Privacy Policy (Updated February 28, 2025)

River Valley School is committed to protecting your privacy and ensuring your personal information is handled responsibly. This policy outlines how we collect, use, and safeguard personal data in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA)* and Alberta’s Personal Information Protection Act (PIPA)**.

1. Information Collection and Use

We collect personal information such as names, contact details, and student data through online forms, applications, and surveys. The information is used solely for educational, administrative, and communication purposes.

2. Consent

In accordance with PIPEDA, we obtain explicit consent from individuals before collecting, using, or disclosing personal information. For minors, parental or guardian consent is required. Consent may be given explicitly or implied, depending on the context of data collection and use.

3. Data Retention and Disposal

We comply with PIPA in retaining personal information only for as long as necessary to fulfill the purpose for which it was collected. After that, data is securely disposed of, through shredding physical documents or permanently deleting digital files.

4. Third-Party Sharing

Personal data will not be shared with third parties without explicit consent unless required by law or for school operations. Any third parties must follow strict data protection protocols.

5. Security Measures

We employ multiple security measures to protect your personal information, including encryption, secure data storage, and role-based access control. We continuously monitor for vulnerabilities and implement updates to keep data safe.

6. Children’s Privacy

Parental consent is required for the collection of information on minors. All student data is securely managed and used exclusively for educational and administrative functions, with strict access controls in place.

7. Breach Notification

Under PIPEDA, we are required to notify affected individuals and authorities of any significant data breaches. In the event of a breach, we will immediately act to contain the incident and communicate with those affected.

8. Access to Information

In compliance with PIPA, individuals have the right to access, correct, or request the deletion of their personal information. All requests will be handled promptly, in line with legal obligations.

9. Cloud Storage

We use Google Drive for secure data storage. Google Drive’s robust encryption and access control features help protect personal data in alignment with the requirements of PIPEDA and PIPA. Only authorized staff have access to this information, and multi-factor authentication is in place.

10. Updates to the Policy

This policy will be updated as needed to reflect changes in privacy laws or our practices. Any major updates will be communicated to stakeholders.

 

*PIPEDA governs how organizations collect, use, and disclose personal information in the course of commercial activities. It requires organizations to obtain consent before collecting personal information, allow individuals access to their data, and report breaches when personal information is exposed.

**PIPA applies to provincially regulated private sector organizations, businesses and, in some instances, to non-profit organizations for the protection of personal information and to provide a right of access to an individual’s personal information.