Legal Trust Centre
Legal Trust Centre
Privacy Policy
Your privacy matters to us. This Privacy Policy together with the relevant Terms and Conditions explains how BIS Safety Software Inc. (“BIS”, “we”, “us”, “our”) collects, uses, discloses, stores, secures, and deletes personal information as defined by applicable privacy laws. Our websites and services include our BIS Safety Software system and the associated BIS Safety mobile app (collectively the “Web Platforms”). By using our Web Platforms, you may be a corporate user or a public user or both. “Corporate Users” are individuals who have accounts created for them by an employer or organization in a managed portal. “Public Users” are individuals who create their own accounts independently and directly in our Web Platforms. Where required, we will seek your consent within our Web Platforms. If you do not agree with this Policy, please do not use the Web Platforms.Information Collected
From Whom We Collect Personal Information
Web Platform users. Public Users and Corporate Users, including administrators of user accounts. Public website visitors. Individuals who visit our public websites (www.trainanddevelop.ca, www.bissafety.ca, www.bissafety.com, and www.bissafety.uk) who may provide contact information to receive information about our Web Platforms and participate in our events. Event attendees. Individuals who register to attend any live or virtual events, conferences, or webinars hosted or sponsored by BIS.Personal Information We Collect
If you are a Public User or a Corporate User, we collect your personal information through your use of our Web Platforms, when you interact with our customer support, or communicate with us in any way. The types of information we collect include:- Personal information, such as your name, contact details, date of birth, driver’s licence number, banking information, and login credentials, that you provide to us or that is provided by the employer or organization who provided you with an account.
- Employment information, such as your job title, supervisors, work training, and employment history.
- Education information, such as professional qualifications, as collected by the employer or organization who created your account.
- Health information as collected by the employer or organization who created your account.
- Biometric data, such as your image and video recordings of you, that is collected if you attend events or complete virtually proctored online courses.
- Billing information when you pay for BIS’ services or purchase any content from the e- commerce store. (Note we only retain and store the last 4-digits of your credit card number while all other data, such as the expiry date and authorization codes, are not stored.)
- Location information when you authorize our Web Platforms to detect and track your location, such as your address, city, and geographic area.
- Marketing information, such as your contact preferences.
- Usage information about how you use and interact our Web Platforms and public websites, such as your IP address, location, and log information of features you use.
- Troubleshooting and support information that you provide when you interact with our chatbots, complete feedback forms or other forms, or when you contact our customer support team or any personnel of BIS, such as the content of your chats and other communications.
- Other information we collect not listed here but that we will use and protect following this Privacy Policy or as otherwise disclosed at the time of collection.
Information From Our Websites and Events
When visitors to our public websites contact us or register for information, we collect personal information, such as contact information, so we can fulfill their request and keep in touch with them for sales and marketing purposes, ensuring we respect their marketing preferences. When event attendees join and participate in our events, we collect personal information, such as your name, employment information, and dietary preferences (in some instances). If the event is recorded and posted on our social media channels, we may collect and share your image and voice depending on how you engage in the event.Information From Third Parties and Referrals
Users, website visitors, event attendees, and our business partners may refer contacts to us, so we may receive your name, email, and address from these sources. You may submit referrals if you have the referral’s permission to provide their information to us, so we may contact them.Information from Social Media
We share information about us and interact with the public on social media platforms, such as LinkedIn, YouTube, and other third-party platforms. When you visit and interact with us and others on those platforms, you and those platforms provide us with personal information, and you are subject to the platform provider’s privacy policy.Information About Children
The Children’s Online Privacy Protection Act (COPPA) enacted by the United States Congress prohibits unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personal information on the internet from and about children 12 years or under. Our public websites nor our Web Platforms are not directed to or intended for use by children under 13 or children residing in Quebec, Canada under 14. We do not knowingly collect, use, or disclose personal information from children as stated. If we become aware that personal information has been collected from a child under these age limits, we will promptly delete or de-identify such information from our records, subject to any legal retention requirements. Parents or guardians who believe that we may have collected personal information from a child should contact our Privacy Management Program at privacy@bistraining.ca to request review and deletion of the information.How We Use Personal Information
We may use your personal information for the following purposes or as described at the time of collection: Operate our business and provide services: We use your personal information to operate our business and provide, operate, and administer our Web Platforms, courses, and third-party courses and products, including:- Troubleshooting issues, analyze performance, and fix issues to optimize our Web Platforms and websites;
- Understanding your needs to personalize your experience and expand our Web Platforms capabilities;
- Processing transactions related to those services, courses, and products;
- Sharing information about our services, such as new products and important updates;
- Providing you with customer support when requested;
- Responding to your questions and feedback;
- Protecting the security of our Web Platforms and systems;
- Communicating with you about events and webinars; and
- Other purposes for which we will notify you in advance and receive your consent.
Cookies and Similar Technologies
We use cookies and similar technologies to recognize your browser or device, track your specified preference (such as language and configuration preferences), prevent fraudulent activity and improve security, learn more about your interests, and provide you with important features and services. Please read our Cookie Policy to learn more. You can withdraw consent or manage preferences for the use of non-essential cookies and similar technologies in our Web Platforms and public websites in your browser controls. Our cookies may allow you to take advantage of some essential and useful features. Blocking some types of cookies may impact your experience of our Web Platforms.How We Share Personal Information
We do not sell your personal information to others. We may share personal information only as described in this Privacy Policy with these recipients: Service providers. We work with service providers, such as payment processors, managed hosting providers, and sub-processors, who follow policies and practices at least as protective as described here for the purposes of providing our Web Platform and other services to you. We inform our clients of changes to our sub-processors through our Sub-Processor Notice. We recommend clients and users to review the privacy policy of our sub-processors. Third party integrations. You may integrate certain third-party services with our Web Platforms. You are subject to the privacy policies and terms and conditions of third parties whose services you integrate in our Web Platforms. Artificial intelligence services. Our Web Platforms may provide services that use artificial intelligence or machine-generated learning (“AI Services”), which may be wholly or partially developed by third parties. Our AI Services use information provided by users, such as text, images, videos, and content in files of any format, including facial images in virtually proctored online courses. For more information about our AI Services, please review our Artificial Intelligence Notice. Business partners. We have contractual relationships with third parties who provide content, courses, and products, which you may access through our software. These third parties are subject to our Privacy Policy. If you wish to access third party content, courses, and products, you may need to share your personal information, including your registration, course marks, and certificates of completion, with these third parties. You may authorize us to verify to third parties the validity and status of your certificates when they enter your last name and certificate number into the public certificate verification page on our Web Platforms. Third party marketers. We work with third parties to display and manage advertising and content on our websites who may use cookies or similar technologies to collect information about how you interact with our websites to provide you with a personalized experience, recommendations, and advertising based on your activities and interests. Authorities and others. We may share your personal information with governing bodies, third parties needed for compliance, fraud prevention, and security purposes, legal counsel and auditors when needed. We may release account and other personal information when that release is required to comply with the law, to apply or enforce our terms and agreements, or to protect the rights, property and security of our customers and others. We may also share personal information with event co-sponsors. Business transferees. If we sell our businesses or services, personal information may be shared with the acquiring entity in accordance with applicable privacy laws and subject to appropriate confidentiality safeguards. For Corporate Users, we may also share personal information with registered users within your portal based on their level of administrative access. Public Users may opt out of having their personal information shared with third-party service providers. However, opting out will prevent access to our Web Platforms. We will not give a third party with whom we share your information an independent right to share or disclose your information with any other person, group, or company outside of their own professional advisors and affiliates.Location of Personal Information
Your personal information is stored in Canada on third-party data servers (for example, AWS Canada). Additionally, personal information, including biometric data, collected during virtually proctored online courses is stored in Germany on third-party data servers. If you do not wish for your personal information to be stored in Germany, do not purchase or take virtually proctored online courses. Limited personal information collected and publicly shared from recorded webinars may be stored in third-party data servers located in USA or Canada. Conversations and any information you provide to our Support Team by phoning 1-780-410-1660, (French) 1-780-410-1659, (toll-free Canada) 1-866-416-1660, (USA) 1-713-424-0660, and (toll-free USA) 1-866-575-5670 is stored in the USA. BIS shares personal information with sub-processors who may also store this data in locations outside of Canada. Please refer to our Sub-Processor Notice for information on our sub-processors and where they store personal information.Cross-Border Data Transfers
We primarily host our services and databases in Canada. However, we use trusted service providers and sub-processors in other countries, including the USA, Ireland, Germany, Australia, and India. As a result, your personal information may be stored, processed, or accessed in any of these jurisdictions for the purposes described in this Privacy Policy (for example, hosting, support, email delivery, analytics, payment processing, security, and fraud prevention). When information is stored or processed outside of Canada, it may be subject to the laws of the destination country and be accessible to court, law enforcement and national security authorities in those jurisdictions. We assess our service providers and sub-processors prior to transferring your data to them to ensure the provide an adequate level of protection of your data.Security
BIS, our clients, and users acknowledge the crucial importance of safeguarding personal and confidential information. We maintain compliance and assurance programs that test, support, and validate our security controls. We use physical, administrative, and technical security controls, such as encryption protocols, which meet industry security standards to safeguard personal information we collect. Our data security program includes a risk management program that aims to identify and mitigate threats and vulnerabilities with controls appropriate to the level of risk. Our risk management controls include regular, comprehensive vulnerability scans, external testing, and internal audits. In the event we become aware of a security incident that has affected our customers or users, we will notify affected parties following applicable laws. Our security procedures mean that we verify your identity before we disclose personal information or provide certain services to you. We strive to continuously improve our data security program and will communicate important security updates to our customers and users in a timely manner. While we strive to protect personal information, no method of transmission or storage is completely secure; if we become aware of a security incident, we will take appropriate steps and notify affected individuals as required by applicable law.Retention
We keep your personal information to communicate with you and to enable your continued use of our services for the purposes described in this Privacy Policy or as may be required by law. We retain personal information only for as long as necessary to fulfill those purposes, comply with legal obligations, resolve disputes, and enforce our agreements. After those purposes are fulfilled, personal information is deleted or anonymized as per our documented retention schedules. Your personal information is retained if your account remains active. After your account is deactivated, our retention of your personal information will be consistent with applicable laws.Your Rights
You have rights under privacy laws which, in certain circumstances, you can exercise in relation to the personal information we process about you. These include:- The right to ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
- The right to ask what categories of personal information we have collected about you, the categories of sources from which the personal information was collected, the business and commercial purposes for collecting and disclosing personal information, the categories of third parties to whom we disclose personal information, and the categories of personal information disclosed for a business purpose;
- The right to request correction of inaccurate personal information we hold about you;
- The right to restrict our use and disclosure of your personal information for purposes permitted by law (to the extent applicable; we do not use sensitive personal information beyond permitted purposes);
- The right to request deletion (“erasure”) of personal information (the “right to be forgotten”):
- that is no longer necessary for the purposes underlying the processing,
- where consent for the information being processing has been withdrawn, or
- when processing is not in compliance with applicable legal requirements;
- The right, in certain cases, to receive a machine-readable copy of your personal information;
- The right to request portability of personal information that you have provided to us where the processing of such personal information is based on consent and is carried out by automated means;
- The right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way;
- The right to object to our use and processing of your personal information;
- The right to opt out of processing for targeted advertising, sale of personal data, or profiling in decisions that produce legal or similarly significant effects; and
- The right to direct us not to sell or share your personal information for cross-context behavioural advertising. (Note we do not engage in such practices.)
How to Exercise Your Rights
If you want to exercise any of these rights, please contact us using the details in the Contacts section below. We will handle any request to exercise your rights in accordance with applicable privacy law and any relevant legal exemptions. We will verify your request (which may include confirming control of your account, matching information, or requesting a signed declaration) and respond within 45 days (which may be extended as permitted by law). If your access is provided through an organization, we may redirect certain requests to your administrator where appropriate. You may also have the right to complain to a local authority if you think we have processed your personal data in a manner which is unlawful or breaches your rights. If you have these concerns, we kindly request that you contact us first (using the contact details in the Contacts section below), so we can investigate and do our best to resolve your concerns. For EU and UK residents, you also have the right to lodge a complaint with a supervisory authority:- EU: your local Data Protection Authority in the EU or EEA.
- UK: the Information Commissioner’s Office.
Access and Choice
Personal information you may be able to access through our services include:- Your name, email address, physical location, postal address, phone number, and other contact information;
- Username, aliases, roles, and other authentication and security credential information;
- Your subscription, purchase, usage, billing, and payment history;
- Payment settings, such as payment instrument information and billing preferences;
- Third-party course completion information, including training records, course marks and certificates of completion;
- Education, training, and employment information; and
- Email communication and notification settings.
Contact
If you have any concerns about your privacy or want to contact one of our third-party data processors, you may contact our Privacy Officer through our Privacy Management Program.Privacy Management Program
BIS Safety Software 261 Seneca Road Sherwood Park AB Canada T8A 4G6 Phone: 780-410-1660 Toll Free: 1-866-416-1660 Email: privacy@bistraining.ca Users in the European Union and EEA may contact BIS’ EU representative below.DPO Europe GmbH
representative+bissafety@data-privacy-office.eu Users in the UK may contact BIS’ UK representative below.Data Privacy Office Europe
ukrepservices@gmail.comSpecific Privacy Disclosures
Quebec Law 25
This section applies to individuals in Québec and describes how we comply with Law 25, which amends Québec’s private-sector privacy law. Law 25 enhances the privacy laws in Québec, Canada. In compliance in Law 25, BIS performs privacy impact assessments, provides breach notification in circumstances where unauthorized access is likely to cause real risk of significant harm to individuals as described under guidelines established by PIPEDA, and requests explicit consent for the collection of sensitive personal information for organizations and users in Québec.Governance and Accountability
We designate a Person in Charge of the Protection of Personal Information (our Privacy Officer) who you may contact through our Privacy Management Program. We maintain a privacy management program, including documented policies, staff training, role-based responsibilities, and regular reviews.Privacy by Design
We implement measures so that, by default, only the minimum personal information necessary is collected, used, communicated, retained, and accessible.Privacy Impact Assessments (PIAs)
We conduct PIAs for projects involving personal information. PIAs address sensitivity, purposes, proportionality, safeguards, and residual risks.Confidentiality Incidents (Breaches)
We keep a register of incidents and notify the Commission d’accès à l’information (CAI) and affected individuals if the incident presents a risk of serious injury. Notifications describe the nature of the incident, information concerned, and steps taken or proposed to mitigate risk.Consent
We obtain valid, informed, and specific consent where required by law. For sensitive personal information, we obtain express consent unless another legal basis applies.Automated Decisions and Profiling
When we render a decision based exclusively on automated processing that produces legal or similarly significant effects, we inform the individual, provide the main factors and parameters that led to the decision, and offer a way to submit observations and, where applicable, request a review by a person.Transfers outside of Québec
We primarily host and process personal information in Québec. We transfer personal information outside of Québec when needed to provide essential services in our Web Platforms or for business continuity purposes. Where we transfer personal information outside Québec, we do so in accordance with applicable law and implementing contractual, technical, and organizational safeguards to ensure that the information receives protection equivalent to that required under Québec’s privacy legislation. We conduct transfer risk assessments and implement appropriate technical and organizational measures to protect personal information during and after transfer.Canada’s Anti-Spam Legislation (CASL)
Consistent with the Privacy Policy described here, you have authorized us to communicate with you in writing, or electronically, such as by email, social media, text, phone, or any form of electronic and internet-based methods using computers, smart phones, mobile or handheld devices, phone, or any future devices. You may unsubscribe anytime by either clicking an unsubscribe button; directly contacting us by phone, mail, or email; or providing reasonable notice by any other means.California
These disclosures apply to California residents and describe our practices under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CPRA).Categories of Personal Information We Collect
Categories of personal information collected or disclosed for a business purpose. The personal information that we may collect, or may have collected from you or disclosed in the preceding twelve months, fall into the following categories depending on how we may have engaged with you:- Direct identifiers, such as your real name, alias, postal address, social security number, driver’s licence and passport information, and signature;
- Indirect identifiers, such as cookies and other similar technologies, phone numbers, Internet Protocol addresses, and account names;
- Biometric data, such as images, and audio and video recordings;
- Geolocation data, such as physical location information from computers, smart phones and other devices;
- Internet activity, such as browsing history, search history, data on interaction with a webpage, application, or advertisement;
- Sensitive information, such as personal characteristics, behaviour, employment, and education information; and
- Professional or employment related information, including education information, including enrollment status, fields of study, degrees, training, honors, awards, course marks and certificates of completion.
- Commercial information, such as the details of a product or service, if a third-party service provider is assisting to provide that product or service to you; and
- Electronic communications if a third-party service provider reviews recordings of customer interactions for quality assurance purposes.
Your rights
Subject to applicable exceptions, California residents have rights related to their personal information as described in the Your Rights section. If our practices change, we will update this Privacy Policy and provide the required “Do Not Sell or Share My Personal Information” mechanism.Texas
This section applies to Texas residents and describes our practices under the Texas Data Privacy and Security Act (TDPSA).Categories of Personal Information We Collect
Depending on how you interact with us (e.g., account creation, course delivery, support), we may collect and process:- Identifiers and contact details (name, address, email, phone, online identifiers, IP address),
- Customer records/commercial information (purchases, transactions, service usage),
- Internet or network activity (log data, interactions with our sites/apps, cookies/SDKs),
- Geolocation data (approximate location if enabled),
- Professional/education information (employer/organization, role, enrollment, training records, marks, certificates),
- Biometric/recordings (image/voice/video where used for identity verification or proctoring),
- Inferences (preferences or configurations derived from the above), and
- Sensitive personal data (e.g., precise geolocation if enabled and government IDs and biometrics used for identification) processed only as permitted by law (consent where required).
Purposes for Processing
We process personal information to provide and manage services, support training and credentials, communicate with users, enhance security, prevent fraud, comply with laws, and enforce terms. We may disclose personal information to service providers/processors (hosting, identity verification/proctoring, analytics, support, security, payments), your organization/administrator), certification bodies/content providers (to deliver/validate credentials), and government or law enforcement when required. We do not sell personal information. If we engage in targeted advertising or other “sharing,” you may opt out.European Union and United Kingdom
This section applies to individuals located in the European Economic Area (EEA) and the United Kingdom (UK). We apply equivalent protections to both, while noting that supervisory authorities, transfer mechanisms, and terminology may differ between the EU and the UK. Depending on the activity we may act as:- A data controller (for example, when we determine the purposes and means of processing personal information on our Web Platforms and in our business operations); or
- A data processor on behalf of our customers (for example, where an organization uses our services to manage its training and compliance data and instructs us how to process that data).
Lawful Bases for Processing
We process your personal information on one or more of the following legal bases as applicable under the EU GDPR and/or the UK GDPR:- As necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide our services, to respond to requests from you, or to provide customer support;
- We have a legitimate interest to operate, improve, and secure our services; to communicate with you about our services; to prevent fraud and misuse; and to assert or defend legal claims, except where such interests are overridden by your interests or fundamental rights and freedoms. We perform and document the required balancing test.;
- With your consent or where required by law (for example, certain marketing, cookies/analytics in some jurisdictions, or optional features). You may withdraw consent at any time, without affecting processing that occurred before withdrawal.
- Vital interests or public interests only where strictly applicable; or
- As necessary to comply with relevant law and legal obligations, including responding to lawful requests and orders.
Special Categories of Data
We do not seek to collect special categories of personal data (such as health, biometric identifiers used for identification, racial or ethnic origin) unless required for a specified purpose and permitted by law. Where such processing occurs, it is supported by an appropriate Article 9 condition (EU/UK), such as explicit consent or reasons of substantial public interest, and subject to additional safeguards.Representatives
Because BIS is established in Canada, we appoint representatives for the EU and the UK in accordance with Article 27:- EU Representative: Data Privacy Office Europe, whose contact information is provided in the Contacts section.
- UK Representative: Data Privacy Office Europe, whose contact information is provided in the Contacts section.
Transfers outside of the European Economic Area or EEA
We primarily host and process personal information in Canada. When we transfer personal information outside the EEA (for EU GDPR) or outside the UK (for UK GDPR), we do so in accordance with applicable law, using one or more of the following safeguards:- Adequacy decisions (e.g., for Canada’s commercial sector and any other jurisdictions deemed adequate by the European Commission or the UK Government);
- Standard Contractual Clauses (SCCs) adopted by the European Commission, with supplementary measures as needed; and
- The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, as applicable.
Last Updated: November 29, 2025
Terms and Conditions
Carefully read all the Terms and Conditions including our Privacy Policy before accessing or using our websites, including www.bissafety.ca, www.bissafety.com, www.trainanddevelop.ca, and www.bissafety.uk, and web services, including our BIS Safety Software system and the associated BIS Safety mobile app (collectively the “Web Platforms”). By accessing or using the Web Platforms, you agree to be legally bound by the Terms and Conditions. If you do not agree with the Terms and Conditions, which referentially incorporates our Privacy Policy, you must not use, access, or open an account for or through the Web Platforms.
The Terms and Conditions describe how you use the Web Platforms of BIS Safety Software Inc., which includes our companies, affiliates, and subsidiaries (“BIS”). The Terms and Conditions may be changed from time to time by BIS unilaterally and at its sole discretion. Any changes will be posted on the Web Platforms, and your continued use of the Web Platforms indicates your acceptance of the modified Terms and Conditions.
Without BIS’s prior written permission, you shall not copy, create derivative works, transmit, display, or distribute the Web Platforms, which includes the following: text, images, videos, photographs, audio files, graphics, documents, courses, forms, exams, surveys, policies, procedures, assessments, and materials used for the purpose of providing or testing knowledge and gathering information (collectively referred to as “Resources”). Your use of the Web Platforms, which in all situations includes Resources, is limited to your sole use only. At no time shall you provide, allow, or permit anyone else to use your account to gain access to the Web Platforms.
You may make purchases or pay an invoice through our Web Platform. Payments made by credit card are processed by our payment processors, Moneris Solutions Corporation and CardConnect, LLC, who act solely as a payment processor and do not provide any other services within our Web Platform. By making any payments by credit card, you authorize our payment processors to charge your credit card and store your credit card information following their policies. We are not responsible for and you release and hold us harmless for any actions, errors, or omissions of these payment processors.
Artificial Intelligence
We are constantly using, developing, and deploying new technologies to enhance the services we provide to you. Our Web Platforms may provide to you services that use artificial intelligence or machine-generated learning (“AI Services”) to generate and output content in response to input that you provide (“Input”). Examples of Input are text, images, videos, and content in files of any format. These AI Services that are integrated into our Web Platforms may be wholly or partially developed by third parties.
In using our AI Services through our Web Platforms, you agree to the following:
- You represent and warrant that you have the right to upload and use the Input. You are responsible for the Input you provide.
- The Input must be your own content, or authorized by the third-party owner of that content, and must not infringe on or violate any third party’s rights. Provided that the Input is wholly owned by you, and that your actions are not in violation of these Terms and Conditions, then you retain such ownership of the Input, and you have the right to use, distribute, and modify such output within our Web Platforms for internal business use only or commercial purposes. We reserve the right to remove output generated by AI Services temporarily or permanently to investigate and resolve reports of copyright infringement and violation of these Terms and Conditions. By providing Input, you agree to waive and release all moral rights that may exist in that Input or the subsequent output, and you grant us the non-exclusive, worldwide, irrevocable, royalty-free, sub-licensable right to use, host, reproduce, adapt, publish, translate, and distribute it in any and all media for the purposes of providing services to you.
- You will abide by any third-party terms applicable to the AI Services, including OpenAI’s usage policies, accessible here.
- As our AI Services are intended for individuals over the age of 18, you confirm you are at least 18 years old and will not use AI Services to collect personal information of children under 14 without parental/guardian consent.
You agree not to use the AI Services or any part thereof (including with respect to any Input or output):
- in violation of any applicable municipal, provincial, territorial, federal or international law, or in violation of any person’s legal rights;
- in a way that could harm, damage, or disrupt the Web Platforms, or any of our goods, services, or business;
- in a way that would adversely impact use of the Web Platforms by other users;
to submit, upload, request, deliver, provide, or transmit any text, graphics, images, messages, information, or other material that:
(i) infringes, misappropriates, or violates a third party’s patent, copyright, trademark, trade secret, moral rights, or other proprietary or intellectual property rights, or rights of privacy;
(ii) violates or constitutes any conduct that would violate, any applicable law or regulation, or would give rise to civil liability;
(iii) is unlawful, abusive, tortious, pornographic, libelous, defamatory, obscene, pornographic, hateful, vulgar, offensive, or racially or ethnically objectionable;
(iv) promotes discrimination, exploitation, bigotry, racism, hatred, harassment, or harm against any individual or group;
(v) is violent, abusive, or threatening, or promotes violence, harassment, or actions that are threatening to any living thing; or
(vi) promotes illegal or harmful activities or substances;
- to collect, use, disclose, or store personal information about any other individuals without their consent;
- to abuse, harm, interfere with, or disrupt our AI Services;
- in any manner not permitted by these Terms and Conditions.
You understand that these AI Services may generate output similar to or the same as output generated for other users in other portals. You acknowledge that the AI Services is a self learning tool that generates evolving output and may generate content with inaccuracies. Use of the AI Services is at your sole risk. You agree to use discretion before relying on, publishing, or otherwise using output generated by the AI Services. You agree that without notice, BIS may in its sole and unfettered discretion temporarily or permanently deactivate the AI Services in one or more of its Web Platforms at any time for any reason including preventing abuse, responding to legal requirements, or resolving security and performance issues.
Our AI Services are each designed and intended to perform specific functions. BIS does not guarantee that the AI Services and any output it generates is suitable or appropriate for your purposes and requirements.
Warranties and Liability
BIS is not responsible for any errors or omissions appearing in the Web Platforms, including generated output from the AI Services and actions, errors, or omissions of our payment processors. To the fullest extent permitted by law, BIS does not warrant and disclaims any warranty, expressed, or otherwise implied as to the accuracy, correctness, completeness, reliability, timeliness, fitness for any particular purpose or satisfactory quality of the Web Platforms and the AI Services included. The Web Platforms are provided without warranties of any kind, and you are using them at your own risk. Furthermore, BIS disclaims all responsibility and liability of any description including, without limitation, liability for negligence, injury, incidental, special, indirect, punitive, or consequential damages, expense or loss (including loss of profits, loss of revenue, loss of savings, loss of information, business interruption, loss of privacy, personal injury or other pecuniary loss) of any kind, direct or indirect, suffered by any person as a result of or in connection with the Web Platforms and the AI Services to include any reliance placed by such person on the Web Platforms, or the viewing, use or performance of the Web Platforms, whether with the required authority or otherwise. BIS suggests that you follow any applicable professional standards, government and industry regulations, and company polices and procedures, and that you act and ensure the safety of your users without reliance on the Web Platforms, including the Lone Worker feature.
BIS reserves the right to revise, amend, alter or delete any aspect of the Web Platforms in whole or in part, but shall not be responsible for or liable in respect of any such revisions, amendments, alterations or deletions.
BIS does not warrant and disclaims any warranty that the Web Platforms and the AI Services, in whole or in part, or any associated functions will be uninterrupted or error-free, or that defects will be corrected. Furthermore, BIS disclaims all responsibility and liability of any description including without limitation liability for negligence, injury, incidental, special, indirect, punitive, or consequential damages, expense or loss (including loss of profits, loss of revenue, loss of savings, loss of information, business interruption, loss of privacy, personal injury or other pecuniary loss) of any kind, direct or indirect, suffered by any person as a result of or in connection with the Web Platforms to include any reliance placed by such person on the Web Platforms, or the viewing, use or performance of the Web Platforms, whether with the required authority or otherwise.
The following additional terms and conditions further apply to the use of the BIS Safety mobile application and any modules or features accessed within it, including but not limited to the Lone Worker module and the Site Access module:
Due to the number of external factors and service providers required to ensure full functionality of the technology, including internet providers, text message service providers, and server hosting providers, BIS Safety Software Inc. cannot accept any responsibility or liability for the use or dependence on these features and expressly disclaims all liability for their use. We recommend that all users follow applicable professional standards, government and industry regulations, and company policies and procedures, and that you act and ensure the safety of your users without reliance on the BIS Safety mobile application and its features. Use the BIS Safety mobile app and its features at your own risk.
Age Requirement
You must be at least 13 years old to use our services or 14 years old if you reside in Quebec, Canada. If you are between 13 and 17, you may only use the services with permission and supervision from a parent or legal guardian. By accessing or using the services, including AI services, you represent and warrant that you meet these age requirements.
Indemnification
You agree to indemnify and hold harmless BIS and all of their directors, officers, shareholders, employees, agents, insurers, and contractors from any claim or demand, including reasonable legal fees, made by any third party in connection with or arising out of your use of the Web Platforms and the AI Services, your violation of the Terms and Conditions, and your violation of applicable laws.
Access and Links
As a Public User, you may deactivate your account at any time. If you have not accessed your account at least once within two years, your account may be auto deactivated. As a Corporate User, your account may be deactivated by the company, entity, or third party managing the portal from where your account belongs.
BIS reserves the right to deny or restrict access to the Web Platforms to any particular person, group or organization, or to block access from a particular Internet Protocol address to the Web Platforms at any time. BIS reserves the right to deactivate and permanently delete accounts without activity for 2 years or more, including login activity, and accounts that violate the Terms and Conditions or the Privacy Policy.
The Web Platforms may contain hyperlinks to websites which are not controlled by BIS. Hyperlinks to other websites are provided solely for your convenience. If you use these hyperlinks and websites, you do so at your own risk, and it is your responsibility to take all protective measures to guard against viruses and other destructive elements.
BIS is not responsible for the availability, accuracy, or reliability of the output generated by AI Services nor the content of websites not controlled by BIS. BIS shall not be liable for any injury, damages, loss, or expense howsoever arising from the use of AI Services or access to those websites. In no circumstance shall BIS be considered to be associated or affiliated with any trade or service marks, logos, insignia or other devices used or appearing on websites which are not controlled by BIS.
BIS disclaims any responsibility for the content available on any other website reached by links to or from the Web Platforms that are not controlled by BIS.
BIS may in its sole discretion disable any links to any websites, including defamatory, infringing, or obscene websites; or websites that contain topics, names, or information that violates any law, or any intellectual property, privacy, or publicity rights.
Copyright
The Web Platforms are protected by copyright that is held by BIS. Your use of the Web Platforms and the AI Services does not grant you any rights in respect to the copyright.
Law and Jurisdiction
The Terms and Conditions are deemed to have been made and performed exclusively in the Province of Alberta, Canada, and will be governed by and construed under the laws of that jurisdiction. You irrevocably attorn to the exclusive jurisdiction of the courts of the Province of Alberta for any claim related to the Terms and Conditions or the Web Platforms and agree not to bring any action, claim, suit or proceeding against BIS in any jurisdiction other than the Province of Alberta.
Severability
To the extent that any provision of the Terms and Conditions is declared by a court or lawful authority of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be severed and deleted or limited so the remainder of the Terms and Conditions shall continue in full force and effect with respect to all other provisions.
Acceptance on Someone Else’s Behalf
In the event you create an account on the Web Platforms on behalf of someone else, you represent and warrant that you have notified them of the Terms and Conditions, obtained their consent, and have the legal authority to agree to the Terms and Conditions on their behalf.
Last Updated: September 15, 2025
Anti-Corruption Anti-Bribery Commitment
Anti-corruption and anti-bribery laws strictly prohibit acts of bribery and corruption and require companies to develop comprehensive and robust prevention processes and procedures. Aligned with our core value of integrity, BIS Safety Software Inc. (“BIS”) is committed to conducting business in an ethical and fair manner, which includes complying with all anti-corruption and anti-bribery laws. This is accomplished and reinforced through our Commitment.
Our Commitment:
- BIS has zero-tolerance for acts of bribery and corruption. Accordingly, BIS will not engage in bribes or corrupt practices of any kind and prohibits all team members and contractors from engaging in these activities.
- Team members and contractors will avoid any activities that might lead to or suggest bribery or corrupt practices will be made or accepted. Bribery is giving money or something of value, often illegally, to influence actions and decisions. Bribery includes giving kickbacks and grease payments. Corrupt practices mean unethical or unlawful misuse or interactions with authorities, which includes bribery.
- Team members and contractors will report all situations of bribery and corruption with business partners, team members, or third parties to the leadership team immediately, including where a demand for a bribe is expected to be received.
- Team members and contractors must not offer or accept any gifts, entertainment, or hospitality from third parties that could affect impartiality, influence a business decision, or lead to the improper performance of a duty.
- Gifts and entertainment (such as meals or sporting events) may be offered and accepted only when their value and frequency are deemed reasonable and proportionate.
- BIS will provide anti-bribery anti-corruption training to all new and existing team members.
- BIS expects all contractors, business partners, and third parties to comply with anti-bribery and anti-corruption laws and to raise any concerns about suspicions of bribery or corruption for BIS’ operations to our leadership team.
- Concerns and questions related to bribery and corruption can be sent anonymously to the leadership team through the Anti-Corruption Anti-Bribery Commitment page on our public website. Team members and contractors have additional means to report concerns anonymously to the People & Culture team.
- BIS takes breaches of this Commitment seriously and will take necessary disciplinary actions. Team members and contractors who violate these practices will be subject to disciplinary review, which may result in termination of contract or employment.
- Any breach of this Commitment by our contractors and business partners will be investigated and could result in the termination of our business and contractual relationships based on the findings.
- BIS maintains books, records, and accounts that accurately and fairly reflect the transactions of the company’s assets within reasonable detail. Team members and contractors are prohibited from making false or misleading entries in these books, records, and accounts.
- As required by law, BIS will report acts of bribery and corruption to authorities.
Last Updated: August 18, 2025
Report a Concern
If you have a concern, we want to know about it. All information provided is treated in the strictest confidence.
Sub-Processor Notice
BIS Safety Software Inc. (“BIS”) uses sub-processors to help us provide our comprehensive and integrated learning management software. BIS engages with sub-processors (“Sub-processors”) who may receive or process client private data and who perform specific and various functions as part of the services we provide to you.
“Client Private Data” refers to all digital information, data, or files, which may include personal information, within a client’s portal.
“Personal Information” is defined consistent with privacy laws to include name, email address, physical location, postal address, birthdate, and other information that identifies a person.
This notice describes our process for engaging Sub-processors and lists the Sub-processors we use to provide services to you.
Our clients may sign up to receive notifications of any changes to this Sub-processor Notice through the System Updates module within their portal in our software. If you have any concerns about new Sub-processors, please contact our Support Team by phoning 1-866-416-1660 or emailing privacy@bistraining.ca within 14 days of notification.
Our Due Diligence
Protecting the security and privacy of Client Private Data is paramount to our business. BIS has a third-party risk management program that includes commercially reasonable practices to assess a sub-processor’s security, privacy, and confidentiality policies.
BIS requires its Sub-processors to satisfy privacy and security criteria, such as:
- Compliance with recognized industry data security standards, such as PCI DSS, SOC2 Type II, or ISO 27001.
- Compliance with applicable privacy laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union General Data Protection Regulation (GDPR), and the Children’s Online Privacy Protection Act (COPPA).
- A publicly available privacy policy for the Sub-processor.
- A security program that includes, but is not limited to the following key components:
- Technical and administrative data security controls for safeguarding Client Private Data
- Policies for controlling access to Client Private Data following a standard of least privilege
- Confidentiality agreements with team members and contractors
- Cyber security training programs for team members and contractors
- Security incident response plan that includes notification to BIS should our Client Private Data be affected
Our Sub-processors
BIS uses Sub-processors to host the infrastructure of our software web application and integrated mobile application. Additionally, we use Sub-processors to provide certain features and functionality within software and mobile application, as well as business services, such as customer support management platforms.
The table summarizes the Sub-processors we use, the services they provide, and the location where they host, process, or store Client Private Data.
| Sub-Processor | Service | Data Hosting, Processing, or Storage Location |
|---|---|---|
| Amazon Web Services, Inc. | Cloud service provider for our software and mobile application, including the databases which store Client Private Data. | Canada |
| Amazon Web Services, Inc. | Cloud service provider for our artificial intelligence (AI) virtual proctoring software used in proctored online courses, including databases which store Client Private Data, including biometric data. | Germany |
| CardConnect Corp. | Payment processor for our software application. CardConnect Corp. stores cardholder data and sensitive authentication data. | United States of America |
| Anthropic PBC | Provider for generative artificial intelligence integrations within our software. Anthropic PBC stores all inputs made to AI services within our software, as well as AI-generated outputs. | United States of America |
| Dialpad, Inc. | Cloud service provider for phone communications. Dialpad, Inc. records, transcribes, and stores calls anyone makes to our (toll-free Canada) 1-866-416-1660, (local English) 1-780-410-1660, (local French) 1-780-410-1659, and (toll-free USA) 1-713-424-0660 support phone lines. | United States of America |
| Fellow AI, Inc. | Cloud service provider for AI notetaking and transcription services. If the Fellow AI, Inc. AI is present in meetings we have with our clients and users, it records, transcribes, and stores meeting data. | Canada |
| Google LLC | Provider of translation and location tracking functionality within our software and mobile application. Google LLC stores system data from our software that is translated to other languages and identifies the location of mobile devices used to complete digital forms. | United States of America |
| HubSpot, Inc. | Cloud service provider of a customer relationship management (CRM) platform. HubSpot stores client contact information, meeting data, contract information, and fee details. | Canada |
| Integrity Advocate (temporary) | Provider for virtual proctoring functionality in online courses. Integrity Advocate accesses and stores temporarily images of users completing courses and forms of identification, such as driver’s licences, that users may show to prove their identity. | Canada |
| Airedge.AI | Cloud infrastructure consulting service provider. Metaorange Digital Private Limited may access Client Private Data within the software infrastructure and production environment to perform services. | India |
| Microsoft Corporation | Cloud service provider for communications, data storage, and other business-related services, such as Microsoft Word, Excel, PowerPoint, SharePoint, Teams, etc. Email communications, including attachments in any format, and information provided by clients may be stored using services from Microsoft Corporation. | Canada |
| Moneris Solutions Corporation | Payment processor for our software application. Moneris Solutions Corporation stores cardholder data and sensitive authentication data. | Canada |
| OpenAI, L.L.C. | Provider for generative artificial intelligence integrations within our software. Open AI, L.L.C. stores all inputs made to AI services within our software, as well as AI-generated outputs. | United States of America |
| Pinecone Systems, Inc. | Provider of the vector database for the AI chatbot in our software. Pinecone Systems, Inc. stores all information added to the knowledge bases for the AI chatbot and inputs made by users to the AI Chatbot. | United States of America |
| Techversant Infotech Pvt. Ltd. | Software development, cloud infrastructure, and debugging service provider. Techversant Infotech Pvt. Ltd. may access Client Private Data for software troubleshooting purposes. They may store very limited Client Private Data for the purposes of providing software development services. | India |
| Twilio, Inc. | Provider for text messaging services within our software. Twilio, Inc. may access and store cell phone numbers belonging to users. | United States of America, Ireland, or Australia |
| Zendesk, Inc. | Cloud service provider for our customer support management platform. Zendesk, Inc. receives, sends, and stores communications from clients and users when they email our Support Team. | Germany |
Individuals have various rights regarding their personal information under applicable privacy laws. For additional information regarding cross border data transfer and data subject rights, please refer to our Privacy Policy.
Last Updated: October 29, 2025
Candidate Privacy Notice
Thank you for exploring a career with BIS Safety Software Inc. (“BIS,” “we,” “us”). Protecting your privacy is part of how we respect our applicants and employees. We may contact individuals (“Candidates”) who apply for an open position with our company, who express interest in employment with us and who perform an interview and assessment with us. This Candidate Privacy Notice (“Notice”) explains how BIS collects, uses, stores, and discloses personal information about Candidates. This Notice also describes the rights Candidates have regarding their personal information that we handle in line with Alberta’s Personal Information Protection Act (PIPA) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
“Personal Information” refers to information about an identifiable individual. This includes any factual or subjective information that can be used to identify someone, such as name, address, phone number, or email address. It also includes information like age, date of birth, physical description, medical history, employment history, and other personal details.
If you visit our public websites, BIS Safety Software web application, or BIS Safety mobile app, the privacy practices in our general Privacy Policy apply instead.
Personal Information We Collect from Candidates
We may collect the following information from Candidates:
- Personal Identifiers: Full name, postal address, phone number, email, and similar details.
- Employment and Education Information: Records of your work history, education, training, affiliations, volunteer activities, and any other information you provide to us on your cover letter, résumé, transcript, and information obtained from your references.
- Assessments: Skill assessments and activities you complete during the recruitment process.
- Employment Eligibility information (with your express consent): Proof of identity or citizenship, work-permit or visa details, background or criminal-record checks where permitted by law.
- Publicly Available Information: Information about you that is publicly available, such as on social media.
- Audio, Electronic, and Visual information: Recordings from CCTV footage at our head office location for security purposes and interview recordings (where permitted).
- Information You Disclose: Any personal information you disclose voluntarily during the application process.
Why We Collect Personal Information
We collect and use Personal Information of Candidates to:
- Assess your qualifications for a position at BIS.
- Verify your eligibility and ability to be employed at BIS.
- Arrange travel or accommodation related interviews (where needed).
- Comply with legal and contractual obligations.
- Protect BIS’ property, data, and entrusted client data.
- Keep in touch about future career opportunities—only if you say yes.
- Address any legal matters that may arise, including inquiries or disputes.
How We Collect Personal Information
We collect Candidate Personal Information in the following ways:
- Directly from you: Through our Careers portal, by e-mail, or in interviews.
- From third parties: References you provide, recruitment agencies you engage, or professional licensing bodies.
- From public sources: Websites or social-media profiles that you choose to make public.
How We Share Personal Information
We do not sell Candidate data. We may share it only for legitimate business purposes with:
- Recruitment or background-screening partners under contract with BIS.
- Service providers who supply IT infrastructure, cloud hosting, or interview platforms (some may store data in the United States; contractual safeguards apply).
- Legal advisers, regulators, or law-enforcement agencies where required by law or to protect BIS’s rights.
- All service providers are bound by confidentiality agreements and must use your information only as instructed by BIS.
Personal Information Retention
BIS will store your data on servers located in Canada in accordance with applicable laws. We retain your data for up to three (3) years after the job posting closes for the purposes described above under “Why We Collect Personal Information” unless:
a) you become a BIS employee (in which case your data moves to your personnel record), or
b) you give us permission to keep it longer so we may notify you of future opportunities, or
c) we are legally required to retain it for a different period.
We may also retain your personal information, so we can consider you for other future openings at BIS.
Protecting Your Personal Information
The security and privacy of your Personal Information is important to us. All our team members and contractors who may access your Personal Information complete privacy training and agree to confidentiality agreements. Personal Information we collect is securely stored and accessible only to authorized individuals given the necessary permissions based on their role and need to access this data. Servers which store your personal information are protected with physical security controls to prevent unauthorized access.
Your Rights
You have the right to access, correct, and update your personal information by contacting our Privacy Management Program. You may also request that BIS delete your personal information.
To exercise these rights—or to raise a privacy concern—please contact our Privacy Officer (details below). If we cannot resolve your concern, you may contact the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada.
Contact Our Privacy Management Program
If you have any concerns about your privacy, please contact us at our Privacy Management Program.
Privacy Management Program
BIS Safety Software
261 Seneca Road
Sherwood Park AB Canada T8A 4G6
Phone: 780-410-1660
Toll Free: 1-866-416-1660
Email: privacy@bistraining.ca
Notice Updates
We may update this Notice from time to time. When we do, we will post the new version here and update the “Last Updated” date below. If the changes are significant and we still have your contact information, we will also notify you directly.
Last Updated: May 15th, 2025
Welcome to BIS
Thank you for sharing your story with BIS Safety Software Inc. (“BIS”). We value your time and want you to feel comfortable about how we record and share your interview or story. This page explains, in clear language, the rights and responsibilities of both you and BIS.
Your Participation
By clicking “I Agree” on our online form, you confirm that:
- You are the person named in the form.
- You have reached the age of majority where you live, or your parent or legal guardian will also give consent.
- You have authority to enter this agreement.
What We Mean by “Content”
“Content” includes:
- The recorded interview (audio, video, or both).
- Any text, stories, quotations, photographs, or other material you provide or that features you.
- Transcripts, translations, short clips, blog posts, social-media items, training assets, and any similar works that come from the interview.
Permission to Record and Share
- You agree that BIS may record the interview.
- You understand that BIS may share your story through various channels and platforms.
- You give BIS a worldwide, perpetual, royalty-free licence to copy, adapt, publish, translate, broadcast, distribute, and otherwise use the Content, in whole or in part, for any purpose, whether commercial or not.
- You allow BIS to use your name, likeness, voice, and brief biography along with the Content.
- You confirm, to the best of your knowledge, that using the Content will not violate anyone else’s rights.
Ownership and Moral Rights
- All rights in the Content belong to BIS immediately after creation.
- You waive any moral rights (for example, the right to be named as author or to object to edits), as far as the law allows.
- You waive any right to review or approve the finished product.
Editing and Derivative Works
BIS may edit, shorten, rearrange, pair with other materials, translate, caption, or otherwise modify the Content and may create excerpts, still images, compilations, training modules, promotional pieces, or any other derivative works without seeking further approval.
Payment
You understand that you will not receive money or other compensation for taking part or for any later use of the Content.
Release of Claims
You release BIS, its employees, agents, affiliated companies, and successors from any claims or liabilities connected to the recording, production, distribution, or use of the Content.
Confidential Information
- “Confidential Information” means non-public information shared during the interview, such as business plans or trade secrets.
- If you share Confidential Information, BIS may include it in the Content unless another written agreement says otherwise.
- If BIS shares Confidential Information with you, you will not disclose it without written permission.
- These duties do not apply to information that is already public, was in the receiving party’s possession, was independently developed, came from a third party without duty of confidence, or is approved for release in writing.
No Guarantees
BIS does not guarantee the accuracy, completeness, or suitability of the Content or any Confidential Information and is not liable for any loss arising from their use. We are not required to update or correct the Content after it is first published.
Governing Law
This agreement is governed by the laws of the Province of Alberta, Canada. Any disputes will be resolved in its courts.
Electronic Acceptance
Clicking “I Agree” acts as your electronic signature under the Electronic Transactions Act (Alberta) and the Personal Information Protection and Electronic Documents Act (Canada). BIS will keep an electronic record of your acceptance (date, time, IP address, and version).
Changes to This Page
We may update this page from time to time. The date at the bottom shows the most recent revision.
Questions or Concerns
If you have any questions, please reach out to privacy@bistraining.ca. We are happy to help.
Privacy Policy Change
If we alter our Privacy Policy, any changes will be posted on this page of our website with the date of the latest revision so that you are always informed of the information we collect about you, how we use it and the circumstances under which we may disclose it.
Last Updated: November 17, 2025
Cookie Policy
BIS Safety Software Ltd. (“BIS”, “we”, “our”, “us”) uses cookies and other related technologies (collectively, “Cookies”) on www.bissafety.ca and any other website we own or operate (together, the “Websites”). This Cookie Policy explains what Cookies are, which ones we use, why we use them, how long they last, where data is processed, and the choices you have.
Please refer to the applicable Privacy Policy to understand how we collect, use, disclose, and protect personal information, and the rights available under Alberta’s Personal Information Protection Act (PIPA), the Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA), and, where applicable, Quebec’s Act to Modernize the Protection of Personal Information (Law 25).
What are cookies?
Cookies are small text files that websites store on your device when you visit them. Different cookies have different purposes. Some cookies collect information that can reasonably identify or be associated with an individual and are considered “Personal Information” under Canadian privacy law. Other cookies remember your preferences, improving your browsing experience, and help us understand how our Websites and marketing campaigns are used.
We use both session cookies and persistent cookies. While persistent cookies are saved on your device until deleted, session cookies are deleted automatically when you close your web browser.
We use cookies based on your consent, our legitimate interests in providing Website functionality and improving our services, and when necessary, to fulfill our agreement with you.
Other Technologies
Our Websites may use other technologies to collect information.
· Scripts: This is a programmed set of instructions that run in your web browser to perform specific actions. For example, scripts may set cookies, fetch data, or enable interactive features.
Web Beacons/Pixel Tags: Invisible graphic files that allow us or our service providers to recognize when you have visited a page, opened an email, or otherwise interacted with our content. They help us measure performance and tailor content.
Third Parties
First-party cookies are placed by BIS. Third-party cookies are set by service providers, such as Google Analytics, Microsoft Clarity, Meta (Facebook and Instagram), LinkedIn, and YouTube on our Websites. These third parties may collect, use, disclose, and process your data in Canada or other jurisdictions and may recognize your device across different websites.
Types of Cookies
On the Websites, BIS may use the following types of Cookies below. You may opt out of all Cookies, except essential Cookies.
· Essential Cookies: These Cookies are necessary for you to use and navigate around our Websites.
· Technical or Functional Cookies: These Cookies improve the functionality of our Websites to provide you with a more personalized experience by remembering your preferences, such as session details.
· Statistics/Analytics Cookies: These Cookies collect aggregated and anonymous data about how visitors interact with our Websites, such as pages viewed and time spent on each webpage, to help us improve our content and navigation.
· Marketing or Tracking Cookies: These Cookies collect information about how you use our Websites over time by advertising companies, so they can show you advertisements on our Websites and potentially elsewhere that they believe may be relevant to you. These Cookies include cookies placed by Facebook, Instagram, LinkedIn, YouTube, and other social media platforms, who store data in the United States of America.
Your Consent
When you first visit our Websites, most browsers will request express consent to place non-essential Cookies. You can:
· Accept: Consent to all types of Cookies.
· View Preferences: Accept certain types of cookies only.
· Deny: Only essential Cookies will be used.
You can learn more about Cookies and how to update your Cookies in your browser settings here: (Google Chrome, Internet Explorer, Firefox, Safari, Opera)
Please note that if you opt-out of all non-essential Cookies, you may experience inconvenience when using our Websites or the Websites may not perform well.
Retention of Cookie Data
Cookie-derived data is retained only for as long as necessary to fulfil the purposes described above or as required by law. For example, Google Analytics data is retained for 14 months, after which it is automatically deleted or anonymized.
Access, Correction & Complaints
You may request access to, or correction of, personal information collected through Cookies by contacting us below. If you are not satisfied with our response, you may file a complaint with the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada.
Contact Details
If you have any questions about our Cookie Policy, please contact our Privacy Management Program.
Privacy Management Program 261 Seneca Rd, Sherwood Park, AB T8A 4G6 Canada Email: privacy@bistraining.ca Phone number: 1 866-416-1660
We may update this Cookie Policy from time to time to reflect changes in our Websites and business practices. Any changes will be posted on this page with an updated revision date.
Last updated: 5/29/25
Changes to This Policy
We may update this Cookie Policy to reflect changes in our practices or legal requirements. We will post any changes on this page and, where appropriate, notify you by banner or email.
Last updated: May 29, 2025
Effective date: May 29, 2025
Data Processing Agreement
This Data Processing Agreement (“DPA“) is dated: November 27, 2025 (the “Effective
Date“).
This DPA forms part of the Master Service Agreement between BIS Safety Software Inc.
(“BIS” or “Processor”) and our Clients (each a “Client” or “Controller”) for the provision of
our safety compliance software services, including our mobile app (collectively the “Web
Platforms”), as well as our most recent Terms and Conditions. This DPA is an agreement
between you and the entity you represent (“Client”) and BIS acting as a “Data Processor”,
together as the “Parties.”
WHEREAS
(A) The Client acts as a Data Controller of certain personal data.
(B) BIS acts as a Data Processor for the Client in providing the Services.
(C) The Client wishes to subcontract certain Services, which imply the processing of
personal information, to the Data Processor.
(D) The Parties seek to ensure that all processing of personal data complies with the
requirements of the current legal framework governing data protection, including
Regulation (EU) 2016/679 (the EU General Data Protection Regulation or “EU GDPR”),
and, where applicable, the UK General Data Protection Regulation and the Data
Protection Act 2018 (together referred to as the “UK GDPR”).
(E) The Parties wish to lay down their respective rights and obligations.
IT IS AGREED AS FOLLOWS:
Definitions and Interpretation
Unless otherwise defined herein, capitalized terms and expressions used in this DPA shall have the following meaning:
- “Client Personal Data” means any Personal Data Processed by a Contracted
Processor on behalf of Client pursuant to or in connection with the Master
Services Agreement; - “Contracted Processor” means a Subprocessor;
- “Data Protection Laws” means EU and UK Data Protection Laws and, to the
extent applicable, the data protection or privacy laws of any other country; - “EEA” means the European Economic Area;
- “Data Transfer” means:
- a transfer of Client Personal Data from the Client to a Contracted
Processor; or - an onward transfer of Client Personal Data from a Contracted Processor
to a Subcontracted Processor, or between two establishments of a
Contracted Processor, in each case, where such transfer would be prohibited
by Data Protection Laws (or by the terms of data transfer agreements put in
place to address the data transfer restrictions of Data Protection Laws);
- a transfer of Client Personal Data from the Client to a Contracted
- “DPA” means this Data Processing Agreement and all Schedules;
- “Services” means the safety compliance software services the Client provides.
- “Subprocessor” means any person appointed by or on behalf of Processor to
process Personal Data on behalf of the Client in connection with the DPA.
The terms, “Commission“, “Controller“, “Data Subject“, “Member State“, “Personal Data“, “Personal Data Breach“, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR and UK GDPR, and their cognate terms shall be construed accordingly.
Subject Matter, Duration, and Purpose
The Processor shall process Client Personal Data solely for the purpose of providing the Services described in the Master Service Agreement.
- Processor shall:
- comply with all applicable Data Protection Laws in the Processing of Client
Personal Data; - not Process Client Personal Data other than on the relevant Client’s
documented instructions. - ensure that persons authorized to process Client Personal Data are bound by
confidentiality obligations; - implement appropriate technical and organizational measures in accordance
with the EU GDPR and UK GDPR; - keep a record of all categories of processing activities carried out on behalf of
the Client; and - notify the Client if it believes an instruction infringes the EU GDPR and UK
GDPR.
- comply with all applicable Data Protection Laws in the Processing of Client
- The Client instructs Processor to process Client Personal Data.
- This DPA remains in effect for as long as the Processor processes Client Personal
Data on behalf of the Client.
Processor Personnel
Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Client Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know/access the relevant Client Personal Data, as strictly necessary for the purposes of the Master Services Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
Security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Client Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in the EU GDPR and UK GDPR.
Processor shall maintain certifications or independent audit reports (e.g., SOC 2) to demonstrate compliance upon request.
In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
Subprocessing
The Client authorizes the Processor to engage Sub-processors, as necessary to deliver the Service, subject to the requirements in this DPA. The Processor shall: maintain an up- to-date list of its sub-processors, which is published and updated as needed on our public website here.
Data Subject Rights
Taking into account the nature of the Processing, Processor shall provide reasonable assistance to the Client to enable the Client to comply with its data protection obligations with respect to Data Subject rights under Data Protection Laws. To the extent that the Client is unable to independently address a Data Subject, then upon the Client’s written request, the Processor will provide reasonable assistance to the Client to respond to any Data Subject requests or requests from data protection authorities relating to the Processing of Client Personal Data under the DPA.
Processor shall:
- promptly notify Client if it receives a request from a Data Subject under any
Data Protection Law in respect of Client Personal Data; and - ensure that it does not respond to that request except on the documented
instructions of Client or as required by Applicable Laws to which the Processor is
subject, in which case Processor shall to the extent permitted by Applicable Laws
inform Client of that legal requirement before the Contracted Processor
responds to the request.
Personal Data Breach
Processor shall notify Client without undue delay upon Processor becoming aware of a Personal Data Breach affecting Client Personal Data, providing Client with sufficient information to allow the Client to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
Processor shall co-operate with the Client and take reasonable commercial steps as are directed by Client to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
Data Protection Impact Assessment and Prior Consultation
Processor shall provide reasonable assistance to the Client with any data protection impact assessments, and prior consultations with Supervisory Authorities or other competent data privacy authorities, which Client reasonably considers to be required by the EU GDPR, UK GDPR, or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Client Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
Deletion or return of Client Personal Data
Subject to the provisions of this section, following the cessation of any Services involving the Processing of Client Personal Data (the “Cessation Date”), the Processor shall promptly commence the deletion of all Client Personal Data in its possession or control. In recognition of business continuity and disaster recovery controls, the Processor shall complete the deletion, including the procurement of deletion of all copies, within sixty (60) calendar days from the Cessation Date.
Processor shall provide written confirmation to Client that it has fully complied with this section within seventy (70) calendar days of the Cessation Date.
Audit rights
Subject to this section, Processor shall make available to the Client on request all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Client or an auditor mandated by the Client in relation to the Processing of the Client Personal Data by the Contracted Processors. Any audit or inspection which is required under Data Protection Laws must occur remotely during the Processor’s normal business hours and upon 30 calendar days’ prior written notice. The Client will pay the costs in carrying out any audit or addressing any request under this section.
Information and audit rights of the Client only arise under section to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
Data Transfer
The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the EEA without the prior written consent of the Client. The Client acknowledges and expressly agrees that the Processor may transfer or authorize transfers of Personal Data to countries outside of the EEA, provided that the Processor implements appropriate safeguards as necessary, which may include relying upon EU approved standard contractual clauses, binding corporate rules, adequacy decision by the European Commission or other lawful transfer mechanisms recognized under Data Protection Laws.
The Processor shall maintain technical and organizational measures for data security in accordance with the EU GDPR and UK GDPR.
General Terms
- Confidentiality. Each Party must keep this DPA and information it receives about the other Party and its business in connection with this DPA (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
- disclosure is required by law;
- the relevant information is already in the public domain.
- Liability. Processor’s liability under this DPA shall mirror the limitations of liability set forth in the Master Service Agreement, except where prohibited by applicable Data Protection Laws.
- Notices. All notices and communications given under this DPA must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this DPA at such other address as notified from time to time by the Parties changing address.
Governing Law and Jurisdiction
This DPA is governed by the laws of Alberta.
Any dispute arising in connection with this DPA, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of Alberta.
