Privacy Policy

Important Notice: This Privacy Policy outlines how RedPoint Management Services Ltd. (operating as sdlcisdead.com) collects, uses, and protects your personal information. This policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the BC Personal Information Protection Act (PIPA), and considers GDPR principles for international participants. This content is subject to legal review and may be updated to ensure compliance with applicable regulations.

Introduction
Information We Collect
How We Use Your Information
Legal Basis for Processing
Information Sharing
Data Storage and Security
Your Rights
Cookies and Tracking
Data Retention
International Transfers
Children's Privacy
Changes to This Policy
Contact and Privacy Officer

1. Introduction

Welcome to the privacy policy of RedPoint Management Services Ltd., operating as sdlcisdead.com ("Company," "we," "our," or "us"). We are committed to protecting your privacy and ensuring transparent data practices.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and your rights regarding your personal information. It applies to all participants of the ANSCP Training Program and visitors to our website.

Our Commitment

The Company respects your privacy rights and complies with all applicable Canadian privacy legislation, including:

PIPEDA - Personal Information Protection and Electronic Documents Act (federal law)
BC PIPA - Personal Information Protection Act (British Columbia provincial law)
References to GDPR principles for international participant protection

2. Information We Collect

Registration Information

When you register for the ANSCP Training Program, we collect:

Full name - Used for enrollment and certification
Email address - Primary communication contact
Phone number - Secondary contact information
Organization/Company name - Context for training needs
Job title and role - To assess program fit and customize content
Professional background - Years of experience, technical skills, current role
Learning objectives - What you hope to achieve from the program
Dietary preferences and accessibility needs - For in-person cohorts

Payment Information

For payment processing:

Payment method information - Processed securely by Stripe
Billing address - For invoice and tax purposes
Transaction history - Records of payments made

Important: We do not store or have access to full credit card details. Stripe handles all payment card information according to PCI-DSS standards.

Program Participation Data

During your participation, we collect:

Assessment scores and results - Daily and final assessment performance
Attendance records - Session attendance and participation tracking
Learning platform activity - Time spent on materials, quiz attempts, resource access
Project submissions - Work completed during the program
Feedback and evaluations - Your feedback on the program content and delivery
Communication records - Emails, chat messages, and support inquiries

Technical Information

When you access our website or online learning platform, we automatically collect:

IP address - For security and access logging
Browser type and version - Compatibility and troubleshooting
Device type - Desktop, tablet, mobile
Operating system - Technical support purposes
Access logs - When and what you accessed on our platform
Referring website - Where you came from to reach our site
Page interactions - Links clicked, forms submitted

Communication Preferences

We collect information about your preferences for receiving communications, including:

Email marketing preferences
Program updates and notifications
Future training opportunities
Unsubscribe preferences

Information from Third Parties

In some cases, we may receive your information from:

Group registrations - When registered by an organization on behalf of employees
Referral programs - If referred by another participant
Professional networks - Public information from LinkedIn or professional profiles

3. How We Use Your Information

Program Delivery and Administration

Process and confirm your registration
Create and manage your learning account
Deliver training materials and content
Administer assessments and issue certifications
Track attendance and program completion
Send program logistics and schedule updates

Payment Processing

Process your registration fees through Stripe
Generate invoices and receipts
Send payment confirmations
Handle refunds and billing inquiries
Maintain financial records for accounting purposes

Communications

Send program-related emails (schedule, materials, updates)
Respond to your inquiries and support requests
Send certification notifications and documents
Provide assessment feedback and results
Send service announcements (with your consent)

Program Improvement

Analyze feedback and assessment data to improve content
Identify which topics resonate with participants
Understand participant learning outcomes
Evaluate instructor and facilitator effectiveness
Conduct program evaluations and surveys

Safety and Security

Detect and prevent fraud or unauthorized access
Monitor platform security and prevent abuse
Investigate and resolve security incidents
Enforce our Terms and Conditions
Protect the rights, property, and safety of participants and the Company

Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and regulatory inquiries
Maintain records for tax and compliance purposes
Address disputes and legal claims

Legitimate Business Interests

Operate and maintain our training platform
Understand our user base and program performance
Plan future program offerings and cohorts
Develop new training content and programs

4. Legal Basis for Processing

Under PIPEDA and BC PIPA, we collect and process your information on the following bases:

Consent

We process most information based on your explicit consent, which you provide by:

Completing the registration form
Acknowledging the Terms and Conditions
Accepting this Privacy Policy
Opting into marketing communications

You can withdraw consent at any time by contacting trainingREMOVETHIS@sdlcisdead.com.

Contractual Necessity

We process certain information because it is necessary to fulfill the contract between us, including:

Registration information (to enroll you in the program)
Payment information (to process your fees)
Attendance records (to issue certification)

Legitimate Interests

We may process information where we have a legitimate interest that is not overridden by your rights, including:

Improving our programs and services
Protecting against fraud and security incidents
Maintaining the integrity of our platform
Analyzing program effectiveness
Business planning and strategic development

Legal Obligation

We process certain information to comply with applicable laws, including:

Tax and accounting records (7-year retention)
Financial transaction logs
Regulatory and audit requirements

5. Information Sharing

Third-Party Service Providers

We share your information with carefully selected service providers who assist in delivering the program:

Stripe (Payment Processing)

Processes payments securely. Stripe does not share your payment information with us. Data is protected under Stripe's privacy policy and PCI-DSS compliance standards.

SendGrid (Email Delivery)

Delivers program-related emails. We share your email address and relevant program details. SendGrid maintains strict data protection standards and does not use your information for marketing.

Credential Platform (Certification Issuance)

Issues and verifies digital credentials. We share name, assessment scores, and certification details to enable credential verification.

A2 Hosting (Data Storage)

Hosts our learning platform and databases. Located in Canada/US with industry-standard security. Protected by data processing agreements.

Co-Facilitators and Instructors

Instructors and facilitators delivering your cohort receive access to:

Your name and contact information
Your learning objectives and background
Assessment submissions (for grading purposes)
Attendance and participation records

All facilitators are bound by confidentiality agreements and receive privacy training.

What We Do NOT Do

We want to be clear about what we do NOT do with your information:

We do not sell your personal information to any third party
We do not share with marketing firms (except as noted above for program delivery)
We do not use your data for targeted advertising outside the program
We do not trade or barter your information for services
We do not share assessment scores or results with external parties without consent

Legal Requirements

We may disclose your information if required by law, including:

Court orders or legal process
Law enforcement requests
Government regulatory demands
Protection of public safety

We will provide notice when legally permitted to do so.

Business Transfers

If the Company is acquired or merges with another organization, your information may be transferred as part of that transaction. We would notify you of any such change and any choices you may have.

6. Data Storage and Security

Where Your Data Is Stored

Your personal information is primarily stored on:

A2 Hosting - Canadian and US-based secure servers
Learning platform databases - Encrypted and access-controlled
Email servers - Via SendGrid with encryption in transit and at rest

Security Measures

We implement industry-standard security practices to protect your information:

Encryption

In Transit: All data transmitted between your browser and our servers uses TLS/SSL encryption (HTTPS)
At Rest: Sensitive data is encrypted when stored on our servers
Payment Data: Credit card information is never stored; encrypted transmission to Stripe only

Access Controls

Authentication required for all platform access
Role-based access control limiting staff access to necessary information
Passwords hashed using bcrypt or equivalent algorithms
Multi-factor authentication available for administrative accounts
Regular access logging and audit trails

Physical Security

Data centers with 24/7 physical security
Biometric access controls
CCTV surveillance
Secure facility standards (SOC 2 compliance)

Operational Security

Regular security audits and penetration testing
Staff privacy and security training
Incident response procedures
Data backup and disaster recovery protocols
Vendor security assessments

Data Processor Agreements

All third-party service providers have signed Data Processing Agreements (DPAs) that include:

Commitments to data protection
Restrictions on data use
Security requirements
Data breach notification obligations
Right to audit and inspect

Limitations

While we implement comprehensive security measures, no system is 100% secure. We cannot guarantee absolute security against all risks, including unauthorized access, viruses, or cyberattacks. You are responsible for maintaining the confidentiality of your login credentials.

Data Breach Notification

In the event of a data breach, we will notify affected participants without unreasonable delay and provide information about:

The nature of the breach
What information was involved
Steps we are taking to address it
Resources available to you

Notifications will be sent via email to the address on file.

7. Your Rights

Under PIPEDA, PIPA, and GDPR (for international participants), you have the following rights regarding your personal information:

Right to Access

You have the right to know what information we hold about you.

You may request a copy of your personal information by contacting trainingREMOVETHIS@sdlcisdead.com with the subject line "Data Access Request." We will provide your information in a commonly used electronic format within 30 days.

Right to Correction

You have the right to correct inaccurate or incomplete information.

If your information is incorrect, incomplete, or outdated, you may request corrections. Contact trainingREMOVETHIS@sdlcisdead.com with details of the error. We will verify and update your information promptly.

Right to Withdraw Consent

You have the right to withdraw consent at any time.

If you have consented to data collection and processing, you can withdraw that consent. This will not affect the lawfulness of processing before withdrawal. However, withdrawing consent may prevent participation in the program.

Right to Deletion

You have the right to request deletion of your personal information.

Under certain circumstances, you may request deletion of your information. However, we may retain information where:

Required by law (tax records, 7-year retention)
Necessary for program completion and certification
Needed for dispute resolution or legal claims
Serving a legitimate business interest

Submit deletion requests to trainingREMOVETHIS@sdlcisdead.com with the subject "Data Deletion Request."

Right to Restrict Processing

You may request that we limit how we use your information.

For example, you may request that we stop using your information for marketing while continuing to send program-related updates. Contact us with your restriction request.

Right to Data Portability

You have the right to receive your data in a portable format.

You may request your personal information in a commonly used, machine-readable format (such as CSV) to transfer to another service. Submit requests to trainingREMOVETHIS@sdlcisdead.com.

Right to Object

You may object to certain processing of your information.

You have the right to object to processing based on legitimate interests. Explain your specific objection when contacting trainingREMOVETHIS@sdlcisdead.com.

How to Exercise Your Rights

To exercise any of these rights:

Email trainingREMOVETHIS@sdlcisdead.com with your request
Include your full name, email address, and account details
Specify which right you are exercising
Provide any supporting documentation
We will respond within 30 days (45 days for complex requests)

You may also contact our Privacy Officer at the address in Section 13.

Right Not to Be Discriminated Against

You have the right not to be discriminated against for exercising your privacy rights. We will not deny services, charge different fees, or provide different quality of service based on you exercising your rights.

Right	What You Can Do	Response Time
Access	Request a copy of your personal information	30 days
Correction	Update or correct inaccurate information	30 days
Deletion	Request deletion (subject to legal obligations)	30 days
Portability	Receive data in portable format (CSV, JSON)	30 days
Restrict Processing	Limit how your data is used	30 days
Withdraw Consent	Stop data processing based on consent	Immediate

8. Cookies and Tracking

What Are Cookies?

Cookies are small text files stored on your device that contain information about your interactions with websites and applications. We use cookies to enhance your experience.

Session Cookies

We use session cookies to:

Maintain your login session
Remember your authentication status
Prevent unauthorized access
Track your session for security purposes

Session cookies are deleted when you close your browser.

Persistent Cookies

We use persistent cookies for:

Remembering your language preferences
Saving accessibility settings
Tracking repeat visits for analytics

No Third-Party Tracking Cookies

We do not use third-party tracking cookies. We do not allow external companies to track your activity on our site for behavioral advertising or profiling purposes.

Analytics

If we implement analytics tools (such as internal tracking), we:

Anonymize data to prevent identification
Do not track individual users across the web
Do not share analytics data with third parties

Disabling Cookies

You can disable cookies through your browser settings:

Chrome: Settings → Privacy and security → Cookies and other site data
Firefox: Preferences → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Cookies and website data
Edge: Settings → Privacy and Services → Cookies

Note: Disabling cookies may limit platform functionality and may prevent login.

9. Data Retention

We retain your personal information for different periods depending on the type of data and the reason we hold it:

Active Participant Data

Duration: While you are an active participant plus the certification validity period (2 years)

Includes: Registration data, learning records, assessment scores, certificates

Purpose: Program delivery, certification verification, renewal eligibility

Financial Records

Duration: 7 years from date of transaction

Includes: Payment information, invoices, transaction logs, refund records

Purpose: Tax compliance, audit requirements, dispute resolution

Legal Basis: Canadian tax law requires 7-year retention

Access Logs and Technical Data

Duration: 30 days

Includes: IP addresses, browser type, access timestamps, session data

Purpose: Security monitoring, troubleshooting, fraud prevention

Email Communications

Duration: 2 years or until deletion by user

Includes: Support emails, program updates, notifications

Purpose: Audit trail, reference material, complaint resolution

Marketing Information

Duration: Until you unsubscribe or request deletion

Includes: Email preferences, engagement tracking

Purpose: Sending program-related communications (with consent)

Data After Deletion Request

When you request deletion, we retain certain information:

Financial records (7 years for tax compliance)
Anonymized assessment data (for program improvement)
Backup copies (until backup retention period expires)

Archival and Backup Data

We maintain regular backups for security and disaster recovery. Deleted information may remain in backups for up to 90 days before being permanently destroyed.

10. International Transfers

Data Processing in Multiple Countries

Your personal information may be processed and stored in multiple countries, including the United States. Key locations include:

A2 Hosting (Primary Server)

Located in Canada and US with redundancy. Maintains PCI-DSS compliance and SOC 2 certification.

Stripe (Payment Processing)

Uses US-based servers with EU-US Data Privacy Framework (formerly Privacy Shield) compliance.

SendGrid (Email Delivery)

US-based with international data centers. Maintains GDPR compliance for international data transfers.

Adequacy Safeguards

When your data is transferred internationally, we ensure adequate safeguards through:

Data Processing Agreements (DPAs) with all service providers
Standard Contractual Clauses (SCCs) for EU transfers
Privacy Shield Certification where applicable
Encryption of sensitive data during transfer
Regular security audits of data processors

Your Rights for International Transfers

If your data is transferred internationally:

You retain all privacy rights regardless of location
You can request information about transfers and safeguards
You can request deletion or portability
Legal remedies remain available in your home country

GDPR Compliance

For participants outside Canada (including EU residents), we maintain GDPR compliance including:

Legal basis for processing (contracts, consent, legitimate interests)
Data Subject Rights (access, deletion, portability, etc.)
Data Protection Impact Assessments
Appropriate safeguards for international transfers

11. Children's Privacy

The ANSCP Training Program is not directed at, and we do not knowingly collect personal information from, children under the age of 18.

Age Requirement

By registering for the Program, you represent that you are:

At least 18 years of age, and
Legally able to enter into binding contracts

If You Are Under 18

If you are under 18 and have registered, please contact trainingREMOVETHIS@sdlcisdead.com immediately, and we will delete your information.

Parent/Guardian Responsibility

Parents and guardians should monitor children's online activities. If you believe a child has provided us with personal information, please contact us immediately at trainingREMOVETHIS@sdlcisdead.com.

Exception for Young Professionals

Some jurisdictions allow 16-17 year old professionals to participate in career development programs. If you are in this age group and wish to participate, you must:

Provide parental or guardian consent
Have a legal capacity to contract (varies by jurisdiction)
Contact trainingREMOVETHIS@sdlcisdead.com to discuss your situation

12. Changes to This Policy

Right to Update

The Company reserves the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting, unless otherwise specified.

Notification of Changes

For material changes, we will:

Notify participants via email at the address provided during registration
Post a prominent notice on our website
Update the "Last Updated" date at the top of this policy

Your Choices

If you disagree with changes to this policy:

You may request deletion of your information (subject to retention requirements)
You may withdraw consent for future processing
You may contact us to discuss your concerns

Continued Use

Continued use of the Program or website following notification of changes constitutes acceptance of the revised Privacy Policy.

Historical Versions

We maintain archives of previous privacy policy versions. Request older versions at trainingREMOVETHIS@sdlcisdead.com if needed for reference.

13. Contact and Privacy Officer

Privacy Inquiries

For questions about this Privacy Policy or requests related to your personal information, contact:

RedPoint Management Services Ltd.

Operating as: sdlcisdead.com
Email: training@sdlcisdead.com
Location: British Columbia, Canada
Response Time: Within 30 days of inquiry

Privacy Officer

Our Privacy Officer oversees privacy practices and is responsible for:

Handling privacy requests and complaints
Ensuring compliance with privacy legislation
Investigating privacy concerns
Managing data breach response

Contact our Privacy Officer: trainingREMOVETHIS@sdlcisdead.com (subject line: "Privacy Officer")

Regulatory Complaints

If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the applicable privacy regulator:

Federal Regulator (PIPEDA)

Office of the Privacy Commissioner of Canada

Website: www.priv.gc.ca
Phone: 1-800-282-1376
For complaints about federal private sector organizations and federal government institutions

British Columbia Regulator (PIPA)

Office of the Information and Privacy Commissioner (OIPC)

Website: www.oipc.bc.ca
Phone: 1-250-356-1851 or 1-800-663-3369
For complaints about BC private sector organizations

International - GDPR Complaints

For participants subject to GDPR (EU residents), you may file a complaint with your local Data Protection Authority:

Identify your country's Data Protection Authority on the EDPB website: www.edpb.eu
Contact them directly with your complaint

How We Handle Complaints

When we receive a privacy complaint, we will:

Acknowledge receipt within 5 business days
Investigate the complaint thoroughly
Provide a detailed response within 30 days
Implement corrective measures if necessary
Keep records of the complaint and resolution

Contact Summary

General Privacy Questions: trainingREMOVETHIS@sdlcisdead.com
Data Access/Deletion Requests: trainingREMOVETHIS@sdlcisdead.com (specify request type)
Privacy Complaints: trainingREMOVETHIS@sdlcisdead.com (subject: "Privacy Complaint")
Data Breach Report: trainingREMOVETHIS@sdlcisdead.com (urgent)

← Back to Home Register Now Terms & Conditions →

Table of Contents