How we protect your privacy

Our commitment

The Alberta Securities Commission (ASC) is committed to respecting your privacy and protecting your personal information. In this Privacy Statement, “personal information” has the meaning set out in section 1(q) of Alberta’s Protection of Privacy Act (POPA).

The ASC honours this commitment when carrying out its responsibilities under the Securities Act (Alberta), as well as when you visit our websites (ASC.ca and CheckFirst.ca) for information, tools, services, communications, or to otherwise conduct business with us.

We review and update this Privacy Statement periodically to reflect changes to our programs, technologies, and legal obligations. This Privacy Statement was last updated on May 27, 2026.

 
How the ASC collects, uses and discloses personal information

Legal authority. The ASC collects, uses, and discloses personal information to administer Alberta’s securities laws and carry out its objectives.
Section 4 of POPA, as well as the Securities Act, authorize the ASC to collect, use, and disclose personal information when performing its duties and exercising powers under the Securities Act, as well as to supply our websites, online tools and services, communications, and other ASC programs.

The ASC does not sell any personal information under any circumstances.

Collection. Personal information about you that the ASC collects may include the following:

  • information that you provide to us through our websites to access services, submit complaints or whistleblower reports, report wrongdoing, use tools, or subscribe to receive information from us, such as your name, address, telephone number, email address, and other contact information;
  • information about how individuals use our websites and content or features they are interested in;
  • information necessary to administer and enforce the Securities Act; and
  • as otherwise permitted or required by law.  

Accuracy. We make every reasonable effort to keep your personal information accurate and up to date. Whenever possible, we take in your personal information exactly as provided to avoid any potential errors that may arise when information is re-entered manually.

We may ask you to verify your personal information and, if required, provide you with an opportunity to update or correct it.

You may request access to our records that include your personal information; you may also request corrections to your personal information. In both cases, we will address the request in accordance with our applicable obligations under POPA and Alberta’s Access to Information Act (ATIA). If you request corrections to your personal information, we will verify your identity and ask for supporting records to verify the correction.

Use. The ASC may use your personal information for the following purposes:

  • to send you information you have requested;
  • to send you newsletters and other electronic communications that you have subscribed to;
  • to respond to your questions and requests;
  • to run surveys, promotions, or other outreach initiatives;
  • to understand website usage and improve our services;
  • to administer and enforce the Securities Act; and
  • as otherwise described in this statement or where required by law, such as responding to court orders or statutory reporting obligations.

Disclosure. The ASC may disclose your personal information to third parties in the following circumstances:

  • to administer and enforce the Securities Act;
  • as necessary for the ASC to meet its other legal, regulatory, insurance, audit, processing and security requirements; and
  • as otherwise permitted or required by law.

Your personal information may be shared with the following third parties: 

  • other securities regulators, law enforcement agencies, and external legal counsel;
  • contracted service providers (e.g., IT hosting and analytics providers); and
  • other parties when necessary to support investigations, regulatory oversight, or program delivery.

Notice. When you submit a complaint, register for an event, apply for employment, or subscribe to communications, you will be provided with a brief privacy notice. This notice will explain why your personal information is collected and how it will be used, with a link to this full Privacy Statement.

 
Safeguards for your personal information

We protect the personal information in our custody or control using reasonable physical, electronic or procedural safeguards appropriate to the sensitivity of the personal information. This may include safeguards to protect against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. We also maintain various contingency plans that include regular data backups that may utilize offsite resources.

Privacy Management Program. We maintain a comprehensive Privacy Management Program that includes policies, procedures, and training to ensure compliance with Alberta’s privacy laws. You may request information about our Privacy Management Program by contacting our Privacy & Access Officer.

Privacy Impact Assessments. A privacy impact assessment (PIA) is a documented review used to identify and mitigate privacy risks. Where required by POPA and its regulations, the ASC conducts PIAs for certain new or substantially changed programs, services, or practices that collect, use, or disclose personal information. 

Our PIAs may be submitted to the Information and Privacy Commissioner and may also be requested by the Commissioner for oversight purposes, particularly where personal information is highly sensitive, affects a significant portion of the population, or involves data matching, integrated services, or the use of innovative technologies.

Privacy Breaches. In the event of an incident involving the loss of, unauthorized access to or unauthorized disclosure of personal information held by the ASC, we follow a process to investigate and address it as soon as reasonably possible. If a privacy breach involving your personal information poses a real risk of significant harm, we will notify you, the Office of the Information and Privacy Commissioner of Alberta and the Minister of Technology and Innovation in accordance with applicable legal requirements.

 
Service providers

We may transfer personal information to third-party agents or service providers that provide services such as data processing, electronic mailing/communication, administrative, online analytics, or other services on our behalf. We take reasonable measures to ensure that personal information processed by these service providers is protected and not used or disclosed for purposes other than as directed by us and in accordance with the provisions of POPA and other applicable laws. 

Some of our service providers may be located in other countries or legal jurisdictions and will be subject to the laws of such jurisdictions, which may permit foreign government and national security authorities to access your personal information in certain circumstances.

 
Usage of our websites

Our websites (ASC.ca and CheckFirst.ca) are essential platforms for fulfilling our mandate and executing the ASC Strategic Plan. ASC.ca offers industry information and promotes transparency in our regulatory work, while CheckFirst.ca helps advance public understanding of investing and how to protect yourself from investment fraud. 

Browsing activity. We may collect certain browsing information from you to help evaluate our websites and determine how they are used. For example, we may collect your IP address, browser type, operating system, domain name, access times, pages viewed, and referring website addresses. This information may be combined with that of other visitors to the websites and used for the management and improvement of our websites. For example, we may use such information to assess which areas of the websites are most commonly accessed. The ASC may use service providers to help us collect and analyze this information, and we may share this information with service providers hired by the ASC to assist in the development and administration of the websites.

Protected transmission. We use secure servers to receive any personal information you may provide us online. Credit card payment information is processed through a secure third-party service provider. We do not maintain your credit card data on file.

 
Use of cookies

When you visit our websites, we collect a limited amount of statistical information which does not personally identify you. We may use both session and persistent cookies which are small files that are created by a website, sent to your browser, and stored on the hard drive of your computer. A session cookie expires after you leave the website whereas a persistent cookie remains until it expires.

Cookies are used to make it more convenient for you to move around our sites when you visit them; for example, they can remember your web viewing preferences such as choice of language or accessibility options. They can also assist us in monitoring traffic patterns so that website content and design can be improved for visitors.

 
 
External sites and embedded content
Our websites may link to other sites or include content that is created and maintained by other public and private sector organizations. Additionally, you may be directed to a third-party website to register for an ASC event or other outreach initiative. While these links and content are provided for your information and convenience, you should be aware that the privacy practices and the way these organizations use personal information may differ from the ASC’s practices. These websites may be subject to different legal requirements than those that apply to the ASC. As a result, these websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the site and/or its content. You are therefore strongly encouraged to refer to the privacy policy or statement available on such third-party websites.
Disclaimer
While we aim to provide information that is accurate and reliable, the ASC does not make any guarantees or assume legal responsibility for the accuracy or completeness of the information, software, tables, media and graphics on this website.
Retention and disposal
We retain personal information only as long as necessary to fulfill regulatory, investigative, and operational requirements in accordance with the Government Organization Act, the Records Management Regulation, and POPA. Retention periods vary depending on the type of personal information and are governed by approved records retention schedules.
Requesting access to personal information

If you would like to request access to our records containing your personal information, or other records that may be covered by the ATIA, you may submit a request here.

Addressing concerns about your personal information

If you have any concerns regarding your personal information or the way it has been collected, used or disclosed, please reach out to our Privacy & Access Officer. In your message, please include details of the personal information at issue. The Privacy & Access Officer may contact you for further information regarding your concern. 

Personal Information Banks

We maintain a directory of our Personal Information Banks (PIBs). PIBs are records that describe the personal information the ASC holds, the legal authority for collecting it, and how that information may be used or disclosed. You can request access to our PIB directory by contacting our Privacy & Access Officer.

Contact Us

For more information about the ASC's privacy policies and practices, please contact our Privacy & Access Officer at:

Telephone: (403) 297-6454
Toll-Free: (877) 355-0585
Main Fax: (403) 297-6156
Email: [email protected]
Mail: Alberta Securities Commission
Suite 600, 250-5th Street SW
Calgary, Alberta T2P 0R4