Privacy Policy

1.0 Privacy Policy 
1.1 Scope 
This privacy policy applies to: 
The Glencoe Club and The Glencoe Golf and Country Club employees, including 
contractors, members, and volunteers providing services on their behalf.  To 
increase readability both organizations shall be referred to as the “Glencoe”;  
Any personal Information that identifies an individual, in whatever form or 
medium (paper, digital, audio-visual, graphic) created or received in the course of 
carrying out the Glencoe’s mandated functions and activities, and; 
All facilities and equipment required to collect, manipulate, transport, transmit, or 
keep information for Glencoe business purposes. 
1.2 Legislative Requirements 
Alberta’s Personal Information Protection Act (“PIPA”) governs the collection, use 
and disclosure of personal information by private organizations, by balancing the 
right of an individual to have his or her personal information protected and the 
need of an organization to collect, use or disclose personal information for 
purposes that are reasonable.  
As a non-profit organization, the Glencoe is not bound by the provisions of PIPA 
except if engaged in a commercial activity. Nevertheless, the Glencoe is guided 
by PIPA in implementing best practices for the protection of personal information.  
1.3 Privacy Statement
The Glencoe is committed to protecting the privacy of individual employees, members, 
their families and guests. To that end, The Glencoe has implemented a privacy program 
to meet the following privacy goals: Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 

Accountability
The Glencoe is responsible for protecting the confidentiality of personal information in its 
custody or under its control in compliance with the applicable federal or provincial 
legislation. 
The Glencoe has identified and designated a Privacy Officer to be responsible for 
implementing the privacy program and ensuring compliance with legislation. 
Openness 
The Glencoe develops and follows privacy and security policies and practices that are 
compliant with legislation. Such policies and practices are publicly available. 
Collection and Consent 
The Glencoe collects personal information only for reasonable business purposes and 
with the consent of the individual or authorized representative, except where otherwise 
authorized by legislation. 
Identifying Purposes 
The Glencoe identifies the purposes for which personal information is collected. 
Limited Use, Disclosure and Retention 
The Glencoe uses, discloses and retains personal information for purposes consistent 
with the purpose for which it was collected.  Use and disclosure for other purposes is by 
consent of the individual or as authorized by legislation. 
Accuracy 
The Glencoe makes all reasonable efforts to ensure that personal information collected, 
used or disclosed by or on behalf of The Glencoe is accurate and complete. 
Safeguards 
The Glencoe protects personal information in its custody or control by deploying security 
measures and practices to prevent unauthorized access, collection, use, disclosure, 
copying, modification, disposal or destruction. 
Right of Access 
Individuals have a right to access information that The Glencoe holds about them, 
subject only to limited and specific exceptions. Individuals who believe there is an error 
or omission in their personal information have a right to request correction or 
amendment of the information. 
Compliance Challenges 
Individuals are encouraged to bring any concerns or issues regarding privacy to the 
Privacy Officer for discussion and response.  An individual may also ask Alberta’s 
Information and Privacy Commissioner to review the Glencoe’s response to the 
individual’s access to information request or a request for correction, or any policies or 
practices that the individual feels are not in compliance with legislative requirements. 
However, in light of the Glencoe’s non-profit status, the Office of the Information and 
Privacy Commissioner may determine that it does not have the authority to deal with a 
particular matter.Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 

2.0 Terms and Definitions 
Authorized representative: 
May include: 
A guardian of a minor;  
An executor or administrator of the estate of an individual who is deceased; 
A guardian or trustee of a dependent adult; 
An individual acting with the written authorization of an individual; 
An individual who is acting under a power of attorney. 
Collection:  
To gather, acquire or obtain personal information from any source, including third 
parties. 
Consent:  
A voluntary agreement that allows the collection, use and disclosure of personal 
information by the Glencoe for a defined purpose. Consent may be given orally or in 
writing (including by electronic transmission). Consent may by express, implied/deemed 
or “opt-out”, all as defined in Section 5.  Consent may be withdrawn or varied at any 
time. 
Disclosure:  
Giving access to or making the personal information in the Glencoe’s custody available 
to a third party such as another individual, another organization or a contractor. 
Employee: 
An individual employed by the Glencoe. An individual who is a volunteer, or who is under 
a contract or agency relationship with the Glencoe is also considered an “employee” for 
the purposes of this Privacy Policy. 
Notification:  
An explanation of policies, procedures, consequences and risks related to the collection, 
use or disclosure of an individual’s personal or personal employee information. The 
Glencoe will notify individuals and employees when personal information is being 
collected, and will inform them of the purposes for which it is being collected. The 
Glencoe will also provide the name or title of the person who is able to answer on behalf 
of the Glencoe the individual’s questions about the collection. 

Personal Employee Information: 
Personal information that is reasonably required by the Glencoe for the purposes of 
establishing managing or terminating an employment, volunteer or membership 
relationship.  This includes personal information required for recruitment purposes and 
for managing relationships with former employees, volunteers and members.  Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 

Personal Information: 
Information about an identifiable individual, including factual information and opinions 
expressed about and by the individual, including, but not limited to:  
Name, address, age, gender, weight and height  
Educational or financial history  
ID numbers, place of birth, ethnic origin  
Medical information 
Opinions and evaluations of or about an individual 
Religious, political or civil affiliations, where applicable 
Consumer activity 
Personal information does not include:  
1.  Business contact information, such as an individual’s name, title, address 
and other business contact information, if such information is collected, 
used or disclosed solely for the purposes of enabling the individual to be 
contacted in relation to his or her business responsibilities 
2.  Information collected, used or disclosed solely for artistic, journalistic or 
literary purposes 
The Glencoe  
Means both The Glencoe Club and The Glencoe Golf & Country Club
Third Party  
Organization or individual other than the Glencoe and its employees and the owner of 
the personal information documented in record. 
Use 
Use of information by the Glencoe’s employees for an identified business purpose that is 
authorized by policy or law.Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 


3.0 Collection, Use and Disclosure of Personal Information 
3.1 Collection of Personal Information 
1. The least amount of information is collected, with the highest degree of anonymity, 
solely to meet reasonable business purposes. The purposes for collection may 
include: 
Assessing The Glencoe Club / Golf and Country Club Membership eligibility 
Verifying and maintaining membership status in accordance with Club By-laws 
Providing physiotherapy and childcare services 
Providing nutrition or fitness counseling 
Ensuring the health and safety of members, guests and employees 
Registration and participation in sports, fitness and recreational services, 
programs and activities, including tournaments 
Processing product and food sales, including sales on Member’s Accounts 
Membership and financial accounting 
Arranging for and processing of membership payments 
Communication with Club members 
Creating and displaying media content celebrating sport and social events 
2. The Glencoe collects personal information with the consent of the individual, 
consistent with the consent standards set out in PIPA (see Section 5.0). 
3. The Glencoe collects personal information about an individual directly from the 
individual the information is about, or from an authorized representative. 
4. Personal information can be collected without the consent of the individual in certain 
circumstances, including: 
Collection of the information is authorized or required by statute or regulation; 
It is clearly in the interests of the individual and consent cannot be obtained in a 
timely way or the individual would not reasonably be expected to withhold 
consent; 
Collection of the information is from a public body authorized or required by 
statute to disclose the information to the Glencoe; 
The collection of the information is reasonable for the purposes of an 
investigation or a legal proceeding; or 
Collection of the information is necessary to collect a debt owed to the Glencoe 
or for the Glencoe to repay money owed to an individual.  
To determine the individual’s suitability to receive an honor, award or similar 
benefit, including an honorary degree, scholarship or bursary. 
3.2 Use and Disclosure of Personal Information 
1. The Glencoe uses and discloses personal information collected with consent only for 
the purposes to which the individual has consented. If the Glencoe later wishes to Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 

use or disclose personal information for a purpose other than that for which it was 
originally collected, the Glencoe will obtain the individual’s consent before any such 
use or disclosure is made (in accordance with Section 5.0) unless consent is not 
required.  
2. Personal information can be used or disclosed without the consent of the individual 
in certain circumstances, including:  
Use or disclosure of the information is authorized or required by statute or 
regulation; 
It is clearly in the interests of the individual and consent cannot be obtained in a 
timely way or the individual would not reasonably be expected to withhold 
consent; 
Use or disclosure of the information is reasonable for the purposes of an 
investigation or a legal proceeding; 
Use or disclosure of the information is necessary to collect a debt owed to the 
Glencoe or for the Glencoe to repay money owed to an individual; or 
Use or disclosure of the information is necessary to respond to an emergency 
that threatens the life, health or security of an individual or the public. 
3. There are certain additional circumstances in which personal information can be 
disclosed without the consent of the individual, including:  
 Disclosure of the information is for the purpose of complying with a subpoena, 
warrant or order issued by a court, person or body having authority to compel 
production of such information; 
 Disclosure is to a public body or law enforcement agency in Canada to assist in 
an investigation for the purposes of a law enforcement proceeding; or 
 Disclosure of the information is for the purposes of contacting next of kin or a 
friend of and injured, ill or deceased individual. 
4. The Glencoe ensures that individuals or their authorized representative are notified 
of any new purpose for which personal information will be used or disclosed. 
3.3 Notification Requirements 
1. The Glencoe ensures that the individual is notified of the purposes for collecting, 
using or disclosing their personal information, before the information transaction 
takes place, unless it is for one of the purposes for which consent is not required. 
2. The Glencoe ensures individuals are notified of any surveillance devices in use on 
the premises for security purposes. 
3. The Glencoe notifies individuals through the use of appropriate notices, forms, 
posters, verbal statements, brochures, or other forms of communication.   Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 

4.0            Collection, Use and Disclosure of Personal Employee 
Information 
4.1 Collection of Personal Employee Information 
1. The least amount of information is collected, with the highest degree of anonymity, to 
meet the business purpose. 
2. Personal employee information collected is limited to that required to support the 
work or relationship the employee has with the Glencoe. The purposes for collection 
of personal employee information may include:  
Employee recruitment, classification and compensation 
Evaluation of staff / performance appraisals / employee evaluation 
Enabling professional development 
Ensuring employee health and safety 
Processing of salary or wage payments 
Obtaining contract services 
Occupational health and employee benefits administration 
Communicating with present and former employees  
3. For specific information about the purposes for the collection, use or disclosure of 
personal employee information, please refer to Appendix 2 which identifies the 
purposes of collection in further detail. 
4. Consent is not required when personal information is collected for the purposes of 
recruiting potential employees, managing an existing employee, terminating an 
employee or communicating with a former employee. 
5. For all other purposes, the Glencoe will obtain the consent of the individual in 
accordance with consent standards (see Section 5.0). However, no consent is 
required in the following circumstances: 
Collection of the information is authorized or required by statute or regulation; 
It is clearly in the interests of the employee and consent cannot be obtained in a 
timely way or the employee would not reasonably be expected to withhold 
consent;  
Collection of the information is from a public body authorized or required by 
statute to disclose the information to the Glencoe; 
Collection of the information is reasonable for the purposes of an investigation or 
legal proceeding; 
Collection of the information is necessary to collect a debt owed to the Glencoe 
or for the Glencoe to repay money owed to the employee; 
4.2 Use and Disclosure of Personal Employee Information 
1. The Glencoe uses and discloses personal employee information of existing or past 
employees only for the purposes consistent with the purposes, consents, or 
exceptions identified in 4.1 at the time of collection. Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 

2. For all other purposes, the Glencoe will obtain the consent of the individual in 
accordance with consent standards (see Section 5.0) 
4.3 Notification Requirements  
1. Employees are notified of the purposes for which their personal employee 
information is collected, used, and disclosed before the information transaction takes 
place. 
2. The Glencoe ensures employees are notified of any surveillance devices in use on 
the premises for security purposes. 
3. The Glencoe notifies employees through the use of appropriate notices, forms, 
posters, verbal statements, brochures, or other forms of communication.  See 
Appendix 5 for a sample notification. 
5.0   Consent Standards for Personal Information 
1. The Glencoe obtains the consent of the individual before collecting the information. If 
additional consent is required for the use or disclosure of information for any 
purposes other than those for which the information was collected, consent will be 
obtained from the individual before any such use or disclosure occurs.  
2. There are three options for determining the appropriate consent forms or process: 
Express consent:  
Individual is informed of the purposes for which the personal information is to be 
collected, used and/or disclosed, and expressly gives permission, either in writing 
(including by electronic transmission) or orally, before action taken.  
Implied or deemed consent:
Permission is reasonably implied based on clear and direct actions and 
circumstances under which the information was voluntarily provided by the 
individual, without even notifying the individual of the purposes.  
Opt-out: 
An individual is given reasonable opportunity to decline or object to having their 
personal information collected, used or disclosed for the identified purposes. If 
the individual provides no response when given such opportunity, consent is 
presumed. 
3. Express or implied consent is required for collection of all personal information, 
unless specifically authorized in policy.  
4. Opt-out is only used when dealing with personal information limited to an individual’s 
name, and other contact information.   
5. Only the individual or authorized representative can provide consent. 
6. The Glencoe cannot refuse a service to an individual if they refuse to give their 
consent for the collection of personal information beyond what is reasonably required 
to provide the service.  Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 

7. An individual may refuse to give their consent for personal information to be collected 
in relation to a specific purpose the Glencoe has identified. In the event that an 
individual places reasonable conditions on their consent, the Glencoe must consider 
whether there is another way the purpose may be achieved without collecting the 
information. 
8. An individual may revoke or vary consent at any time. 
9. Personal information is deemed to have been collected with appropriate consent and 
notification if it was collected before January 1, 2004. 
6.0 Information Handling and Security 
6.1 Administrative Safeguards 
1. The Glencoe ensures that policies and procedures to facilitate the safeguarding of 
personal information in its custody or control are developed and maintained.  
2. The need for confidentiality and security of personal information is addressed as part 
of the conditions of employment for Glencoe employees, beginning with the 
recruitment stage, and included as part of job descriptions and contracts. All staff 
must be aware of, and appropriately trained with regard to policies and procedures 
for safeguarding personal information.  
3. All Glencoe employees, volunteers, and agents that collect, use, disclose or have 
access to personal information as part of the performance of their duties sign a 
Confidentiality Agreement. 
4. All Glencoe employees will complete a Criminal Records Check (ie. Backgound or 
Police Check) prior to hiring. 
5. Before implementing proposed new administrative practices or information systems 
that will change or significantly affect the collection, use and disclosure of personal 
information, the Glencoe completes an assessment that describes how the new 
initiative will affect privacy, and what measures the Glencoe will put in place to 
mitigate risks to privacy.  
6. The Glencoe’s employees and persons acting on behalf of the Glencoe report all 
violations and breaches of information security as soon as possible to the Glencoe’s 
Privacy Officer. This enables the Privacy Officer to take corrective action to resolve 
the immediate problem and minimize the risk of future occurrence. 

6.2 Physical Safeguards 
1. All records kept by the Glencoe, both on-site and off-site, are held and stored in an 
organized, safe and secure manner in accordance with information security 
standards.  
2. Appropriate fire detection and extinguishing devices are located in areas where 
personal information is stored.  Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 
10 
3. The Glencoe’s records are not accessible by unauthorized persons. In areas where 
unauthorized persons are present, measures will be taken to ensure that files are not 
left unattended or accessible.  
4. Computers or monitors that are left unattended in reception areas of areas where 
personal information is processed are secured and logged off, either manually or by 
default timer. 
5. All servers and equipment storing electronic personal information are secured by 
locked cabinets or rooms within the Glencoe when not under direct supervision by 
staff. 
6. The Glencoe’s records or equipment holding records (e.g. laptop computers) are not 
to be left unattended in a vehicle, even if the vehicle is locked.  
7. Appropriate measures are taken to control the distribution of keys or pass codes, and 
to ensure they are returned or changed after employment or association with The 
Glencoe has ended. 
8. All personal information will be treated with sensitivity. Staff will take care when 
sharing information if conversations can be overheard or intercepted by unauthorized 
individuals. 
9. Personal information that is transmitted by mail or courier will be sealed, marked as 
confidential, and directed to the attention of the authorized recipient. 
10. Glencoe employees will verify the identity and credentials of courier services used for 
the transportation of personal information. 
11. Information that is not confidential or sensitive in nature will be recycled. All personal 
information is destroyed by shredding. Destruction will be documented by listing the 
records and/or files to be destroyed, the date of destruction, and a staff member’s 
signature to confirm that the destruction occurred.  
12. All information will be deleted using secure data wiping techniques prior to disposal 
of electronic data storage devices (e.g. surplus computers, internal and external hard 
drives, diskettes, tapes, CD-ROMS, photocopier hard drives, USB flash drives, etc.), 
or the device(s) will be destroyed.   
13. The retention period for personal information is set according to the business 
requirements of the Glencoe. Information is to be kept only for as long as is 
reasonable, depending on the circumstances.
6.3 Technical Safeguards 
1. Firewalls, intrusion detection software, or other technical means to protect internal 
Glencoe networks carrying identifiable personal information is in place to prevent 
unauthorized use and malicious software. 
2. Access to data and application systems containing personal information is limited by 
each employee’s functional role and need to know. 
3. Employees of the Glencoe access and use information systems under their assigned 
User ID. The use of another person’s assigned User ID is prohibited. Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 
11 
4. Access to the Glencoe’s information systems is controlled and password protected. 
Passwords are kept confidential at all times and will not be written down, posted 
publicly, or shared with other staff.  
5. Fax machines and printers that may be used to send or receive personal information 
are located in a secure area.  
6. All fax transmissions will be sent with a cover sheet that indicates the information 
being sent is confidential. Reasonable steps are taken to confirm that personal 
information transmitted via fax is sent to a recipient with a secure fax machine. 
7. Personal information is not permitted to be sent by e-mail or transmitted over the 
internet or external networks without the use of appropriate security safeguards, 
such as encryption and authentication.  
8. E-mail messages must contain a confidentiality notification.  
9. To detect unauthorized access and prevent modification or misuse of user data in 
applications, systems may be monitored to ensure conformity to access policies and 
standards. Appropriate security controls, such as event logs, will be implemented 
and reviewed as required. 
10. Computer systems that hold critical or sensitive information, including personal 
information, will be backed up on a daily basis. Backed up information is stored in a 
secure environment off-site.  Information that is intended for long-term storage on 
electronic media (e.g. tape, DVD, disk) will be reviewed on an annual basis to ensure 
the data is retrievable, and to migrate the data to another storage medium if 
necessary. 
6.4 Contractors 
1. The Glencoe ensures that contracted service providers (e.g. contractors, 
consultants, support service providers or business partners) comply with the 
Glencoe’s privacy and security policies  
2. An agreement or contract is completed and signed between the Glencoe and each of 
the contracted service providers that require access to the information systems and 
assets of the Glencoe. Until a contract detailing explicit information security 
provisions has been executed, the contracted service provider is not given access to 
the Glencoe’s premises or systems containing confidential business or personal 
information.  
3. Contracted service providers will be required to demonstrate that the service 
provider’s privacy and security policies are of a standard that is at least comparable 
to the Glencoe’s standards.  Where two standards exist, the service provider shall be 
held to the higher of the two standards. 
4. All employees of contracted service providers who have access to and use the 
Glencoe’s information assets and systems sign a confidentiality agreement. 
Contracted service providers are to remind their employees on termination of their 
continued responsibility to maintain the confidentiality of the Glencoe’s information. 
5. Contracted service providers are to immediately report breaches of confidentiality 
and privacy to the Glencoe’s Privacy Officer.  Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 
12 
6. Contracts with service providers that have access to the Glencoe’s information 
assets and systems include provisions that protect the Glencoe’s operations from 
circumstances where the information assets or systems may be compromised. In 
order to mitigate these situations, provisions dealing with disaster recovery and 
system backup are included in all agreements, to a standard that meets or exceeds 
that of the Glencoe.  
7.  Contracts with service providers include provisions for destroying or returning all 
Club information assets, including hardware, system documentation and information 
assets upon termination of agreements and in accordance with contract provisions 
reflecting records retention and data management policy.
To ensure compliance with contracted provisions for information security, the 
Glencoe: 
Requires contractors to sign an acknowledgement that they have received, read 
and will comply with any Glencoe information security policies that they are 
obligated to follow under the contract; 
Actively monitors contracted service providers with access to information assets 
or systems for inappropriate access, use, or disclosure and to ensure compliance 
with contract security provisions. 
8. The Glencoe retains the right to inspect the premises and security practices of 
contracted service providers without notice to ensure compliance with contract 
provisions and stated policies. 
7.0 Right of Access and Correction 
7.1 Individual Requests for Access to Their Own Information 
1. Requests from individuals to access basic personal information about themselves 
(e.g., contact information, facility access statistics) are handled as a routine release 
of information.  
2. Formal requests for access to information that may involve review and severing must 
be in writing to the Glencoe’s Privacy Officer, or designate. A person may request 
access to another individual’s personal information only if that person has a signed 
consent from the Individual.  
3. Individuals making routine or formal requests may be required to provide sufficient 
information to verify their identity and authority to access to the information.  Any 
such information provided shall be used for these purposes only. 
4. The Glencoe responds to formal requests for access to personal information within 
thirty (30) calendar days of receipt of the request  
5. The Glencoe does not charge the individuals for access to their own personal 
information.  However, reasonable fees may be charged for reproduction, 
transcription, or transmission of information, so long as the individual is notified 
before these costs are incurred. A fee for reasonable costs incurred may be charged 
when responding to more complex requests.  The individual will be informed of the 
fee in advance.  Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 
13 
6. Requested information will be provided in a form that is generally understandable.  
The Glencoe will endeavor to explain the meaning of the content, codes and 
abbreviations included in the individual’s record to the extent that it is reasonably 
practical. 
7. In providing an account of third parties to whom it has disclosed personal information 
about an individual, The Glencoe will be as specific as possible.  When it is not 
possible to provide a list of the organizations to which it has actually disclosed 
information about an individual, the Club will provide a list of organizations to which it 
is likely to have disclosed information. 
8. Individuals are permitted to view either the original record, or to request a copy of the 
record, subject to the exceptions set out in this Policy.  To preserve the integrity of 
the record and ensure that documents are not removed from the Glencoe, an 
individual wishing to view an original record will do so under the supervision of 
designated personnel.  
7.2 Exceptions to Right of Access 
1. In certain situations, the Glencoe must refuse to provide access to personal 
information: 
If the disclosure of the information could reasonably be expected to threaten the 
life or security of another individual; 
If the information would reveal personal information about another individual; or 
If the information would reveal the identity of an individual who has in confidence 
provided an opinion about another individual and the individual providing the 
opinion does not consent to disclosure of his or her identity. 
2. Additionally, the Glencoe may refuse to provide access to personal information in 
certain circumstances, including if: 
The information is protected by solicitor-client privilege; 
The disclosure of the information would reveal confidential commercial 
information; 
The information was collected for an investigation or legal proceeding relating to 
a breach of agreement or contravention of law; 
The disclosure of the information might result in that type of information no longer 
being provided to the Glencoe when it is reasonable that that type of information 
would be provided; 
The information was collected or created in the course of a formal arbitration or 
mediation process; 
3. If the Glencoe is reasonably able to sever excepted information from a record 
containing personal information about the individual requesting access, the Glencoe 
will provide that individual with access to the part of the record containing the 
personal information after the excepted information has been severed. Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 
14 
4. The Glencoe informs the individual in writing of any refusal of a request for access to 
personal information, the reason(s) for the refusal, and any recourse the individual 
may have to challenge the Glencoe’s decision. 
7.3 Individual Requests to Correct or Amend Personal Information 
1. Requests from individuals to correct / amend information about themselves (e.g. 
change of name or address) are handled as a routine correction of information. 
2. Formal requests to correct or amend information subject to review must be in writing 
to the Glencoe’s Privacy Officer, or designate. An individual may request the 
correction of another person’s information only if they have that person’s signed 
consent. 
3. All formal requests must be accompanied by appropriate documentation to support 
the request before the Glencoe will amend the information as required or as 
appropriate.  Generally, the Club will not amend professional opinions that are made 
by staff that have the competency to make them.  If amendments are made, the 
original information must not be deleted but retained and marked as incorrect by 
crossing out, for example. The amended information will be transmitted to third 
parties as appropriate, in accordance with the provisions of this Policy regarding the 
disclosure of personal information. 
4. The Glencoe responds to formal requests for correction or amendment of personal 
information within thirty (30) calendar days of receipt of the request.  
5. The Glencoe informs the individual in writing of any refusal of a request to correct or 
amend personal information, the reason(s) for the refusal, and any recourse the 
individual may have to challenge the Glencoe’s decision. 
6. If the individual is not satisfied with the results of his/her request, The Glencoe 
internally documents the issue in the relevant record(s) and provides a response. 
The existence of the unresolved challenge will be transmitted to third parties, as 
appropriate.  
7.4 Individual Challenges to Request Responses 
Individuals are encouraged to bring any concerns or issues about the Glencoe’s 
responses to requests or its compliance with this Policy to the Glencoe’s Privacy Officer 
for discussion and mediation.  Individuals may also challenge responses in writing to the 
Information and Privacy Commissioner of Alberta.  However, in light of the Glencoe’s 
non-profit status, the Office of the Information and Privacy Commissioner may determine 
that it does not have the authority to deal with a particular matter. In such case, 
challenges to responses to requests regarding personal information are limited to the 
Glencoe’s Chief Executive Officer (CEO).Revised March 2011 
The Glencoe & The Glencoe Golf & Country Club 
15 
8.0     Roles and Responsibilities 
8.1 Privacy Officer Responsibilities 
The Health & Safety Manager is designated to act as Privacy Officer for the Glencoe. 
The responsibilities of the Privacy Officer include: 
Identifying privacy compliance issues for the Glencoe; 
Ensuring that privacy and security policies and procedures are developed and 
maintained as necessary; 
Ensuring that the Glencoe’s employees, volunteers and contracted personnel are 
aware of their duties, roles, and responsibilities under applicable privacy policies, 
procedures and legislation; 
Providing advice on, and interpretation of, applicable privacy legislation, including 
release / non-release of information (in consultation with Club / Golf employees 
as necessary); 
Responding to requests for access to information, or to correct or amend 
personal information, and facilitating the request process as necessary; 
Ensuring the overall security and protection of personal information in the 
custody or control of the Glencoe ; 
Representing the Glencoe with respect to privacy matters, in dealings with third 
parties, the provincial government and the federal or provincial Commissioners, 
as necessary. 
8.2 Senior Management 
The Chief Executive Officer at the Glencoe  
Reviews and approves Privacy Policy; 
Reviews challenges to request responses involving personal information. 
8.3 All Employees 
All employees are responsible for implementing the Glencoe’s privacy policies and 
procedures for all personal information they collect, use, disclose, handle, or view. All 
employees:  
Make themselves aware of and adhere to access to information and privacy 
policies and standards; 
Access, release and protect information in their custody or control according to 
policy; 
Refer all decisions about collection, use, disclosure, and access that are not 
clearly directed by policy to the Glencoe’s Privacy Officer or designate.