Privacy Policy

INTRODUCTION

Cybera operates in a transparent manner while respecting the principles of freedom of information and protection of privacy. Cybera is a not-for-profit organization and does not collect data for the purposes of its own financial profit or the financial profit of any of its members. 

Cybera endeavors to abide by best-practices in the collection, use and disclosure of personal, identifiable information, as outlined in relevant provincial and federal statutes.

PROJECT PARTICIPATION 

Through the course of the broadband assessment project, Cybera will collect data relevant to home internet speeds. Project participants are individuals who consent to the connection of the Cheetah Networks PE241 Speed Testing Device (“Device”) to their home internet WiFi router/modem and to the collection of all data generated as a result. 

Once connected, the device will collect data about your home internet speed for the duration of time it remains connected. Cybera reserves the right to temporarily or indefinitely halt the collection of data through the device at any time. 

Cybera may refer to third-party information such as statistical, demographic or geographic information in which you and your household is included. This data may contribute to an overall determination of the state of your home internet performance. 

Cybera will collect and retain all information provided to us in our intake form, and will collect all data obtained through the device, subject to the provisions detailed below. 

Information we will collect: 

• Name 
• Address 
• Internet service provider 
• Home internet package details, including subscribed download and upload speed
• Measured download speed and upload speeds 
• Latency

Information we may collect: 

• Internet hardware information such as router make, model and age 
• IP address
• General demographic information 
• Household information, including numbers of residents or devices 

Information we will not collect: 

• Any specific personal uses of a home internet service
• Personal internet usage - including searches, queries or sites visited
• Personal internet usage - including the types of applications used or the manner in which they are used

DATA COLLECTION, PROCESSING RETENTION AND TRANSFER 

Cybera may interpret all data collected through the course of the project - including information provided in your intake form - to make inferences about the overall performance of your home internet service, including any discrepancy between subscribed speed and actual speed. 

Cybera may reach a conclusion as to the cause behind any discrepancy between the subscribed speed and actual speed of your home internet connection based on data collected through a completed intake form and data collected through a device. 

Only personal, identifiable information which contributes to the purpose of determining home internet performance will be retained through the course of the speed testing project. Any personal, identifiable information unrelated to this purpose will not continue to be purposefully retained by Cybera if it is inadvertently collected through the course of the project. 

Cybera reserves the right to retain all personal, identifiable information which contributes to the purpose of determining home internet performance until such a time as the project’s purpose is achieved. Following the completion of the project’s purpose, Cybera will not purposefully continue to retain any personal, identifiable information from any project participant. 

Cybera reserves the right to indefinitely retain all non-identifiable data collected through the course of the project. 

Cybera reserves the right to transfer any data collected through the course of the project to authorized third parties with whom Cybera has entered a contractual relationship for the purpose of the project. Authorized third parties to whom Cybera may transfer data include, but may not be limited to, the project funder, consultants and vendors. Any data collected through the course of this project will not be shared publicly or transferred to any third party with whom Cybera does not have a contractual relationship with respect to the project. 

Any authorized third parties to whom Cybera transfers data will be solely responsible and liable for the security and integrity of that data. Cybera cannot be held responsible for any data breaches stemming from the actions of a third party participant in this project. 

Cybera’s final report, which will be provided to the Government of Alberta, will not share any personal, identifiable information about any speed testing participant, but may share all other data collected through the course of the project, and any conclusions derived therefrom.

YOUR RIGHTS WITH RESPECT TO PERSONAL INFORMATION COLLECTION, USE AND RETENTION

• Right to Withdraw Consent: You have the right to withdraw consent for the further processing of your personal information, or your further participation in this project.
• Right to Know: You have a right to know what personal information we collect, process, or transfer.
• Right of Access: You can request a copy of the personal information we have collected about you from us.
• Right to Delete: You can request us to delete all the information we have collected about you. 
• Right to Request Rectification: If you find that any of your information that we are processing is inaccurate, you can contact us to have your information corrected.

DATA SECURITY AND BREACH HANDLING

This project is subject to Cybera’s Data Breach Policy.

DEFINITIONS

A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information.

A breach may be the result of:

• Internal error
• Email, mail and faxes sent to the wrong individual(s)
• Emailing unauthorized information
• Faxes sent to an unsecure fax
• Mail or couriers sent to the wrong person
• Documents lost or gone missing on public transport
• Documents disposed of in the trash, or intended for shredding
• and disposed of improperly
• Loss of files or devices, including laptops, phones, and hard drives
• Verbal disclosure
• Theft
• Information taken by a current/former employee
• Office and car break‐ins resulting in the loss of files and devices, including laptops, phones, and hard drives
• System Compromise
• Targeted attacks by external actors

Examples of a data breach would be the publishing of or loss of any of the following information:

• Names, email addresses, telephone numbers, passwords of Cybera members or cloud users
• Names, addresses, telephone numbers, passwords, salary information of Cybera employees

PROCEDURE

In the event that a Cybera employee becomes aware of a potential breach, the following procedure is triggered, with reference to the Personal Information Protection Act Breach Reporting Guide.

IMMEDIATELY UPON RECOGNIZING BREACH

The employee must immediately inform their manager and Cybera’s Privacy Officer of the date, location, and circumstances of the breach.

WITHIN 72 HOURS OF RECOGNIZING BREACH

Under the leadership of Cybera’s Privacy Officer, staff will perform an analysis and determine:

• The type of personally identifiable information affected by the breach.
• The type of harm that could occur as the result of the breach.
• An assessment of whether the harm is significant or not, and why.
• An assessment of the likelihood that harm could result.
• Estimated number of individuals to whom there is a real risk of significant harm as a result of the incident.
• Steps Cybera has taken to reduce the risk of harm to individuals, including actions planned that have not yet been implemented.
• The CEO, in consultation with the Privacy Officer will inform the Board of Directors.
• The CEO, in consultation with the Privacy Officer and the Board of Directors will determine whether to activate the Crisis Communications Plan.

WITHIN 48 HOURS OF COMPLETING THE BREACH ANALYSIS

If a real risk of harm to individuals is identified, staff will provide notice to the Office of the Information and Privacy Commissioner of Alberta without unreasonable delay. The Office of the Privacy Commissioner provides a breach report form on its website. Fill out the most up to date breach report form document. 

Notice to the OIPC will contain the following:

• a description of the circumstances of the loss or unauthorized access or disclosure
• the date on which or time period during which the loss or unauthorized access or disclosure occurred
• a description of the personal information involved in the loss or unauthorized access or disclosure
• an assessment of the risk of harm to individuals as a result of the loss or unauthorized access or disclosure
• an estimate of the number of individuals to whom there is a real risk of significant harm as a result of the loss or unauthorized access or disclosure
• a description of any steps the organization has taken to reduce the risk of harm to individuals
• a description of any steps the organization has taken to notify individuals of the loss or unauthorized access or disclosure
• the name of and contact information for a person who can answer, on behalf of the organization, the Commissioner’s questions about the loss or unauthorized access or disclosure

If a real risk of harm to individuals is identified, staff will notify the affected individuals of the breach and their compromised personal information by email or mailed letter. The notice will include the circumstances, date of the breach (or at least an estimate), a description of the personal information, steps taken to control the harm, measures those affected can take, and the contact information of Cybera’s Privacy Officer.

COMPLAINTS

Please direct comments, questions, and complaints of violations related to this procedure to info@testmynetwork.ca.