 |
Resorts of the Canadian Rockies Inc.
Resorts of the Canadian Rockies Inc. ("RCR") is
committed to protecting the privacy of its guests,
partners,
employees and other stakeholders. We place great
value on the privacy of personal information and
we will
never share it outside the RCR family of resorts.
To help guide our business practices while protecting
the privacy of personal information, we have utilized
Alberta's Personal Information Protection Act to
develop
the following RCR Privacy Policy.
• Purpose
• Definitions
• RCR's Privacy Principles
The purpose of RCR's Privacy Policy is to govern
the collection, use and disclosure of personal information
by RCR
in a manner
that recognizes the rights of our guests, partners,
employees and other stakeholders to have their personal
information protected, while recognizing the need
that RCR has to collect, use and/or disclose personal
information for purposes that are reasonable in providing
the services and products of our business.
Business Contact Information: Information that
is not covered under the Personal Information Protection
Act including name, position name or title,
business telephone number, business address, business
e-mail, business fax number and other similar business
information.
Commissioner: The Information and Privacy
Commissioner appointed under the Freedom of Information
and Protection of Privacy Act.
FOIP Act: The Freedom of Information and Protection
of Privacy Act, the Act that governs the access to
the information and protection of privacy of personal
information in the Alberta public sector.
Personal Information: Information about an
identifiable individual including name, address, age,
weight, height, gender, employment, financial history,
ID number, place of birth, ethnic origin, opinions,
evaluations or comments about an individual. Personal
Information does not include business contact information.
PIPA: The Alberta Personal Information Protection
Act.
PIPEDA: The Federal Personal Information Protection
and Electronics Act.
RCR: Resorts of the Canadian Rockies Inc.,
and is affiliates including Lake Louise Ski Resort,
Fernie Alpine Resort, Kimberley Alpine Resort, Nakiska
Resort, Fortress Mountain Resort,
Wintergreen
Golf Resort, Trickle Creek Golf Resort, Le Grand
Vallon Golf Course, Trickle Creek Residence Inn
by Marriott,
Polaris Lodge, West Louise Lodge, Skoki Lodge, Wolf's
Den, and Lodge & Condominiums at Fortress Mountain
Resort.
Principle 1 - Compliance and Policies
RCR is responsible for personal information that
is in its custody or under its control and has designated
a Privacy Officer who is accountable for RCR's compliance
with PIPA and the RCR Privacy Policy.
| 1. |
The Privacy Officer
will be responsible for: |
| |
a. |
Developing and implementing
policies and practices that are reasonable for
RCR to meet its obligations under PIPA to protect
personal information; |
| |
b. |
Establishing procedures
to receive and respond to privacy inquiries or
complaints; |
| |
c. |
Training and communicating
to RCR employees about RCR's Privacy Policy and
practices;and |
| |
d. |
Developing public
information to explain RCR's Privacy Policy and
practices. |
| |
|
|
| 2. |
The Privacy Officer
is entitled to delegate to one or more RCR employees
the duties conferred by the Privacy Officer, including
day-to-day responsibilities for the administration
of the RCR Privacy Policy and compliance with
PIPA. |
| |
|
|
| 3. |
RCR shall make known
the title and contact information of the individual
designated to oversee RCR's compliance with the
Privacy Policy. RCR's Privacy Officer may be contacted
at: |
| |
|
|
Privacy Officer
Resorts of the Canadian Rockies Inc.
1505 - 17th Avenue S.W.
Calgary, Alberta T2T 0E2
Phone: (403) 256-8473
Fax: (403) 244-3774
E-mail: privacy@skircr.com |
Principle 2 - Consent
The knowledge and consent of an individual are generally
required for the collection, use or disclosure of personal
information. In certain circumstances, personal information
can be collected, used or disclosed without the knowledge
and consent of the individual, such as when the information
is necessary to respond to an emergency that threatens
the life, health or security of an individual or the
public.
| |
|
| 1. |
Consent Required
- RCR will obtain consent to collect, use
or disclose personal information. |
| |
a. |
RCR shall seek consent
to use and disclose personal information at the
same time it collects the information. However,
RCR may seek consent to use and disclose personal
information after it has been collected, but before
it is used or disclosed for a new purpose. |
| |
b. |
RCR shall not collect
personal information about an individual from
a source other than the individual, unless the
individual consents to the collection of the information
from the other source. |
| |
c. |
RCR shall not, as a
condition of supplying a product or service, require
an individual to consent to the collection, use
or disclosure of personal information about an
individual beyond what is necessary to provide
the product or service. |
| |
|
|
| 2. |
Form of Consent
- An individual may give his or her consent in
writing, orally, or electronically to the collection,
use or disclosure of personal information about
the individual. |
| |
a. |
The individual is deemed
to consent to the collection, use or disclosure
of personal information by RCR, if the individual
voluntarily provides the information to the organization
for that purpose, and it is reasonable that a
person would voluntarily provide that information. |
| |
b. |
In determining the
appropriate form of consent, RCR shall take into
account the sensitivity of the personal information
and the reasonable expectations of the individual. |
| |
|
|
| 3. |
Withdrawal or Variation
of Consent - An individual may at any time
withdraw or vary consent to the collection, use
or disclosure by RCR of the personal information
about the individual, given reasonable notice
to RCR and subject to legal or contractual restrictions.
Individuals may contact the RCR Privacy Officer
for more information regarding the likely consequences
of withdrawing or varying the consent. |
| |
|
|
| 4. |
Consent Obtained
by Deception - RCR shall not obtain or attempt
to obtain consent to the collection, use or disclosure
of personal information by providing false or
misleading information respecting the collection,
use or disclosure of the information, or by using
deceptive or misleading practices. |
Principle 3 - Collection of Personal Information
| 1. |
Limits on Collection
- RCR shall limit the collection of personal information
only for purposes that are reasonable and only
to the extent that it is reasonable for meeting
the purposes for which the information is collected. |
| |
|
|
| 2. |
Notification Required
for Collection - RCR shall, as appropriate,
specify verbally, in writing or electronically,
the identified purposes to the individual at or
before the time personal information is collected
or, when appropriate, at or before the time the
personal information is used for a new purpose.
Upon request, persons collecting personal information
shall explain these identified purposes or refer
the individual to a designated person within RCR
who shall explain the purposes. RCR collects personal
information for the following purposes: |
| |
a. |
to establish and maintain
a responsible commercial relationship with guests,
partners, employees and other stakeholders; |
| |
b. |
for purposes identified
to individuals or purposes obvious to individuals,
in respect to particular collections of personal
information; |
| |
c. |
to meet legal and regulatory
requirements; |
| |
d. |
to understand the needs
and preferences of individuals; |
| |
e. |
to develop, enhance,
market and/or provide products and services;and |
| |
f. |
to manage and develop
RCR's business and operations, including transfer
of data among affiliated entities. |
| |
|
|
| 3. |
Collection without
Consent - In some instances, PIPA allows collection
of personal information without consent. |
Principle 4 - Use of Personal Information
RCR shall use personal information only for purposes
that are reasonable and only to the extent that it
is reasonable for meeting the purposes for which the
information is used. Personal information may be used
without consent only in limited and specific circumstances
as allowed by PIPA.
Principle 5 - Disclosure of Personal Information
RCR may disclose personal information only for
purposes that are reasonable and only to the extent
that is reasonable for meeting the purposes for which
the information is disclosed. Personal information
may be disclosed without consent only in limited and
specific circumstances as allowed by PIPA.
Principle 6 - Business Transactions
When buying or selling a business, RCR may collect,
use and disclose personal information without consent,
when those involved agree to do so only for the transaction
and when they need the information to decide whether
to buy or sell. Once the transaction is complete,
the organization receiving the personal information
may continue to use and disclose it but only for the
purposes for which it was originally collected. Further,
information must relate solely to the carrying on
of the business. If the transaction does not proceed,
the organization that received the personal information
must destroy or return it.
Principle 7 - Access and Correction
| 1. |
Access - Upon
request, RCR shall inform an individual of the
existence, use and disclosure of that individual's
personal information. However, in some circumstances,
RCR can or must refuse access, such as when disclosure
would harm an individual, an investigation, or
a legal proceeding; or when access would disclose
the personal information of someone else; or information
is of confidential business. RCR may charge an
applicant a reasonable fee for access to the applicant's
personal information. A written estimate of the
total fee will be provided to the applicant prior
to RCR providing access to the service. |
| |
|
|
| 2. |
Right to Request
Correction - An individual may make a request
to RCR to correct an error or omission in his/her
personal information. RCR will correct the information
as soon as is reasonably possible and is not permitted
to charge a fee for the correction. |
| |
|
|
| 3. |
How to Make a Request
- For an individual to obtain access to personal
information or to make a request for a correction
to personal information, the individual must make
a written request to the attention of RCR's Privacy
Officer, setting out sufficient detail to enable
RCR, with a reasonable effort, to identify the
information in respect of which the written request
is made. |
| |
|
| 4. |
Duty to Assist
- RCR will make every reasonable effort to assist
applicants with their requests, to explain abbreviations
or terms and to respond to each applicant as accurately
and completely as reasonably possible. |
| |
|
| 5. |
Time Limit for Responding
- RCR will make every reasonable effort to respond
to an applicant within 45 days from the day that
RCR receives the applicant's written request. |
| |
|
| 6. |
Contents of a Response
- RCR will inform the applicant as to whether
or not the applicant is entitled to or will be
given access to all or part of his/her personal
information. If the applicant is entitled to access,
RCR will inform the applicant when access will
be given. If access to all or part of the applicant's
personal information is refused, RCR will inform
the applicant of the reasons for the refusal and
the provision of PIPA on which the refusal is
based; the name of the RCR Privacy Officer who
can answer the applicant's questions about the
refusal; and that the applicant may ask for a
review under section 46 of PIPA. |
| |
|
| 7. |
How Access will
be Given - When an applicant is entitled to
access his/her personal information, RCR will
provide the applicant with a copy of the personal
information provided that it can be reasonably
reproduced. |
| |
|
| 8. |
Extending the Time
Period for Responding - Under certain situations
allowed by PIPA, RCR may, with respect to a request
for access, extend the time period for responding
to the request by up to an additional 30 days,
or longer if given the permission of the Commissioner
of PIPA. |
Principle 8 - Care of Personal Information
| 1. |
Accuracy of Information
- RCR will make a reasonable effort to ensure
that any personal information collected, used
or disclosed by or on behalf of RCR is accurate
and complete. |
| |
|
|
| 2. |
Protection of Information
- RCR will protect personal information that is
in its custody or under its control by making
reasonable security arrangements against such
risks as unauthorized access, collection, use,
disclosure, copying, modification, disposal or
destruction. |
| |
|
|
| 3. |
Retention of Information
- RCR may for legal or business purposes,
retain personal information on an individual for
as long as is reasonable, provide that the consent
has not been withdrawn or varied by the individual. |
|
