How We Process Data
At Environics Analytics (EA), we don’t collect data directly from consumers to create our data products. Instead, EA partners with different companies who share non-personally identifiable information with EA. For the data we use to build our data products, we follow a Data Ingestion process comprised of the following steps:
- Scrutinize Data Supplier and Potential Data
- Execute Privacy Impact Assessments
- Sign Legal Paperwork
- Receive Data from Data Supplier
Under Quebec Law 25, de-identified data should be given the same protection rights as Personal Information. As such, Environics Analytics assumes that any data received from Quebec is Personal Information, and the user must grant appropriate consent before it can be shared with EA by the Data Supplier. After the VRA has been executed, if the Data Supplier satisfies the above criteria in their privacy notice, we agree that they have obtained proper consent to share data with EA.
Environics Analytics does not create data products using "Personal Information" and therefore, does not receive personal information from its data providers. Therefore, no express consent should be required to share this type of data with EA.
Since not all data that Environics Analytics uses in its data products relates to individuals (store locations, for example), the VRA will determine if the data collected is appropriate for obtaining meaningful consent by determining the risk to the individual if the information was breached. If the Privacy Office determines that the data collected is not attributable to an individual, then the Data Supplier will not need to satisfy valid consent requirements.
In addition to reviewing privacy risks, a Vendor Risk Assessment will be conducted by the Compliance Office for the Data Supplier to determine if they have the proper security safeguards to prevent a data breach. This process will also investigate the Data Provider to review:
- What Privacy Enhancing Technologies they employ
- How they have implemented Privacy Solutions in their data flows
- The technical specifications that preserve privacy
- How they have integrated privacy concerns into their data collection process
Those companies who provide us with data must sign a contract and adhere to the supplier code of conduct. Click here to review our Supplier Code of Conduct.
Questions? Concerns? Contact Us.
Environics Analytics (EA) has appointed a Chief Privacy Officer (CPO) to ensure accountability and effectively manage a privacy management program designed to protect privacy and set policies and processes. To report security incidents, express concerns and feedback regarding EA’s privacy and security practices, please email, phone, or mail the Chief Privacy Officer using the information below.
In addition, requests for individual access or any other inquiry regarding our privacy practices, please get in touch with the Chief Privacy Officer using the same information below.
EA will respond in a timely manner to your requests.
Person in Charge for Privacy
James P. Smith - Environics Analytics Chief Privacy Officer
Phone: 888.339.3304 x1498
Or by Mail
Atten: James P. Smith - Environics Analytics Chief Privacy Officer
33 Bloor Street East Suite 400
Toronto ON M4W 3H1
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.