Skip to main content

Privacy Policy

Body
 
Body
 

1. Purpose and Scope

At Ambrose University we understand that privacy is an important issue for all our constituents (as defined below). This Privacy Policy outlines our principles, procedures, and commitments regarding the collection, use, disclosure, confidentiality and security of constituent personal information. We believe that ensuring the accuracy, confidentiality, and security of the personal information we hold about our constituents is more than a legal requirement, it is an ethical obligation. Accordingly, we have adopted this Privacy Policy to meet applicable legal requirements (e.g. Personal Information Protection Act) and the specific needs and expectations of our constituent base.

 

2. Key Terms and Definitions

  • "Collection" - the act of gathering, acquiring, or obtaining personal information.
  • "Consent" - means voluntary agreement with what is being done or proposed. Consent may be expressed or implied. Express consent can be given orally or in writing. Implied consent exists when consent can be reasonably inferred.
  • "Constituent" - is any individual who enrolls, or applies, or works, or commits to participate in any way with Ambrose University (may be employee, student, donor, volunteer, parent of student, etc.).
  • "Disclosure" - the act of making personal information available to third parties.
  • "Use" - the treatment and handling of personal information by Ambrose University.
  • "Personal Information" - information about an identifiable individual, subject to exclusions permitted by applicable privacy law.
  • "Third-Party" - an individual or organization other than Ambrose University and the constituent about whom personal information relates.
  • “University Official” – an individual who has authority to act in an administrative capacity at the University.
 

3. Accountability

Ambrose University is accountable for the protection of constituent personal information in its possession. While senior management is ultimately accountable for the protection of personal information, the day-to-day monitoring for compliance may be delegated to other staff.

The overall responsibility for the protection of personal information and compliance with this policy rests with Ambrose University’s Privacy Officer.

 

4. Identifying the Purposes of Personal Information

Ambrose is committed to protecting the privacy of the personal information of its constituents. We value the trust of those we deal with, and of the public, and recognize that maintaining this trust requires that we be transparent and accountable in how we treat their personal information.

Ambrose University collects constituent personal information for reasons that include:

  • To efficiently and accurately enrol students to our academic institution and administer their ongoing enrolment;
  • To ensure and enhance the success and welfare of our students;
  • To develop and manage services to meet the needs of our constituents;
  • To contact our constituents directly for services that may be important to the completion of their education or added benefits to them as students and alumni;
  • To determine the eligibility of our constituents for different services;
  • To ensure a high standard of service to our constituents, including through the use of constituent surveys in order to enhance the provision of services from our institution;
  • To protect and manage our assets;
  • To meet regulatory requirements;
  • The information is collected for the purposes of law enforcement;
  • The collection of information is authorized by an enactment of Alberta or Canada;
  • To verify a constituent’s identity; and
  • The operation of the University and its programs.

In particular, personal information of students may be collected and used for admission, registration, scholarships and awards administration, academic progress monitoring, planning and research, alumni relations, ensuring and enhancing wellbeing and success, contacting the student about University courses and services, and carrying out the University’s program, mandate, and operations. Specific information may be disclosed to relevant student associations, accrediting bodies, supporting denominations, and provincial and federal governments, as authorized by students or otherwise by applicable law.

Ambrose University will only collect personal information for the purposes identified, and collected information will be limited to information that Ambrose actually requires. Ambrose University will use methods that are lawful and will not collect information indiscriminately.

 

5. Constituent Consent

Where required by law, Ambrose University will obtain constituent consent to collect, use or disclose their personal information. Ambrose University will make reasonable efforts to ensure that constituents understand how their personal information will be used and disclosed.

Consent may be given orally, in writing, or electronically. For example, consent can be expressed over the telephone when information is being collected; electronically when submitting an agreement, application, or other information; in writing when signing an agreement or application form, when using a service, or when indicating by means of a check-off box whether or not consent is granted. Consent can also be implied by a constituent’s course of conduct, for example by voluntarily disclosing personal information.

Subject to applicable law or contractual or other legal arrangements, constituents may withdraw or refuse consent, provided that Ambrose University is first given reasonable notice. However, refusal or withdrawal of consent may prevent Ambrose University from providing service to the constituent.

 

6. Using and Disclosing Personal Information

Constituent information will only be used or disclosed for the purpose(s) for which it was collected. Ambrose University will not use personal information for any additional purpose unless Ambrose University obtains constituent consent to do so, or as otherwise authorized by law.

Ambrose University will not sell constituent lists or personal information to Third Parties.

Ambrose University may from time to time engage external service providers to assist with its operations and programs. If an outside service provider is engaged by Ambrose and requires access to constituent personal information, Ambrose University will ensure that appropriate arrangements are in place to protect such personal information.

 

7. Accuracy

Ambrose University will make reasonable efforts to ensure that constituent personal information in its possession or under its control is accurate, complete, and current for the purposes for which it was collected. In some cases, Ambrose University relies on constituents to ensure that their personal information, such as the constituent’s address or telephone number, is current, complete, and accurate. 

Constituents may request amendments to their personal information in Ambrose University’s possession in order to ensure the accuracy and completeness of their personal information. If the information is demonstrated to be inaccurate or incomplete, Ambrose University will amend the information as required. Corrections will be made as soon as possible.

 

8. Storing and Safeguarding Personal Information

Ambrose University is committed to the safekeeping of constituent personal information in order to prevent its loss, theft, or unauthorized access, disclosure, duplication, use, or modification. We will achieve this in several ways.

Ambrose University will employ appropriate security measures to protect constituents’ personal information. The measures may include, for example, the physical security of offices and data servers, and electronic security measures such as passwords, encryption, and personal identification numbers.

Ambrose University will protect the confidentiality of constituent personal information by only disclosing it internally to persons who have a legitimate and reasonable needs to access it. Further, we will protect the confidentiality of constituent personal information when dealing with third parties. Ambrose University will retain constituent personal information only as long as necessary or expected to be necessary for the identified purposes, as required for its reasonable operations, or as otherwise required by law. Ambrose University will use appropriate security measures when disposing of constituent personal information.

The development of Ambrose University policies and procedures for the protection of personal information is an ongoing process. Changes in technology necessitate that Ambrose University continually develop, update, and review information protection guidelines and controls to ensure ongoing information security.

 

9. Access to Personal Information

Constituents have a right to access their personal information held by Ambrose University. If a constituent makes a request to access his or her personal information, Ambrose will comply with those timelines required by applicable privacy law and all other legal requirements. Constituents may be asked to be specific about the information they would like to access and to submit their request in writing. Upon request, Ambrose University will, within a reasonable time period, tell the constituent what personal information it has, for what it is being used, to whom it has been disclosed if applicable, and the time(s) and location(s) records are available for review.

In certain situations, Ambrose University may not be able to provide access to all or part of a constituent’s personal information. In such cases, Ambrose University will explain the reasons for why it is unable to provide such information. The reasons for not providing information may include: the information would threaten the life or security of another individual, the information was generated in a dispute resolution process, the information contains or would reveal personal information of another, or the information cannot be disclosed for legal reasons, security purposes, or is subject to solicitor-client or litigation privilege, or other grounds permitted by applicable law.

 

10. Responsibilities

All Ambrose employees and contractors, and other individuals who act with or on behalf of Ambrose (such as student leaders, or students involved in Ambrose-related activities), must review this Privacy Policy and comply with its terms. In addition to any other related duties regarding confidentiality that such individual may have, Ambrose expects that such individuals will comply with requirements set forth in this Privacy Policy and the applicable privacy laws. Any employee or contractor individual who breaches these duties, including but not limited to the intentional or unauthorized disclosure of personal information of constituents, will be subject to discipline up to and including termination.

Questions

Constituents may direct any questions regarding this Privacy Policy, or requests for access to their personal information, in writing to the Privacy Officer as follows:

Privacy Officer: privacyofficer@ambrose.edu

150 Ambrose Circle S.W.
Calgary, Alberta T3H 0L5