Updated: November 20, 2024

Data Privacy Compliance 

Guiding Principles 

Data privacy compliance is concerned with policies, procedures and standards used to comply with applicable data regulations in the jurisdictions in which Foresight Cleantech Accelerator Centre (Foresight) is operating, such as: 

• The Federal Personal Information Protection and Electronic Documents Act, S.C. 2000, ch. 5 (“PIPEDA”); 
• British Columbia’s Personal Information Protection Act, S.B.C. 2003, ch. 63 (“PIPA BC”);
• British Columbia’s Freedom of Information and Protection of Privacy Act (“FIPPA BC”); and
• Europe’s General Data Protection Regulation (GDPR). 

Projects dealing with more sensitive data, such as health, will ensure they are responding to the appropriate regulatory requirements for their project activities. For example, most of the provinces in Canada have enacted health privacy legislation that applies to health information custodians in the context of providing healthcare services. Health care providers also have professional obligations which must be accounted for in data privacy compliance measures. 

Data Privacy Compliance

1. General 

The information that participants provide in their engagements with Foresight, together with information regarding the manner in which the participant engages with Foresight, will not be processed or disclosed by Foresight except as may be permitted by the provisions set out herein. 

Participants agree that Foresight may share with other parties aggregate, individual, and locator information gathered by Foresight in the course of the participants engagement with Foresight. "Aggregate information" is information that describes the information, habits, usage patterns and/or demographics of participants as a group but does not describe or reveal the identity of any particular participant(s). "Individual information" is information about a participant that is presented in a form distinguishable from information relating to

other participants but not in a form that personally identifies any participant or enables the recipient to communicate directly with any participant. "Locator information" consists of a participant’s name, e-mail address, physical address and/or other data about the participant that enables the recipient to personally identify the user. Locator information and individual information may be processed and stored by Foresight. Participants may contact Foresight to determine whether such information has been accurately recorded and, if not, to request correction of any inaccuracies in the information recorded by Foresight. 

The information collected is used to improve the quality of our service, and is not shared with or sold to other organizations for commercial purposes, except to provide services the participants have requested and then only when the participant has provided, or under the following circumstances: 

• It is necessary to share or disclose information in order to investigate, prevent, or take action regarding unlawful activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of this policy, or as otherwise required by law. 
• Where Foresight is acquired by, amalgamated or merged with another company. In this event, Foresight will notify the participants before information about them is transferred and becomes subject to a different privacy policy. 
• It is necessary to provide information to independent contractors and other service providers and suppliers to the extent such disclosure will enable that party to perform business, professional or technical support for Foresight during the course of the project or engagement and provided that such third parties agree to comply with the provisions contained herein. 

2. Information Gathering and Usage

Participants are required to provide information such as their name, email address, company name and address information and specific baseline information for their current venture. Foresight may use collected information solely for the following general purposes: services provision, identification and authentication, services improvement, contact, and research and in doing so must comply with the requirements contained in this policy.

3. Cookies

Foresight may use cookies to record current session information but, will not use permanent cookies.

4. Data Storage 

Foresight may use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the services provided in the program. Although Foresight owns or licenses the code, databases, and all rights to their applications, the participants retain all rights to their data. Wherever possible, Foresight will use services that do not store data in the United States.

5. Changes 

Foresight may agree to periodically update the terms contained in this policy. If such changes are made, then the participant will be notified about significant changes in the way they treat personal information by sending a notice to the primary email address specified in their participant account or by placing a prominent notice on our website(s). 

Data Security 

Guiding Principles 

Data security is concerned with policies, procedures and standards focused on protecting restricted, confidential or sensitive data from unauthorized access or loss. Measures include: 

• Encryption, de-identification of data, user authentication, access controls and relevant auditing processes with a higher degree of diligence when dealing with sensitive data such as personal data (including health and medical data) and financial data; 
• The implementation of backup systems and business continuity measures;
• Up-to-date protection against any anticipated threats or hazards to the security or integrity of Project; 
• Protection against any unauthorized access, use, disclosure, accidental or unlawful alteration, loss or destruction of certain data; and 
• Incident management protocols to deal with data breaches including containment, stakeholder notification and corrective actions based on the results of incident investigations. 

Data Security

Foresight uses best practices for maintaining data security. Processes implemented by Foresight include: 

• All vendors, contractors and employees have confidentiality agreements or clauses in their agreements and understand how important it is to keep confidential information secure and private; 
• Using strong password protection and authentication on the various applications and devices they use ;
• Avoiding pop-ups, unknown emails and links to reduce the risk from phishing attempts;
• Connecting to secure Wi-Fi systems to reduce the risk from vulnerabilities from intercepting data on unsecured (usually public) networks; 
• Enabling firewall protection for both office and home use of laptops and phones;
• Install all security updates for applications and devices; and
• Ensuring that regular backups of key data are performed.

Data Stewardship and Storage

Guiding Principles 

Data stewardship is concerned with policies, procedures and standards around data extraction, standardization, storage and access including but limited to: 

• Requirements that data is collected for specified, explicit and legally authorized purposes with any required permissions, consent and usage rights confirmed with the data owner;
• Data quality protocols that ensure data remains relevant, accurate and up to date;
• A tool validation process that ensures the software tools are adequately configured;
• Requirements related to data ownership, traceability, and lifecycle management including the proper and secure disposal of certain data; and 
• Requiring that all permitted subcontractors of Foresight or third-party tools employed by Foresight are bound by the same standard of care as the participants and have been subjected to appropriate due diligence with respect to their privacy and security measures. 

Data Stewardship and Storage 

There are potentially 3 sources of participant information identified in engagements with Foresight: 

• Survey responses received from participants who were previous participants in a Foresight program or event;
• Interview responses (or notes) collected from interviews with participant who were previous participants in a program or event; and 
• Participant information from participants in any program or event, which could consist of applicant information, baseline data regarding the current status of their venture, and information following their completion of the program. 

Foresight will maintain their own data for their own program participants consistent with all the other terms in this policy. 

For reporting purposes, Foresight will only provide aggregated information to be used for project status updates and tracking against project metrics, unless the program participant has provided a written waiver in advance of providing their identification. Such waivers may be obtained to share specific program outcomes or testimonials such that the attribution back to the individual participant is important to the participant. 

Data Exchange 

Guiding Principles 

Data exchange is concerned with policies, procedures and standards that help data be managed as a resource for Foresight and its members and funding partners. This includes protocols for data findability, accessibility, interoperability and reusability including but not limited to: 

• Globally unique and persistent identifiers; 
• Data retrieval of data by their identifiers using standardized communication protocols;
• Determination of rights, with controls to ensure access is limited appropriately;
• A metadata framework that permits data assets to be classified and filtering out competitively sensitive or confidential information; and 
• Clear and accessible data usage licenses. 

Data Exchange 

Foresight does not reasonably expect to exchange data with any other partner, nor any other organization. Information that will be shared by Foresight will be in aggregate form, subject to potential participant waivers described herein. 

Furthermore, there is no automatic exchange of information contemplated by any of the applications or platforms that are in use by Foresight.

Contact Us

Please send any inquiries about this policy or your personal information, including requests to access or correct personal information, to: 

Foresight Canada, Attention: Privacy Officer
2300-2850 Shaughnessy St., Port Coquitlam
British Columbia, V3C 6K5

Email: info@foresightcac.com

Phone: +1 (604) 245-0042