Privacy Policy

THE CALGARY AIRPORT AUTHORITY

The Calgary Airport Authority (the “Authority”) recognizes the sensitivity of Personal Information that it collects, uses and discloses. The Authority respects individuals’ rights to privacy and are committed to complying with applicable privacy legislation.

All collection, use, storage, disclosure and disposal by the Authority of Personal Information will be in accordance with this Privacy Policy. “Personal Information” is broadly defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. This includes without limitation information such as medical, criminal and employment information.

To ensure protection of Personal Information and compliance with PIPEDA, the Authority at all times abides by the following ten privacy principles.

1. Responsibility and accountability
   The Authority acknowledges and accepts responsibility and accountability for all Personal Information within its custody or under our control. All Personal Information collected, used, stored, disclosed and disposed of will be in accordance with applicable legislation and industry best practices. All Personal Information provided to any third-party processor shall be protected to the same degree as Personal Information of the Authority. The Authority has appointed a Privacy Officer who is responsible for its compliance with this Privacy Policy and all applicable privacy legislation.
2. Identifying purposes
   The Authority only collects and uses Personal Information for purposes related to its business activities, including but not limited to the management, operation and security of YBW Springbank Airport and YYC Calgary International Airport.
   Where Personal Information of an individual is being collected, such individual will be informed at or prior to the time of collection. Except as permitted or required by applicable law, the Authority will not use or disclose, for any purpose, Personal Information without first identifying and documenting the purpose and obtaining consent of the individual.
3. Consent
   The Authority will use reasonable efforts to inform the individual of the identified purpose(s) for the Personal Information and will obtain prior consent of each individual with respect to the collection, use or disclosure of Personal Information, except where consent is not required or is implied, as determined with regard to the sensitivity of the Personal Information, the reasonable expectations of the individual and any other applicable factors arising in the circumstances.
   An individual may refuse or withdraw consent at any time, subject to legal and contractual restrictions. Individuals should be aware that refusal or withdrawal of consent may prevent the Authority from being able to provide access to its services and facilities. The Authority will inform an individual of the implications of withdrawal.
4. Limiting collection
   The Authority shall only collect Personal Information by lawful and fair means and only such Personal Information as is necessary for the identified purposes.
5. Limiting use, disclosure, and retention
   The Authority shall not use or disclose Personal Information for any purposes other than the identified purposes for which it was collected, unless required by law or with the applicable individual’s consent. Personal Information shall only be retained for so long as necessary for the fulfillment of the identified purposes for which it was collected and, in all cases, only as permitted by law.
6. Accuracy
   The Authority will use reasonable efforts to ensure Personal Information is as accurate, complete, and up-to-date as required for the identified purposes but does not routinely update Personal Information except where deemed necessary for the identified purposes. Each individual is responsible for advising the Authority about changes to his or her Personal Information.
7. Safeguards
   The Authority will establish, operate and maintain appropriate safeguards to protect Personal Information against such risks as unauthorized access, disclosure, copying, use and modification. The Authority’s safeguards include physical, organizational and technical measures appropriate in relation to the sensitivity of the Personal Information. All Personal Information which may be outsourced to a third party for processing will be contractually protected to a level of protection comparable to the Authority’s own safeguards. The Authority will dispose of or destroy all Personal Information in a manner that prevents unauthorized access.
8. Openness
   Upon request, the Authority shall make available further information about its Privacy measures and practices relating to Personal Information. Requests and other inquiries may be addressed to the Authority’s Privacy Officer at 2000 Airport Road NE, Calgary, AB T2E 6W5 or at PrivacyOfficer@yyc.com.
9. Individual access
   Individuals may request access to their Personal Information that is in the Authority’s custody or under its control. Requests must be in writing and directed to the Privacy Officer who will assist with all reasonable access requests. In order for the Authority to authorize access, individuals will be required to provide sufficient identification. The Authority will endeavour to respond to a request for access within thirty days of receipt of a request prepared in accordance with applicable procedures. The Authority will provide individuals with their Personal Information at minimal or no cost and in a form that is generally understandable. If access cannot be provided, the Authority will provide written notice of the reasons for refusal. If access has been provided, and Personal Information is demonstrated to be inaccurate or incomplete, we will correct the Personal Information as required. Where appropriate, we will transmit the corrected Personal Information to other parties having access to the Personal Information in question. On request, the Authority will endeavour to provide a list of organizations to which it has disclosed or may have disclosed Personal Information in accordance with PIPEDA.
10. Compliance The Authority will investigate any complaints received in writing. If a complaint is found to be justified, the Privacy Officer will take appropriate measures to resolve the complaint including, if necessary, amending our policies and procedures. The individual will be informed, in writing, of the outcome of the investigation, including measures taken to address the findings. For general questions regarding privacy laws, or to obtain a copy of the Personal Information Protection and Electronic Documents Act, contact the office of the Privacy Commissioner of Canada at 112 Kent Street, Ottawa, Ontario, K1A 1H3, or visit their website at www.priv.gc.ca.