staff about EventIQ policies and practices; and
    • developing public information to explain EventIQ policies and practices.
PRINCIPLE 2 – IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION

EventIQ is responsible for personal information under its control and shall designate one or more persons who are accountable for EventIQ compliance with the following principles. Responsibility for ensuring compliance with the provisions of the EventIQ Privacy Policy rests with the senior management of EventIQ, which shall designate one or more persons to be accountable for compliance with the Privacy Policy. Other individuals within EventIQ may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information.

  • EventIQ shall make known, upon request, the title of the person or persons designated to oversee EventIQ compliance with the EventIQ Privacy Policy.
  • EventIQ is responsible for personal information in its possession or control. EventIQ shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Principle 7).
  • EventIQ shall implement policies and procedures to give effect to the EventIQ Privacy Policy, including:
    • implementing procedures to protect personal information and to oversee EventIQ compliance with the EventIQ Privacy Policy;
  • Establishing procedures to receive and respond to inquiries or complaints;
    • training and communicating to staff about EventIQ policies and practices; and
    • developing public information to explain EventIQ policies and practices.
PRINCIPLE 3 – OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION

The knowledge and consent of a customer or employee are required for the collection, use, or disclosure of personal information, except where inappropriate. In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual.

For example, EventIQ may collect or use personal information without knowledge or consent if it is clearly in the interests of the individual and consent can not be obtained in a timely way, such as when the individual is seriously ill or mentally incapacitated.

EventIQ may also collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law.

EventIQ may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.

EventIQ may disclose personal information without knowledge or consent to a lawyer representing EventIQ, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required or authorized by law.

  • In obtaining consent, EventIQ shall use reasonable efforts to ensure that a customer or employee is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee.
  • Generally, EventIQ shall seek consent to use and disclose personal information at the same time it collects the information. However, EventIQ may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
  • EventIQ will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes.
  • In determining the appropriate form of consent, EventIQ shall take into account the sensitivity of the personal information and the reasonable expectations of its customers and employees.
    In general, the use of products and services by a customer, or the acceptance of employment or benefits by an employee, constitutes implied consent for EventIQ to collect, use and disclose personal information for all identified purposes.
  • A customer or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers may contact EventIQ for more information regarding the implications of withdrawing consent.
PRINCIPLE 4 – LIMITING COLLECTION OF PERSONAL INFORMATION

EventIQ shall limit the collection of personal information to that which is necessary for the purposes identified by EventIQ. EventIQ shall collect personal information by fair and lawful means.

  • EventIQ collects personal information primarily from its customers or employees.
  • EventIQ may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties who represent that they have the right to disclose the information.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION

EventIQ shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. EventIQ shall retain personal information only as long as necessary for the fulfillment of those purposes.

  • EventIQ may disclose a customer’s personal information to:
    • organization for which the information is being collected as consented to prior to collection;
    • a person who in the reasonable judgment of EventIQ is seeking the information as an agent of the customer;
    • a company involved in supplying the customer with association or association related services;
    • a company or individual employed by EventIQ to perform functions on its behalf, such as research or data processing;
    • an agent used by EventIQ to evaluate the customer’s creditworthiness or to collect the customer’s account;
    • a credit reporting agency;
    • a public authority or agent of a public authority, if in the reasonable judgment of EventIQ, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information; and
    • a third party or parties, where the customer consents to such disclosure or disclosure is required by law;
    • another comment or individual for the development, enhancement, marketing or delivery of any EventIQ products or services.
  • EventIQ may disclose personal information about its employees:
    • for normal personnel and benefits administration;
    • in the context of providing references regarding current or former employees in response to requests from prospective employers; or
    • where disclosure is required by law.
  • Only EventIQ employees with a business need to know, or whose duties reasonably so require, are granted access to personal information about customers and employees.
  • EventIQ shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer or employee, EventIQ shall retain, for a period of time that is reasonably sufficient to allow for access by the customer or employee, either the actual information or the rationale for making the decision.
  • EventIQ shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.
PRINCIPLE 6 – ACCURACY OF PERSONAL INFORMATION

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

  • Personal information used by EventIQ shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer or employee.
  • EventIQ shall update personal information about customers and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
PRINCIPLE 7 – SECURITY SAFEGUARDS

EventIQ shall protect personal information by security safeguards appropriate to the sensitivity of the information.

  • EventIQ shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures which may include physical, organizational and technological measures. EventIQ shall protect the information regardless of the format in which it is held.
  • EventIQ shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
    All of EventIQ employees with access to personal information shall be required to respect the confidentiality of that information.
PRINCIPLE 8 – OPENNESS CONCERNING POLICIES AND PRACTICES

EventIQ shall make readily available to customers and employees specific information about its policies and practices relating to the management of personal information.

  • EventIQ shall make information about its policies and practices easy to understand, including:
    • the title and address of the person or persons accountable for EventIQ compliance with the EventIQ Privacy Policy and to whom inquiries or complaints can be forwarded;
    • the means of gaining access to personal information held by EventIQ; and
    • a description of the type of personal information held by EventIQ, including a general account of its use.
  • EventIQ shall make available information to help customers and employees exercise choices regarding the use of their personal information and the privacy enhancing services available from EventIQ.
PRINCIPLE 9 – CUSTOMER AND EMPLOYEE ACCESS TO PERSONAL INFORMATION

EventIQ shall inform a customer or employee of the existence, use, and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

  • Upon request, EventIQ shall afford customers and employees a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time, and at a minimal or no cost to the individual.
  • In certain situations, EventIQ may not be able to provide access to all the personal information that it holds about a customer or employee. For example, EventIQ may not provide access to information if doing so would likely reveal personal information about a third party or could reasonable be expected to threaten the life or security of another individual. Also, EventIQ may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor – client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, EventIQ shall provide the reasons for denying access upon request.
  • Upon request, EventIQ shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, EventIQ shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
  • In order to safeguard personal information, a customer or employee may be required to provide sufficient identification information to permit EventIQ to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
  • EventIQ shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, EventIQ shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
  • Customers can obtain information or seek access to their individual files by contacting a designated representative at EventIQ business offices.
  • Employees can obtain information or seek access to their individual files by contacting their immediate supervisor within EventIQ.
PRINCIPLE 10 – CHALLENGING COMPLIANCE

A customer or employee shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for EventIQ compliance with the EventIQ Privacy Policy.

  • EventIQ shall maintain procedures for addressing and responding to all inquiries or complaints from its customers and employees about EventIQ handling of personal information.
  • EventIQ shall inform its customers and employees about the existence of these procedures as well as the availability of complaint procedures. 10.3. The person or persons accountable for compliance with the EventIQ Privacy Policy may seek external advice where appropriate before providing a final response to individual complaints. procedures as well as the availability of complaint procedures. 10.3. EventIQ shall investigate all complaints concerning compliance with the EventIQ Privacy Policy. If a complaint is found to be justified, EventIQ shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or employee shall be informed of the outcome of the investigation regarding his or her complaint.
Contact Information

For questions relating to EventIQ’s Privacy Policy, please contact our Privacy Officer at: privacy@eventiq.com

For a copy of the Personal Information Protection and Electronic Documents Act, please access the Privacy Commissioner of Canada web site at www.privcom.gc.ca. For a copy of the Personal Information Protection Act, please access the Information Management, Access & Privacy web site at www.psp.gov.ab.ca