This Policy is Touchstone’s way of making sure you are fully informed and affirms our commitment to maintaining the accuracy, confidentiality, and security of Personal Information. Touchstone respects your privacy and is committed to protecting your Personal Information in line with all applicable laws and regulations governing the Processing of Personal Information.
Effective Date and Right to Withdraw Consent
This Policy is effective as of the date “Last Updated”, above, and will remain in effect except with respect to any of its provisions that are changed in the future. We reserve the right to change this Policy at any time, and we will notify you of such changes. Changes, modifications, additions, or deletions will be posted to the Website and Application. Subject to the notice that you will receive, your continued use of the Website or Application after we post any such modifications will constitute your acknowledgement of the modified Policy and your agreement to abide and be bound by the modified Policy. We will also revise the “Last Updated” date found at the beginning of this Policy when we post changes to it. Changes to this Policy will otherwise be made in accordance with the terms of this Policy.
Subject to certain legal and contractual limitations, you have the right to withdraw your consent from us Processing your Personal Information. This may limit our ability to provide you with our services, act on your behalf or engage with you as you would like. To withdraw your consent to certain Processing by Touchstone, you may declare to the Privacy Officer (contact information provided below) in writing, at any time, of your desire to withdraw consent. Touchstone will inform you of the implications of such withdrawal and will implement your request within thirty (30) days of your written request. Any withdrawal of consent will apply thereafter and not to information handling practices that have been previously undertaken based on prior consent.
Touchstone will not knowingly obtain consent from those individuals who are minors, seriously ill, or mentally incapacitated and we shall therefore obtain consent from a parent, legal guardian or person having power of attorney of such an individual.
If you are an individual who is a minor, you must access or use the Website or the Application only with the permission and involvement of your parent or guardian.
As previously mentioned, we may make unilateral changes to this Policy. When doing so, we will: (a) send you a notice that specifies the elements of the contract that will be amended unilaterally; and (b) send you, at least 30 days before the amendment comes into force, a written notice setting out exclusively the new clause, or the amended clause and the clause as it read formerly, the date of the coming into force of the amendment and your rights to refuse the amendment and rescind or cancel the contract without cost, penalty or cancellation indemnity by sending us a notice to that effect no later than 30 days after the amendment comes into force, if the amendment entails an increase in your obligations or a reduction in ours. Such amendment will not apply to essential elements of the Policy.
Collection and Processing of Your Personal Information
Types of Personal Information Collected and Processed
The Personal Information which Touchstone may collect includes, but is not limited to:
- Contact and identifying information including your name, email address, phone number, jurisdiction of residence, native language, education, work history, certifications and other professional details.
- Login information including username and password.
- Written and audio speech samples in the form of audio or video files, written transcripts and various forms and written activities.
- User information and inputs including messages and images uploaded / shared as part of a public forum, message boards and user chats.
- Feedback on your experience using the Website or the Application.
- Communications information including your communication preferences.
- Computer information including device type, device identifiers, IP address, MAC address, location, browser type, operating system and platform, protocol, sequence information, cookies, beacons, pixel tags, browser language and type, and domain name system requests.
- Internet or other electronic network activity including browsing, session, interaction, search history, duration of use, frequency of use, material and pages viewed, time and date of access, number of bytes transferred, number of clicks per visit and other user behaviour related to our website.
- Other information which you voluntarily provide to us, our employees, or our contractors.
In addition, if you contact us, we may keep a record of your communication to help solve any issues you might be facing.
Purposes for Collection and Processing of Personal Information
Personal Information may be collected by Touchstone for purposes that include, but are not limited to:
- Maintaining and improving our products and services and otherwise running and managing our organization in the ordinary course, and keeping our records up to date.
- Providing you with any services you have requested from us, and accessing and using services, the Website and the Application.
- Receiving communications from us in regard to e-news, emails, bulletins, notifications, newsletters, programs, events and activities, from which you can opt-out at any time.
- Assisting you when you contact our customer support services, including to direct your questions to appropriate individuals, investigate and address any of your concerns, and to improve and monitor our customer support responses.
- Administering and protecting our business, the Website and the Application, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.
- Using data for business development and market research to understand demographics, interests, usage patterns, and other characteristics of individuals and to track and analyze trends and patterns.
- Complying generally with all laws and applicable statutory requirements.
Methods of Collection of Personal Information
Personal Information may be collected by Touchstone in a number of ways, including in person, our website, by mail, by email, from our applications or other software, and from third parties whom you have authorized to disclose Personal Information to us.
If you provide information about a third party or authorize a third party to do so, we will assume you have taken proper measures to obtain informed consent.
(b) Cookies and Web Beacons
(c) Clickstream Data
When you visit the Touchstone Website, we may also collect clickstream data (e.g. server address, domain name, device type, browsing software) which may be stored on the Website’s server. We may use clickstream data for traffic analysis or e-commerce analysis of the Website.
(d) Mobile Information
Touchstone’s Website and Application features may be accessible from web-enabled mobile devices. The intent is to provide screens that are optimized for the size of the screen and operating systems. On some devices, functionality may be limited. If you use mobile-enabled services provided by our Website and Application, we may receive information about you from your mobile device.
(e) Social Media
If you post a review, make a comment, or otherwise submit Personal Information on a public forum such as social media accounts or public forums on our Website or Application, your communications may be viewable by the public. When voluntarily disclosing Personal Information about yourself with other Touchstone users, we are unable to control what may be done with that content. You should take all necessary precautions to protect your private information by not posting or publishing any information that you do not want in the public domain. While we strive to provide the highest level of confidentiality, you should review your personal privacy settings to further restrict any or all parts of your profile or other certain content or information.
Touchstone may collect Personal Information when you interact with our Website or Application, including when you access the Website or Application, request or receive services, register or create or edit your account, sign up to receive newsletters and information, fill out online surveys or forms, send or respond to our emails, or otherwise communicate with us.
Use of Automated Decision System
Touchstone utilizes technology which may collect Personal Information to make predictions, recommendations or decisions about you based exclusively on the automated processing of your Personal Information. You may request information with respect to any automated decisions that have been made based on the collection of your Personal Information, and the reasons and parameters which led to that decision. You may also correct the Personal Information that was used to render the prediction, recommendation or decision, and have the right to submit observations to the Privacy Officer who may review and re-assess the decision which was made by automated means.
Sharing of Personal Information with Third Parties
Although you are entering into an agreement to disclose your Personal Information to Touchstone pursuant to this Policy, strictly for the purposes identified in this Policy, we may delegate our authority for Processing of your Personal Information to third party individuals and organizations who assist us with providing our services and administering our business, and for such other purposes as set forth below, including:
- Contractors and affiliates, including companies we use for storage, processing, and delivery of services.
- Administrative and technical support, including cloud storage providers, IT support, and data analytics providers.
We may also disclose Personal Information in situations where we are legally required or permitted to do so. These situations may include criminal investigations, government tax reporting requirements, court orders, or instances where we believe the rights and safety of others may be at risk.
If you believe that a third party has inappropriately disclosed your Personal Information to us, please contact that third party directly. If the third party does not sufficiently respond to your inquiries, please let us know immediately.
Managing Your Personal Information
Limiting the Collection and Processing of Personal Information
Touchstone takes care to ensure that Personal Information you provide to us is accessed internally only by individuals that require access to perform their tasks and duties, and externally only by service providers with a legitimate purpose for accessing it. We will not use or disclose any collected Personal Information outside of the purposes described in this Policy unless you have otherwise consented or it is required or permitted by law.
We do not sell, trade, rent or otherwise share for marketing purposes the Personal Information that we collect with third parties, unless you consent or authorize us to do so. We limit the Personal Information provided to the aforementioned affiliate and third-party service providers to the extent necessary for them to provide the services. We do not allow these third-party service providers to use your Personal Information for their own purposes and only permit them to access and process your Personal Information for specified purposes and in accordance with our instructions. Such service providers are required by contract to safeguard any Personal Information disclosed or transferred by us.
Accuracy of Personal Information
Touchstone takes all reasonable steps to keep your Personal Information as accurate, complete and up-to-date as necessary to fulfill the purpose for which your Personal Information has been collected. If desired, you may verify the accuracy and completeness of your Personal Information in our records with our Privacy Officer.
Despite our efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date Personal Information in your file, we will remedy any such errors on a timely basis. You may request correction of the Personal Information we hold about you, though we may need to verify the accuracy of the new information you provide to us. If inaccurate Personal Information is mistakenly sent to a third party, we will communicate relevant changes to the third party where appropriate.
Retention of Personal Information
Touchstone will store your Personal Information only for as long as is reasonably necessary to fulfill the purpose for which the Personal Information was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Once your Personal Information is no longer needed, we will securely and effectively dispose of it.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Request for Access to Personal Information and Processing
You may request access to your Personal Information, which enables you to receive a copy of the Personal Information we have collected from you and information about how we are Processing it. We may need to request specific information from you to help us confirm your identity and right to access your Personal Information. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. Touchstone may not always be able to comply with your request for access to Personal Information for specific reasons which you will be notified of, if applicable, at the time of your request.
Request for Deletion or Removal of Personal Information
Subject to legal and contractual requirements and reasonable notice, you may withdraw your consent at any time or request that we delete your Personal information. We may not always be able to comply with your request for deletion of Personal Information for specific legal reasons which you will be notified of, in writing, within thirty (30) days of the time of your request. Please note that, without such consent, we may not be able to provide you with services or products if your Personal Information was necessary for us to be able to provide them.
Request for Transfer of Personal Information
You may request the transfer of your Personal Information to a third party. Touchstone will provide your Personal Information to the third party you have chosen in a structured, commonly used, machine-readable format. This request may only apply to automated information which you initially provided consent for us to use or where we used the Personal Information to perform a contract with you.
Protecting Your Personal Information
Integrity and Security
Touchstone uses industry standard measures, including administrative, organizational, technical, and physical safeguards, to help protect Personal Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We implement measures and processes to help us to keep your Personal Information secure and to maintain its quality, such as keeping electronic files in a secured environment with restricted access and use. We regularly review our security and related policies to adapt the technology as new threats evolve and monitor our systems to help ensure the highest level of availability. If you have any questions about the security of our Website, you can reach out to our Privacy Officer.
Access to private, sensitive and confidential information, including Personal Information, is restricted to authorized employees or contractors with legitimate business reasons. Touchstone’s employees and contactors understand the importance of keeping your Personal Information private. All employees and contractors are expected to maintain the confidentiality of Personal Information.
Despite the foregoing security measures and significant steps Touchstone has taken to protect your Personal Information, no company can fully eliminate all security risks associated with the Processing of Personal Information. With that in mind, we cannot guarantee the security of any Personal Information provided to or received by us. We encourage you to provide only the Personal Information you are comfortable with providing to a third party, keep watch for communications that are suspicious, and report any suspicious activity to us as soon as possible.
In the event there has been a breach of our security safeguards which involve your Personal Information, including the unauthorized access, use or disclosure of your Personal Information, loss of your Personal Information, or other breach, and where there is a risk that significant harm will come to you as a result of that breach, Touchstone will notify you within thirty (30) days of the breach and report the breach to the Privacy Commissioner.
Website and Applications
Governed by This Policy
Our Website, the Application and any other applications available from our Website or third-party platforms (including the iTunes Store and Google Play) are governed by the provisions and practices stated in this Policy. Our Website and Application and any such other applications described in the preceding sentence may contain links to third party sites or applications that are not governed by this Policy. Although we endeavour to only link to sites or applications that share our commitment to your privacy, please be aware that this Policy will no longer apply once you leave our Website, the Application or such other applications, as applicable, and that we are not responsible for the privacy practices of third party sites or applications. We therefore suggest that you closely examine the respective privacy policies of third-party sites and applications to learn how they collect, use and disclose your Personal Information.
Outside of Canada
Personal Information provided to our service providers may be stored outside of Canada. You acknowledge and agree that, as a result, your Personal Information may be processed, used, stored or accessed in other jurisdictions and may be subject to the laws of those jurisdictions. For example, information may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in other countries.
Addressing Your Inquiries and Concerns
Your privacy is very important to us. We are happy to provide you with a copy of this Policy and to discuss any of its contents with you.
Touchstone’s Chief Executive Officer is responsible for the implementation of this Policy and
monitoring our adherence to its terms and all applicable laws. The Chief Executive Officer also
handles questions and concerns about our Policy, as well as Personal Information access requests,
the exercise of individual rights and complaints. The Chief Executive Officer may be contacted at:
Chief Executive Officer, Touchstone Institute
145 Wellington Street West, Suite 600
Toronto, ON M5J 1H8