It is important for us that you are fully informed about your rights, and how Hosted Villas Inc. uses your data. We hope that the following sections will answer any questions you have, but if not, please feel free to contact us. This policy may change from time to time to ensure we continue to uphold the highest standards of privacy.
WHO WE ARE
Hosted Villas Inc. is a privately-owned Canadian company incorporated provincially under the Business Corporations Act of Ontario. Hosted Villas Inc.’s principal business activity is operating as a travel agent arranging high-end luxury vacations in destinations across the world.
Any personal information provided to or gathered by us is controlled by Hosted Villas Inc., with registered address at 25 Morrow Avenue, Suite 202, Toronto, Ontario, Canada M6R 2H9.
For simplicity throughout this notice, “we”, “us” or “ours” means Hosted Villas Inc.
THE LEGAL BASIS OF US COLLECTING INFORMATION
Personal information is information about you that is personally identifiable like your name, address, e-mail address, or phone number, that is not otherwise publicly available. The regulation on data protection sets out a number of different reasons for which a company may collect and process your personal information, including:
• Consent: In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive e-mail newsletters.
• Contractual Obligations: In certain circumstances, we need your personal information to comply with our contractual obligations. For example, if you book a tailor-made holiday through us, we will collect your identification or passport details and provide them to the suppliers of services that you use.
• Legal Compliance: If the law requires us to do so, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting Hosted Villas Inc. to law enforcement agencies or we can pass on your details to owners in order to comply with local guest reporting regulations.
• Legitimate Interest: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedoms or interests. For example, we will use your customer history with us to send you or make available personalized offers.
WHEN DO WE COLLECT YOUR PERSONAL INFORMATION?
The information we collect about you will depend on how you interact with us and what services you arrange with us. Depending on the circumstances, we collect information in any of the following ways:
• When you visit our website
• When you inquire or search for a holiday on our website
• When you are a registered property owner, property manager, supplier partner or agency partner in our system
• When you download or install one of our apps
• When you contact us at our office or via social media, mail or e-mail
• When you call our office to plan a trip or make a booking
• When you request a brochure, sign up to receive e-mail updates, or participate in any of our competitions, promotions, surveys or market research
• When you make a complaint via a third party (such as another travel agent)
• When you attend any events that we host
WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?
In the instances (and analogous ones) indicated in the next section, we ask for and collect information such as, but not limited to: your name, contact details, company, job title, country, postal (zip) code, and sector. In some cases, we may also ask for your address and additional information about you or your business, such as (but not limited to): company registration number, sales tax registration number, registered address, staff member details, credit card information and other financial information.
The type of information that we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we collect any of the following:
• Details about you: Name, address, e-mail address, company, job title, telephone number, date of birth, your accommodation preferences, payment details, your reasons for travel, meal and other travel preferences or dietary requirements and, if necessary, information about your health to the extent that it is relevant to your holiday itinerary or to provide you with special assistance.
• Identification documents: If you are travelling to a country that requires reporting of guests staying in a holiday accommodation, a copy of your passport or identity card, your passport or identity card details including your passport number, the country in which your passport was issued and the expiry date.
• Details about the services you arrange with us: Your travel details, including your travel itinerary, where you are flying from and to, your booking information, any onward travel details if relevant, details of experiences or excursions booked through us, your baggage and transportation requirements, meal preferences or requirements, details of any special assistance you might need from us and any other information relevant to enable us to provide you with the services that you have arranged with us or through us.
• Your interactions with us: Information about your interactions or conversations with us, our professional advisors and our employees, including when you make inquiries, comments, complaints or submit feedback to us, via our website, e-mail or verbally via our agents.
• Your use of our systems and services: Details of the way in which you use our website, app and social media pages (please see section “OUR SITE, APP AND COOKIES” below for further details).
• Job applications: If you apply for a job with us, your CV, work history, educational details and the role you are applying for.
HOW DO WE USE THE PERSONAL INFORMATION WE COLLECT ABOUT YOU?
We will use your personal information for a variety of different purposes, some of which will depend on the services that you engage us for. This includes:
• To manage your booking: We will use your information to provide you with any services that you request or purchase from us. This includes booking your accommodation, arranging an excursion, transportation or car hire, and issuing you with your vouchers (on the basis of performing our contract with you), and providing you with any special assistance (where you provide your consent).
• To send you service communications and support services: We will use your information to send you any communications relevant to the services you have requested or purchased from us. This includes sending you an e-mail to notify you of changes to your holiday arrangements or providing you with a voucher, ticket or e-ticket. We will also provide you with customer service and support, deal with your inquiries, scheduling changes, complaints, comments or observations shared with us (on the basis of performing our contract with you or on the basis of our legitimate interests to provide you with customer service).
• To send you marketing communications: We will use your information to keep you up to date with the latest news, events, offers, sales, promotions and competitions that we think might be of interest or relevant to you (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so) (please see section “MARKETING” below for more information).
• To personalize your customer experience: We use your information to provide you with a more personalized service. For example, tailoring the communications that we send to you with your preferred destinations, serving you only with advertising that we think you might like or enhancing your holiday experience (on the basis of our legitimate interests to present you with the right kinds of products and services).
• To improve our customer service: We may record calls to our office or monitor calls for the purposes of improving our customer service, ensure quality assurance, training, security and for general business purposes (on the basis of our legitimate interest in improving our customer service).
• To process your job applications: We will use your information to process any job applications that you submit to us, whether directly or via an agent or recruiter (speculatively or in response to any recruitment ad) (on the basis of our legitimate interest to recruit new employees or contractors).
• To process your interest in becoming part of our system of property owners, property managers, concierges, household staff or service suppliers: (on the basis of our legitimate interest to enhance our product offerings and services offered to our clients)
• To optimize our website and app: If you use our website or app, we will use your information to ensure that the content from our websites is presented in an effective manner for you and your device, to provide you with access to our site and app in a manner that is effective, convenient and optimal, and to provide you with content that is relevant to you, using site analytics and research and in certain circumstances combining that with other information we know about you (on the basis of our legitimate interests to operate and present an effective and convenient website to our website users).
• To ensure security and protect our business interests: In certain circumstances, we use your information to ensure the security of our services, building, and our employees, including to protect against, investigate and deter fraud and unauthorized or illegal activities, as well as systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
• To conduct research: We use your information to carry out research about general engagement with our services and systems, or if you choose to participate in customer surveys, consumer focus groups and research (on the basis of our legitimate interests to improve our products, services and customer service).
• To comply with our legal obligations: In certain circumstances, we will need to use your information to comply with our legal obligations, for example, to comply holiday accommodation reporting regulations or with any court orders or regulatory supervisors requests (on the basis of our legitimate interests to comply with a legal obligation).
WHO DO WE SHARE YOUR INFORMATION WITH?
We do not rent, sell, or share personal information about you with other people or non-affiliated companies except to provide products or services that you have requested, when we have your permission, or under the following circumstances:
• Third party suppliers that we work with to fulfil your booking: We may share your information with third party suppliers that provide us with services in connection with the provision of our services to you. This includes, for example, hotels, transport companies, excursion providers, airport authorities, insurance companies, car hire companies, ground handling agencies and postal companies, to send out your itineraries. We share your personal information with them under confidentiality and similar agreements prohibiting such parties’ further use of the information. These companies or professionals may use your personal information to help us communicate with you about products, services and offers that we consider might be of interest to you. However, these companies do not have any independent right to use or share this information.
• Other third-party suppliers that we work with in connection with our business: We share your information with third party suppliers that provide us with services in connection with our business and the provision of our services to you. This includes for example: marketing agencies that run our marketing campaigns, IT developers, service providers and hosting providers, third parties that manage promotions or competitions that we may run, third-party software companies that provide us with applications on a white label basis (for example, a product produced by one company and sold by another company under their brand), advertising providers and networks, ground agents, site analytics providers, medical service providers and credit card screening companies.
• Government authorities and property owners: Some destinations require holiday accommodation operators and property owners to provide “Guest Information” about you to the government authorities of the country of your travel destination. Guest Information comprises the basic information contained in your identification card or passport and, in certain countries, electronic or printed copies of your identification card or passport.
• Third parties for marketing: We share your information with selected third parties when you consent to us sharing your information for marketing purposes. For example, when you enter a competition you would need to give consent to receiving marketing from the prize supplier (e.g. property owner, hotel, airline) if that is a third party. We may occasionally conduct subscriber surveys to better target our content to our audiences. The aggregated information collected is sometimes shared with our advertisers, however, we do not share specific individual information with third parties.
• Courts, regulatory bodies or advisors: We share your information with other third parties (including legal services, accountants or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
Where we do share your information with third parties, we will require them to maintain appropriate security to protect your information from unauthorized access or processing, unless we have no ability to do so (for example, where we are sharing information with border agencies or enforcement authorities).
If you provide any financial information, we use that information primarily to trade our services with you as a client and this information will not be shared with any third-party organization except with your express consent.
WHERE YOUR PERSONAL INFORMATION MAY BE PROCESSED
HOW LONG DO WE KEEP YOUR INFORMATION FOR?
We keep your information for as long as is reasonably necessary to enable us to provide you with the services that you have requested from us, to comply with any legal obligations that require us to keep information, or for as long as we reasonably require for our legitimate interests, including for example for the purposes of exercising our legal rights or defending ourselves against claims.
WHAT ARE YOUR RIGHTS?
You have the right to request the following:
• Access to the personal information we hold about you, free of charge in most cases.
• That we correct your personal information when incorrect, out of date or incomplete.
• That we stop using your personal information for direct marketing (either through specific channels, or all channels).
• That we stop any consent-based processing of your personal information after you withdraw that consent.
Registration is not required in order to visit and use our, or our subsidiaries’, website. However, we may provide commenting features, submission forms, etc. to its users and you may be required to register in order to use such features. If you do register, and in the process provide us with personal information, no information will be shared with any third-party organization except with your expressed consent. If you post comments on the website, any personal information you provide in those comments or articles will be public. As such, we are not responsible for personal information that you may choose to share through these channels.
We will keep you up to date with periodical and occasional newsletters with our latest news, company updates, offers, partnerships, promotions and competitions that we think might be of interest or relevant to you if you have indicated that you are happy to receive marketing communications from us – that is, if you have:
• Purchased services such as a holiday from us and have not told us that you do not want to hear from us.
• Signed up to receive marketing communications from us and have not later told us that you do not want to hear from us.
We have numerous products and services and therefore numerous email and promotion lists. In an effort to allow you to tailor your participation in our services and promotions, we provide you with the ability to choose specific lists or products of interest and opt-out options are product and use or list-specific. All email promotions sent by us provide an ‘update your email preferences’ link at the bottom of the email pursuant to which you can choose to opt-out of specific products and promotions.
If you no longer want to hear from us, you can opt out of or unsubscribe from receiving any, or all, of these communications by:
• Clicking the “unsubscribe” link contained in any marketing communications that you receive from us
• Replying to any email stating that you would like to be removed from our list
• Sending us an email to firstname.lastname@example.org indicating that you would like to be removed from our list
TRANSPARENCY AND CHOICE
People have different privacy concerns. Our aim is to be as clear as possible about what personal information we collect so that you can make your own choices about how we use it. For example:
• Wherever it is optional to collect additional information about you, we transparently inform you about what information we need, why we ask for it and we require your consent to process such information. When you change your mind, there is always a convenient way how to let us know.
• When visiting our websites, you may be given the opportunity to choose whether you accept our cookie settings and therefore decide whether you agree to be on our radar when it comes to ads or behaviour analytics or not.
OUR SITE, APP AND COOKIES
As you may already know, most sites and apps collect certain information automatically in log files about the way in which you interact with them. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), browser type, referral source, length of visit to the site or app, number of page views, page visits, the search queries you make, and similar information.
This information will be collected by us or by a third-party site analytics service provider, such as Google Analytics, and will be collected using cookies.
As we’ve described above, we use this information to save your settings, to help improve our functionality and services, run diagnostics, analyze trends, track visitor movements, gather broad demographic information and personalize our services.
Cookies are small amounts of information in the form of text files that we store on the device you use to access our site or our marketing communications. Cookies allow us to monitor your use of our services and improve them. For example, a temporary cookie is also used to keep track of your browsing “session”.
If you do not want cookies to be installed on your device, you can change the settings on your browser or device to reject cookies or to notify you when a cookie is being sent. For more information about how to reject cookies using your Internet browser settings, please consult the “Help” section of your Internet browser or visit http://www.aboutcookies.org. Please note that if you do set your Internet browser to reject cookies, your experience at our website or app may be impaired and some features or functions of the site or app may not work as intended or you may not be able to access them.
Pixel tags are tiny graphic images that tell us what parts of the website have been visited or measure the effectiveness of searches users perform on the website. We may also use pixel tags in email messages to tell us whether emails have been opened to assure that we are only sending messages that are of interest to our subscribers.
SECURING YOUR PERSONAL INFORMATION
We follow accepted industry standards to protect personal information you have provided.
We work hard to protect us and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of the personal information that we hold.
• We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
• We restrict access to personal information to those of our staff, and third parties who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
However, no method of electronic storage can ever be 100% secure. Therefore, we are not in a position to guarantee the absolute security of your information.
HOW WE TRANSFER AND STORE YOUR PERSONAL INFORMATION
We are based in Toronto, Ontario, Canada. Your data will be processed in North America, Europe, Caribbean and Asia. In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
We store personal information on secure servers that are managed by us and our service providers. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication where available, and data encryption where appropriate.
UPDATING OR CHANGING YOUR PERSONAL INFORMATIONYou may update your personal information or change your preferences at any time by contacting us at email@example.com.
OUR COMMITMENT TO GENERAL DATA PROTECTION REGULATION (GDPR)
The GDPR is the most comprehensive European Union data privacy law in decades and will come into effect on May 25, 2018. As well as strengthening and unifying user data privacy across the European Union, it also puts new or additional obligations upon anyone that handles European Union citizens’ personal information, regardless of where they are located.
Below, we’ll explain our approach to achieving GDPR-compliance, both for ourselves and for our users, customers, and partners.
The GDPR’s updated requirements are significant and our team has been working hard to bring our service offerings and contractual commitments in line so our users, customers, and partners can prepare themselves before May 25, 2018. Measures that we have taken to achieve this include:
• Changes in our newsletter sign-ups. We updated all opt-in checkboxes to require an action taken. All language with exactly what you are signing up for is on forms and landing pages across products.
• Investments in our systems. We have implemented improvements to our infrastructure, to fulfil all the requirements and obligations connected to continuous security monitoring, data breaches and security incident management.
We will also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies and will adjust our plans accordingly if it changes.
If you have any questions that have not been covered, or you need any further clarification or amplification, please contact us using any of the following:
• By e-mail: firstname.lastname@example.org
• By post:
Hosted Villas Inc.
25 Morrow Avenue, Suite 202
Toronto, Ontario M6R 2H9