Privacy Policy

Last updated: March 1, 2024

At Subcorimas, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our tourism services.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us, including:

  • Contact Information: Name, email address, phone number, mailing address
  • Travel Preferences: Destination interests, travel dates, accommodation preferences
  • Payment Information: Credit card details, billing information (processed securely through third-party payment processors)
  • Identity Verification: Passport information, date of birth, nationality (when required for bookings)
  • Special Requirements: Dietary restrictions, accessibility needs, medical considerations

Automatically Collected Information

When you visit our website, we automatically collect certain information:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click patterns, referral sources
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking: Information collected through cookies and similar technologies

How We Use Your Information

We use the collected information for the following purposes:

Service Provision

  • Processing and managing your travel bookings and reservations
  • Communicating with you about your travel arrangements
  • Providing customer support and assistance
  • Coordinating with travel partners and suppliers

Communication

  • Sending confirmation emails and travel documents
  • Providing important travel updates and notifications
  • Responding to your inquiries and requests
  • Sending newsletters and promotional materials (with your consent)

Business Operations

  • Improving our website and services
  • Analyzing user behavior and preferences
  • Conducting market research and surveys
  • Preventing fraud and ensuring security
  • Complying with legal and regulatory requirements

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers

  • Travel Partners: Airlines, hotels, tour operators, and other travel suppliers necessary to fulfill your bookings
  • Payment Processors: Secure third-party payment processing services
  • Technology Providers: Website hosting, email services, and customer relationship management systems
  • Marketing Partners: Analytics and advertising platforms (with anonymized data)

Legal Requirements

We may disclose your information when required by law or when we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Protect our rights, property, or safety, or that of our customers
  • Investigate potential fraud or security threats
  • Enforce our terms of service or other agreements

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to the same privacy protections.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience:

Types of Cookies We Use

  • Essential Cookies: Necessary for website functionality and security
  • Analytics Cookies: Help us understand how visitors use our website
  • Marketing Cookies: Used to deliver personalized advertisements
  • Preference Cookies: Remember your settings and preferences

Managing Cookies

You can control cookie preferences through our cookie management system or your browser settings. Note that disabling certain cookies may affect website functionality.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Security Measures

  • Encryption: SSL/TLS encryption for data transmission
  • Access Controls: Restricted access to personal information on a need-to-know basis
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Staff Training: Regular privacy and security training for all employees
  • Secure Storage: Protected servers and databases with regular backups

Data Breach Response

In the unlikely event of a data breach, we will:

  • Investigate and contain the breach immediately
  • Notify affected users within 72 hours when legally required
  • Report to relevant authorities as required by law
  • Take steps to prevent future breaches

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Retention Periods

  • Travel Bookings: 7 years for accounting and legal compliance
  • Marketing Communications: Until you unsubscribe or request deletion
  • Website Usage Data: Up to 2 years for analytics purposes
  • Customer Support Records: 3 years for service improvement

Secure Disposal

When retention periods expire, we securely delete or anonymize personal information using industry-standard methods.

Your Rights and Choices

Under Canadian privacy laws, you have the following rights regarding your personal information:

Access and Portability

  • Request access to the personal information we hold about you
  • Receive a copy of your data in a structured, machine-readable format
  • Request information about how your data is processed

Correction and Updating

  • Correct inaccurate or incomplete personal information
  • Update your contact information and preferences
  • Modify your marketing communication preferences

Deletion and Restriction

  • Request deletion of your personal information (subject to legal requirements)
  • Restrict processing of your data in certain circumstances
  • Object to processing for direct marketing purposes

Exercising Your Rights

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.

Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

Parental Consent

For travel bookings involving minors (under 18), we require parental or guardian consent and may collect additional information for safety and legal compliance purposes.

International Data Transfers

Your personal information may be transferred to and processed in countries other than Canada. When we transfer data internationally, we ensure adequate protection through:

  • Adequacy decisions by Canadian privacy authorities
  • Standard contractual clauses with service providers
  • Privacy certification programs
  • Other appropriate safeguards as required by law

Third-Party Links

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Social Media

Our social media pages and interactions are governed by the privacy policies of the respective social media platforms in addition to this policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will provide prominent notice on our website
  • We may notify you by email if you have an account with us
  • Continued use of our services constitutes acceptance of the updated policy

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

[email protected]

Phone

+1 (416) 555-0123

Mailing Address

Subcorimas Privacy Officer
789 Queen Street West
Toronto, ON M6J 1G1
Canada

Response Time

We aim to respond to all privacy inquiries within 30 days.

Regulatory Information

This Privacy Policy is designed to comply with:

  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Provincial privacy legislation where applicable
  • General Data Protection Regulation (GDPR) for EU residents
  • California Consumer Privacy Act (CCPA) for California residents
  • Other applicable privacy laws and regulations

Privacy Commissioner Contact

If you are not satisfied with our response to your privacy concerns, you may contact the Office of the Privacy Commissioner of Canada: