PERSONAL INFORMATION PROTECTION POLICY
Apex Mountain Resort (1997) Ltd. (the “Organization”)
The purpose of this policy is to govern the Organization’s collection, storage, use, and disclosure of personal information in a manner which recognizes both the right of individuals to protect their personal information and the need of the Organization to collect, store, use, and disclose personal information for purposes reasonably related to the Organization’s operations. This policy is intended to ensure compliance with the requirements of the B.C. Personal Information Protection Act (the “Act”) and adherence to the principles set out therein.
The Organization has designated a person (or persons) to be responsible for ensuring the Organization’s compliance with the requirements of the Act (the “Personal Information Administrator(s)”) and shall make available the Personal Information Administrator’s position name, title, and contact information upon request.
The Organization has and shall continue to: develop and follow policies and practices that are necessary to ensure compliance with the Act; provide a process to respond to complaints that may arise relating to the operation of the Act; and make those practices, policies, and processes available upon request.
3. COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION
The Organization shall only collect, use, or disclose personal information when the individual’s consent has been obtained, or when the Act allows the collection, use, or disclosure without the individual’s consent, or when the Act deems the consent to have been given by the individual.
The Organization shall only, as a condition of supplying a product or service, require an individual to consent to the Organization’s collection, use, or disclosure of personal information when that collection, use, or disclosure is reasonably necessary to provide the product or service.
Where required by the Act, on or before collecting personal information about an individual, the Organization shall make available to the individual, or to such other person(s) from whom the personal information is being collected, the Organization’s purposes for the collection of the personal information and the contact information for the Personal Information Administrator.
4. USE AND DISCLOSURE OF PERSONAL INFORMATION
The Organization shall only use or disclose personal information for purposes which are reasonably appropriate in the circumstances and which fulfill the purposes for which the personal information was collected or which are otherwise permitted by the Act.
5. ACCESS TO PERSONAL INFORMATION
When required by the Act, the Organization shall provide to an individual, upon request of the individual: that individual’s personal information which is under the control of the Organization; details about the ways in which the individual’s personal information is being used by the Organization; and details about the individuals and organizations to whom the individual’s personal information has been disclosed.
When required by the Act, the Organization shall correct an error or omission in the individual’s personal information and send the corrected personal information to each individual or organization to whom the individual’s personal information was disclosed in the previous one-year period. If the Organization does not change the personal information as a result of a request it shall make a notation that a change was requested.
6. CARE OF PERSONAL INFORMATION
The Organization shall make a reasonable effort to ensure that personal information collected by or on behalf of the Organization is accurate and complete for the purposes for which it is to be used. The Organization shall protect personal information in its custody or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal or similar risks.
7. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
As required by the Act, the Organization shall retain personal information for such reasonable period of time that the individual has a reasonable opportunity to obtain access to it. As required by the Act, the Organization shall destroy documents containing personal information or remove the means by which the personal information may be associated with a particular individual when the purpose for which the personal information was collected is no longer served by its retention and the retention is no longer required for legal or business purposes.
8. REQUESTS TO THE PERSONAL INFORMATION ADMINISTRATOR
An individual shall submit a request in writing to the Personal Information Administrator if the individual wishes to:
- have access to that individual’s personal information which is under the control of the Organization;
- have access to details about the ways in which that individual’s personal information is being used by the Organization;
- have access to details about the individuals and organizations to whom the individual’s personal information has been disclosed by the Organization;
- have access to details about the Organization’s policies and practices relating to personal information;
- have access to details relating to the complaint process set out herein; or
- correct an error or omission in that individual’s personal information.
- The Organization will endeavour to respond to the Applicant within 30 days of receipt of the request.
9. COMPLAINTS RELATING TO PERSONAL INFORMATION
The Organization’s process to respond to complaints that may arise relating to the operation of the Act as it relates to the Organization is as set out below.
a. Submission of Complaints
An individual wishing to submit a complaint relating to the Organization’s collection, storage, use, or disclosure of that individual’s personal information may submit a complaint in writing to the Personal Information Administrator within 30 days of learning of the action complained of (or within such other period of time as is reasonable in the circumstances).
b. Review of Complaints
The Personal Information Administrator shall review complaints, give them and the underlying circumstances reasonable consideration, and provide the individual with a meaningful response within 30 days of receiving the complaint unless, due to the complexity of the complaint or other matters beyond the control of the Personal Information Administrator, reasonable further time is required.
c. Reconsideration of Complaints
If the individual’s complaint is not resolved at the initial step set out above, the Personal Information Administrator shall, upon the individual’s written request, submit the written complaint to a senior officer, manager, or other responsible person who shall review the complaint and the Personal Information Administrator’s response to the complaint and within 14 days shall provide the individual with a further, meaningful response.
d. Co-operation of Individual Submitting Complaint
Where required by the Organization for the purpose of satisfying the Organization’s obligations under this process, the individual shall provide his or her co-operation and assistance to the Organization in its efforts to understand and assess the merits of that individual’s complaint.
e. Dismissal of Complaints
The Organization may dismiss a complaint for reasons including (but not limited to): the individual’s failure to raise or pursue the complaint in a timely manner; the individual’s failure to abide by his or her obligations under this process; the absence of merit or reasonableness (including frivolousness or vexatiousness) in the complaint; or the fact that the complaint or the proposed resolution is contrary to the Organization’s obligations under the Act or any other statute or law.
f. Confidentiality of Complaints
Except where disclosure is necessary for the purposes of investigating a complaint, responding to the complaint or allegation, implementing a resolution, or as required by law, the Organization shall make reasonable efforts to respect the sensitivity of the situation and to hold in confidence the individual’s identity and/or the nature of the complaint.
g. Other Proceedings
This process does not bar or prohibit individuals from accessing their rights in another forum, including under the processes provided in the Act. Where a complaint is raised in another forum, however, the Organization may halt (or refuse to initiate) any proceedings initiated or pending under this process.
10. THE PERSONAL INFORMATION ADMINISTRATOR
For the purposes set out herein and in the Act, the contact information for the Organization’s Personal Information Administrator is:
P.O. Box 1060