Privacy Policy
Principles in Summary
The following 10 Principles collectively form the basis of the Fantasyland Hotel (FLH) Privacy Policy:
- Accountability
- Identifying Purposes
- Consent
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Accuracy
- Safeguards
- Openness
- Individual Access
- Challenging Compliance
This policy complies with both the Alberta Government’s Personal Information Protection Act and Canada’s Personal Information Protection and Electronic Documents Act.
Section 1
Accountability
1.1 Accountability for FLH’s compliance with the principles rests with
the Privacy Compliance Committee (“PCC”) even though other
individuals may be responsible for the day-to-day collection and
processing of personal information. The PCC may delegate others
to act on behalf of the PCC.
1.2 The identity of the PCC members shall be made known upon
request.
1.3 FLH is responsible for personal information in its possession or
custody, including information that has been transferred to a third
party for processing. FLH shall use contractual means to provide a
comparable level of protection while the information is being
processed by a third party.
1.4 Protection of Personal Information
All personal information collected by members of FLH or by its
agents, contractors, partners, or otherwise affiliated organizations
shall be protected through physical or electronic measures in order
to reduce risk of its unauthorized collection, use, disclosure, or
destruction. Such protections shall be appropriate to the sensitivity
and may include, by way of example:
a) passwords
b) locked cabinets
c) restricted access
d) file write-protection
e) encryption
1.5 Procedure governing receipt and response to complaints and
inquiries.
All complaints or inquiries received by any member of the FLH
organization shall be immediately referred to the Chair of the PCC.
All members of the FLH organization may refer any complaint or
inquiry to:
Privacy Officer
Tel: 780-444-8100 or Fax: 780-444-5232
Suite 3000, 8882 – 170 Street
Edmonton, Alberta T5T 4M2
privacyofficer@westedmontonmall.com
The Chair of the PCC shall respond in a timely manner to the
individual making the complaint or inquiry in compliance with all
applicable provisions of the Protection of Personal Privacy Act of
Alberta (2004).
1.6 Training Staff FLH shall incorporate materials outlining this policy and its related
procedures into its existing employee training, communications,
and resource programs.
Such materials may include but shall not
be limited to:
a) provision of this policy to the employee at time of hire
b) ongoing review of this policy in customer service training
programs
c) awareness of the policy’s posting to company websites
d) invitation of ongoing employee comment and review of this
policy
e) applicable signage in employee rest areas
f) regular summaries of this policy and location of further
resources in employee newsletters; and
g) ongoing employee information seminars.
1.7 Explanation of this policy.
FLH shall from time to time, develop materials for distribution to
employees explaining this policy and its related procedures.
Section 2
Identifying Purposes
2.1 FLH shall document the purposes for which personal information is
collected in order to comply with the Openness and Individual
Access Principles outlined in the CSA Model Privacy Code and in
the Provincial PIPA and Federal PIPEDA Acts.∗
2.2 Identifying the purposes for which personal information is collected
at or before the time of collection allows FLH to determine the
information it needs to collect to fulfill these purposes. The Limiting
Collection Principle outlined in the CSA Model Privacy Code and in
the PIPA and PIPEDA Acts requires FLH to collect only that
information necessary for the purposes that have been identified.
2.3 FLH shall identify purposes at or before the time of collection to the
individual from whom the personal information is collected. FLH
will endeavor to identify purposes in writing wherever possible. In
certain circumstances identification may also be provided orally.
For example, forms may provide information on purposes in
writing. Collection of personal information through “on-the-spot”
interviews or surveys may be better suited to identifying purposes
orally.
2.4 When personal information that has been collected is to be used for
a purpose not previously identified, the new purpose shall be
identified prior to use. Unless the new purpose is required by law,
the consent of the individual is required before information can be
used for that purpose. For an elaboration on consent, please refer
to the Consent Principle.
2.5 Employees collecting personal information shall be able to
accurately explain to individuals the purposes for which the
information is being collected; or in the alternative shall refer the
individual to a member of the Privacy Protection Committee.
∗PIPA: The Personal Information Protection Act of Alberta. PIPEDA: The Personal Information
Protection and Electronic Documents Act of Canada.
Section 3
Consent
3.1 Consent is required for the collection of personal information and
the subsequent use or disclosure of this information. Typically, an
organization will seek consent for the use or disclosure of the
information at the time of collection. In certain circumstances,
consent with respect to use or disclosure may be sought after the
information has been collected but before use (for example, when
FLH wants to use information for a purpose not previously
identified).
3.2 The Consent Principle of the CSA Model Privacy Code, PIPA, and
PIPEDA requires “knowledge and consent”. FLH shall make a
reasonable effort to ensure that the individual is advised of the
purposes for which the information will be used. To make the
consent meaningful, the purposes must be stated in such a manner
that the individual can reasonably understand how the information
will be used or disclosed.
3.3 The form of consent sought by FLH may vary, depending upon the
circumstances and the type of information. In determining the form
of consent to use, FLH shall take into account the sensitivity of the
information. Although some information (for example, medical
records and income records) is almost always considered to be
sensitive, any information can be sensitive, depending on the
context. For example, the names and addresses of subscribers to
a newsmagazine would generally not be considered sensitive
information. However, the name and addresses of subscribers to
some special-interest magazines might be considered sensitive.
3.4 In obtaining consent, the reasonable expectations of the individual
are also relevant. For example, an individual requesting to join a
FLH mailing list should reasonably expect that FLH, in addition to
using the individual’s name and address for a single mailing, would
also use that information to send subsequent mailing to the person.
In this case, FLH can assume that the individual’s request
constitutes consent for the specific purposes of sending out a
series of mailings. On the other hand, an individual would not
reasonably expect that personal information given to FLH for a
mailing list would be used for any other purpose or given to a
company selling magazine subscriptions (or other merchandise or
services) unless further consent were obtained. Consent shall not
be obtained through deception.
3.5 The way in which FLH seeks consent may vary, depending on the
circumstances and the type of information collected. FLH shall seek
express (written) consent when the information is likely to be
considered sensitive. Implied consent would generally be
appropriate when the information is less sensitive. Consent can
also be given by an authorized representative (such as a legal
guardian or a person having power of attorney).
3.6 Individuals can give consent in many ways. For example:
a) an application form may be used to seek consent, collect
information, and inform the individual of the use that will be
made of the information. By completing and signing the form,
the individual is giving consent to the collection and the
specified uses;
b) a check-off box may be used to allow individuals to request that
their names and addresses not be given to other organizations.
Individuals who do not check the box are assumed to consent to
the transfer of this information to third parties;
c) consent may be given orally when information is collected over
the telephone; or
d) consent may be given at the time that individuals use a product
or service.
3.7 An individual may withdraw consent at any time, subject to legal or
contractual restrictions and with reasonable notice. At the time that
an individual requests withdrawal, FLH shall inform the individual of
the implications of such withdrawal.
Section 4
Limiting Collection
4.1 FLH shall not collect personal information indiscriminately. Both
the amount and the type of information collected shall be limited to
that which is necessary to fulfill the purposes identified. FLH shall
specify the type of information collected as part of its information handling policies and practices, in accordance with the Openness
Principle of the CSA Model Code, PIPA, and PIPEDA.
4.2 FLH shall collect personal information only by fair and lawful means
and shall not collect information by misleading means or by
deceiving individuals about the purpose for which information is
being collected.
Section 5
Limiting Use, Disclosure, and Retention
5.1 When FLH uses personal information for a new purpose, FLH shall
document this purpose.
5.2 FLH shall develop guidelines and implement procedures with
respect to the retention of personal information. These guidelines
shall include both minimum and maximum retention periods.
Personal information that has been used to make a decision about
an individual shall be retained long enough to allow the individual
access to the information after the decision has been made. FLH
may be subject to legislative requirements with respect to retention
periods and shall recognize the development and implementation of
sound records management practices as complimentary to the CSA
Model Code, PIPA, and PIPEDA.
5.3 Personal information that is no longer required to fulfill the identified
purposes shall be destroyed, erased, or made anonymous. FLH
shall develop guidelines and implement procedures to govern the
destruction of personal information.
Section 6
Accuracy
6.1 The extent to which personal information shall be accurate,
complete, and up-to-date will depend upon the use of the
information, taking into account the interests of the individual.
Information shall be sufficiently accurate, complete, and up-to-date
to minimize the possibility that inappropriate information may be
used to make a decision about the individual.
6.2 FLH shall not routinely update personal information, unless such a
process is necessary to fulfill the purposes for which the information
was collected.
6.3 Personal information that is used on an ongoing basis, including
information that is disclosed to third parties, shall be accurate and
up-to-date, unless limits to the requirement for accuracy are clearly
set out.
Section 7
Safeguards
7.1 The security safeguards shall protect personal information against
loss or theft, as well as unauthorized access, disclosure, copying,
use, or modification. FLH shall protect personal information
regardless of the format or storage media in which it is held.
7.2 The nature of the safeguards will vary depending on the sensitivity
of the information that has been collected, the amount, and format
of the information, and the method of storage. More sensitive
information shall be safeguarded by a higher level of protection.
7.3 The methods of protection should include:
a) physical measures, for example, locked filing cabinets and
restricted access to offices;
b) organizational measures, for example, security clearances and
limiting access on a “need-to-know” basis; and
c) technological measures, for example, the use of passwords and
encryption.
7.4 FLH shall make its employees aware of the importance of
maintaining the confidentiality of personal information.
7.5 Care shall be used in the disposal or destruction of personal
information, to prevent unauthorized parties from gaining access to
the information. Disposal or destruction of personal information
shall not be undertaken by any employee without the prior written
authorization of the Privacy Protection Committee outlining the
preferred method of destruction, the specific information authorized
for destruction, and date of destruction. Once personal information
has been destroyed the employee(s) who carried out the
destruction shall complete a Certificate of Destruction and return
same to the Privacy Protection Committee.
Section 8
Openness
8.1 FLH shall be open about its policies and practices with respect to
the management of personal information. Individuals shall be able
to acquire information about FLH’s policies and practices without
unreasonable effort. This information shall be made available in a
form that is generally understandable.
8.2 The information made available shall include:
a) the name, title, and address of the person who is accountable
for the organization’s policies and practices and to whom
complaints or inquiries can be forwarded;
b) the means of gaining access to personal information held by
FLH;
c) a description of the type of personal information held by FLH,
including a general account of its use;
d) a copy of brochures or other information that explain FLH’s
policies, standards, or codes; and
e) that personal information which is made available to related
organizations (e.g., subsidiaries).
8.3 FLH shall make information on its policies and practices available in
a variety of ways. The method chosen depends on the nature of
FLH’s business and other considerations. For example, FLH may
choose to make brochures available on the mall common area, mail
information to its clients or tenants, provide online access, or
establish a toll-free telephone number.
Section 9
Individual Access
9.1 Upon request, FLH shall inform an individual whether or not FLH
holds personal information about the individual. FLH shall,
wherever appropriate, indicate the source of this information. FLH
shall allow the individual access to this information. In addition, FLH
shall provide an account of the use that has been made or is being
made of this information and an account of the third parties to
which it has been disclosed.
9.2 An individual may be required to provide sufficient information to
permit FLH to provide an account of the existence, use, and
disclosure of personal information. The information provided shall
only be used for this purpose.
9.3 In providing an account of third parties to which it has disclosed
personal information about an individual, FLH shall be as specific
as possible. When it is not possible to provide a list of the
organizations to which it has actually disclosed information about
an individual, FLH shall provide a list of organizations to which it
may have disclosed information about the individual.
9.4 FLH shall respond to an individual’s request within a reasonable
time and at minimal or no cost to the individual. The requested
information shall be provided or made available in a form that is
generally understandable. For example, if FLH uses abbreviations
or codes to record information, an explanation of such
abbreviations or codes shall be provided. All such requests should
be submitted in writing to:
Privacy Officer
Tel: 780-444-8100 or Fax: 780-444-5232
privacyofficer@westedmontonmall.com
Suite 3000, 8882 – 170 Street
Edmonton, Alberta
T5T 4M2
9.5 When an individual successfully demonstrates the inaccuracy or
incompleteness of personal information, FLH shall amend the
information as required or may delete the record of personal
information in its entirety but only with the prior written authorization
of the Privacy Protection Committee. Depending upon the nature
of the information challenged, amendment may involve the
correction, deletion, or addition of information. Where appropriate,
the amended information shall be transmitted to third parties having
access to the information in question.
9.6 When a challenge is not resolved to the satisfaction of the
individual, the substance of the unresolved challenge shall be
recorded by FLH. When appropriate, the existence of the
unresolved challenge shall be transmitted to third parties having
access to the information in question.
Section 10
Challenging Compliance
10.1 The individual accountable for FLH’s compliance is discussed in
Section 1 above.
10.2 FLH shall put procedures in place to receive and respond to
complaints or inquiries about its policies and practices relating to
the handling of personal information. The complaint process
should be easily accessible and simple to use.
10.3 FLH shall inform individuals who make inquiries or lodge
complaints of the existence of relevant complaint mechanisms.
10.4 FLH shall investigate all complaints. If a complaint is found to be
justified through either the internal or external complaint review
process, FLH shall take appropriate measures, including, if
necessary, amending its policies and practices.
10.5 FLH may, at its sole discretion, charge a reasonable fee to
individuals making requests for searches for personal information
under this section. All charges, together with an explanation of the
charges, shall be presented to individuals making personal
information requests for their approval in advance of FLH’s
undertaking any search for personal information.