Privacy Policy

Mount St. Louis Moonstone recognizes and respects your privacy, and commits that we will not share any personally identifiable information with any third-party (excluding Mount St. Louis Moonstone’s subsidiaries, affiliates or related entities) without your consent, except as described in this Policy. We reserve the right to disclose any personally identifiable information as follows:

Mount St. Louis Moonstone may share your information with our consultants, vendors and service providers, who assist us in maintaining and providing the Site. Mount St. Louis Moonstone may also disclose information when required by law or under the good-faith belief that such disclosure is necessary in order to conform to applicable law, comply with legal process served on Mount St. Louis Moonstone, or to protect the property or interests of Mount St. Louis Moonstone, its agents and employees, personal safety, or the public. Under such circumstances, Mount St. Louis Moonstone may be prohibited by law, court order, or other legal process from providing notice of the disclosure, and Mount St. Louis Moonstone reserves the right to not provide such notice in its sole and absolute discretion. As its business evolves, Mount St. Louis Moonstone may sell, transfer, or otherwise share some or all of its assets, including personally identifiable information, in connection with a merger, reorganization, or sale of assets, or in the event of bankruptcy. In such an event, personally identifiable information, along with cookies or automatically recorded information may be one of the assets transferred. Mount St. Louis Moonstone shall have no duty to notify You, or seek your consent, regarding the aforementioned exceptions.

Mount St. Louis Moonstone Ski Resort (“MSLM”) is committed to safeguarding the Personal Information of our employees, customers, and other stakeholders (the “Users”). Collection, use, disclosure, and retention of information must comply with provisions of the FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT and the PERSONAL INFORMATION PROTECTION ACT. Collected personal information will only be used by those authorized to fulfill the purpose for which it was originally collected or for a use consistent with that purpose. We do not disclose information to other public bodies or individuals except as authorized by law. We keep the information only for the length of time necessary to fulfill the purpose(s) for which it was collected.

While your Personal Information may be collected that information will be managed collectively with all data collected by each of the Resort’s affiliated entities. For the purposes of this Privacy Policy, the comingling of data collected by Mount St. Louis Ski Resort and its affiliates shall not be deemed to be a disclosure of Personal Information to a third party. While your Personal Information may be transferred to affiliated entities, your Personal Information will always be held on the same conditions of confidentiality and with the same level of security consistent with this Policy.

This Privacy Policy establishes the Company’s policies and procedures with respect to all Personal Information collected, used, and disclosed by the Resort. This Privacy Policy applies to all employees of MSLM, anyone that utilizes any of the services provided by the Resort, and anyone that accesses any of the websites linked to this Privacy Policy and operated by MSLM.

MSLM’s websites may contain links to third-party websites, applications and services. The information practices or the content of such other websites are governed by the privacy statements and policies of those websites. The Resort encourages you to review the privacy statements and policies of those websites to understand their information practices.

Your privacy matters to MSLM. Please take the time to get to know our practices, and if you have any questions, contact us by email at mslm@mountstlouis.com

What Is Personal Information or Personal Data?

Personal Information or Personal Data refers to any information about an identified or identifiable individual.

The term “personal information” has the same meaning as set out in the Personal Information Protection and Electronic Documents Act (PIPEDA), which means any information about an identifiable individual including contact information, name, address, phone number, email address, gender, date of birth, and any other data about yourself that you choose to provide electronically through the Website or otherwise.

Any data that has been collected in which all personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered personal information or personal health information. This type of anonymized information may be used for research purposes.

We collect information in the following ways:

• Information you give us.
• Some of our services require you to sign up for an account. When you do, we will ask for Personal Information, including your name, birth date, email address, phone number and photograph along with other applicable information to create your account. Some of our services will also require you to provide us with your Personal Information to obtain a product or receive information from us, such as newsletters or other email messages containing information of a commercial or promotional nature.
• Cookies and similar technologies
• The Resort uses cookies or other tracking tools to provide services required by the User if consented to by the User.

Google Analytics

Google Analytics is a web analysis service provided by Google Inc. (“Google”) that is used on our website(s). Google utilizes the data collected to track and examine the use of the Company’s website(s), to prepare reports on the Company’s website(s) activities and to provide the Company with other services related to website and Internet use. Google may use the data collected to contextualize and personalize the advertisements of its own advertising network.

Google Analytics processes information in the USA. The Personal Information collected by Google includes cookies and usage data. We encourage you to review the Privacy Policy for Google Analytics if you would like any further details regarding how they process Personal Information.

What Personal Information do we Collect?

MSLM only collects what is necessary for the purpose of collection. What follows is the type of Personal Information that we may collect, depending on your relationship with the resort and how you use our services.

Personal information of customers

The following list includes the type of Personal Information that may be collected by MSLM respecting customers:

• Name, date of birth, home address, telephone number, email address.
• Information in connection with the products or services you inquire about or purchase from us.
• Video Surveillance at some locations throughout.
• Customer photographs for both customer accounts at mountstlouis.com and at the points of Axess Gated Lift Entry
• Government issued identification; (visual verification only)
• Other information as necessary to maintain our business relationship with you, such as information related to your preferences, feedback and information requested or provided by you.
• Credit card or other financial information.
• Usage data respecting use of the Company’s website(s) through the website(s) (or through third-party services employed by the website(s)) which can include the IP addresses or domain names of the computers utilized by the User; the URI addresses; the time of the request; the method utilized to submit the request to the server; the size of the file received in response; the numerical code indicating the status of the server’s answer (successful outcome, error, etc.); the country of origin; the features of the browser and the operating system utilized by the User; the various time details per visit (e.g., the time spent on each page within the website(s)); and the details about the path followed within the website(s) with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment

Personal information of employees

The following list includes, but is not limited to, the Personal Information that may be collected by MSLM respecting employees:

• Contact information, including name, home address, telephone number, email address.
• Criminal background check(s);
• Employment information, including resume (which may include educational background, work history, and references), reference information and interview notes, letters of offer and acceptance of employment, policy acknowledgment forms, background verification information, workplace performance evaluations, emergency contacts, performance reviews, disciplinary and coaching notes.
• Benefits information, including forms relating to applications or changes to health and insurance benefits including medical and dental care, life insurance, short and long- term disability; and
• Financial information, including pay deposit information and tax-related information, and Social Insurance Number or other required government-issued identification.
• Serving it Right number
• Employee photos and video surveillance
• Birthdates
• Required Training
• Unless specified otherwise, all Personal Information requested by MSLM is mandatory for the resort to provide its services to the User. As such, failure to provide this Personal Information may affect the ability of a User to utilize the resort’s services. In cases where we have stated that the Personal Information is not mandatory to utilize the service, Users are free to not communicate this Personal Information without any impact on the User’s ability to use the Company’s services. Any questions respecting what information is mandatory can be directed to mslm@mountstlouis.com

MSLM may also collect Personal Information for the purpose of evaluating market trends and other activities relating to our business. To provide you with timely, valuable information, we may also ask you to provide us with information regarding your professional interests and experiences with our products or services. Providing us with this information is optional.

Mount St. Louis Moonstone learns certain information about You from your visit to this Site, and what we do with this information depends on what You do when you are visiting this Site. This Policy lets you know what choices, access and security You have with respect to the information Mount St. Louis Moonstone collects.

Generally, Mount St. Louis Moonstone may gather and store information about visitors, tracking visitors’ usage on this Site on an aggregate basis (meaning that the information collected does not contain personally identifiable information). The collection of this general information enables Mount St. Louis Moonstone to measure the number of visitors to various portions of this Site, diagnose problems with our server, administer this Site and similar uses. Mount St. Louis Moonstone will only use this general information to learn more about what You and our customers are expecting from our services, and tailor and improve this Site. We may use this aggregate data (information which does not contain personally identifiable information) for any purpose whatsoever without notice to You.

Additionally, “cookies” may be used. Cookies are electronics files that your Web browser places on your hard drive to retain information relating to visits to and use of a website. Although cookies allow You to visit this Site more efficiently, cookies may be disengaged by changing your browser properties (each browser is different, so please review your browser properties to determine how to disengage cookies). We may use this aggregate data (information from which all personally identifiable information has been removed) for any purpose whatsoever without notice to You.

We collect your Personal Information to operate, maintain, enhance, and provide all features of the resort’s services, to send you marketing communications, to respond to comments and questions, to provide support to Users of the resort’s services. We use information collected from cookies and other technologies to improve your experience and the overall quality of our services and website.

You will be notified of one or more specific purposes of collection at the time of providing your Personal Information and asked for your consent to the collection and use of your Personal Information for those purposes. If your Personal Information is to be utilized for any purpose besides that outlined at the time of collection, you will be notified of that new purpose and asked for consent prior to the use of your Personal Information for that new purpose, except as otherwise permitted by the applicable legislation and this Privacy Policy.

Some of your collected Personal Information is displayed on Lane Control Monitors at the Axess Gated Lift Entry system. This includes your name, Date of Birth, Person Type (i.e. Adult, Youth/Senior, Tiny Tyke, Employee) Ticket Type (i.e. DAY 9am to 4pm, AFTERNOON 12:30pm to 9pm, DAY/NIGHT 9am to 9pm NIGHT 4pm to 9pm, Season Pass, Snow Show Special etc.,) along with the validity and/or expiry of your daily lift ticket or Podium Pass. 3 pictures are also displayed. Your account photo is also shown beside a photograph of your 1st lift entry of the day and subsequent lift entries. This information is visible to Lift Operators at each chairlift/magic carpet and can be compared by them to deter fraudulent use. All daily lift tickets and Podium Passes are non-transferable and the photos are utilized to assist the resort ensure products are not re-sold or used fraudulently.

How Do We Obtain Your Consent to Collect Your Personal Information?

By using this website or by otherwise providing personal information to MSLM, you agree to this Privacy Policy and that we may collect, use, and disclose your personal information in accordance with it.

We will seek your consent at the time we collect your personal information except where we are legally authorized or required by law to do so without your consent. Your consent may be implied, deemed (using an opt-out mechanism) or express. Implied consent can be reasonably inferred from your action (e.g. giving an email address to sign up for rewards programs) or inaction. Express consent can be given orally, electronically or in writing.

In cases where personal information is held by a third party, we will obtain your consent before seeking this information. In some cases, consent may be implied by your actions. Where we obtain your personal information directly from a third party, we will take reasonable steps to ensure that the third party has represented to us that it has the right to disclose your personal information to us.

Employee personal information may be collected, used or disclosed without consent if it is reasonable for the purposes of establishing, managing, or terminating an employment relationship between our organization and the individual.

You may withdraw your consent at any time in writing unless withdrawing consent would frustrate our performance of a legal obligation. Please contact mslm@mountstlouis.com to find out how to withdraw your consent and the possible consequences of such withdrawal.

Who Has Access to Your Personal Information Within the Company?

Only those employees and contracted individuals of the Resort who require access for business reasons or whose duties reasonably so require shall be granted access to Personal Information about Users.

Disclosure of Your Personal Information Outside of the Company

The Resort shall not otherwise disclose Personal Information to third parties for commercial or other reasons, except as may be specifically required to comply with applicable laws or where you have provided your consent. MSLM may disclose your Personal Information with third-party companies, organizations and individuals outside of the Company if:

• You have provided your consent.
• MSLM will share Personal Information with companies, organizations, or individuals outside of the Company when it has your consent to do so.

For external data processing

MSLM may provide Personal Information to certain third-party agents or service providers to process for us, to carry out the requested services or as necessary for otherwise lawfully processing Personal Information. For example, the Resort may share your Personal Information with payment processors so that these payment processors can provide services on our behalf. MSLM shall ensure that any such parties accessing Personal Information do so in compliance with our Privacy Policy and any other appropriate confidentiality and security measures to reasonably ensure the protection of Personal Information.

For purposes of contracts

MSLM may disclose Personal Information for executing a contract to which a User is part or to take steps at the request of the User prior to entering a contract.

For legal purposes

The Resort may disclose Personal Information if required to do so pursuant to any applicable law, regulation, legal process, or enforceable governmental request. For example, it may be necessary for the Resort to disclose Personal Information to law enforcement officials, regulatory bodies, or government agencies for the purposes of investigating or preventing fraud, or other offences as may be required or permitted by applicable laws. Additionally, under the Legislation and other applicable laws, MSLM may be required to disclose some of a User’s Personal Information to government officials, law enforcement personnel, or competent authorities of foreign governments. The Resort may also disclose Personal Information to establish or exercise our legal rights or defend against legal claims or in connection with an emergency that warrants use or disclosure of the information.

Non-personally identifiable Information

MSLM may share non-personally identifiable (anonymized) information publicly and with our partners. For example, The Resort may share anonymized information publicly to show trends about the general use of our services.

How Is Your Personal Information Safeguarded?

MSLM is committed to protecting the confidentiality and security of all Personal Information against loss and unauthorized access, disclosure, modification, or destruction, and therefore has security safeguards appropriate to the sensitivity level of the information in place. Note that confidentiality and security may not be assured with electronic communication via e-mail or wireless communication.

The Resort will ensure that all employees and third-party service providers with access to information of individuals shall be required as a condition of employment or provision of services to respect the confidentiality of such information and that all employees and third-party service providers are aware of the importance of maintaining the confidentiality of such information as part of training requirements.

Safeguards used:

• Access is restricted to authorized personnel who need the information to perform their duties.
• The Resort’s work processes ensure that personal information is not disclosed to unauthorized parties.
• Electronic data in the Company’s computer systems are protected against unauthorized access and the data is transmitted over secured networks.
• Physical safeguards:
• Locking file cabinets and areas where files are stored when no one is there.
• Restricting employee access to storage areas or filing cabinets.
• Clearing files and documents containing personal information off the work desk at the end of the day.
• Shredding papers or placing them in secure disposal units containing personal information rather than just placing them in a garbage can or recycling bin.
• Destroying computer hard drives that contain personal information before you discard them.

How Long Is Your Personal Data Retained?

Personal Information and Personal Data shall be stored for as long as required by the purpose for which it has been collected, used, or disclosed.

Customer photographs taken at the Axess Gated Lift Entry – these photographs are taken during the 1st entry of the day and then subsequent lift entries for comparison purposes. The images are not stored for more than a 24-hour period. The are deleted from the database every day permanently.

Customer photographs submitted for customer created accounts at mountstlouis.com – these photographs are stored in a data base and cannot be deleted or removed if a customer has a valid product, i.e., Podium Pass or daily lift ticket. A customer can request to delete or remove their account photo by emailing mslm@mountstlouis.com

You may withdraw your consent at any time in writing unless withdrawing consent would frustrate our performance of a legal obligation or prevent our ability to provide the purchased product, i.e. you cannot access the Gated Entry Lift system without an account photo similarly you cannot use the system taking a photo of you. Please contact mslm@mountstlouis.com to find out how to withdraw delete you account at mountstlouis.com and the possible consequences of such deletion.

We are required to keep personal information for a minimum of one year after any decision that directly affects an individual.

Personal Information or Personal Data which the Resort no longer needs to retain shall be destroyed, erased, or made anonymous in a secure manner in accordance with the Resort’s policies respecting the destruction of records. The Resort shall use care in the disposal or destruction of information to prevent unauthorized parties from gaining access to the information. The right to access, the right to erasure, the right to rectification and the right to portability cannot be enforced after the information has been destroyed.

Please contact us by email mslm@mountstlouis.com for more information.

Your Rights Respecting Your Personal Information

Users may exercise certain rights regarding their Personal Information processed by MSLM. Users have a right to:

• Withdraw your consent at any time.
• Users have the right to withdraw consent where they have previously given their consent to the collection, use, disclosure, or other processing of their Personal Information. Users may withdraw their consent by contacting mslm@mountstlouis.com
• Access your personal information.
• Users are entitled, with certain legal restrictions, to access and review their Personal Information held by the Resort. The information provided by MSLM will include a general description of the personal information held, how the information was and will be used, and who the information has been disclosed to.
• The Resort reserves the right to refuse to provide access to Personal Information in circumstances during which the Resort is permitted by law to refuse access, including where providing access would reveal Personal Information about a third party, if the release of the Personal Information could affect the security of an individual, or if the Personal Information is subject to privilege. Any refusal to provide information to The User will be in writing, detailing reasoning, and any further available steps.

Requests for access to Personal Information should be made in writing to mslm@mountstlouis.com Information will be released within 30 days of the date of request. Users may be required to provide proof of identity before the information is released, and there may be a minimal administration fee for providing the information which The Resort will provide estimate in advance.

Accuracy of personal information

Accurate Personal Information is required for the efficient and effective delivery of products and services. The Resort will make reasonable efforts to ensure the accuracy of personal information collected used in decisions that affect individuals or are disclosed to other organizations.

Individuals may contact mslm@mountstlouis.com to modify or correct any Personal Information. Corrections will be made within a reasonable timeframe. In the event the correction is not deemed reasonable by MSLM, the correction will be noted, but no correction will be completed.

When You choose to provide us with personally identifiable information, Mount St. Louis Moonstone has security measures in place to protect against the loss, misuse, alteration and unauthorized access of such information. MSLM reserves the right to maintain your personally identifiable information in secure online and offline facilities and refuse service at any time for refusal to provide information required for its RFID gated lift entry system.

Object to processing of your personal information

• Users have the right to object to the processing of their Personal Information or Personal Data in certain circumstances where Personal Information is being processed on a basis other than consent. Users can object to the processing of their Personal Information for purposes of direct marketing at any time.
• Restrict the processing of your personal information.
• Users have the right, under certain circumstances, to restrict the collection, use, disclosure or other processing of their Personal Information, meaning Users can limit how MSLM uses their Personal Information or Personal Data.
• Have their personal information deleted or otherwise removed
• Users have the right, under certain circumstances, to obtain the erasure of their Personal Information or Personal Data from the Resort. If required to erase Personal Information or Personal Data, the Company will do so without delay.

Lodge a complaint.

• Users have the right to bring a claim before the Commissioner appointed under the Freedom of Information and Protection of Privacy Act.
• Obtain assistance from the Office of the Privacy Commissioner of Canada
• Users who have reasonable grounds to believe that the organization has contravened or is about to contravene a provision of PIPEA may report directly to the OPCC.

Office of the Privacy Commissioner of Canada

Toll-free: 1-800-282-1376

Phone: (819) 994-5444

Fax: (819) 994-5424

TTY: (819) 994-6591

• Users will not face punitive actions from The Resort for reporting such breaches. Additionally, if any of these situations arise, the User, or “whistleblower,” is protected from any punitive action taken by an organization against him or her.

Can RFID be used to access my personal information?

Each unique RFID card contains a multiple digit WTP number randomly associated with a user profile. This profile is kept as a secure component of our point-of-sale system and user database. In accordance with privacy laws, your personal information is not shared with any third parties without your consent, and you have access online via online Shop to check and update your preferences.

What happens if there is a privacy breach?

A privacy breach is the unauthorized access to personal information or the unauthorized collection, use, disclosure, or disposal of personal information.

Employees are required to report all breaches to their supervisor, including suspected breaches. The Supervisor will report the breach to the Huter Family Management Team. If the Huter Family Management team is unavailable, the Supervisor will assume the role for the purposes of managing the breach. If the Supervisor is unavailable, the employee should report directly to a member of the Huter Family Management Team.

The Resort has protocols in the event of a breach which must be followed. The protocols contain steps on containment, risk evaluation, notification, and security safeguard evaluation.

How Can You Contact Us?

If you have questions about this Privacy Policy or have a concern or complaint about privacy, confidentiality, or the handling of information practices; please contact us by email mslm@mountstlouis.com for more information.

The individual(s) appointed by the Resort as responsible for compliance with this Privacy Policy shall investigate all complaints concerning compliance. The individual(s) appointed as responsible for compliance may seek external advice where appropriate prior to providing a final response to individual complaints.

On this Site, You may have the opportunity to follow a link from or to other web sites maintained by third-parties. Because these other web sites may not be hosted or controlled by Mount St. Louis Moonstone, however, we are not responsible for the privacy practices of those web sites. Therefore, the privacy policies with respect to those web sites may differ from those applicable to this Site and we encourage You to review the privacy policies of each of those other web sites. This Policy only applies to information collected and maintained by Mount St. Louis Moonstone.