Our Commitment to Privacy
At Stenberg College International (collectively “We”, “Us”, “Our” or “the Company”), we are committed to providing our potential students, current students, alumni and industry professionals with exceptional service. As providing this service involves the collection, use and disclosure of personal information about our potential students, current students, alumni and industry professionals, protecting their personal information in an appropriate, responsible and ethical manner is one of our highest priorities.
While we have always respected our potential students, current students, alumni and industry professionals’ privacy and safeguarded their personal information, we have strengthened our commitment to protecting personal information in accordance with all applicable Provincial and Federal Privacy laws.
We will inform our potential students, current students, alumni and industry professionals of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy, in compliance with PIPEDA, informs everyone of our commitment to privacy and outlines the principles and practices by which privacy is ensured. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of all personal information within our possession and control and allowing the individual to which the information belongs to request access to, and correction of, their personal information.
Scope of this Policy
This policy also applies to any service providers collecting, using or disclosing personal information on behalf of the Company.
Definitions
Personal Information– means information about an identifiable individual or group of individuals including but not limited to name, date of birth, home address and phone number, e-mail address, education, employment information, social insurance number, credit card numbers, bank account numbers, assets, debts, liabilities, payment records, credit records etc. Personal information does not include standard employment/business contact information (described below).
Employment/Business Contact information– means information that would enable an individual to be contacted at work and includes name, position name or title, business telephone number, business address, business email or business fax number.
- Policy 1 – Collecting Personal Information
- Unless the purposes for collecting personal information are obvious and the potential student, current student, alumni and/or industry professional voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.
- We will only collect information from potential students, current students, alumni and industry professionals that is necessary to fulfill the following purposes:
- To verify identity;
- To deliver requested products and services;
- To efficiently and accurately enroll students to our academic institution;
- To contact our potential students, current students, alumni and industry professionals directly about products and services that may be of interest or added benefit to them;
- To communicate organizational news and events;
- To ensure a high standard of service to our potential students, current students, alumni and industry professionals;
- To meet regulatory requirements;
- To communicate financial matters;
- To ensure current student body is knowledgeable about School matters that are pertinent;
- When collecting personal information, we will use methods that are lawful and will not collect information indiscriminately
- Policy 2 – Consent
- We will obtain potential students, current students, alumni and industry professionals consent to collect, use or disclose personal information.
- Consent can be provided orally, in writing, electronically, through an authorized representative or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the potential students, current students, alumni and industry professionals voluntarily provides personal information for that purpose.
- Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), potential students, current students, alumni and industry professionals can withhold or withdraw their consent for the Company to use their personal information in certain ways.
- Potential students, current students, alumni and industry professional’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular service or product. If so, we will explain the situation to assist the potential students, current students, alumni and industry professionals in making the decision.
- The Company may use personal information without the individual’s consent under particular circumstances. These situations include, but are not limited to, situations where:
- The Company is under obligation by law to disclose personal information in order to adhere to the requirements of an investigation of the contravention of a provincial or federal law, under the purview of the appropriate authorities.
- An emergency exists that threatens an individual’s life, health, or personal security.
- The personal information is for in-house statistical study or research.
- The personal information is already publicly available.
- Disclosure is required to investigate a breach of contract
- Policy 3 – Using and Disclosing Personal Information
- We will only use or disclose potential students, current students, alumni and industry professionals personal information where necessary to fulfill the purposes identified at the time of collection.
- Under no circumstances will the Company sell, distribute, or otherwise disclose personal information or contact lists to third parties. However, limited disclosure may be required as part of the Company fulfilling its stated business duties and day-to-day operations. This may include consultants, suppliers, or business partners of the Company, but only with the understanding that these parties obey and abide by this Privacy Policy, to the extent necessary of fulfilling their own business duties and day-to-day operations.
- Policy 4 – Retaining Personal Information
- If we use potential students, current students, alumni and industry professionals’ personal information to make a decision that directly affects the potential students, current students, alumni and industry professionals we will retain that personal information for the duration it is needed for conducting business. Whenever and for however long personal information is held, the individual the information belongs to can request access to it.
- The Company will retain personal information only for the duration it is needed for conducting business. Once personal information is no longer required, it will be destroyed in a safe and secure manner.
- Notwithstanding policy 4.1, certain laws may require that certain personal information be kept for a specified amount of time. Where this is the case, the law will supersede this policy
- Policy 5 – Ensuring Accuracy of Personal Information
- We will make reasonable efforts to ensure that potential students, current students, alumni and industry professionals personal information is as accurate, complete and current as required for the purposes for which it was collected.
- We will not routinely update information unless it is necessary to fulfill the purposes for which it was collected.
- Potential students, current students, alumni and industry professionals may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought.
- If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information in the previous year. If the correction is not made, we will note the potential students, current students, alumni and industry professional’s correction request in the file.
- Policy 6 – Securing Personal Information
- We are committed to ensuring the security of personal information in our possession and control in order to protect it from unauthorized access, use, disclosure, duplication, modification or disposal or similar risks.
- Depending on the sensitivity of the information, appropriate security measures, physical measures, physical safeguards, and electronic precautions will be followed to ensure that personal information in our possession and control is protected.
- Access to personal information are authorized only for the employees and other agents of the Company who require the information to perform their job duties, and to those otherwise authorized by law.
- The Company’s computer and network systems are secured by complex passwords. Only authorized individuals may access secure systems and databases.
- Routers and servers connected to the Internet are protected by a firewall, and are further protected by virus attacks or “snooping” by sufficient software solutions.
- Data is housed in Canadian servers for our Cloud storage, as well, those servers are backed up to a datacenter in Canada.
- Hard copy files containing personal information are filed and locked in a secure cabinet.
- We will use appropriate security measures when destroying personal information no longer required for business purposes. Such measures as may include:
- professionally shredding and disposing of documents;
- permanently deleting electronically stored information
- We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
- Policy 7 – Providing Access to Personal Information
- Anyone whose personal information is in our possession and control have a right to access their personal information held by the Company, subject to limited exceptions such as;
- disclosure would reveal personal information about another individual
- disclosure would threaten the life or security of another individual the information cannot be disclosed for legal reasons, security purposes, or is subject to solicitor-client or litigation privilege.
- A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought.
- Upon request, we will, within a reasonable time period, provide details of personal information we have, for what it is being used, and to whom it has been disclosed if applicable.
- We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request.
- A minimal fee may be charged for providing access to personal information. Where a fee may apply, we will inform the individual making the request, of the cost and request further direction from the potential students, current students, alumni and industry professionals on whether or not we should proceed with the request.
- If a request is refused in full or in part, we will notify the individual making the request, in writing, providing the reasons for refusal and the recourse available to him/her.
- Anyone whose personal information is in our possession and control have a right to access their personal information held by the Company, subject to limited exceptions such as;
- Policy 8 – Questions and Complaints
- Potential students, current students, alumni and industry professionals may write to the Information and Privacy Commissioner of British Columbia and the Canadian Spam Reporting Centre at this link.
Online Privacy Policy
This Online Privacy Policy lets you know how your personal information is processed and used. We promise that we will take steps to use your personal information only in ways that are compatible with this Privacy Policy.
The following policies are only in effect for the webpages, newsletters, and opt-in announcement lists owned and operated by the Company. The Company’s Network includes all websites and certain other Internet media properties hyperlinked from the Company’s corporate website. The following discloses our Privacy Policy.
What information are you collecting and how are you collecting it?
Every computer connected to the Internet is given a domain name and a set of numbers that serve as that computer’s “Internet Protocol” or IP address. When a visitor requests a page from any website within any of our company Network, our web servers automatically recognize that visitor’s domain name and IP address. While IP addresses will be logged in order to administer the site, track visitor movement, and gather demographic information, these domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site.
Our web servers also collect information about the type of Internet browser you are using, operating system, as well as which of our Web pages you have accessed. This information is used to help our team develop websites to display properly for the majority of our visitors.
Our Web servers do not automatically record e-mail addresses of the visitors.
Does the Company use cookies?
Yes, we use cookies. A cookie is a small piece of data that is sent to your Internet browser from a web server and stored on your computer’s hard drive. Cookies are often used to provide you with a customized experience. At no time is any personal information stored within one of our cookies.
Accepting cookies through your browser is a personal choice. You can still enjoy any one of our websites if you choose not to accept cookies.
What information do you collect when I complete the “Contact Us” form?
Any information supplied through our contact forms is used to aid our business to respond to your request and provide you with the necessary information. Your phone number may be entered to receive text message updates from any one of our schools. You can unsubscribe to text message updates at any time. Your email address may be entered to receive our electronic newsletter. You can also unsubscribe to this newsletter at any time.
We also use third-party cloud-based web tools to store information for administrative purposes and facilitate email communication. These tools also provide information, through cookie tracking, about the content you are viewing on our website to help us provide a customized experience or information that might be of interest to you. The type of information stored is related to customer or potential customer browsing history of our online presence for the purposes of ensuring quality and relevant online content.
Will you disclose the information you collect to outside third parties?
We will not sell or otherwise provide the information we collect to outside third parties for the purpose of direct or indirect mass email marketing.
We will disclose personal information and/or an IP address, when required by law or in the good-faith belief that such action is necessary to:
- Cooperate with the investigations of purported unlawful activities and conform to the edicts of the law or comply with legal process served on the Company.
- Protect and defend the rights or property of the Company’s Network of sites and related properties, or visitors to the Company’s Network of sites and related properties.
- Identify persons who may be violating the law, the rights of third parties, or otherwise misusing the Company’s Network or its related properties.
What safeguards are in place?
We are obligated to protect your personal information by making reasonable security arrangements against such risks as unauthorized access, use, collection, disclosure or disposal. Security measures have been integrated into the design, implementation, and day-to-day operating practices as part of our commitment to protect the personal information it holds.
What else should I know about my privacy when online?
Our Company’s Network contains many hyperlinks to third party websites. We are not responsible for the privacy practices or the content of such third party websites or advertisers. We do not share any of the individual personal information you provide to the third parties. Please check with those websites to determine their privacy policy.
Please keep in mind that whenever you voluntarily disclose personal information online – for example through e-mail, discussion lists, or elsewhere – that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.
Ultimately, you are solely responsible for maintaining the secrecy of your personal information. Please be careful and responsible whenever you’re online.
Consent To This Agreement
By using the Company’s Network, you consent to the collection and use of information by the Company as specified above. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.
Anti-Spam Policy (CASL)
Intent
Stenberg College International (the Company) will ensure to act in accordance with Canada’s Anti-Spam Legislation (CASL) any time our organization makes use of commercial electronic messages (or CEMs).
Definitions (Under CASL)
Commercial Electronic Message (CEM): an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that:
- offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
- offers to provide a business, investment or gaming opportunity;
- advertises or promotes anything referred to in paragraph (a) or (b); or
- promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.
Commercial Activity: means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit, other than any transaction, act or conduct that is carried out for the purposes of law enforcement, public safety, the protection of Canada, the conduct of international affairs or the defense of Canada.
Electronic Address: means an address used in connection with the transmission of an electronic message to:
- an electronic mail account;
- an instant messaging account;
- a telephone account; or
- any similar account.
Electronic Message: means a message sent by any means of telecommunication, including a text, sound, voice or image message.
Implied Consent: means it is reasonable to conclude someone’s permission has been obtained to send them a CEM based on prior relationships (existing business relationships or existing non-business relationships).
Express Consent: means that a person actively gave permission to send them a CEM, either orally or in writing.
Existing Business Relationship: exists only where the recipient of a CEM has:
- Purchased, leased or bartered products, goods, services or land from the sender within two years before a message is sent;
- Accepted a business, investment or gaming opportunity from the sender within two years before a message is sent;
- Has an existing written contract with the sender about a matter other than in numbers one or two, or such a contract expired in the two years prior to the message; or
- Made an inquiry or application for products, goods, services, etcetera within six months before the message is sent.
Spam: any electronic commercial message sent without the express consent of the recipient(s). Spam is also used as the vehicle for the delivery of other online threats such as spyware, phishing and malware.
Guidelines
Stenberg understands the goal of the anti-spam legislation in Canada is to deter damaging and misleading forms of spam. Stenberg realizes that education and awareness are the key to ensuring the right steps are taken to combat spam and will make sure that the necessary parties within the organization become aware of CASL and the various rules and regulations that the legislation outlines. Stenberg will ensure that network security program, spam filters and anti-virus software is utilized at all times on all company computers and related technologies.
Commercial Electronic Messages (CEMs)
In order to achieve the goals of the anti-spam legislation, Stenberg will ensure to act in compliance with Canada’s Anti-Spam Legislation. In order to ensure compliance, commercial electronic messages (including email marketing) done by Stenberg will be based on a consumer opt-in approach. Stenberg will gain consent for commercial electronic messages purposes prior to sending commercial messages (including emails), unless we have a pre-existing business relationship with the client, candidate, business partner, independent contractor, or affiliate, as in these particular cases consent is considered to be implied.
Stenberg shall ensure the following practices are followed when using electronic messaging:
- Determine generally how CASL applies to the company’s operations, advertising, IT, and marketing activities particularly.
- Create a comprehensive inventory of all current contact lists to determine whether consent is express, implied or a CASL exception applies. This list will be updated every six months, at least.
- Establish a procedure for maintaining a list of recipients who gave implied consent. Because implied consent expires at the two year anniversary of a transaction Stenberg will upgrade implied consent to express consent before this two year anniversary as express consent does not have an expiry date, unless the recipient unsubscribes.
- Create standardized templates that CEMs must utilize. Each template will include the mandatory identity and contact information, along with a compliant unsubscribe mechanism.
- Include all essential company information predominantly within the message such as the our name and contact information (including address and phone number)
- Include an opt-in approach to allow subscribers to confirm they want Stenberg`s messages
- Include an opt-out (or unsubscribe) message that is simple and conscious within the email
- Include a confirmation page for the unsubscribe request that includes the date of the request was submitted
- Create a comprehensive list of categories of CEMs sent out by the organization.
- Create an adequate system that records each instance of express consent obtained. If consent is written, Stenberg will record when, why, and the manner in which it was obtained. If consent is oral, Stenberg will retain a complete and unedited audio recording, or determine a means of verifying with an independent third party.
- Practice due diligence while constantly establishing procedures for monitoring the organization’s compliance and responding to violations.
Train necessary members of the organization about CASL and implement policies for compliance.
Alteration of Transmission Data
Stenberg will not participate in the unauthorized alteration of transmission data. Unless express consent has been received, no technical measures will ever be used to redirect or deliver a message to a destination other than, or in addition to, the one specified by the sender.
Note: For further information on Canada’s Anti-Spam Legislation, visit Government of Canada Introduces Anti-Spam Legislation (CASL).