Outline icon of a gear connected to dots How We Process Data

At Environics Analytics (EA), we don’t collect data directly from consumers to create our data products. Instead, EA partners with different companies who share non-personally identifiable information with EA. For the data we use to build our data products, we follow a Data Ingestion process comprised of the following steps:

  • Scrutinize Data Supplier and Potential Data
  • Execute Privacy Impact Assessments
  • Sign Legal Paperwork
  • Receive Data from Data Supplier

Before we create any data products, we conduct a Privacy Impact Assessment (PIA) to identify any potential privacy risks. Environics Analytics first meets a potential Data Supplier to develop a business relationship. This process is governed by the "Data Sources and Data Products" policy within EA's Privacy Policy. Environics Analytics determines if there is a fit for the supplier's data into one of our data products.

If the Data Supplier passes the preliminary assessment, EA works on formalizing an official business relationship. The first step in this process is to ensure that the Data Supplier has satisfied the legal requirements that enables them to share data with Environics Analytics. This check is done by executing a Vendor Risk Assessment (VRA) and ensuring that the Data Supplier has obtained the proper consent to share the data. This process is governed by the "Privacy Management Program" policy contained within EA's Privacy Policy.

Under Quebec Law 25, de-identified data should be given the same protection rights as Personal Information. As such, Environics Analytics assumes that any data received from Quebec is Personal Information, and the user must grant appropriate consent before it can be shared with EA by the Data Supplier. After the VRA has been executed, if the Data Supplier satisfies the above criteria in their privacy notice, we agree that they have obtained proper consent to share data with EA.

Environics Analytics does not create data products using "Personal Information" and therefore, does not receive personal information from its data providers. Therefore, no express consent should be required to share this type of data with EA.

Since not all data that Environics Analytics uses in its data products relates to individuals (store locations, for example), the VRA will determine if the data collected is appropriate for obtaining meaningful consent by determining the risk to the individual if the information was breached. If the Privacy Office determines that the data collected is not attributable to an individual, then the Data Supplier will not need to satisfy valid consent requirements.

In addition to reviewing privacy risks, a Vendor Risk Assessment will be conducted by the Compliance Office for the Data Supplier to determine if they have the proper security safeguards to prevent a data breach. This process will also investigate the Data Provider to review:

  • What Privacy Enhancing Technologies they employ
  • How they have implemented Privacy Solutions in their data flows
  • The technical specifications that preserve privacy
  • How they have integrated privacy concerns into their data collection process

Those companies who provide us with data must sign a contract and adhere to the supplier code of conduct. Click here to review our Supplier Code of Conduct.

Meeting the Highest Standard of Privacy

Privacy by Design ISO 31700-1 certification validates that a company fully integrates privacy and data protection principles into the design and development of products, services, and systems from the outset.

Meeting the Highest Standards of Security

Questions? Concerns? Contact Us.

Environics Analytics (EA) has appointed a Chief Privacy Officer (CPO) to ensure accountability and effectively manage a privacy management program designed to protect privacy and set policies and processes. To report security incidents, express concerns and feedback regarding EA’s privacy and security practices, please email, phone, or mail the Chief Privacy Officer using the information below.

In addition, requests for individual access or any other inquiry regarding our privacy practices, please get in touch with the Chief Privacy Officer using the same information below.

EA will respond in a timely manner to your requests.

 

Person in Charge for Privacy

James P. Smith - Environics Analytics Chief Privacy Officer

Email: Privacy@environicsanalytics.com

Phone: 888.339.3304 x1498

 

Or by Mail

 

Atten: James P. Smith - Environics Analytics Chief Privacy Officer

33 Bloor Street East Suite 400

Toronto ON M4W 3H1

Canada

 

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Back to top