BIS Safety Software

Legal Trust Centre

Privacy Policy

Your privacy matters to us.

This Privacy Policy together with the relevant Terms and Conditions explains how BIS Safety Software Inc. (“BIS”, “we”, “us”, “our”) collects, uses, discloses, stores, secures, and deletes personal information as defined by applicable privacy laws. Our websites and services include our BIS Safety Software system and the associated BIS Safety mobile app (collectively the “Web Platforms”). By using our Web Platforms, you may be a corporate user or a public user or both. “Corporate Users” are individuals who have accounts created for them by an employer or organization in a managed portal. “Public Users” are individuals who create their own accounts independently and directly in our Web Platforms.

Where required, we will seek your consent within our Web Platforms. If you do not agree with this Policy, please do not use the Web Platforms.

Information Collected

From Whom We Collect Personal Information

Web Platform users. Public Users and Corporate Users, including administrators of user accounts.

Public website visitors. Individuals who visit our public websites (www.trainanddevelop.ca, www.bissafety.ca, www.bissafety.com, and www.bissafety.uk) who may provide contact information to receive information about our Web Platforms and participate in our events.

Event attendees. Individuals who register to attend any live or virtual events, conferences, or webinars hosted or sponsored by BIS.

Personal Information We Collect

If you are a Public User or a Corporate User, we collect your personal information through your use of our Web Platforms, when you interact with our customer support, or communicate with us in any way.

The types of information we collect include:

Personal information, such as your name, contact details, date of birth, driver’s licence number, banking information, and login credentials, that you provide to us or that is provided by the employer or organization who provided you with an account.
Employment information, such as your job title, supervisors, work training, and employment history.
Education information, such as professional qualifications, as collected by the employer or organization who created your account.
Health information as collected by the employer or organization who created your account.
Biometric data, such as your image and video recordings of you, that is collected if you attend events or complete virtually proctored online courses.
Billing information when you pay for BIS’ services or purchase any content from the e- commerce store. (Note we only retain and store the last 4-digits of your credit card number while all other data, such as the expiry date and authorization codes, are not stored.)
Location information when you authorize our Web Platforms to detect and track your location, such as your address, city, and geographic area.
Marketing information, such as your contact preferences.
Usage information about how you use and interact our Web Platforms and public websites, such as your IP address, location, and log information of features you use.
Troubleshooting and support information that you provide when you interact with our chatbots, complete feedback forms or other forms, or when you contact our customer support team or any personnel of BIS, such as the content of your chats and other communications.
Other information we collect not listed here but that we will use and protect following this Privacy Policy or as otherwise disclosed at the time of collection.

Information From Our Websites and Events

When visitors to our public websites contact us or register for information, we collect personal information, such as contact information, so we can fulfill their request and keep in touch with them for sales and marketing purposes, ensuring we respect their marketing preferences.

When event attendees join and participate in our events, we collect personal information, such as your name, employment information, and dietary preferences (in some instances). If the event is recorded and posted on our social media channels, we may collect and share your image and voice depending on how you engage in the event.

Information From Third Parties and Referrals

Users, website visitors, event attendees, and our business partners may refer contacts to us, so we may receive your name, email, and address from these sources. You may submit referrals if you have the referral’s permission to provide their information to us, so we may contact them.

We share information about us and interact with the public on social media platforms, such as LinkedIn, YouTube, and other third-party platforms. When you visit and interact with us and others on those platforms, you and those platforms provide us with personal information, and you are subject to the platform provider’s privacy policy.

Information About Children

The Children’s Online Privacy Protection Act (COPPA) enacted by the United States Congress prohibits unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personal information on the internet from and about children 12 years or under. Our public websites nor our Web Platforms are not directed to or intended for use by children under 13 or children residing in Quebec, Canada under 14. We do not knowingly collect, use, or disclose personal information from children as stated.

If we become aware that personal information has been collected from a child under these age limits, we will promptly delete or de-identify such information from our records, subject to any legal retention requirements.

Parents or guardians who believe that we may have collected personal information from a child should contact our Privacy Management Program at privacy@bistraining.ca to request review and deletion of the information.

How We Use Personal Information

We may use your personal information for the following purposes or as described at the time of collection:

Operate our business and provide services: We use your personal information to operate our business and provide, operate, and administer our Web Platforms, courses, and third-party courses and products, including:

Troubleshooting issues, analyze performance, and fix issues to optimize our Web Platforms and websites;
Understanding your needs to personalize your experience and expand our Web Platforms capabilities;
Processing transactions related to those services, courses, and products;
Sharing information about our services, such as new products and important updates;
Providing you with customer support when requested;
Responding to your questions and feedback;
Protecting the security of our Web Platforms and systems;
Communicating with you about events and webinars; and
Other purposes for which we will notify you in advance and receive your consent.

Comply with legal obligations: In certain cases, we may have a legal obligation to collect, use, share, retain, or delete your personal information.

Fraud, abuse prevention and credit risks: We may use your personal information to detect and prevent fraud and abuse to protect you and the security of our services. We may use algorithms and scoring methods to assess and manage security, financial risks, and credit risks.

Marketing: We use your personal information to market and promote our services, which may now or in the future use interest-based or personalized targeted ads. We may use cookies and other similar technologies, which enable us to understand the effectiveness of the interest-based ads by measuring what ads are clicked or viewed and to provide you with more useful and relevant ads.

Cookies and Similar Technologies

We use cookies and similar technologies to recognize your browser or device, track your specified preference (such as language and configuration preferences), prevent fraudulent activity and improve security, learn more about your interests, and provide you with important features and services.

Please read our Cookie Policy to learn more.

You can withdraw consent or manage preferences for the use of non-essential cookies and similar technologies in our Web Platforms and public websites in your browser controls. Our cookies may allow you to take advantage of some essential and useful features. Blocking some types of cookies may impact your experience of our Web Platforms.

We do not sell your personal information to others. We may share personal information only as described in this Privacy Policy with these recipients:

Service providers. We work with service providers, such as payment processors, managed hosting providers, and sub-processors, who follow policies and practices at least as protective as described here for the purposes of providing our Web Platform and other services to you. We inform our clients of changes to our sub-processors through our Sub-Processor Notice. We recommend clients and users to review the privacy policy of our sub-processors.

Third party integrations. You may integrate certain third-party services with our Web Platforms. You are subject to the privacy policies and terms and conditions of third parties whose services you integrate in our Web Platforms.

Artificial intelligence services. Our Web Platforms may provide services that use artificial intelligence or machine-generated learning (“AI Services”), which may be wholly or partially developed by third parties. Our AI Services use information provided by users, such as text, images, videos, and content in files of any format, including facial images in virtually proctored online courses. For more information about our AI Services, please review our Artificial Intelligence Notice.

Business partners. We have contractual relationships with third parties who provide content, courses, and products, which you may access through our software. These third parties are subject to our Privacy Policy. If you wish to access third party content, courses, and products, you may need to share your personal information, including your registration, course marks, and certificates of completion, with these third parties. You may authorize us to verify to third parties the validity and status of your certificates when they enter your last name and certificate number into the public certificate verification page on our Web Platforms.

Third party marketers. We work with third parties to display and manage advertising and content on our websites who may use cookies or similar technologies to collect information about how you interact with our websites to provide you with a personalized experience, recommendations, and advertising based on your activities and interests.

Authorities and others. We may share your personal information with governing bodies, third parties needed for compliance, fraud prevention, and security purposes, legal counsel and auditors when needed. We may release account and other personal information when that release is required to comply with the law, to apply or enforce our terms and agreements, or to protect the rights, property and security of our customers and others. We may also share personal information with event co-sponsors.

Business transferees. If we sell our businesses or services, personal information may be shared with the acquiring entity in accordance with applicable privacy laws and subject to appropriate confidentiality safeguards. For Corporate Users, we may also share personal information with registered users within your portal based on their level of administrative access. Public Users may opt out of having their personal information shared with third-party service providers. However, opting out will prevent access to our Web Platforms.

We will not give a third party with whom we share your information an independent right to share or disclose your information with any other person, group, or company outside of their own professional advisors and affiliates.

Location of Personal Information

Your personal information is stored in Canada on third-party data servers (for example, AWS Canada). Additionally, personal information, including biometric data, collected during virtually proctored online courses is stored in Germany on third-party data servers. If you do not wish for your personal information to be stored in Germany, do not purchase or take virtually proctored online courses. Limited personal information collected and publicly shared from recorded webinars may be stored in third-party data servers located in USA or Canada. Conversations and any information you provide to our Support Team by phoning 1-780-410-1660, (French) 1-780-410-1659, (toll-free Canada) 1-866-416-1660, (USA) 1-713-424-0660, and (toll-free USA) 1-866-575-5670 is stored in the USA. BIS shares personal information with sub-processors who may also store this data in locations outside of Canada. Please refer to our Sub-Processor Notice for information on our sub-processors and where they store personal information.

Cross-Border Data Transfers

We primarily host our services and databases in Canada. However, we use trusted service providers and sub-processors in other countries, including the USA, Ireland, Germany, Australia, and India. As a result, your personal information may be stored, processed, or accessed in any of these jurisdictions for the purposes described in this Privacy Policy (for example, hosting, support, email delivery, analytics, payment processing, security, and fraud prevention). When information is stored or processed outside of Canada, it may be subject to the laws of the destination country and be accessible to court, law enforcement and national security authorities in those jurisdictions. We assess our service providers and sub-processors prior to transferring your data to them to ensure the provide an adequate level of protection of your data.

Security

BIS, our clients, and users acknowledge the crucial importance of safeguarding personal and confidential information. We maintain compliance and assurance programs that test, support, and validate our security controls. We use physical, administrative, and technical security controls, such as encryption protocols, which meet industry security standards to safeguard personal information we collect. Our data security program includes a risk management program that aims to identify and mitigate threats and vulnerabilities with controls appropriate to the level of risk. Our risk management controls include regular, comprehensive vulnerability scans, external testing, and internal audits. In the event we become aware of a security incident that has affected our customers or users, we will notify affected parties following applicable laws. Our security procedures mean that we verify your identity before we disclose personal information or provide certain services to you. We strive to continuously improve our data security program and will communicate important security updates to our customers and users in a timely manner.

While we strive to protect personal information, no method of transmission or storage is completely secure; if we become aware of a security incident, we will take appropriate steps and notify affected individuals as required by applicable law.

Retention

We keep your personal information to communicate with you and to enable your continued use of our services for the purposes described in this Privacy Policy or as may be required by law. We retain personal information only for as long as necessary to fulfill those purposes, comply with legal obligations, resolve disputes, and enforce our agreements. After those purposes are fulfilled, personal information is deleted or anonymized as per our documented retention schedules. Your personal information is retained if your account remains active. After your account is deactivated, our retention of your personal information will be consistent with applicable laws.

Your Rights

You have rights under privacy laws which, in certain circumstances, you can exercise in relation to the personal information we process about you. These include:

The right to ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
The right to ask what categories of personal information we have collected about you, the categories of sources from which the personal information was collected, the business and commercial purposes for collecting and disclosing personal information, the categories of third parties to whom we disclose personal information, and the categories of personal information disclosed for a business purpose;
The right to request correction of inaccurate personal information we hold about you;
The right to restrict our use and disclosure of your personal information for purposes permitted by law (to the extent applicable; we do not use sensitive personal information beyond permitted purposes);
The right to request deletion (“erasure”) of personal information (the “right to be forgotten”):
- that is no longer necessary for the purposes underlying the processing,
- where consent for the information being processing has been withdrawn, or
- when processing is not in compliance with applicable legal requirements;
The right, in certain cases, to receive a machine-readable copy of your personal information;
The right to request portability of personal information that you have provided to us where the processing of such personal information is based on consent and is carried out by automated means;
The right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way;
The right to object to our use and processing of your personal information;
The right to opt out of processing for targeted advertising, sale of personal data, or profiling in decisions that produce legal or similarly significant effects; and
The right to direct us not to sell or share your personal information for cross-context behavioural advertising. (Note we do not engage in such practices.)

We will not waive or limit your rights, and we do not discriminate against those who exercise them.

Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.

How to Exercise Your Rights

If you want to exercise any of these rights, please contact us using the details in the Contacts section below. We will handle any request to exercise your rights in accordance with applicable privacy law and any relevant legal exemptions.

We will verify your request (which may include confirming control of your account, matching information, or requesting a signed declaration) and respond within 45 days (which may be extended as permitted by law). If your access is provided through an organization, we may redirect certain requests to your administrator where appropriate.

You may also have the right to complain to a local authority if you think we have processed your personal data in a manner which is unlawful or breaches your rights. If you have these concerns, we kindly request that you contact us first (using the contact details in the Contacts section below), so we can investigate and do our best to resolve your concerns.

For EU and UK residents, you also have the right to lodge a complaint with a supervisory authority:

EU: your local Data Protection Authority in the EU or EEA.
UK: the Information Commissioner’s Office.

Access and Choice

Personal information you may be able to access through our services include:

Your name, email address, physical location, postal address, phone number, and other contact information;
Username, aliases, roles, and other authentication and security credential information;
Your subscription, purchase, usage, billing, and payment history;
Payment settings, such as payment instrument information and billing preferences;
Third-party course completion information, including training records, course marks and certificates of completion;
Education, training, and employment information; and
Email communication and notification settings.

Corporate Users: We have no control over what personal information is collected by entities and employers who create accounts for you and how they use your personal information. Subject to your organization’s restrictions, you may be able to view, update, and delete your account information and control how you interact with and use our services. Your services may include settings that provide you with options for how your information may be viewed, used, or secured. Entities and employers who pay for our services and manage user accounts are solely responsible for complying with all applicable laws with respect to Corporate Users.

We generally do not retain earlier versions of personal information once updated or revised. However, we may retain certain personal information where required to comply with legal obligations, to meet legitimate business or operational needs, or where it remains temporarily stores in system backups for a limited retention period.

Contact

If you have any concerns about your privacy or want to contact one of our third-party data processors, you may contact our Privacy Officer through our Privacy Management Program.

Privacy Management Program

BIS Safety Software
261 Seneca Road
Sherwood Park AB Canada T8A 4G6
Phone: 780-410-1660
Toll Free: 1-866-416-1660
Email: privacy@bistraining.ca

Users in the European Union and EEA may contact BIS’ EU representative below.

DPO Europe GmbH

representative+bissafety@data-privacy-office.eu

Users in the UK may contact BIS’ UK representative below.

Data Privacy Office Europe

ukrepservices@gmail.com

Specific Privacy Disclosures

Quebec Law 25

This section applies to individuals in Québec and describes how we comply with Law 25, which amends Québec’s private-sector privacy law.

Law 25 enhances the privacy laws in Québec, Canada. In compliance in Law 25, BIS performs privacy impact assessments, provides breach notification in circumstances where unauthorized access is likely to cause real risk of significant harm to individuals as described under guidelines established by PIPEDA, and requests explicit consent for the collection of sensitive personal information for organizations and users in Québec.

Governance and Accountability

We designate a Person in Charge of the Protection of Personal Information (our Privacy Officer) who you may contact through our Privacy Management Program. We maintain a privacy management program, including documented policies, staff training, role-based responsibilities, and regular reviews.

Privacy by Design

We implement measures so that, by default, only the minimum personal information necessary is collected, used, communicated, retained, and accessible.

Privacy Impact Assessments (PIAs)

We conduct PIAs for projects involving personal information. PIAs address sensitivity, purposes, proportionality, safeguards, and residual risks.

Confidentiality Incidents (Breaches)

We keep a register of incidents and notify the Commission d’accès à l’information (CAI) and affected individuals if the incident presents a risk of serious injury. Notifications describe the nature of the incident, information concerned, and steps taken or proposed to mitigate risk.

We obtain valid, informed, and specific consent where required by law. For sensitive personal information, we obtain express consent unless another legal basis applies.

Automated Decisions and Profiling

When we render a decision based exclusively on automated processing that produces legal or similarly significant effects, we inform the individual, provide the main factors and parameters that led to the decision, and offer a way to submit observations and, where applicable, request a review by a person.

Transfers outside of Québec

We primarily host and process personal information in Québec. We transfer personal information outside of Québec when needed to provide essential services in our Web Platforms or for business continuity purposes. Where we transfer personal information outside Québec, we do so in accordance with applicable law and implementing contractual, technical, and organizational safeguards to ensure that the information receives protection equivalent to that required under Québec’s privacy legislation.

We conduct transfer risk assessments and implement appropriate technical and organizational measures to protect personal information during and after transfer.

Canada’s Anti-Spam Legislation (CASL)

Consistent with the Privacy Policy described here, you have authorized us to communicate with you in writing, or electronically, such as by email, social media, text, phone, or any form of electronic and internet-based methods using computers, smart phones, mobile or handheld devices, phone, or any future devices. You may unsubscribe anytime by either clicking an unsubscribe button; directly contacting us by phone, mail, or email; or providing reasonable notice by any other means.

California

These disclosures apply to California residents and describe our practices under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information We Collect

Categories of personal information collected or disclosed for a business purpose. The personal information that we may collect, or may have collected from you or disclosed in the preceding twelve months, fall into the following categories depending on how we may have engaged with you:

Direct identifiers, such as your real name, alias, postal address, social security number, driver’s licence and passport information, and signature;
Indirect identifiers, such as cookies and other similar technologies, phone numbers, Internet Protocol addresses, and account names;
Biometric data, such as images, and audio and video recordings;
Geolocation data, such as physical location information from computers, smart phones and other devices;
Internet activity, such as browsing history, search history, data on interaction with a webpage, application, or advertisement;
Sensitive information, such as personal characteristics, behaviour, employment, and education information; and
Professional or employment related information, including education information, including enrollment status, fields of study, degrees, training, honors, awards, course marks and certificates of completion.

Depending on how you may engage with our services, further categories of personal information disclosed for a business purpose include:

Commercial information, such as the details of a product or service, if a third-party service provider is assisting to provide that product or service to you; and
Electronic communications if a third-party service provider reviews recordings of customer interactions for quality assurance purposes.

Your rights

Subject to applicable exceptions, California residents have rights related to their personal information as described in the Your Rights section.

If our practices change, we will update this Privacy Policy and provide the required “Do Not Sell or Share My Personal Information” mechanism.

Texas

This section applies to Texas residents and describes our practices under the Texas Data Privacy and Security Act (TDPSA).

Categories of Personal Information We Collect

Depending on how you interact with us (e.g., account creation, course delivery, support), we may collect and process:

Identifiers and contact details (name, address, email, phone, online identifiers, IP address),
Customer records/commercial information (purchases, transactions, service usage),
Internet or network activity (log data, interactions with our sites/apps, cookies/SDKs),
Geolocation data (approximate location if enabled),
Professional/education information (employer/organization, role, enrollment, training records, marks, certificates),
Biometric/recordings (image/voice/video where used for identity verification or proctoring),
Inferences (preferences or configurations derived from the above), and
Sensitive personal data (e.g., precise geolocation if enabled and government IDs and biometrics used for identification) processed only as permitted by law (consent where required).

Purposes for Processing

We process personal information to provide and manage services, support training and credentials, communicate with users, enhance security, prevent fraud, comply with laws, and enforce terms.

We may disclose personal information to service providers/processors (hosting, identity verification/proctoring, analytics, support, security, payments), your organization/administrator), certification bodies/content providers (to deliver/validate credentials), and government or law enforcement when required.

We do not sell personal information. If we engage in targeted advertising or other “sharing,” you may opt out.

European Union and United Kingdom

This section applies to individuals located in the European Economic Area (EEA) and the United Kingdom (UK). We apply equivalent protections to both, while noting that supervisory authorities, transfer mechanisms, and terminology may differ between the EU and the UK.

Depending on the activity we may act as:

A data controller (for example, when we determine the purposes and means of processing personal information on our Web Platforms and in our business operations); or
A data processor on behalf of our customers (for example, where an organization uses our services to manage its training and compliance data and instructs us how to process that data).

Where we act as a processor, our processing is governed by a data processing agreement with the relevant customer (the controller).

Lawful Bases for Processing

We process your personal information on one or more of the following legal bases as applicable under the EU GDPR and/or the UK GDPR:

As necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide our services, to respond to requests from you, or to provide customer support;
We have a legitimate interest to operate, improve, and secure our services; to communicate with you about our services; to prevent fraud and misuse; and to assert or defend legal claims, except where such interests are overridden by your interests or fundamental rights and freedoms. We perform and document the required balancing test.;
With your consent or where required by law (for example, certain marketing, cookies/analytics in some jurisdictions, or optional features). You may withdraw consent at any time, without affecting processing that occurred before withdrawal.
Vital interests or public interests only where strictly applicable; or
As necessary to comply with relevant law and legal obligations, including responding to lawful requests and orders.

Special Categories of Data

We do not seek to collect special categories of personal data (such as health, biometric identifiers used for identification, racial or ethnic origin) unless required for a specified purpose and permitted by law. Where such processing occurs, it is supported by an appropriate Article 9 condition (EU/UK), such as explicit consent or reasons of substantial public interest, and subject to additional safeguards.

Representatives

Because BIS is established in Canada, we appoint representatives for the EU and the UK in accordance with Article 27:

EU Representative: Data Privacy Office Europe, whose contact information is provided in the Contacts section.
UK Representative: Data Privacy Office Europe, whose contact information is provided in the Contacts section.

Individuals in the EEA/UK may contact the relevant representative on matters related to our processing of personal information, in addition to contacting BIS directly.

Transfers outside of the European Economic Area or EEA

We primarily host and process personal information in Canada. When we transfer personal information outside the EEA (for EU GDPR) or outside the UK (for UK GDPR), we do so in accordance with applicable law, using one or more of the following safeguards:

Adequacy decisions (e.g., for Canada’s commercial sector and any other jurisdictions deemed adequate by the European Commission or the UK Government);
Standard Contractual Clauses (SCCs) adopted by the European Commission, with supplementary measures as needed; and
The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, as applicable.

We conduct transfer risk assessments and implement appropriate technical and organizational measures to protect personal information during and after transfer.

Privacy Policy Change

If we alter our Privacy Policy, any changes will be posted on this page of our website with the date of the latest revision so that you are always informed of the information we collect about you, how we use it, and the circumstances under which we may disclose it.

Last Updated: November 29, 2025

Terms and Conditions

Carefully read all the Terms and Conditions including our Privacy Policy before accessing or using our websites, including www.bissafety.ca, www.bissafety.com, www.trainanddevelop.ca, and www.bissafety.uk, and web services, including our BIS Safety Software system and the associated BIS Safety mobile app (collectively the "Web Platforms”). By accessing or using the Web Platforms, you agree to be legally bound by the Terms and Conditions. If you do not agree with the Terms and Conditions, which referentially incorporates our Privacy Policy, you must not use, access, or open an account for or through the Web Platforms.

The Terms and Conditions describe how you use the Web Platforms of BIS Safety Software Inc., which includes our companies, affiliates, and subsidiaries ("BIS”). The Terms and Conditions may be changed from time to time by BIS unilaterally and at its sole discretion. Any changes will be posted on the Web Platforms, and your continued use of the Web Platforms indicates your acceptance of the modified Terms and Conditions.

Without BIS’s prior written permission, you shall not copy, create derivative works, transmit, display, or distribute the Web Platforms, which includes the following: text, images, videos, photographs, audio files, graphics, documents, courses, forms, exams, surveys, policies, procedures, assessments, and materials used for the purpose of providing or testing knowledge and gathering information (collectively referred to as "Resources”). Your use of the Web Platforms, which in all situations includes Resources, is limited to your sole use only. At no time shall you provide, allow, or permit anyone else to use your account to gain access to the Web Platforms.

You may make purchases or pay an invoice through our Web Platform. Payments made by credit card are processed by our payment processors, Moneris Solutions Corporation and CardConnect, LLC, who act solely as a payment processor and do not provide any other services within our Web Platform. By making any payments by credit card, you authorize our payment processors to charge your credit card and store your credit card information following their policies. We are not responsible for and you release and hold us harmless for any actions, errors, or omissions of these payment processors.

Artificial Intelligence

We are constantly using, developing, and deploying new technologies to enhance the services we provide to you. Our Web Platforms may provide to you services that use artificial intelligence or machine-generated learning (“AI Services”) to generate and output content in response to input that you provide (“Input”). Examples of Input are text, images, videos, and content in files of any format. These AI Services that are integrated into our Web Platforms may be wholly or partially developed by third parties.

In using our AI Services through our Web Platforms, you agree to the following:

You represent and warrant that you have the right to upload and use the Input. You are responsible for the Input you provide.
The Input must be your own content, or authorized by the third-party owner of that content, and must not infringe on or violate any third party’s rights. Provided that the Input is wholly owned by you, and that your actions are not in violation of these Terms and Conditions, then you retain such ownership of the Input, and you have the right to use, distribute, and modify such output within our Web Platforms for internal business use only or commercial purposes. We reserve the right to remove output generated by AI Services temporarily or permanently to investigate and resolve reports of copyright infringement and violation of these Terms and Conditions. By providing Input, you agree to waive and release all moral rights that may exist in that Input or the subsequent output, and you grant us the non-exclusive, worldwide, irrevocable, royalty-free, sub-licensable right to use, host, reproduce, adapt, publish, translate, and distribute it in any and all media for the purposes of providing services to you.
You will abide by any third-party terms applicable to the AI Services, including OpenAI’s usage policies, accessible here.
As our AI Services are intended for individuals over the age of 18, you confirm you are at least 18 years old and will not use AI Services to collect personal information of children under 14 without parental/guardian consent.

You agree not to use the AI Services or any part thereof (including with respect to any Input or output):

in violation of any applicable municipal, provincial, territorial, federal or international law, or in violation of any person’s legal rights;
in a way that could harm, damage, or disrupt the Web Platforms, or any of our goods, services, or business;
in a way that would adversely impact use of the Web Platforms by other users;
to submit, upload, request, deliver, provide, or transmit any text, graphics, images, messages, information, or other material that:(i) infringes, misappropriates, or violates a third party’s patent, copyright, trademark, trade secret, moral rights, or other proprietary or intellectual property rights, or rights of privacy;(ii) violates or constitutes any conduct that would violate, any applicable law or regulation, or would give rise to civil liability;(iii) is unlawful, abusive, tortious, pornographic, libelous, defamatory, obscene, pornographic, hateful, vulgar, offensive, or racially or ethnically objectionable;
(iv) promotes discrimination, exploitation, bigotry, racism, hatred, harassment, or harm against any individual or group;

(v) is violent, abusive, or threatening, or promotes violence, harassment, or actions that are threatening to any living thing; or

(vi) promotes illegal or harmful activities or substances;

1. to collect, use, disclose, or store personal information about any other individuals without their consent;

2. to abuse, harm, interfere with, or disrupt our AI Services;

3. in any manner not permitted by these Terms and Conditions.

You understand that these AI Services may generate output similar to or the same as output generated for other users in other portals. You acknowledge that the AI Services is a self learning tool that generates evolving output and may generate content with inaccuracies. Use of the AI Services is at your sole risk. You agree to use discretion before relying on, publishing, or otherwise using output generated by the AI Services. You agree that without notice, BIS may in its sole and unfettered discretion temporarily or permanently deactivate the AI Services in one or more of its Web Platforms at any time for any reason including preventing abuse, responding to legal requirements, or resolving security and performance issues.

Our AI Services are each designed and intended to perform specific functions. BIS does not guarantee that the AI Services and any output it generates is suitable or appropriate for your purposes and requirements.

Warranties and Liability

BIS is not responsible for any errors or omissions appearing in the Web Platforms, including generated output from the AI Services and actions, errors, or omissions of our payment processors. To the fullest extent permitted by law, BIS does not warrant and disclaims any warranty, expressed, or otherwise implied as to the accuracy, correctness, completeness, reliability, timeliness, fitness for any particular purpose or satisfactory quality of the Web Platforms and the AI Services included. The Web Platforms are provided without warranties of any kind, and you are using them at your own risk. Furthermore, BIS disclaims all responsibility and liability of any description including, without limitation, liability for negligence, injury, incidental, special, indirect, punitive, or consequential damages, expense or loss (including loss of profits, loss of revenue, loss of savings, loss of information, business interruption, loss of privacy, personal injury or other pecuniary loss) of any kind, direct or indirect, suffered by any person as a result of or in connection with the Web Platforms and the AI Services to include any reliance placed by such person on the Web Platforms, or the viewing, use or performance of the Web Platforms, whether with the required authority or otherwise. BIS suggests that you follow any applicable professional standards, government and industry regulations, and company polices and procedures, and that you act and ensure the safety of your users without reliance on the Web Platforms, including the Lone Worker feature.

BIS reserves the right to revise, amend, alter or delete any aspect of the Web Platforms in whole or in part, but shall not be responsible for or liable in respect of any such revisions, amendments, alterations or deletions.

BIS does not warrant and disclaims any warranty that the Web Platforms and the AI Services, in whole or in part, or any associated functions will be uninterrupted or error-free, or that defects will be corrected. Furthermore, BIS disclaims all responsibility and liability of any description including without limitation liability for negligence, injury, incidental, special, indirect, punitive, or consequential damages, expense or loss (including loss of profits, loss of revenue, loss of savings, loss of information, business interruption, loss of privacy, personal injury or other pecuniary loss) of any kind, direct or indirect, suffered by any person as a result of or in connection with the Web Platforms to include any reliance placed by such person on the Web Platforms, or the viewing, use or performance of the Web Platforms, whether with the required authority or otherwise.

The following additional terms and conditions further apply to the use of the BIS Safety mobile application and any modules or features accessed within it, including but not limited to the Lone Worker module and the Site Access module:

Due to the number of external factors and service providers required to ensure full functionality of the technology, including internet providers, text message service providers, and server hosting providers, BIS Safety Software Inc. cannot accept any responsibility or liability for the use or dependence on these features and expressly disclaims all liability for their use. We recommend that all users follow applicable professional standards, government and industry regulations, and company policies and procedures, and that you act and ensure the safety of your users without reliance on the BIS Safety mobile application and its features. Use the BIS Safety mobile app and its features at your own risk.

Age Requirement

You must be at least 13 years old to use our services or 14 years old if you reside in Quebec, Canada. If you are between 13 and 17, you may only use the services with permission and supervision from a parent or legal guardian. By accessing or using the services, including AI services, you represent and warrant that you meet these age requirements.

Indemnification

You agree to indemnify and hold harmless BIS and all of their directors, officers, shareholders, employees, agents, insurers, and contractors from any claim or demand, including reasonable legal fees, made by any third party in connection with or arising out of your use of the Web Platforms and the AI Services, your violation of the Terms and Conditions, and your violation of applicable laws.

Access and Links

As a Public User, you may deactivate your account at any time. If you have not accessed your account at least once within two years, your account may be auto deactivated. As a Corporate User, your account may be deactivated by the company, entity, or third party managing the portal from where your account belongs.

BIS reserves the right to deny or restrict access to the Web Platforms to any particular person, group or organization, or to block access from a particular Internet Protocol address to the Web Platforms at any time. BIS reserves the right to deactivate and permanently delete accounts without activity for 2 years or more, including login activity, and accounts that violate the Terms and Conditions or the Privacy Policy.

The Web Platforms may contain hyperlinks to websites which are not controlled by BIS. Hyperlinks to other websites are provided solely for your convenience. If you use these hyperlinks and websites, you do so at your own risk, and it is your responsibility to take all protective measures to guard against viruses and other destructive elements.

BIS is not responsible for the availability, accuracy, or reliability of the output generated by AI Services nor the content of websites not controlled by BIS. BIS shall not be liable for any injury, damages, loss, or expense howsoever arising from the use of AI Services or access to those websites. In no circumstance shall BIS be considered to be associated or affiliated with any trade or service marks, logos, insignia or other devices used or appearing on websites which are not controlled by BIS.

BIS disclaims any responsibility for the content available on any other website reached by links to or from the Web Platforms that are not controlled by BIS.

BIS may in its sole discretion disable any links to any websites, including defamatory, infringing, or obscene websites; or websites that contain topics, names, or information that violates any law, or any intellectual property, privacy, or publicity rights.

Copyright

The Web Platforms are protected by copyright that is held by BIS. Your use of the Web Platforms and the AI Services does not grant you any rights in respect to the copyright.

Law and Jurisdiction

The Terms and Conditions are deemed to have been made and performed exclusively in the Province of Alberta, Canada, and will be governed by and construed under the laws of that jurisdiction. You irrevocably attorn to the exclusive jurisdiction of the courts of the Province of Alberta for any claim related to the Terms and Conditions or the Web Platforms and agree not to bring any action, claim, suit or proceeding against BIS in any jurisdiction other than the Province of Alberta.

Severability

To the extent that any provision of the Terms and Conditions is declared by a court or lawful authority of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be severed and deleted or limited so the remainder of the Terms and Conditions shall continue in full force and effect with respect to all other provisions.

Acceptance on Someone Else’s Behalf

In the event you create an account on the Web Platforms on behalf of someone else, you represent and warrant that you have notified them of the Terms and Conditions, obtained their consent, and have the legal authority to agree to the Terms and Conditions on their behalf.

Last Updated: September 15, 2025

Anti-Corruption Anti-Bribery Commitment

Anti-corruption and anti-bribery laws strictly prohibit acts of bribery and corruption and require companies to develop comprehensive and robust prevention processes and procedures. Aligned with our core value of integrity, BIS Safety Software Inc. (“BIS”) is committed to conducting business in an ethical and fair manner, which includes complying with all anti-corruption and anti-bribery laws. This is accomplished and reinforced through our Commitment.

Our Commitment:

BIS has zero-tolerance for acts of bribery and corruption. Accordingly, BIS will not engage in bribes or corrupt practices of any kind and prohibits all team members and contractors from engaging in these activities.
Team members and contractors will avoid any activities that might lead to or suggest bribery or corrupt practices will be made or accepted. Bribery is giving money or something of value, often illegally, to influence actions and decisions. Bribery includes giving kickbacks and grease payments. Corrupt practices mean unethical or unlawful misuse or interactions with authorities, which includes bribery.
Team members and contractors will report all situations of bribery and corruption with business partners, team members, or third parties to the leadership team immediately, including where a demand for a bribe is expected to be received.
Team members and contractors must not offer or accept any gifts, entertainment, or hospitality from third parties that could affect impartiality, influence a business decision, or lead to the improper performance of a duty.
Gifts and entertainment (such as meals or sporting events) may be offered and accepted only when their value and frequency are deemed reasonable and proportionate.
BIS will provide anti-bribery anti-corruption training to all new and existing team members.
BIS expects all contractors, business partners, and third parties to comply with anti-bribery and anti-corruption laws and to raise any concerns about suspicions of bribery or corruption for BIS’ operations to our leadership team.
Concerns and questions related to bribery and corruption can be sent anonymously to the leadership team through the Anti-Corruption Anti-Bribery Commitment page on our public website. Team members and contractors have additional means to report concerns anonymously to the People & Culture team.
BIS takes breaches of this Commitment seriously and will take necessary disciplinary actions. Team members and contractors who violate these practices will be subject to disciplinary review, which may result in termination of contract or employment.
Any breach of this Commitment by our contractors and business partners will be investigated and could result in the termination of our business and contractual relationships based on the findings.
BIS maintains books, records, and accounts that accurately and fairly reflect the transactions of the company’s assets within reasonable detail. Team members and contractors are prohibited from making false or misleading entries in these books, records, and accounts.
As required by law, BIS will report acts of bribery and corruption to authorities.

Last Updated: August 18, 2025

Report a Concern

If you have a concern, we want to know about it. All information provided is treated in the strictest confidence.

BIS Safety Software Ltd. (“BIS”, “we”, “our”, “us”) uses cookies and other related technologies (collectively, “Cookies”) on www.bissafety.ca and any other website we own or operate (together, the “Websites”). This Cookie Policy explains what Cookies are, which ones we use, why we use them, how long they last, where data is processed, and the choices you have.

Please refer to the applicable Privacy Policy to understand how we collect, use, disclose, and protect personal information, and the rights available under Alberta’s Personal Information Protection Act (PIPA), the Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA), and, where applicable, Quebec’s Act to Modernize the Protection of Personal Information (Law 25).

What are cookies?

Cookies are small text files that websites store on your device when you visit them. Different cookies have different purposes. Some cookies collect information that can reasonably identify or be associated with an individual and are considered “Personal Information” under Canadian privacy law. Other cookies remember your preferences, improving your browsing experience, and help us understand how our Websites and marketing campaigns are used.

We use both session cookies and persistent cookies. While persistent cookies are saved on your device until deleted, session cookies are deleted automatically when you close your web browser.

We use cookies based on your consent, our legitimate interests in providing Website functionality and improving our services, and when necessary, to fulfill our agreement with you.

Other Technologies

Our Websites may use other technologies to collect information.

· Scripts: This is a programmed set of instructions that run in your web browser to perform specific actions. For example, scripts may set cookies, fetch data, or enable interactive features.

Web Beacons/Pixel Tags: Invisible graphic files that allow us or our service providers to recognize when you have visited a page, opened an email, or otherwise interacted with our content. They help us measure performance and tailor content.

Third Parties

First-party cookies are placed by BIS. Third-party cookies are set by service providers, such as Google Analytics, Microsoft Clarity, Meta (Facebook and Instagram), LinkedIn, and YouTube on our Websites. These third parties may collect, use, disclose, and process your data in Canada or other jurisdictions and may recognize your device across different websites.

Types of Cookies

On the Websites, BIS may use the following types of Cookies below. You may opt out of all Cookies, except essential Cookies.

· Essential Cookies: These Cookies are necessary for you to use and navigate around our Websites.

· Technical or Functional Cookies: These Cookies improve the functionality of our Websites to provide you with a more personalized experience by remembering your preferences, such as session details.

· Statistics/Analytics Cookies: These Cookies collect aggregated and anonymous data about how visitors interact with our Websites, such as pages viewed and time spent on each webpage, to help us improve our content and navigation.

· Marketing or Tracking Cookies: These Cookies collect information about how you use our Websites over time by advertising companies, so they can show you advertisements on our Websites and potentially elsewhere that they believe may be relevant to you. These Cookies include cookies placed by Facebook, Instagram, LinkedIn, YouTube, and other social media platforms, who store data in the United States of America.

When you first visit our Websites, most browsers will request express consent to place non-essential Cookies. You can:

· Accept: Consent to all types of Cookies.

· View Preferences: Accept certain types of cookies only.

· Deny: Only essential Cookies will be used.

You can learn more about Cookies and how to update your Cookies in your browser settings here: (Google Chrome, Internet Explorer, Firefox, Safari, Opera)

Please note that if you opt-out of all non-essential Cookies, you may experience inconvenience when using our Websites or the Websites may not perform well.

Cookie-derived data is retained only for as long as necessary to fulfil the purposes described above or as required by law. For example, Google Analytics data is retained for 14 months, after which it is automatically deleted or anonymized.

Access, Correction & Complaints

You may request access to, or correction of, personal information collected through Cookies by contacting us below. If you are not satisfied with our response, you may file a complaint with the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada.

Contact Details

If you have any questions about our Cookie Policy, please contact our Privacy Management Program.

Privacy Management Program 261 Seneca Rd, Sherwood Park, AB T8A 4G6 Canada Email: privacy@bistraining.ca Phone number: 1 866-416-1660

We may update this Cookie Policy from time to time to reflect changes in our Websites and business practices. Any changes will be posted on this page with an updated revision date.

Last updated: 5/29/25

Changes to This Policy

We may update this Cookie Policy to reflect changes in our practices or legal requirements. We will post any changes on this page and, where appropriate, notify you by banner or email.

Last updated: May 29, 2025

Effective date: May 29, 2025

Candidate Privacy Notice

Thank you for exploring a career with BIS Safety Software Inc. (“BIS,” “we,” “us”). Protecting your privacy is part of how we respect our applicants and employees. We may contact individuals (“Candidates”) who apply for an open position with our company, who express interest in employment with us and who perform an interview and assessment with us. This Candidate Privacy Notice (“Notice”) explains how BIS collects, uses, stores, and discloses personal information about Candidates. This Notice also describes the rights Candidates have regarding their personal information that we handle in line with Alberta’s Personal Information Protection Act (PIPA) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

“Personal Information” refers to information about an identifiable individual. This includes any factual or subjective information that can be used to identify someone, such as name, address, phone number, or email address. It also includes information like age, date of birth, physical description, medical history, employment history, and other personal details.

If you visit our public websites, BIS Safety Software web application, or BIS Safety mobile app, the privacy practices in our general Privacy Policy apply instead.

Personal Information We Collect from Candidates

We may collect the following information from Candidates:

Personal Identifiers: Full name, postal address, phone number, email, and similar details.
Employment and Education Information: Records of your work history, education, training, affiliations, volunteer activities, and any other information you provide to us on your cover letter, résumé, transcript, and information obtained from your references.
Assessments: Skill assessments and activities you complete during the recruitment process.
Employment Eligibility information (with your express consent): Proof of identity or citizenship, work-permit or visa details, background or criminal-record checks where permitted by law.
Publicly Available Information: Information about you that is publicly available, such as on social media.
Audio, Electronic, and Visual information: Recordings from CCTV footage at our head office location for security purposes and interview recordings (where permitted).
Information You Disclose: Any personal information you disclose voluntarily during the application process.

Why We Collect Personal Information

We collect and use Personal Information of Candidates to:

Assess your qualifications for a position at BIS.
Verify your eligibility and ability to be employed at BIS.
Arrange travel or accommodation related interviews (where needed).
Comply with legal and contractual obligations.
Protect BIS’ property, data, and entrusted client data.
Keep in touch about future career opportunities—only if you say yes.
Address any legal matters that may arise, including inquiries or disputes.

How We Collect Personal Information

We collect Candidate Personal Information in the following ways:

Directly from you: Through our Careers portal, by e-mail, or in interviews.
From third parties: References you provide, recruitment agencies you engage, or professional licensing bodies.
From public sources: Websites or social-media profiles that you choose to make public.

We do not sell Candidate data. We may share it only for legitimate business purposes with:

Recruitment or background-screening partners under contract with BIS.
Service providers who supply IT infrastructure, cloud hosting, or interview platforms (some may store data in the United States; contractual safeguards apply).
Legal advisers, regulators, or law-enforcement agencies where required by law or to protect BIS’s rights.
All service providers are bound by confidentiality agreements and must use your information only as instructed by BIS.

Personal Information Retention

BIS will store your data on servers located in Canada in accordance with applicable laws. We retain your data for up to three (3) years after the job posting closes for the purposes described above under “Why We Collect Personal Information” unless:

a) you become a BIS employee (in which case your data moves to your personnel record), or

b) you give us permission to keep it longer so we may notify you of future opportunities, or

c) we are legally required to retain it for a different period.

We may also retain your personal information, so we can consider you for other future openings at BIS.

Protecting Your Personal Information

The security and privacy of your Personal Information is important to us. All our team members and contractors who may access your Personal Information complete privacy training and agree to confidentiality agreements. Personal Information we collect is securely stored and accessible only to authorized individuals given the necessary permissions based on their role and need to access this data. Servers which store your personal information are protected with physical security controls to prevent unauthorized access.

Your Rights

You have the right to access, correct, and update your personal information by contacting our Privacy Management Program. You may also request that BIS delete your personal information.

To exercise these rights—or to raise a privacy concern—please contact our Privacy Officer (details below). If we cannot resolve your concern, you may contact the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada.

Contact Our Privacy Management Program

If you have any concerns about your privacy, please contact us at our Privacy Management Program.

Privacy Management Program

BIS Safety Software

261 Seneca Road

Sherwood Park AB Canada T8A 4G6

Phone: 780-410-1660

Toll Free: 1-866-416-1660

Email: privacy@bistraining.ca

Notice Updates

We may update this Notice from time to time. When we do, we will post the new version here and update the “Last Updated” date below. If the changes are significant and we still have your contact information, we will also notify you directly.

Last Updated: May 15th, 2025

Welcome to BIS

Thank you for sharing your story with BIS Safety Software Inc. (“BIS”). We value your time and want you to feel comfortable about how we record and share your interview or story. This page explains, in clear language, the rights and responsibilities of both you and BIS.

Your Participation

By clicking “I Agree” on our online form, you confirm that:

You are the person named in the form.
You have reached the age of majority where you live, or your parent or legal guardian will also give consent.
You have authority to enter this agreement.

What We Mean by “Content”

“Content” includes:

The recorded interview (audio, video, or both).
Any text, stories, quotations, photographs, or other material you provide or that features you.
Transcripts, translations, short clips, blog posts, social-media items, training assets, and any similar works that come from the interview.

You agree that BIS may record the interview.
You understand that BIS may share your story through various channels and platforms.
You give BIS a worldwide, perpetual, royalty-free licence to copy, adapt, publish, translate, broadcast, distribute, and otherwise use the Content, in whole or in part, for any purpose, whether commercial or not.
You allow BIS to use your name, likeness, voice, and brief biography along with the Content.
You confirm, to the best of your knowledge, that using the Content will not violate anyone else’s rights.

Ownership and Moral Rights

All rights in the Content belong to BIS immediately after creation.
You waive any moral rights (for example, the right to be named as author or to object to edits), as far as the law allows.
You waive any right to review or approve the finished product.

Editing and Derivative Works

BIS may edit, shorten, rearrange, pair with other materials, translate, caption, or otherwise modify the Content and may create excerpts, still images, compilations, training modules, promotional pieces, or any other derivative works without seeking further approval.

Payment

You understand that you will not receive money or other compensation for taking part or for any later use of the Content.

Release of Claims

You release BIS, its employees, agents, affiliated companies, and successors from any claims or liabilities connected to the recording, production, distribution, or use of the Content.

Confidential Information

“Confidential Information” means non-public information shared during the interview, such as business plans or trade secrets.
If you share Confidential Information, BIS may include it in the Content unless another written agreement says otherwise.
If BIS shares Confidential Information with you, you will not disclose it without written permission.
These duties do not apply to information that is already public, was in the receiving party’s possession, was independently developed, came from a third party without duty of confidence, or is approved for release in writing.

No Guarantees

BIS does not guarantee the accuracy, completeness, or suitability of the Content or any Confidential Information and is not liable for any loss arising from their use. We are not required to update or correct the Content after it is first published.

Governing Law

This agreement is governed by the laws of the Province of Alberta, Canada. Any disputes will be resolved in its courts.

Electronic Acceptance

Clicking “I Agree” acts as your electronic signature under the Electronic Transactions Act (Alberta) and the Personal Information Protection and Electronic Documents Act (Canada). BIS will keep an electronic record of your acceptance (date, time, IP address, and version).

Changes to This Page

We may update this page from time to time. The date at the bottom shows the most recent revision.

Questions or Concerns

If you have any questions, please reach out to privacy@bistraining.ca. We are happy to help.

Privacy Policy Change

If we alter our Privacy Policy, any changes will be posted on this page of our website with the date of the latest revision so that you are always informed of the information we collect about you, how we use it and the circumstances under which we may disclose it.

Last Updated: November 17, 2025

Artificial Intelligence Notice

BIS Safety Software Inc. (“BIS”, “we”, “us”, “our”) provides the BIS Safety Software web application and associated BIS Safety mobile app (collectively the “Web Platforms”). Our Web Platforms contain artificial intelligence (“AI”) or machine-generated learning features (collectively, “AI Services”). Our AI Services are intended to enhance the user experience and help our users perform actions and achieve objectives more efficiently in our Web Platforms. BIS may also use AI Services within its internal business operations to improve the effectiveness of those operations.

About Our AI Services

Our AI Services are each designed and intended to perform specific functions. The AI Services use information provided by users, such as text, images, videos, and content in files of any supported file format, to generate and output content within our Web Platforms. The AI Services may also use information we collect from users to monitor functionality of our Web Platforms, including usage and performance metrics. The AI Services that are integrated into our Web Platforms or incorporated into business operations may be wholly or partially developed by third parties.

We enter into terms and conditions or maintain written agreements with all third parties whose AI Services we use. We apply and maintain a risk management program, which includes impact assessments and practices for human oversight, to manage which third party or internally developed AI Services we integrate into our Web Platforms and business operations. BIS has internal practices in place to ensure compliance with privacy legislation, including defined roles and responsibilities, establishing clear expectations regarding compliance with privacy obligations, a mechanism to receive and respond to privacy-related questions and complaints, and a commitment to regularly reviewing our practices based on technological and regulatory developments.

These practices also prohibit BIS’ employees and contractors from entering personal information and confidential information into AI Services integrated within our Web Platforms or incorporated into our business operations. This does not prevent AI Services within the Web Platforms from processing personal information already stored within BIS systems, where such processing is necessary for providing features to authorized users.

Data Privacy of AI Services

AI Services may store and retain data that they process. This data may be stored in data centers located in countries outside of Canada and may therefore be subject to the applicable domestic laws of those countries. Third party providers do not have access to any personal information stored in our Web Platforms, and our Web Platforms do not transmit personal data to these third parties unless users provide it directly to AI Services.

Our Web Platforms do not contain any public AI systems. This means that data entered by users into our AI Services through our Web Platforms is not shared with and used in any AI model that generates outputs in any other external website, database, or digital system not owned and provided by BIS.

Our Web Platforms use private, segmented AI systems where appropriate. This means that data entered by users into our AI Services through our Web Platforms may be shared or made accessible to other users within the same portal when appropriate. Data entered by users into AI Services through our Web Platforms and outputs generated by AI Services may be added to future training data used by our private AI systems or used by BIS to provide and improve our services to you and to help us better understand usage patterns within our Web Platforms. Only BIS may modify training data and data within private AI systems.

Our Web Platforms store the data users input into our AI Services to allow us to monitor and improve how the AI Services perform. We also store input data to monitor for violations of the Terms and Conditions here associated with using AI Services.

We use appropriate safeguards to protect personal information collected or used throughout the AI Services from risks of security breaches or inappropriate use. Such safeguards are commensurate with the sensitivity of the personal information and take into account risks specific to the AI Services and AI systems, such as jailbreaking. These safeguards include measures such as encryption of data in transit and at rest, and access controls that limit who can view or interact with personal information.

BIS undertakes privacy impact and/or algorithmic impact assessments to identify and mitigate potential or known impacts of AI Services (or their use) on privacy and other fundamental rights. We do not use AI Services that are deemed unacceptable by applicable legislation (including those used for discriminatory profiling or generating content that infringes on fundamental rights). We use anonymized, synthetic or de-identified information, rather than personal information, in AI Services whenever possible.

BIS identifies our chatbot as “Ask Amy” and other AI tools as “BIS AI”. We label content generated by AI on our Web Platforms. Users can opt out of AI Services when available, but some platform features require them.

AI Services are an integrated part of our Web Platforms, and therefore, providing consent to AI Services may be a requirement to access and maintain an account. If you do not wish to provide consent where consent is a requirement, you may be required to delete your account or avoid creating an account, as applicable. If you have questions about consent related to our AI Services, please contact us at our Privacy Management Program below.

If you wish to withdraw your consent for our system to collect and use your inputs into AI Services and outputs generated by AI Services in our AI training data, please contact us at our Privacy Management Program below.

Personal Information

BIS may collect, update, and output personal information belonging to users for other users with administrative access within the same portal through AI Services integrated within our Web Platforms.

The AI Services integrated into our Web Platforms may process personal information stored on our Web Platforms. AI Services will process personal information based on the prompts made by users who are logged into our Web Platforms and who have the administrative level of access needed to access that personal information. Personal information is only collected and processed by AI Services strictly for the purposes of providing you with enhanced software solutions.

Privacy Management Program

If you have any concerns about your privacy in relation to the AI Services in our Web Platforms, you may contact our Privacy Officer through our Privacy Management Program.

Privacy Management Program

BIS Safety Software
261 Seneca Road
Sherwood Park AB Canada T8A 4G6
Phone: 780-410-1660
Toll Free: 1-866-416-1660
Email: privacy@bistraining.ca

Artificial Intelligence Notice Change

If we alter our Artificial Intelligence Notice, any changes will be posted on this page of our website with the date of the latest revision so that you are always informed of the information we collect about you, how we use it, and the circumstances under which we may disclose it.

Last Updated: December 2, 2025

Sub-Processor Notice

BIS Safety Software Inc. (“BIS”) uses sub-processors to help us provide our comprehensive and integrated learning management software. BIS engages with sub-processors (“Sub-processors”) who may receive or process client private data and who perform specific and various functions as part of the services we provide to you.

“Client Private Data” refers to all digital information, data, or files, which may include personal information, within a client’s portal.

“Personal Information” is defined consistent with privacy laws to include name, email address, physical location, postal address, birthdate, and other information that identifies a person.

This notice describes our process for engaging Sub-processors and lists the Sub-processors we use to provide services to you.

Our clients may sign up to receive notifications of any changes to this Sub-processor Notice through the System Updates module within their portal in our software. If you have any concerns about new Sub-processors, please contact our Support Team by phoning 1-866-416-1660 or emailing privacy@bistraining.ca within 14 days of notification.

Our Due Diligence

Protecting the security and privacy of Client Private Data is paramount to our business. BIS has a third-party risk management program that includes commercially reasonable practices to assess a sub-processor’s security, privacy, and confidentiality policies.

BIS requires its Sub-processors to satisfy privacy and security criteria, such as:

Compliance with recognized industry data security standards, such as PCI DSS, SOC2 Type II, or ISO 27001.

Compliance with applicable privacy laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union General Data Protection Regulation (GDPR), and the Children’s Online Privacy Protection Act (COPPA).
A publicly available privacy policy for the Sub-processor.

A security program that includes, but is not limited to the following key components:

- Technical and administrative data security controls for safeguarding Client Private Data
- Policies for controlling access to Client Private Data following a standard of least privilege

- Confidentiality agreements with team members and contractors
- Cyber security training programs for team members and contractors
- Security incident response plan that includes notification to BIS should our Client Private Data be affected

Our Sub-Processors

BIS uses Sub-processors to host the infrastructure of our software web application and integrated mobile application. Additionally, we use Sub-processors to provide certain features and functionality within software and mobile application, as well as business services, such as customer support management platforms.

The table summarizes the Sub-processors we use, the services they provide, and the location where they host, process, or store Client Private Data.

Sub-Processor	Service	Data Hosting, Processing, or Storage Location
Amazon Web Services, Inc.	Cloud service provider for our software and mobile application, including the databases which store Client Private Data.	Canada
Amazon Web Services, Inc.	Cloud service provider for our artificial intelligence (AI) virtual proctoring software used in proctored online courses, including databases which store Client Private Data, including biometric data.	Germany
CardConnect Corp.	Payment processor for our software application. CardConnect Corp. stores cardholder data and sensitive authentication data.	United States of America
Anthropic PBC	Provider for generative artificial intelligence integrations within our software. Anthropic PBC stores all inputs made to AI services within our software, as well as AI-generated outputs.	United States of America
Dialpad, Inc.	Cloud service provider for phone communications. Dialpad, Inc. records, transcribes, and stores calls anyone makes to our (toll-free Canada) 1-866-416-1660, (local English) 1-780-410-1660, (local French) 1-780-410-1659, and (toll-free USA) 1-713-424-0660 support phone lines.	United States of America
Fellow AI, Inc.	Cloud service provider for AI notetaking and transcription services. If the Fellow AI, Inc. AI is present in meetings we have with our clients and users, it records, transcribes, and stores meeting data.	Canada
Google LLC	Provider of translation and location tracking functionality within our software and mobile application. Google LLC stores system data from our software that is translated to other languages and identifies the location of mobile devices used to complete digital forms.	United States of America
HubSpot, Inc.	Cloud service provider of a customer relationship management (CRM) platform. HubSpot stores client contact information, meeting data, contract information, and fee details.	Canada
Integrity Advocate (temporary)	Provider for virtual proctoring functionality in online courses. Integrity Advocate accesses and stores temporarily images of users completing courses and forms of identification, such as driver’s licences, that users may show to prove their identity.	Canada
Airedge.AI	Cloud infrastructure consulting service provider. Metaorange Digital Private Limited may access Client Private Data within the software infrastructure and production environment to perform services.	India
Microsoft Corporation	Cloud service provider for communications, data storage, and other business-related services, such as Microsoft Word, Excel, PowerPoint, SharePoint, Teams, etc. Email communications, including attachments in any format, and information provided by clients may be stored using services from Microsoft Corporation.	Canada
Moneris Solutions Corporation	Payment processor for our software application. Moneris Solutions Corporation stores cardholder data and sensitive authentication data.	Canada
OpenAI, L.L.C.	Provider for generative artificial intelligence integrations within our software. Open AI, L.L.C. stores all inputs made to AI services within our software, as well as AI-generated outputs.	United States of America
Pinecone Systems, Inc.	Provider of the vector database for the AI chatbot in our software. Pinecone Systems, Inc. stores all information added to the knowledge bases for the AI chatbot and inputs made by users to the AI Chatbot.	United States of America
Techversant Infotech Pvt. Ltd.	Software development, cloud infrastructure, and debugging service provider. Techversant Infotech Pvt. Ltd. may access Client Private Data for software troubleshooting purposes. They may store very limited Client Private Data for the purposes of providing software development services.	India
Twilio, Inc.	Provider for text messaging services within our software. Twilio, Inc. may access and store cell phone numbers belonging to users.	United States of America, Ireland, or Australia
Zendesk, Inc.	Cloud service provider for our customer support management platform. Zendesk, Inc. receives, sends, and stores communications from clients and users when they email our Support Team.	Germany

Individuals have various rights regarding their personal information under applicable privacy laws. For additional information regarding cross border data transfer and data subject rights, please refer to our Privacy Policy.

Legal Trust Centre

Privacy Policy

Information Collected

From Whom We Collect Personal Information

Personal Information We Collect

Information From Our Websites and Events

Information From Third Parties and Referrals

Information from Social Media

Information About Children

How We Use Personal Information

Cookies and Similar Technologies

How We Share Personal Information

Location of Personal Information

Cross-Border Data Transfers

Security

Retention

Your Rights

How to Exercise Your Rights

Access and Choice

Contact

Privacy Management Program

DPO Europe GmbH

Data Privacy Office Europe

Specific Privacy Disclosures

Quebec Law 25

Governance and Accountability

Privacy by Design

Privacy Impact Assessments (PIAs)

Confidentiality Incidents (Breaches)

Consent

Automated Decisions and Profiling

Transfers outside of Québec

Canada’s Anti-Spam Legislation (CASL)

California

Categories of Personal Information We Collect

Your rights

Texas

Categories of Personal Information We Collect

Purposes for Processing

European Union and United Kingdom

Lawful Bases for Processing

Special Categories of Data

Representatives

Transfers outside of the European Economic Area or EEA

Last Updated: November 29, 2025

Terms and Conditions

Artificial Intelligence

Warranties and Liability

Age Requirement

Indemnification

Access and Links

Copyright

Law and Jurisdiction

Severability

Acceptance on Someone Else’s Behalf

Last Updated: September 15, 2025

Anti-Corruption Anti-Bribery Commitment

Our Commitment:

Last Updated: August 18, 2025

Report a Concern

Cookie Policy

What are cookies?

Other Technologies

Third Parties

Types of Cookies

Your Consent

Retention of Cookie Data

Access, Correction & Complaints

Contact Details

Changes to This Policy

Candidate Privacy Notice

Personal Information We Collect from Candidates

Why We Collect Personal Information

How We Collect Personal Information

How We Share Personal Information

Personal Information Retention

Protecting Your Personal Information

Your Rights

Contact Our Privacy Management Program

Privacy Management Program