Privacy Policy

Welcome! Who We Are and Why We Have a Privacy Policy

The Alberta School Councils' Association (ASCA) is a registered (1948) non-profit society in Alberta and Canadian Charity. ASCA is governed by a volunteer Board of Directors comprised of parents on Member School Councils across Alberta.

ASCA's Members are school councils from Public, Separate, and Charter schools. Francophone school councils opt to be members of the Francophone parents' association. Membership in ASCA is not compulsory for any school council.

ASCA provides resources and support to further this vision in a variety of ways, promoting positive relationships between parents, teachers, principals, central office personnel and school trustees. Supporting effective school council practices and demonstrating how parent engagement can enhance school improvement strategies, and ultimately student success, is at the core of all ASCA efforts.

ASCA advances the "parents' perspective” on education issues to government, education partner organizations and others. The collective parents' "voice” is gathered through a resolution process culminating in debate and vote at an Annual General Meeting of the Association. Resolutions carried into policy inform ASCA advocacy efforts.

ASCA is committed to safeguarding the personal information entrusted to us by our Members and clients. We manage your personal information in accordance with Alberta’s Personal Information Protection Act (PIPA) and other applicable laws. This policy outlines the principles and practices we follow in protecting your personal information.

This policy applies to ASCA and to any person providing services on our behalf. A copy of this policy is provided to any Member or client on request. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us via our website at www.albertaschoolcouncils.ca

What Is Personal Information/Data?

Personal information means information about an identifiable individual. This includes an individual’s name, home address and phone number, age, sex, marital or family status, race, national or ethnic origin, colour, religion, an identifying number, financial information, education, medical, criminal or employment history, or information about financial transactions.

 

What Personal Data We Collect and Why We Collect It

ASCA's Membership records include the information required in Section 36(1) of the Societies Act in Alberta: the full name and street address or postal code; the dates on which membership started and ended; the type of membership.

ASCA will disclose its Membership records in accordance with Sections 36(2) and 36(3) of the Societies Act in Alberta.

ASCA will collect only the personal information (names, email addresses, phone numbers) that we need for the purposes of providing services to our clients, including personal information needed to:

  • deliver requested products and services
  • enroll a client in a program
  • send out Association Membership information

We normally collect this information directly from our Members and/or clients. We may collect this information from school divisions accessing Membership or services on behalf of their school councils.

We inform our clients, before or at the time of collecting personal information, of the purposes for which we are collecting the information. The only time we don’t provide this notification is when a client volunteers information for an obvious purpose (for example, requesting a service, registering for an event or Learning Opportunity, or producing a credit card to pay a membership fee when the information will be used only to process the payment).

Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument. All payment data is stored by Stripe. You may find their privacy notice link(s) here: https://stripe.com/en-gb-ca/privacy

Consent

We ask for consent to collect, use or disclose client personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.

We assume your consent to continue to use and, where applicable, disclose personal information that we have already collected, for the purpose for which the information was collected.

We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent orally (in person, by telephone), or in writing (by email or by checking a box on a form).

In cases that do not involve sensitive personal information, we may rely on “opt-out” consent. For example, we contact you regarding renewal of Membership, changes in services, or important Association updates.

A client may withdraw consent to the use and disclosure of personal information at any time, unless the personal information is necessary for us to fulfill our legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information.

We may collect, use or disclose client personal information without consent only as authorized by law. For example, we may not request consent when the collection, use or disclosure is to determine suitability for an honour or award, or in an emergency that threatens life, health or safety.

Comments

Any comments submitted through our website, contact forms, or social media accounts may be used internally for organizational improvement. Comments will not be shared publicly without the express permission of the individuals making the comments.

Media

Visitors to www.albertaschoolcouncils.ca cannot upload media files to this site.

Analytics

Box Clever, the website host, uses analytics to understand how visitors interact with our website. These analytics do not collect personal information or identify individual users.

ASCA uses the analytics provided by some of our social media platforms ("X", Facebook, etc.) to understand the efficiency of our social media communications. These analytics do not collect personal information or identify individual users.

Website Hosting and Who We Share Your Data With

Our website is hosted by Box Clever, which automatically collects certain non-identifiable information when  you interact with our site. This data may include your IP address, browser and device details, operating system, language preferences, referring URLs, and usage patterns. This information is used to ensure the security and functionality of our site, as well as for analytics and reporting. Box Clever's full privacy policy is available at www.boxclever.ca/privacy-policy

ASCA uses and discloses Member and client personal information only for the purpose for which the information was collected, except as authorized by law. For example, we may use client contact information to deliver services such as Learning Opportunities.

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

If we wish to use or disclose your personal information for any new business purpose, we will ask for your consent. We may not seek consent if the law allows this (e.g. the law allows organizations to use personal information without consent for the purpose of collecting a debt).

How Long We Retain Your Data

We retain personal information only as long as is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes.

ASCA retains Member data in perpetuity.

ASCA retains Members Only Access contact information for up to five (5) years.

ASCA retains Contact Form records for up to five (5) years.

ASCA retains Requests for Services or Registration for Learning Opportunities and events for up to five (5) years.

Rights You Have Over Your Personal Information

Individuals have a right to access their own personal information in a record that is in the custody or under the control of ASCA, subject to some exceptions. For example, organizations are required under the Personal Information Protection Act to refuse to provide access to information that would reveal personal information about another individual.

If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record.

You may make a request for access to your personal information by email to parents@albertaschoolcouncils.ca or in writing to ASCA's Executive Director. You must provide sufficient information in your request to allow us to identify the information you are seeking.

You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization. In addition, you may request a correction of an error or omission in your personal information.

We will respond to your request within 45 calendar days, unless an extension is granted. We may charge a reasonable fee to provide information, but not to make a correction. We will advise you of any fees that may apply before beginning to process your request.

Where We Send Your Data

Data and personal information collected by ASCA through any means, for any purpose, is used internally or as required by law, and is not sent elsewhere.

How We Protect Your Data

We make every reasonable effort to ensure that personal information is accurate and complete. We rely on individuals to notify us if there is a change to their personal information that may affect their relationship with ASCA. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible. In some cases we may ask for a written request for correction.

We protect personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorized access to personal information.

We use appropriate security measures when destroying personal information, including robust electronic security measures, shredding paper records and permanently deleting electronic records.

What Data Breach Procedures We Have in Place

1. Experiencing a Breach
In the event that we become aware of a data breach involving personal information, our Security Operations Centre (SOC) team will promptly assess the situation to determine the scope and impact of the breach.

2. Containment and Mitigation
Upon identifying a data breach, the SOC team will take immediate steps to contain the breach and mitigate its effects. This may involve isolating affected systems, changing access credentials, and implementing additional security measures to prevent further unauthorized access.

3. Investigation
The SOC team will conduct a thorough investigation to understand the cause of the breach, the extent of the data compromised, and the vulnerabilities exploited. The findings will inform our response and future security enhancements.

4. Notification
If the breach poses a significant risk to affected individuals, customers, partners, clients, members (and other impacted parties), we will notify them as soon as possible. This notification will include:

  • A description of the breach.
  • The types of information involved.
  • The steps we have taken to address the breach.
  • Recommendations for individuals to protect themselves.
  • Contact information for further assistance.

5. Reporting to Authorities
Where required by law, we will report the data breach to relevant data protection authorities within the time frame prescribed by applicable regulations.

6. Remediation
Based on the investigation findings, the SOC team will implement corrective actions to prevent future breaches. This may include updating security protocols, training staff, and enhancing our monitoring and detection systems.

7. Documentation
All actions taken in response to the data breach will be documented, including the timeline of events, the decisions made, and the measures implemented. This documentation will be retained in accordance with our data retention policy.

8. Continuous Improvement
We are committed to continuously improving our security practices. Lessons learned from any data breach will be incorporated into our security policies, procedures, and training programs.

What Third Parties We Receive Data From

ASCA does not receive data about users from third parties, including, but not limited to advertisers.

Automated Decision Making and/or Profiling

ASCA does not engage in any automated decision making and/or profiling with any user data collected.

Industry Regulatory Disclosure Requirements

In Alberta, both federal and provincial privacy statutes govern the collection, use and disclosure of personal information. These are the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Alberta Personal Information Protection Act (PIPA), which impact for-profit entities as well as charities and not-for-profit organizations.  When an organization falls within the scope of either PIPEDA or PIPA, it must obtain an individual’s consent before collecting, using and disclosing that individual’s personal information (subject to certain exceptions, such as those previously mentioned).

In addition, the Alberta Charitable Fund-raising Act (CFA) affects the way that charitable organizations, like ASCA, and fund-raising businesses deal with personal information.

PIPEDA applies to all private sector organizations, including charities and not-for-profit organizations, that collect, use or disclose personal information in the course of “commercial activity”, unless a “substantially similar” provincial law is in effect. Because PIPA has been declared substantially similar to PIPEDA, PIPA will instead apply where the collection, use and disclosure of personal information occur within Alberta.

PIPA applies to personal information that is in the custody or control of a non-profit organization if it is collected, used or disclosed by the organization in connection with a commercial activity carried out by the non-profit organization.

PIPA has separate rules that apply to “non-profit organizations”, which are defined as organizations incorporated or registered under specific Alberta legislation – the Societies Act, the Agricultural Societies Act, or Part 9 of the Companies Act. These rules confirm that PIPA applies only to non-profit organizations to the extent that the organization collects, uses or discloses personal information in connection with commercial activities.

What is Commercial Activity?

“Commercial activity” refers to any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists. Other examples of commercial activity include the sale of merchandise or services and events or performances for which an admission fee is charged. The acceptance of donations or the provision of free services would not fall within the definition of commercial activity.

Cookies

Box Clever may use cookies and other tracking technologies to collect and store your information. They may also use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how Box Clever uses such technologies is set out in their Cookie Notice.

 

 

Contact Forms

ASCA uses Contact Forms to enable Members and clients to update their contact information, request assistance or services, or subscribe to specific electronic communications from ASCA. Any data collected through ASCA's Contact Forms is used only for the purpose(s) intended.

Additional Information

If you have a question or concern about any collection, use or disclosure of personal information by Alberta School Councils' Association (ASCA), or about a request for access to your own personal information, please email parents@albertaschoolcouncils.ca or call 780-454-9867 / 1-800-661-3470.

If you are not satisfied with the response you receive, you should contact the Information and Privacy Commissioner of Alberta:

Toll Free: 1-888-878-4044
Email:    generalinfo@oipc.ab.ca         Website:     www.oipc.ab.ca

Office of the Information and Privacy Commissioner (Edmonton)
#410, 9925 - 109 Street NW
Edmonton, AB     T5K 2J8
Phone: (780) 422-6860

Office of the Information and Privacy Commissioner (Calgary)
Suite 2460, 801 - 6 Avenue, SW
Calgary, Alberta  T2P 3W2
Phone:  (403) 297-2728