Privacy Policy

Purpose

The Association of Alberta Municipalities (ABmunis) and its Associated Entities collect Personal Information from various third parties as part of its operations. ABmunis follows best practices in information management as a responsible custodian of this information.

ABmunis shall comply with the governing privacy legislation to the extent it is applicable to the Association and/or its activities.

Definitions

In this policy:

  • “ABmunis” or “Association” means the Association of Alberta Municipalities.
  • “Associated Entities” means the Alberta Municipal Services Corporation (AMSC), AMSC Insurance Services Ltd. (AMSCIS), the Alberta Municipal Insurance Exchange (MUNIX), and the APEX Supplementary Pension Plan (APEX).
    “Board” means the ABmunis Board of Directors.
  • “CEO” means the person appointed by the ABmunis Board of Directors as Chief Executive Officer.
  • “Committee” means a standing committee of the Board, or an ad-hoc committee established by the Board.
  • “Consent” means consent given by a person who is the subject of the information or, where applicable, by another person in accordance with the intended use and collection of Personal Information.
  • “Consistent Purpose” means that if Personal Information has been collected by one business unit or subsidiary of ABmunis that it will not be disclosed to another business unit or subsidiary unless the use of the information by the second business unit or subsidiary is consistent with the purpose (use) of the business unit or subsidiary that collected it initially.
  • “Contractor” means an independent person who is not an employee of ABmunis and is not entitled to any employee benefits other than the payments set out in the agreement.
  • “Disposition” means the final action for a record containing Personal Information by either destruction or permanent archiving.
  • “Employee” includes Permanent Employees, Term and Temporary Employees of ABmunis.
  • “Individual” means an Employee, Contractor, Board and Committee member.
  • “Need-to-know” means the principle of limiting access to Personal Information to employees and contractors of ABmunis who require the information to perform their normal duties and to complete normal ABmunis business operations.
  • “Personal information” means any information about an identifiable individual, which may include but is not limited to names, social insurance numbers, employee or health care identifiers or another unique identifier (e.g., insurance policy number, birth date, gender, race or ethnic identifier, photograph, video or audio recording of the individual, home address, home or personal cell telephone number, the individual’s fingerprints or other biometric information, blood type, information about the individual’s health and health care history, information about the individual’s educational, financial, employment or criminal history).
  • “Privacy Officer” means the person designated as the first point of contact when privacy issues arise. They are responsible for responding to Personal Information requests and providing recommendations to ensure that ABmunis is compliant with applicable privacy legislation.
  • “Retention” means a record can be retained for a period of time after it is no longer in use by ABmunis and before its Disposition is applied.

Policy

ABmunis Policy AP005 - Privacy (the “Policy”) applies to any Personal Information collected, used, or disclosed by ABmunis. All members of ABmunis Boards and Committees, as well as employees of ABmunis, are required to comply with this Policy and associated procedures.

Collection of Personal Information

When collecting Personal Information, ABmunis will:

  • Notify an Individual, at or before the time that Personal Information is collected, the purpose for which it is collected, unless otherwise authorized by applicable legislation,
  • Limit the collection to what is reasonable to achieve the purposes for which the information was collected or for a Consistent Purpose,
  • Endeavour to collect Personal Information directly from an Individual, unless the Individual has otherwise consented or as authorized by applicable legislation,
  • Ensure that all Individuals have the right to request access to their Personal Information which ABmunis collects about them,
  • Ensure that all Individuals have the right to seek correction of their Personal Information if that Personal Information is incorrect, and
  • Comply with applicable legislation and this Policy.
Use and Disclosure of Personal Information

When using or disclosing Personal Information, ABmunis will:

  • Only retain Personal Information for as long as reasonably necessary to fulfill the purposes for which the Personal Information was collected, or for legitimate business or as required by law, and
  • Use and disclose Personal Information for the purpose for which it was collected, for a Consistent Purpose, as authorized by applicable legislation, or as required by law.
Access to and Correction of Personal Information

Any Individual can request access to or a correction of their Personal Information in the custody or under the control of ABmunis or may make a complaint about non-compliance with applicable legislation or this Policy, by submitting a written request to the Privacy Officer at privacy [at] abmunis.ca.

The Individual must include sufficient detail to enable ABmunis to identify any record in the custody or under the control of ABmunis containing Personal Information in respect of which the request is made. Upon receiving a request, ABmunis will comply with its obligations under applicable legislation. An Individual may request a copy of or access to a record containing the Personal Information of the Individual.

An Individual who is dissatisfied with ABmunis’ response may have the right to request a review of the decision by submitting a request in writing to the Office of the Information and Privacy Commissioner of Alberta within 30 days of being notified of ABmunis’ decision.

Protection of Personal Information

All Individuals are required to comply with this Policy and any associated procedures in relation to the security and protection of Personal Information within the custody or control of ABmunis and are required to make reasonable efforts to reduce the risk of unauthorized disclosure of Personal Information.

Where any Individual becomes aware of any actual or potential loss, unauthorized access, or disclosure of Personal Information other than in accordance with applicable legislation or this Policy, they must immediately report the incident to the Privacy Officer.

This Policy may be updated or modified. Last updated April 2024.