FORGOT YOUR DETAILS?

Privacy Policy

Resorts of the Canadian Rockies Inc. ("RCR") is committed to protecting the privacy of its guests, partners, employees and other stakeholders. We place great value on the privacy of personal information and we will never share it outside the RCR family of resorts. To help guide our business practices while protecting the privacy of personal information, we have utilized Alberta's Personal Information Protection Act to develop the following RCR Privacy Policy.

• Purpose
• Definitions
• RCR's Privacy Principles

PURPOSE

The purpose of RCR's Privacy Policy is to govern the collection, use and disclosure of personal information by RCR in a manner that recognizes the rights of our guests, partners, employees and other stakeholders to have their personal information protected, while recognizing the need that RCR has to collect, use and/or disclose personal information for purposes that are reasonable in providing the services and products of our business.

DEFINITIONS

Business Contact Information: Information that is not covered under the Personal Information Protection Act including name, position name or title, business telephone number, business address, business e-mail, business fax number and other similar business information.

Commissioner: The Information and Privacy Commissioner appointed under the Freedom of Information and Protection of Privacy Act.

FOIP Act: The Freedom of Information and Protection of Privacy Act, the Act that governs the access to the information and protection of privacy of personal information in the Alberta public sector.

Personal Information: Information about an identifiable individual including name, address, age, weight, height, gender, employment, financial history, ID number, place of birth, ethnic origin, opinions, evaluations or comments about an individual. Personal Information does not include business contact information.

PIPA: The Alberta Personal Information Protection Act.

PIPEDA: The Federal Personal Information Protection and Electronics Act.

RCR: Resorts of the Canadian Rockies Inc., and is affiliates including Lake Louise Ski Resort, Fernie Alpine Resort, Kimberley Alpine Resort, Nakiska Resort, Wintergreen Golf Resort, Trickle Creek Golf Resort, Le Grand Vallon Golf Course, Trickle Creek Lodge, Polaris Lodge, West Louise Lodge, Skoki Lodge, Fernie Slopeside Lodge.

RCR's PRIVACY PRINCIPLES

Principle 1 - Compliance and Policies
RCR is responsible for personal information that is in its custody or under its control and has designated a Privacy Officer who is accountable for RCR's compliance with PIPA and the RCR Privacy Policy.

1. The Privacy Officer will be responsible for:
a. Developing and implementing policies and practices that are reasonable for RCR to meet its obligations under PIPA to protect personal information;
b. Establishing procedures to receive and respond to privacy inquiries or complaints;
c. Training and communicating to RCR employees about RCR's Privacy Policy and practices;and
d. Developing public information to explain RCR's Privacy Policy and practices.
2. The Privacy Officer is entitled to delegate to one or more RCR employees the duties conferred by the Privacy Officer, including day-to-day responsibilities for the administration of the RCR Privacy Policy and compliance with PIPA.
3. RCR shall make known the title and contact information of the individual designated to oversee RCR's compliance with the Privacy Policy. RCR's Privacy Officer may be contacted at:
Privacy Officer
Resorts of the Canadian Rockies Inc.
1505 - 17th Avenue S.W.
Calgary, Alberta T2T 0E2
Phone: 403-254-7669
Fax: 403-244-3774
E-mail: privacy@skircr.com


Principle 2 - Consent
The knowledge and consent of an individual are generally required for the collection, use or disclosure of personal information. In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual, such as when the information is necessary to respond to an emergency that threatens the life, health or security of an individual or the public.

1. Consent Required - RCR will obtain consent to collect, use or disclose personal information.
a. RCR shall seek consent to use and disclose personal information at the same time it collects the information. However, RCR may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
b. RCR shall not collect personal information about an individual from a source other than the individual, unless the individual consents to the collection of the information from the other source.
c. RCR shall not, as a condition of supplying a product or service, require an individual to consent to the collection, use or disclosure of personal information about an individual beyond what is necessary to provide the product or service.
2. Form of Consent - An individual may give his or her consent in writing, orally, or electronically to the collection, use or disclosure of personal information about the individual.
a. The individual is deemed to consent to the collection, use or disclosure of personal information by RCR, if the individual voluntarily provides the information to the organization for that purpose, and it is reasonable that a person would voluntarily provide that information.
b. In determining the appropriate form of consent, RCR shall take into account the sensitivity of the personal information and the reasonable expectations of the individual.
3. Withdrawal or Variation of Consent - An individual may at any time withdraw or vary consent to the collection, use or disclosure by RCR of the personal information about the individual, given reasonable notice to RCR and subject to legal or contractual restrictions. Individuals may contact the RCR Privacy Officer for more information regarding the likely consequences of withdrawing or varying the consent.
4. Consent Obtained by Deception - RCR shall not obtain or attempt to obtain consent to the collection, use or disclosure of personal information by providing false or misleading information respecting the collection, use or disclosure of the information, or by using deceptive or misleading practices.


Principle 3 - Collection of Personal Information

1. Limits on Collection - RCR shall limit the collection of personal information only for purposes that are reasonable and only to the extent that it is reasonable for meeting the purposes for which the information is collected.
2. Notification Required for Collection - RCR shall, as appropriate, specify verbally, in writing or electronically, the identified purposes to the individual at or before the time personal information is collected or, when appropriate, at or before the time the personal information is used for a new purpose. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within RCR who shall explain the purposes. RCR collects personal information for the following purposes:
a. to establish and maintain a responsible commercial relationship with guests, partners, employees and other stakeholders;
b. for purposes identified to individuals or purposes obvious to individuals, in respect to particular collections of personal information;
c. to meet legal and regulatory requirements;
d. to understand the needs and preferences of individuals;
e. to develop, enhance, market and/or provide products and services;and
f. to manage and develop RCR's business and operations, including transfer of data among affiliated entities.
3. Collection without Consent - In some instances, PIPA allows collection of personal information without consent.

Principle 4 - Use of Personal Information
RCR shall use personal information only for purposes that are reasonable and only to the extent that it is reasonable for meeting the purposes for which the information is used. Personal information may be used without consent only in limited and specific circumstances as allowed by PIPA.

Principle 5 - Disclosure of Personal Information
RCR may disclose personal information only for purposes that are reasonable and only to the extent that is reasonable for meeting the purposes for which the information is disclosed. Personal information may be disclosed without consent only in limited and specific circumstances as allowed by PIPA.

Principle 6 - Business Transactions
When buying or selling a business, RCR may collect, use and disclose personal information without consent, when those involved agree to do so only for the transaction and when they need the information to decide whether to buy or sell. Once the transaction is complete, the organization receiving the personal information may continue to use and disclose it but only for the purposes for which it was originally collected. Further, information must relate solely to the carrying on of the business. If the transaction does not proceed, the organization that received the personal information must destroy or return it.

Principle 7 - Access and Correction

1. Access - Upon request, RCR shall inform an individual of the existence, use and disclosure of that individual's personal information. However, in some circumstances, RCR can or must refuse access, such as when disclosure would harm an individual, an investigation, or a legal proceeding; or when access would disclose the personal information of someone else; or information is of confidential business. RCR may charge an applicant a reasonable fee for access to the applicant's personal information. A written estimate of the total fee will be provided to the applicant prior to RCR providing access to the service.
2. Right to Request Correction - An individual may make a request to RCR to correct an error or omission in his/her personal information. RCR will correct the information as soon as is reasonably possible and is not permitted to charge a fee for the correction.
3. How to Make a Request - For an individual to obtain access to personal information or to make a request for a correction to personal information, the individual must make a written request to the attention of RCR's Privacy Officer, setting out sufficient detail to enable RCR, with a reasonable effort, to identify the information in respect of which the written request is made.
4. Duty to Assist - RCR will make every reasonable effort to assist applicants with their requests, to explain abbreviations or terms and to respond to each applicant as accurately and completely as reasonably possible.
5. Time Limit for Responding - RCR will make every reasonable effort to respond to an applicant within 45 days from the day that RCR receives the applicant's written request.
6. Contents of a Response - RCR will inform the applicant as to whether or not the applicant is entitled to or will be given access to all or part of his/her personal information. If the applicant is entitled to access, RCR will inform the applicant when access will be given. If access to all or part of the applicant's personal information is refused, RCR will inform the applicant of the reasons for the refusal and the provision of PIPA on which the refusal is based; the name of the RCR Privacy Officer who can answer the applicant's questions about the refusal; and that the applicant may ask for a review under section 46 of PIPA.
7. How Access will be Given - When an applicant is entitled to access his/her personal information, RCR will provide the applicant with a copy of the personal information provided that it can be reasonably reproduced.
8. Extending the Time Period for Responding - Under certain situations allowed by PIPA, RCR may, with respect to a request for access, extend the time period for responding to the request by up to an additional 30 days, or longer if given the permission of the Commissioner of PIPA.


Principle 8 - Care of Personal Information

1. Accuracy of Information - RCR will make a reasonable effort to ensure that any personal information collected, used or disclosed by or on behalf of RCR is accurate and complete.
2. Protection of Information - RCR will protect personal information that is in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction.
3. Retention of Information - RCR may for legal or business purposes, retain personal information on an individual for as long as is reasonable, provide that the consent has not been withdrawn or varied by the individual.
TOP