This Privacy Notice explains the practices that Great Canadian Railtour Company Ltd, the operator of Rocky Mountaineer (“Rocky Mountaineer” “we”, “us”) follows in connection with the personal data that we collect about you when you book a trip or travel with us, apply for a job, register as a travel agent, visit our websites, or when you contact us directly.
For the purposes of the services that Rocky Mountaineer offers and the regulations that Rocky Mountaineer needs to comply with, personal data refers to any information that relates to an identified or identifiable individual such as a name, email, mailing address or phone number.
Rocky Mountaineer offers travel services to customers around the world, therefore we are expected to comply with different Privacy and Data Protection Regulations such as the General Data Protection Regulation (“GDPR”) in the EU, The Data Protection Act in the UK (“UK DPA”), the California Consumer Privacy Act (“CCPA”) in California and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada.
At Rocky Mountaineer we respect your privacy rights, and we commit to protecting your personal data according to the expectations of the laws of where you are located.
Some privacy regulators classify organizations depending on the role they play while processing personal data. Rocky Mountaineer is considered a data controller because we determine how to collect and process your personal data. We are directly responsible for the decisions made about how we collect, process, disclose, store and protect your personal data.
How we collect and process your personal data
Request for brochure
We collect your personal data when you request a digital version of our brochure via our website as a guest or a travel agent. We collect your name, email address, phone number, name of travel agency and your location.
We use your personal data to carry out your requests and send you the brochure you are interested in.
Registering a new agent/travel agency
We collect your personal data when you register as a travel agent or create a new travel agency either through the forms available on our website, via email or by phone. We collect your name, email address, name of travel agency, phone number and location.
We use your personal data to create a travel agent account which allows you to access marketing materials and resources to make all of your Rocky Mountaineer bookings.
Mobility & accessibility request
We collect your personal data when you make a request to accommodate any special needs, including mobility and accessibility. You may make these requests through the forms available on our website or when you speak to any of our vacation consultants.
We collect your name, email address, booking information, medical, dietary, or mobility considerations or any other assistance needs you may have told us about.
We use your personal data to ensure that we are ready to fulfill your accessibility needs.
Requests for contact
We collect your personal data when you communicate through email, live chat or phone with any of our employees including vacation consultants.
We collect your name, email address, phone number and the reason for your contact request.
We use your personal data to acknowledge and respond to your request.
Signing up for email communication
We collect your email address if you agree to sign up for our email communications.
We send emails to the email address you have provided to keep you updated with information about Rocky Mountaineer and the services we provide which we think may be of interest to you. You may unsubscribe to any of our communications at any time that you wish.
Creating an online account
We collect your personal data If you decide to create an account on our website.
We collect your name, email address, phone number, location, and account password in encrypted form, meaning that we do not know what your password is. For business accounts, we also collect information relating to your company such as company name and business location.
We use your personal data to create your guest account and enable you to logon and manage your Rocky Mountaineer website account.
Navigating our website
We collect information about your website visit such as your IP address, what pages you visited and what sections of our website were of most interest to you.
We also use third-party cookies for you to receive relevant ads that are of interest to you.
If you do not wish to have cookies installed on your browser, you may opt-out of cookies through our cookie consent tool by clicking on the icon in the bottom-left corner of our website.
When you book or intend to book a travel package with us, we will collect your personal data directly from you, through your travel agent or a vacation consultant so that we can manage all aspects of your trip. The types of personal data we collect when you make a booking with us includes the following:
- Contact information.
- Billing and other payment data.
- Information about your booking(s) and travel plans.
- Participation in loyalty programs.
- Emergency contact details.
- Sign in details and other information you provide as part of your Rocky Mountaineer website account
- Special requests you may have for your trip.
We use your personal data to:
- Fulfil our travel agreement with you including managing your booking or intended booking.
- Update you on changes to your travel itinerary.
- Manage operations related to your journey.
- Manage your wider travel and products or services requirements.
- Process payments for your booking and fulfil any requests for refunds.
- Provide information to emergency services or hospitals if you have an emergency and are not able to provide this information directly.
- Respond to enquiries/offer support to guests.
- Personalize the service and offers you receive.
- Communicate and interact with you at different touch points throughout your journey.
- Conduct customer satisfaction surveys.
- Manage our internal business operations such as accounting.
We collect your contact information and details related to your professional qualifications, provided directly by you if you apply for a job or through referrals from current Rocky Mountaineer employees who you have given consent to share your profile with us. In some cases, we collect your contact information from a third-party recruitment agency if you have shared your qualifications with them and have consented to have them share your information with us. We use this data to determine if your expertise fulfills the requirements of the role you are applying for and to contact you to continue the recruiting process.
We only collect, process, use, share and store your personal data where we have a legal basis to do so. We will only process your personal data if:
- We have obtained your explicit consent prior to the processing of your personal data.
- If we need your personal data to perform a contractual obligation.
- If we need to process your personal data to fulfill our legal and regulatory obligations.
- If we have a legitimate interest that will not put your rights and freedoms at risk.
- If we need to use your personal data to protect your vital interests, for example, during a medical emergency.
Rocky Mountaineer will only disclose your personal data to the following parties under specific circumstances:
- Rocky Mountaineer personnel, if required to fulfill your request.
- Vendors, consultants, and other service providers who need access to such information to carry out work on our behalf and on a need-to-know basis.
- Third parties who help us manage our business and deliver our products and services, including booking partners, travel agents, hotel partners and loyalty programs.
- Marketing partners that support our Sales activities around the world.
- Public authorities or government organizations as required by law to collect and share your personal data, booking and travel information for the purpose of border control, immigration and national security.
- In the event of an emergency, your emergency contact and emergency response providers.
- In connection with the sale or reorganization of all or part of our business, as permitted by applicable law.
- Any other third party where you have provided consent to such disclosure.
Rocky Mountaineer is committed to protecting the personal data we collect, process and disclose about you. We maintain appropriate safeguards and take reasonable steps to protect your personal data, some of these security measures include restricted access to Rocky Mountaineer’s premises, locked filing cabinets, information technology security such as restricted access to specific systems, firewalls and software security and the restriction of access to personal data only to those employees and partners that have a legitimate reason to have access to it. We keep our employees up to date on policies and procedures regarding protecting personal data.
The personal data that we collect from you for the purpose of providing our services is stored in servers in the US and Canada. We ensure that your data is safeguarded and work with our partners to ensure that any risks to your privacy are minimized. We will take appropriate steps to ensure that transfers of personal data across borders are in accordance with applicable law, and we only transfer personal data to partners and other third-party organizations where we are satisfied that adequate levels of protection are in place to protect your data.
For personal data transferred out of the EU into countries that are not considered to have an adequate level of personal data protection, we obtain contractual commitments from third party organizations to protect your personal data. These contractual commitments include the use of standard contractual clauses approved by the EU Commission to ensure that we have a valid data transfer mechanism in place.
We are expected to retain your personal data for an established period of time for regulatory, legal, tax or business requirements. We have developed a Retention Schedule that defines how long we retain your personal data and how we securely dispose of it when it is no longer necessary to fulfill any requirements.
We process personal data about minors to provide services when they are guests as part of the travel services we offer. However, we do not seek to collect personal data about minors for any other purpose. This website is not targeted at, nor do we knowingly collect personal data from, anyone under the age of 18.
If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us at email@example.com. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
Subject to any exceptions provided by law, you have the right to request access to, update or delete your personal data.
You also have the right to request restriction of or object to the processing of your personal data. And you have the right to request to have your data sent to you in an electronic commonly used format. On each particular case, we will inform you of the consequences of your request and if there are any exemptions to honouring your requests based on legal or contractual requirements.
In order to fulfill your request, we may require additional information from you. We will respond to requests within the relevant time periods established by applicable law. We are committed to finding a fair and reasonable resolution to any request, concern, or complaint you bring to our attention. However, if you are unsatisfied with our response to your request, you have the right to lodge a complaint with applicable governmental authorities, subject to local law.
If you provide us with consent to use your personal data, you may withdraw that consent at any time, however, such withdrawal will not impact the lawfulness of our use of your personal data based on your consent up to that point.
To submit a request about your personal data, please complete a Data Subject Request via our online form.
We welcome your feedback or any questions regarding our privacy notice or the use of your personal data. We have a Privacy Officer who is responsible for matters relating to privacy and data protection. Our Privacy Officer can be reached at the following address:
by email at: firstname.lastname@example.org
by mail: Attn: Privacy Officer Rocky Mountaineer 1100-980 Howe Street Vancouver, BC V6Z 0C8
UK General Data Protection Regulation (GDPR) - UK Representative
Pursuant to Article 27 of the UK GDPR, Great Canadian Railtour Company Ltd has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/ by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Great Canadian Railtour Company Ltd. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
by using EDPO’s online request form: https://edpo.com/gdpr-data-request/ by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
EU/UK individuals – Right to Lodge a Complaint with a Supervisory Authority
If you reside in the EU and want to lodge a complaint with a Supervisory Authority (Data Protection Authority) you may do so in the Member State where you reside, where you work or where you may have experienced an issue with the processing of your personal data.
If you are a California resident, you have certain additional privacy rights. Visit our California Privacy Notice page for more information.
We reserve the right to modify this Privacy Notice at any time in accordance with applicable law. If we do so, please look at the “Last Updated” legend to see when this Privacy Notice was last revised. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice on the Site.