While we have always respected our customers, member’s privacy and safeguarded their personal information, we have strengthened our commitment to protecting personal information as a result Alberta’s Personal Information Protection Act (PIPA). PIPA, sets out the ground rules for how Alberta businesses and not-for-profit organizations may collect, use and disclose personal information.
Personal Information –means information about an identifiable individual E.g., including name, age, home address, phone number, and credit card information. Personal information does not include contact information (described below).
Privacy Officer – means the individual designated responsibility for ensuring that staff complies with this policy and PIPA.
We will inform our customers, members of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy, in compliance with PIPA, outlines the principles and practices we will follow in protecting customers’, members’ personal information. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our customers’, members’ personal information and allowing our customers, members to request access to, and correction of, their personal information.
a) This Personal Information Protection Policy applies to Pink Car Service.
b) This policy also applies to any service providers collecting, using or disclosing personal information on behalf of Pink Car Service
Policy 1 – Collecting Personal Information
1.1 Unless the purposes for collecting personal information are obvious and the customer, member voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.
1.2 We will only collect customer, member information that is necessary to fulfill the following purposes:
- To verify identity;
- To open and manage an account;
- To deliver requested services:
- To ensure a high standard of service to our customers, members;
- To send out association membership information;
- To collect and process payments;
- To meet regulatory requirements.
Policy 2 – Consent
2.1 We will obtain customer, member consent to collect, use or disclose personal information (except where, as noted below, we are authorized to do so without consent).
2.2 Consent can be provided orally, in writing, electronically or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the customer, member voluntarily provides personal information for that purpose.
2.3 Consent may also be implied where a client, customer, member is given notice and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, the marketing of new services or products, fundraising and the client, customer, member does not opt-out.
2.4 Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), clients, customers, members can withhold or withdraw their consent for Pink Car Service to use their personal information in certain ways. A customer’s, member’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a service or product. If so, we will explain the situation to assist the customer, member in making the decision.
2.5 We may collect, use or disclose personal information without the customer’s, member’s knowledge or consent in the following limited circumstances:
- When the collection, use or disclosure of personal information is permitted or required by law;
- For the purposes of collecting a debt;
- To protect ourselves from fraud
Policy 3 – Using and Disclosing Personal Information
3.1 We will only use or disclose customer, member personal information where necessary to fulfill the purposes identified at the time of collection [or for a purpose reasonably related to those purposes such as:
- To conduct customer, member surveys to enhance the provision of our services;
- To contact our customers, members directly about products and services that may be of interest;
3.2 We will not use or disclose customer, member personal information for any additional purpose unless we obtain consent to do so.
3.3 We will not sell customer, member lists or personal information to other parties.
Policy 4 – Retaining Personal Information
4.1 We will retain client, customer, member personal information only if necessary to fulfill the identified purposes or a legal or business purpose.
Policy 5 – Securing Personal Information
5.1 We are committed to ensuring the security of customer, member personal information to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
5.2 The following security measures will be followed to ensure that client, customer, member personal information is appropriately protected:
The use of locked filing cabinets; physically securing offices where personal information is held; the use of user IDs, passwords, firewalls; restricting employee access to personal information as appropriate i.e., only those that need to know will have access.
5.3 We will use appropriate security measures when destroying client’s, customer’s, member’s personal information such as shredding documents, deleting electronically stored information.
5.4 We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
Policy 6 – Providing Clients, Customers, Members Access to Personal Information
6.1 Customers, Members have a right to access their personal information.
Policy 7 – Questions and Complaints: The Role of the Privacy Officer or designated individual
7.1 The Privacy Officer, Brooke Garcia is responsible for ensuring Pink Car Service compliance with this policy and the Personal Information Protection Act.
7.2 Customers, Members should direct any complaints, concerns or questions regarding Pink Car Service’s compliance in writing to the Privacy Officer, Brooke Garcia.
Pink Car Service
Policies and Procedures
Policy Title: Personal Information Protection Policy
Effective Date: April 1, 2017
Approved By: B. Garcia
Page Number 1 of 5