Privacy Policy

Purpose

The Thermal Insulation Association of Canada (“TIAC,” “we,” “us,” “our”) respects the privacy of individuals and is committed to protecting personal information. This Privacy Policy explains how TIAC collects, uses, discloses, retains, and safeguards personal information in the course of our operations, including membership services, events (including conferences), training, communications, and governance.

Scope

This policy applies to TIAC’s handling of personal information relating to:

  • Members and member representatives
  • Conference and event attendees (including speakers, delegates, exhibitors, sponsors)
  • Volunteers, directors, committee members, and applicants for TIAC roles
  • Vendors, service providers, and other contacts
  • Website visitors and digital communications subscribers

This policy applies to TIAC staff and representatives, and to TIAC’s management company and service providers acting on TIAC’s behalf.

Definitions

Personal information means information about an identifiable individual (e.g., name, email, phone number, job title where it identifies an individual, dietary or accessibility needs).

Sensitive personal information includes information that is particularly sensitive in context (e.g., dietary restrictions, accessibility needs, payment-related information, government identifiers).

Service provider means a third party that processes personal information on TIAC’s behalf (e.g., management company, event registration platform, email marketing provider, payment processor).

Accountability

TIAC is responsible for personal information under its control. TIAC designates a Privacy Officer (Person Responsible for the Protection of Personal Information) who is accountable for TIAC’s privacy management program.

Privacy Officer Contact:
Name/Title: Tristan Bertram, Director of Industry Affairs
Email: tristan@tiac.ca
Mailing Address: 1505 Laperriere Avenue, Suite 401, Ottawa, ON K1Z 7T1
Phone: +1 (825) 522-4834

Where TIAC uses a management company (e.g., The Willow Group) or other service providers, TIAC remains accountable and requires appropriate contractual and operational safeguards.

What TIAC Collects

TIAC collects only the personal information reasonably necessary for identified purposes. Depending on the service, TIAC may collect:

  • Identity and contact details (name, email, phone, mailing address)
  • Professional details (company, role, region, membership category)
  • Event/conference registration details (session selections, badge name, dietary/accessibility needs)
  • Communications preferences and subscription details
  • Payment and transaction details (typically handled by a payment processor; TIAC may receive confirmation, invoices, receipts, and limited payment references)
  • Governance information (director/committee applications, conflict of interest declarations where required)
  • Website usage data (limited analytics and cookies, where enabled)

TIAC does not intentionally collect personal information from children as part of its standard activities.

Why TIAC Collects Personal Information (Purposes)

TIAC uses personal information for purposes such as:

  • Membership administration (applications, renewals, account management, service delivery)
  • Event and conference administration (registration, attendance management, badging, confirmations, continuing education tracking)
  • Providing TIAC products/services, including training and resources
  • Communicating with members and stakeholders (notices, newsletters, updates, surveys)
  • Sponsorship/exhibitor administration and fulfillment of conference benefits
  • Governance and association management (committees, board communications, compliance with bylaws/policies)
  • Financial management (invoicing, receipts, audits, and recordkeeping)
  • Security and fraud prevention
  • Legal and regulatory compliance
  • Improving TIAC services and operations

Consent and Choices

TIAC obtains consent for the collection, use, and disclosure of personal information as required by applicable laws and as appropriate to the context.

Types of consent

Consent may be express (opt-in) or implied, depending on the sensitivity of the information and the reasonable expectations of the individual.

Marketing communications

Individuals may opt out of non-essential marketing communications at any time by using the unsubscribe link in emails or contacting the Privacy Officer.

Conferences and events — common choices

For conferences and events, TIAC may provide choices (where applicable) relating to:

  • Whether the attendee appears in an attendee directory or a networking list
  • Whether TIAC may share limited attendee information with sponsors/exhibitors (if offered)
  • Photography/video use and publication (see below)

How TIAC Uses and Discloses Personal Information

TIAC limits use and disclosure to the purposes identified, except where permitted or required by law.

Disclosures to service providers

TIAC may share personal information with service providers to perform services on our behalf (e.g., management company, event registration, badge printing, email distribution, web hosting, analytics, payment processing). Service providers are required to protect personal information through contractual and operational safeguards.

Disclosures for legal reasons

TIAC may disclose personal information where required or permitted by law (e.g., to comply with a court order, meet audit requirements, or respond to regulatory requests).

No sale of personal information

TIAC does not sell personal information.

Retention and Secure Disposal

TIAC retains personal information only as long as necessary to fulfill the identified purposes and to meet legal, accounting, and governance requirements.

TIAC maintains retention practices that address:

  • Membership records
  • Event/conference records
  • Financial and audit records
  • Governance records

When personal information is no longer required, TIAC securely destroys, deletes, or anonymizes it, as appropriate.

Photography, Video, and Event Recordings

TIAC may take photographs and videos at TIAC events (including conferences) for purposes such as communications, promotional materials, and historical records.

Where appropriate, TIAC will provide notice (e.g., signage, event terms) and may offer a practical opt-out process (e.g., a designated badge marker and/or request process). Individuals may contact the Privacy Officer with concerns about specific images.

Safeguards

TIAC uses reasonable physical, organizational, and technological safeguards appropriate to the sensitivity of the personal information, which may include:

  • Access controls and least-privilege permissions
  • Multi-factor authentication, where available
  • Secure storage and transmission practices
  • Staff and contractor confidentiality obligations
  • Vendor due diligence and contract requirements
  • Incident response procedures

No method of transmission or storage is completely secure; however, TIAC works to protect information using appropriate safeguards.

Cross-Border and Out-of-Province Processing

TIAC may use service providers that store or process personal information outside an individual’s province or outside Canada (for example, cloud-based platforms). In such cases, personal information may be subject to the laws of the jurisdiction where it is processed.

TIAC takes reasonable steps to ensure that personal information processed by service providers is protected through appropriate safeguards and contractual measures. Individuals may contact the Privacy Officer for more information about TIAC’s service providers and cross-border practices.

Access, Correction, and Requests

Individuals have the right to request access to their personal information and to request corrections, subject to limited exceptions permitted by law.

TIAC may require identity verification before responding to a request. TIAC aims to respond within a reasonable timeframe and may charge minimal fees where permitted (with advance notice).

Requests should be directed to the Privacy Officer.

Confidentiality Incidents and Breach Response

TIAC maintains procedures to identify, manage, and document privacy incidents involving personal information (e.g., loss, unauthorized access, disclosure, or use). Where required, TIAC will:

  • Assess the incident and take steps to reduce risks and prevent recurrence
  • Notify affected individuals and/or regulators where legally required
  • Maintain appropriate records of incidents

Website, Cookies, and Analytics

TIAC’s website may use cookies or similar technologies to support functionality and understand website usage. Where applicable, TIAC may provide cookie choices through website settings or banners.

Website data may include IP address, browser type, device information, and pages visited. TIAC uses such information to maintain and improve the website and services.

Complaints

Individuals may submit privacy questions or complaints to the Privacy Officer. TIAC will investigate complaints and respond within a reasonable timeframe.

If an individual is not satisfied with TIAC’s response, they may have the right to contact the relevant privacy regulator in their jurisdiction.

Policy Updates

TIAC may update this Privacy Policy from time to time to reflect changes in practices or legal requirements. The current version will be posted on TIAC’s website (where applicable) and will include the “Last Review Date.”