NOTICE: As of June 2, ASEBP will be closing the third-floor reception area to the public permanently. This means ASEBP will no longer be accepting walk-ins or in-person appointments. Covered members will still be able to meet with ASEBP virtually or over the phone through the online booking process. To book a meeting, please visit the Contact Us page.

Contact Us

Privacy Policy

Page Navigation Guide

Toggle Table of Contents

ASEBP understands that privacy is a critical concern for everyone. This Privacy Policy outlines our principles regarding our information handling practices related to personal information.

Date of Original Issue: September 24, 2008
Dates Modified: August 11, 2010; January 4, 2016; October 9, 2018; July 12, 2019; December 30, 2020; January 25, 2022; March 2, 2023; May 8, 2025, June 12, 2025

Background

Canadian privacy legislation recognizes the right of the individual to have their personal information protected and the need for organizations such as ASEBP to collect, use, or disclose personal information for reasonable business purposes. ASEBP is committed to protecting the privacy of personal information under its custody or control in accordance with the Personal Information Protection Act of Alberta (“PIPA” or “the Act”), which came into force in January 2004. In some situations, the Personal Information Protection Electronic Documents Act of Canada (“PIPEDA”) may apply.

At the root of ASEBP’s information management practice is the belief that it must be transparent in its management of personal information and safeguard the personal information entrusted to it. Fundamentally, ASEBP protects all personal information and only shares/discloses personal information with consent or when required by legislation.

Guideline Statement

ASEBP believes that ensuring accuracy, confidentiality, and security of personal information in its custody and control is more than simply a legislated requirement; it is an ethical obligation. ASEBP’s Privacy Policy is based on the Canadian Standards Association (CSA) Model Code for protecting personal information and privacy legislation.

ASEBP reserves the right to change this Privacy Policy at any time; it may add, modify, or remove portions of this policy without notice, other than the posting of this Privacy Policy on its website.

Section 1: Accountability

1.1    ASEBP is responsible for all personal information under its custody or control. This obligation extends to anyone whose personally identifiable information is collected, used, or disclosed by ASEBP.

1.2    Overall responsibility for the protection of personal information and compliance with this policy rests with ASEBP’s chief executive officer and privacy officer.

1.3    ASEBP shall have policies and/or procedures for protection of personal information, processing requests for access to information and for responding to suspected or known privacy breaches. These policies may be made available upon request.

1.4    All new ASEBP employees and Trustees shall undergo an orientation regarding privacy, access to and protection of personal information. Regular refresher and ad hoc training shall also be provided as deemed necessary.

Section 2: Identifying Purposes

2.1    ASEBP shall communicate the purpose(s) for why personal information is being collected, either orally or in writing.

2.2    The primary purpose for collecting personal information about covered members and their dependants is to provide benefit coverage*. Secondary purposes include, but are not limited to, the following:

a.    To understand the health needs of its covered members;

b.    To develop and manage products and services to meet the needs of its members;

c.    To contact members directly for ASEBP products and services that may be of interest;

d.    To determine eligibility for services;

e.    To ensure a high standard of service for its members;

f.    To meet regulatory requirements;

g.    To verify identity;

h.    To conduct audits of claims;

i.    To administer the terms and conditions of the benefit plans; and

j.    To answer questions or communicate information related to job opportunities at ASEBP.

Note: For the purpose of this Privacy Policy and all related policies and procedures, the term ‘benefit coverage’ shall include income replacement benefits, general health benefits, spending accounts, and the Employee & Family Assistance Program.

2.3    The primary purpose for collecting personal employee information is to establish, manage, or terminate an employment or volunteer-work relationship or manage a post-employment or post-volunteer-work relationship.

2.4    ASEBP must collect certain types of personal information to satisfy legal requirements. For example, ASEBP must collect an individual’s Social Insurance Number in accordance with the Income Tax Act to issue T4A slips for income replacement benefits or Wellness Spending Accounts.

2.5    Unless required by law, ASEBP shall not use or disclose, personal information that has been previously collected for any new purpose without first identifying and documenting the new purpose and obtaining the consent of the covered member.

3.1    ASEBP shall obtain consent to collect, use, or disclose any personal information except where detailed in this Policy or allowed by legislation. ASEBP shall make reasonable efforts to ensure that covered members understand how their personal information will be collected, used, and disclosed.

3.2    ASEBP does not require consent from a covered member’s dependants (i.e. spouse and children) where collection, use or disclosure of their personal information is for enrolment in or coverage under an insurance policy or benefit plan as PIPA deems these individuals to have provided such consent. ASEBP shall obtain consent from dependants when collection, use, or disclosure of their personal information is required for any purpose not consistent with enrolment in or coverage under an insurance policy or benefit plan.

3.3    PIPA states that minors can act on their own behalf if they understand the nature of the rights and powers conferred upon them by the Act, and the consequences of exercising them. ASEBP has considered the nature of its business in light of this provision and has deemed that most individuals who are 16 to 17 years of age would understand their rights as set out in the Act. ASEBP has identified these individuals as “knowledgeable dependants.” Accordingly, ASEBP requires all knowledgeable dependants to provide consent for the collection, use, or disclosure of their personal information where such collection, use, or disclosure is not for enrolment in or coverage under an insurance policy or benefit plan.

3.4    Consent regarding the collection, use, or disclosure of personal information related to an individual under 16 years of age, for a purpose that is not consistent with enrolment in or coverage under an insurance policy or benefit plan will be managed pursuant to ASEBP’s Dependant Consent Process.

3.5    In some situations, an authorized representative may take the place of the covered member. This means that another person has the authority to do what the individual can under PIPA. An authorized representative may be:

a.    A guardian of a minor (someone who has the care and custody of a minor or takes daily care of the minor – for example, a married parent, a divorced parent with a custody order, a guardian appointed by a court, etc.);

b.    An executor or administrator of the estate of an individual who has died;

c.    A guardian or trustee of a dependent adult;

d.    An individual acting with the written authorization of an individual; or

e.     An individual who is acting under an appropriate and valid power of attorney.

3.6    Privacy legislation sets out certain situations that allow an organization to collect, use, or disclose information without consent, including, but not limited to, the following:

a.    When such collection, use, or disclosure is permitted or required by law;

b.    When use or disclosure of information is necessary to respond to an emergency that threatens the life, health, or security of an individual or the public;

c.    When the information is publicly available;

d.    When ASEBP needs to collect a debt from a covered member;

e.    When a reasonable person would consider that the collection, use, or disclosure of the information is clearly in the interest of the individual and consent cannot be obtained in a timely way, or the individual would not reasonably be expected to withhold consent; and

f.    When ASEBP is required to disclose information pursuant to a subpoena, warrant, or court order, or to comply with a rule of court that relates to production of information;

Note: A complete list of circumstances that allow the collection, use, or disclosure of personal information without consent is detailed in the PIPA and PIPEDA.

3.7    Consent may be given orally, in writing, or electronically, depending on the sensitivity of the information. For example, consent for disclosing benefit entitlement information to a spouse or service provider may be given over the phone. In contrast, ASEBP requires written consent to use/disclose bank account information for direct deposit or withdrawal purposes. ASEBP has developed specific consent forms for use by covered members and their dependants—these forms can be accessed via the ASEBP website.

3.8    Consent may be withdrawn or varied at any time, subject to legal or contractual restrictions and reasonable notice. Individuals withdrawing consent will be notified of any impact this may have on their eligibility for services provided by ASEBP. ASEBP shall not unreasonably withhold services or information from covered members who refuse or withdraw consent; however, most services cannot be provided without collecting, using, or disclosing personal information. Therefore, consent is usually required for ASEBP to provide its suite of services. Anyone considering withdrawing or varying their consent should contact ASEBP to determine the implications this may have. If consent is withdrawn or varied, a reasonable period is required to process the request.

Section 4: Limiting Collection of Personal Information

4.1    ASEBP will only collect personal information required for reasonable business purposes. Where appropriate, ASEBP shall collect personal information directly from the individual whom the information is about. Nevertheless, it is sometimes necessary to collect personal information from third parties such as employers (e.g. salary) and physicians (e.g. diagnoses, treatment plans). When ASEBP needs to collect information from such third parties, it will do so with the consent of the individual. ASEBP is not responsible for any additional information covered members provide directly to these parties.

4.2    ASEBP may record telephone conversations to its benefits inquiries line and will provide advance notice of any such recording. Although not recorded, some calls may be monitored for training purposes and documented to enhance customer service and confirm discussions with covered members.

In accordance with Alberta’s Personal Information Protection Act (PIPA) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), ASEBP will:

  • Notify individuals at or before the time of recording, where required;
  • Collect only the personal information necessary for the stated purposes;
  • Use and disclose such recordings only for the purposes identified or as otherwise permitted or required by law;
  • Protect recorded information using appropriate safeguards based on its sensitivity;
  • Retain recordings only as long as necessary to fulfill the identified purposes, after which they will be securely deleted or anonymized.

By participating in recorded interactions, individuals are deemed to have been informed of and, where applicable, to have consented to the collection of their personal information, subject to their rights under applicable privacy laws.