This article is for informational purposes only. This is not legal advice and each Alpine IQ client is responsible for evaluating its own use of Alpine IQ services to support its legal compliance obligations.
Personal Information Protection and Electronic Documents Act (PIPEDA):
A Canadian federal privacy law that regulates how private-sector organizations handle personal information when engaging in “commercial activity”.
Commercial activity is defined as: “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.” You must follow PIPEDA if you are located in Canada and do business with Alpine IQ.
Your main concerns should revolve around your ability to provide customers with:
- How their personal information is collected & stored
- How their personal information is used
- Who has access to it
- How do they correct it or delete it if requested
Alpine IQ customers are responsible for their own compliance with PIPEDA, but we understand and take our role in the transfer of data across borders very seriously.
At Alpine IQ, all Personally Identifiable Information (“PII”) is stored in a highly secured cloud infrastructure managed by Google.
With that said, Google has a whitepaper to help you understand how PII is secured in Google Cloud and how it correlates to PIPEDA.
Google Cloud Platform has passed the following audits for security standards:
- SSAE 16 / ISAE 3402 Type II:
- ISO 27001
- ISO 27017
- ISO 27018
Alpine IQ also automates some aspects of PIPEDA by providing you with a data preferences page specific to your organization and the integrations you have connected with your Alpine IQ data infrastructure. This custom page URL should be placed in the footer of your site to give customers the option to opt-out, delete, or lookup their currently stored PII. For information about finding your data preferences page, please contact your Alpine IQ account representative.