On January 1, 2004, the third phase of the Canadian Federal Law about Personal Information Protection and Electronic Documents Act (PIPEDA) came into effect. This Act governs information collected as part of commercial activity by any private sector organization. It states that information must be gathered with consent, collected for a reasonable purpose, used for the limited purpose for which it was gathered, be accurate, be open for the owner's inspection and correction, and stored securely. Rocky Mountaineer (RM) already maintains a high level of security with respect to the confidentiality of your personal information but we are now obligated by law to advise and obtain consent to the terms of collection, disclosure and storage of your data.
The following outlines our 10 principles to which we adhere in protecting your personal information.
RM is responsible to protect all personal information under its control or transferred to a third party for processing. Personal information can include name, home address and phone number, age, identification numbers, credit information, customer preferences and other items that personally relate to you as an individual. RM has appointed a Privacy Officer, who is responsible for our accountability and compliance.
2. Identifying Purposes
Whenever personal information is collected by RM, we will identify why the information is being collected and how it will be used. If we have collected information in the past, we will not use it for any other purpose than that expressly stated at the time of collection. The reasons personal information is collected by RM include:
* Guaranteeing a travel reservation;
* Identifying guest preferences and improving guest service;
* Establishing guest eligibility for promotional opportunities;
* Providing requested product information;
* Informing you of new products or services that may interest you.
Type of Information Collected
The type of information we collect from you relates to your reservation or potential booking with us. This may include: name, address, contact information, travel insurance requirements, travel needs (medical/dietary or physical restrictions), preferences, identity validation on services such as traveller's cheques, credit information for payment purposes, and publicly available information.
How it is Collected
Information is collected directly from you through surveys, online registration, and requests for information. It is also collected through our call centre or sometimes through third party partners who have made the reservation for you (Travel Agencies, Tour Operators, Tour Wholesalers). Personal information may also be collected through an employment application.
Your consent will be obtained either in person, through writing, email, telephone, or the Internet. Sometimes consent may be implied (eg. when transferring relevant information to a hotel partner). Also, RM may occasionally ask for written or verbal confirmation that the information collected and maintained is accurate and that your consent is still provided to maintain this information.
Under certain circumstances RM will need to disclose your personal information without your consent. This may include:
* A life threatening or emergency situation;
* Where required by law; or
* Where required by law enforcement, legal investigation or a regulatory body.
4. Limiting Collection
Information collected will only be expressly used for the purpose outlined at the time of collection. RM will not indiscriminately collect or maintain personal information on its guests or employees.
5. Limiting Use, Disclosure and Retention
RM does not disclose your personal information for any purposes other than, for which it was originally collected, unless we have first obtained consent from you. We do not sell or rent your personal information and we will not retain the information for longer than is necessary to fulfill the purpose for which it was originally collected.
Personal information will be maintained in an accurate, complete and up-to-date format as is necessary and reasonably practical to fulfill the purpose for which it was collected.
RM protects your personal information by security safeguards, which are appropriate to the sensitivity of the information. These include premises security; locked filing cabinets; information technology security such as restricted access to specific programs, firewalls and software security; and restricting access to personal information only to those employees and partners to which it is necessary. We keep our employees up-to-date on policies and procedures regarding protecting personal information.
We may use the services of a third party to process personal information. However, we ensure there are confidentiality agreements in place so that your information is protected while in their possession.
RM will make its policies and practices that apply to the protection of personal information available to anyone on which it holds information.
9. Individual Access
Upon written request, RM will inform you if we are maintaining any personal information about you. If so, we will provide it for your review of accuracy and completeness and will amend it as appropriate. However, RM reserves the right to confirm your identity before providing this personal information. RM can refuse access in certain circumstances including when granting access would have an unreasonable impact on the personal privacy of others, when the request is frivolous or when it may impact RM's rights and property.
Requests for access to your personal information should be made in writing to the Privacy Officer by email at firstname.lastname@example.org by fax (604) 606-7201 or by mail:
1100-980 Howe Street
10. Challenging Compliance
RM's compliance with this policy may be challenged by directing concerns or complaints to the Privacy Officer by any of the above-mentioned methods.
Use of our Websites
You can visit our websites without telling us who you are or revealing any personal information, including your e-mail address. Our web servers automatically recognize your domain name when you visit our site, and this information is aggregated and used to measure statistics regarding the use of our site, such as the number of visitors, average time spent on the site, pages viewed and similar information. However, this information is not disclosed or shared with third parties.
RM's goal in collecting personal information online is to continually improve the content of our websites and to offer guests with tours that best meet your preferences and desires.
Google AdWords and Remarketing
Google AdWords Remarketing is a web-based service relying on the Google Display Network which improves the relevance of online advertisements to website visitors where those websites display advertisements from the Google Display Network.
In order to distinguish one visitor from another, Google AdWords may create several tracking cookies on a visitor’s computer. RM will only permit such cookies corresponding to remarketing lists for RM services to be created on a visitor’s computer when that visitor has visited a section or webpage on a RM website that can reasonably be determined to be related to the services to be advertised using the Remarketing feature of Google AdWords.
Google explicitly and expressly forbids the collection of Personally Identifiable Information in the Terms of Service for Google AdWords, and as such, RM has not attempted to make, has not made, and will never make modifications that would enable Google AdWords or any of the RM websites to collect any such information.
RM does not have access, and will never seek access, to information on other websites visitors have visited or which remarketing lists they are on, apart from the RM website and remarketing lists of RM itself.