Privacy Policy

Baseline Energy Analytics Ltd. (BEA) is committed to protecting its clients’ privacy, as required by the Personal Information Protection and Electronic Documents Act (PIPEDA).  This Privacy Policy is a formal statement of the principles and guidelines for collection, use and disclosure of Personal Information (PI).  BEA will safeguard information under its control, and has appointed a Privacy Officer to ensure this policy is complied with.

 

What is Personal Information (PI)?

“Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual.  This includes information in any form, such as:

  • age, name, ID numbers, income, ethnic origin, or blood type;

  • opinions, evaluations, comments, social status, or disciplinary actions; and

  • employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example to acquire goods or services, or changes jobs).” [1]

1         Accountability

BEA is responsible for personal information under its control and has appointed a Privacy Officer to ensure compliance with PIPEDA. Questions or concerns about BEA’s privacy practices can be directed to BEA’s Privacy Officer at contact@baselineenergy.ca.

2         Identifying Purposes for Collecting Personal Information

BEA collects personal information to provide services under contracts with DSM program administrators, utilities, and other clients. Specifically, BEA collects personal information to:

  • Analyze energy consumption and billing information to identify potential energy efficiency and peak demand reduction opportunities or to quantify savings from previous projects;

  • Differentiate between and cross-reference customer accounts to ensure accurate analyses and savings calculations;

  • Incorporate geographic characteristics such as weather patterns into energy and peak demand analyses;

  • Identify customers for potential inclusion in programs or services offered by BEA or its clients;

  • Provide clients and potential clients with information regarding products and services offered by BEA or its clients;

  • Manage BEA’s business and operations; and

  • Meet legal and regulatory requirements.

 

The types of personal information BEA may collect include:

  • Contact Information: Names, mailing addresses, phone numbers, and email addresses;

  • Billing Information: Energy usage, consumption details, and payment records;

  • Account Information: Customer utility service providers, account numbers, meter numbers, premise numbers, utility rate class or code, date of birth, credit history, transaction history, proof of home ownership, notice of assessment, and data related to past participation in demand side management programs;

  • Geographic Information: Service addresses, substation name or number, other information used to characterize the customer location within a utility service territory or electrical grid; and

  • Demographic and building information: Age of building, size, number of occupants, other demographic information.

BEA will occasionally collect other PI through its website, through email, or through conversation.  This information will be collected, used, and disclosed according to the same policies and procedures as any other PI provided to BEA.

3         Consent for Collection, Use, and Disclosure of Personal Information

BEA primarily obtains consent to collect, use, and disclose personal information through contractual agreements and NDAs with DSM program administrators, utilities, and business partners. These agreements specify that the personal information shared is necessary for BEA to perform its contractual obligations.  BEA will not share personal information with third parties without explicit consent, unless required by law.

Where BEA may need to collect personal information directly from individuals, informed and express consent will be obtained as per PIPEDA requirements.

4         Limiting Collection of Personal Information

BEA limits its collection of personal information to what is necessary for the identified purposes. All information collected is relevant to fulfilling contractual obligations, such as energy consumption analysis and reporting for DSM programs.

5         Limiting Use, Disclosure, and Retention of Personal Information

Personal information is used only for the purposes for which it was collected.  BEA does not disclose personal information to third parties without consent unless required by law. Personal information is retained for no longer than 60 days after contract completion or as otherwise required by law or contractual obligations, after which it is securely deleted.

6         Accuracy of Personal Information

BEA endeavors to maintain accurate and up-to-date personal information. Data accuracy is essential to ensure the quality of BEA’s analyses and reporting. BEA relies on the source organizations, such as DSM program administrators and utilities, to provide correct information and will update records upon receiving notice of any changes or corrections.

7         Safeguards to Protect Personal Information

BEA protects personal information through a combination of technical, physical, and administrative safeguards.

Technical Safeguards:

BEA enables Multi-Factor Authentication (MFA) for access to all Microsoft 365 services, ensuring secure access to data. All data is stored securely within Microsoft cloud services (OneDrive and SharePoint), with encryption at rest (BitLocker) and in transit (TLS).

Physical Safeguards:

Personal information is accessed from BEA’s private office, or remotely via BEA laptop computers.  Any physical documents containing personal information are securely stored within a locked private office.  The office lobby entrance is also locked outside of normal business hours.

Administrative Safeguards:

BEA has internal policies, conducts staff training, and performs regular audits to ensure compliance with privacy best practices.

8         Openness

BEA is committed to transparency regarding its privacy practices and policies. This Privacy Policy is publicly available on BEA’s website, and any updates to the policy will be posted here. BEA encourages clients and stakeholders to review the Privacy Policy periodically to stay informed about how personal information is protected.

9         Individual Access to Personal Information

Individuals have the right to request access to their personal information held by BEA and to seek correction if the information is inaccurate or incomplete. However, as BEA primarily acts as a consultant and not the primary data holder, individuals are encouraged to first contact the original organization responsible for collecting their data (e.g., DSM program administrator or utility).

To inquire about personal information held by BEA, individuals may contact the Privacy Officer at contact@baselineenergy.ca. BEA will work with the third-party data holder to address access or correction requests.

10    Challenging Compliance

BEA is committed to addressing privacy concerns and complaints promptly. Any inquiries or complaints regarding BEA’s privacy practices should be directed to the Privacy Officer at contact@baselineenergy.ca.

BEA will acknowledge receipt of the complaint within 5 business days.

A full response will be provided within 30 days. If more time is needed, the individual will be informed of the expected timeline for resolution.

[1] Office of the Privacy Commissioner of Canada, Privacy Guide for Businesses, 2020.