Sabre. is committed to safeguarding the personal information entrusted to us by employees, clients, suppliers, and other parties with which the organization interacts. The information collected shall be limited to that which is reasonably necessary for the normal conduct of business as appropriate to the nature and scope of Sabre operations. This information shall be managed in accordance with Alberta’s Personal Information Protection Act (PIPA) and other applicable laws and regulations.

The intent of PIPA and of our Policy is to balance:

The right of an individual to have his or her personal information protected
Sabre’s need to collect, use, or disclose personal information for reasonable and legitimate business purposes

The following sections detail Sabre’s policies and procedures governing the collection, use, disclosure, protection, retention, amendment, and accessibility of personal information.

Sabre shall designate a Privacy Officer responsible for overall administration in this area and for ensuring company-wide compliance with PIPA regulations. This position is currently held by:

Simon Gair, Compliance & Special Projects Manager
Phone: 403-258-0566
Email: simon.gair@sabre.ca

The Privacy Officer shall ensure that the Policy is communicated to employees, that management and administrative personnel are aware of compliance requirements and responsibilities as appropriate to their role(s) in the organization, and that a current version of the applicable legislation is readily accessible for reference as required.

Sabre personnel are responsible for adhering to established rules and for consulting the Privacy Officer in any instance where assistance or guidance is required to ensure compliance with this Policy.

Access or amendment requests for personal information are to be directed to the responsible manager/administrator or to the Privacy Officer. These will be addressed in a reasonable and timely manner (see Section 6 for further detail). As necessary, the Privacy Officer shall consult the Information and Privacy Commissioner of Alberta for guidance on PIPA compliance.

Personal information means information that identifies an individual, could be used to identify an individual, or provides information about an individual.

3.1 Collection, Use, & Disclosure without Consent

Sabre may collect, use, or disclose the personal information of a potential, current, or former employee without his or her consent if it is reasonable and solely for the purpose of effectively establishing, managing, or terminating an employment relationship (or post-employment relationship, as applicable) between the organization and that person.

Sabre shall, as appropriate, notify the employee of information to be collected, used, or disclosed and the purpose for such. This notification may be verbal or in writing (including electronic communication).

Personal information collected and used in the normal course of managing employee relationships typically includes:

Employee name, date of birth, home address, phone number, email address
Social insurance number, banking information, driving license/abstract
Educational, training, or other qualification records (e.g. certifications, resume, references, apprenticeship info)
Emergency contact information (i.e. phone number of a family member or other personal contact)
Information for which there is a legal authority under an applicable statute or regulation

Reasons for disclosure of information collected by Sabre as personal employee information may include:

Disclosure to Sabre personnel that require this to perform normal duties (e.g. Manager, supervisor, payroll or benefits administrator, safety representative)
Disclosure to a potential or current employer of the individual as reasonable to assist the employer in determining the individual’s eligibility or suitability for a position with that employer
Registration of the individual in an external training program
Provision of personal information to a client for site-access purposes (e.g. training certificates, D&A test results)
Disclosure for which there is a legal authority under an applicable statute or regulation

If the individual is a current employee, Sabre shall provide reasonable notice that his or her personal information will be disclosed and the purpose for such.

Under no circumstances shall personal information be disclosed when such disclosure may be considered to pose a real or potential risk of harm to the individual.

3.2 Collection, Use, & Disclosure with Consent & Notification

If the collection, use, or disclosure of personal information is required for reasonable purposes other than those covered under 3.1 above, Sabre shall notify and request the consent of the individual. In most cases, the information shall then be collected directly from that individual. Notification and consent may be verbal or in writing (including electronic communication).

When collecting, using, or disclosing such personal information, Sabre shall:

Notify the individual of the organization’s intent to do so and the specific purpose for such
Provide the name and position of the person able to answer questions the individual may have in this regard
Provide the individual a reasonable opportunity to decline his or her consent

Individuals have the right to decline, withdraw, or change their consent, subject to legal limitations. As soon as Sabre is notified of this, it shall advise the individual of any likely consequences if these are not obvious. When consent is declined, withdrawn, or changed, Sabre shall refrain from the collection, use, or disclosure of the affected information.

Business contact information is a sub-set of personal information used in the normal conduct of business relationships between Sabre and its clients, suppliers, or other external parties. This may include an individual’s name, title, business address, business email address, and other pertinent business information. Typically, such information is provided voluntarily, and consent for its collection and use for reasonable business purposes is thus implied. In cases where consent is required, this will be requested by the Sabre representative requiring such information.

Sabre does not request or collect any personal information through its website, nor does it track individual website visitors. As such, the provision of personal or business information to Sabre by a website user (i.e. by email submitted via the website), is considered voluntary and is not subject to consent.

The use and disclosure of such personal information provided for the normal conduct of business shall be limited to its intended purpose and shall not breach any stated or implied confidentiality. If Sabre wishes to use or disclose such personal information for any new business purpose, consent must be requested and improved in advance of any such disclosure.

While not considered personal information under PIPA, the intellectual property or other confidential business information provided to Sabre by external parties, whether voluntarily or by request and consent, shall be held confidential by Sabre and employed only for its intended business purpose.

Sabre shall employ reasonable measures to ensure the protection of personal information records and to prevent:

Misuse, theft, loss, or improper disposal
Unauthorized access to, collection, use, copying, alteration, or disclosure

These measures shall include appropriate physical, administrative, and technical safeguards as below.

1.Physical Safeguards:
Storage of hard-copy personal information records in secure areas and/or locking file cabinets
Preventing unauthorized access to storage areas
Clearing paperwork containing personal information from desks at end of day
Shredding superfluous paperwork or electronic files containing personal information

2.Administrative Safeguards

Training appropriate personnel on policies and procedures for protection of personal information
Ensuring personal information records are accessible only to personnel that require such
Retention of personal records only for as long as needed for financial, legal, operational, audit, or archival purposes.

3.Technical Safeguards

Secure electronic storage locations to prevent unauthorized access
Password protected computer logins and screensavers
Effective cybersecurity systems (firewalls and anti-virus programs)

All employees and other parties for whom Sabre retains personal information records have the right to access such records and/or request amendments to such to ensure the accuracy of their personal information.

Request for access may be verbal or written and should be made as follows:

Employees (potential, current, or past) may make such requests to their direct supervisor, who will forward this to the appropriate administrative personnel (e.g. HR Administrator, Payroll/Benefits Administrator, Privacy Officer)
External parties may make such requests to their normal Sabre contact (e.g. Project Manager, Accounting)
Recipients of such requests shall consult the Privacy Officer for assistance or guidance when necessary

Requests for access or amendments shall be addressed in a reasonable and timely manner by the administrative personnel responsible for the personal information in question. The individual shall be granted access to his or her records and provided with answers to any questions or concerns about the collection, use, or disclosure of personal information.

Complaints regarding personal information practices should be directed to the Privacy Officer for review and resolution as appropriate.

It the individual is not satisfied with the response received, he or she may escalate the concern or complaint to:

Office of the Information & Privacy Commissioner of Alberta
Suite 2460, 801 – 6 Ave. SW
Calgary, Alberta, T2P 3W2
Phone: 403-297-2728 Toll Free: 1-888-878-4044
Email: generalinfo@oipc.ab.ca Website: www.oipc.ab.ca