The Flight Shops Inc. DBA Corporate Traveller is committed to protecting the privacy of its clients, employees and other individuals served by or providing services to Corporate Traveller. The proper safeguarding of all personal information collected in the course of Corporate Traveller's day-to-day activities is the cornerstone of this commitment. Personal information is any information that identifies and individual, or by which an individual's identity could be deduced.
Corporate Traveller adheres to the principles of the Canadian Standards Association Model Code for the Protection of Personal Information as well as those embodied in applicable privacy legislation to ensure that all information is properly collected, used only for the purpose for which it was collected, and disposed of in a safe and timely manner when it is no longer needed.
Corporate Traveller is responsible for maintaining and protecting the personal information under its control. Corporate Traveller has appointed a Privacy Officer who is responsible for ensuring Corporate Traveller's compliance with its privacy obligations.
2. Identifying Purposes
Corporate Traveller provides numerous travel services and products to a wide range of clients. Corporate Traveller collects personal information in order to provide these services (i.e. make and book travel arrangements), establish and maintain client lists and records, establish and maintain mailing lists, identify fraud or error, to ensure regulatory compliance, for internal accounting and administration and servicing our relationship with our customers by communicating updates on promotions and services and performing market research.
Corporate Traveller also collects personal information from its employees for the purposes of establishing, maintaining or terminating the employment relationship including managing payroll, benefits, employee performance evaluations, making recruitment and selection decisions, and to meet legal, security or regulatory requirements.
Corporate Traveller shall identify the purposes for which it is collecting personal information before this information is collected.
If Corporate Traveller wishes to use personal information for a purpose not contemplated at the time of collection, the individual's consent will be sought in advance.
Individuals shall be informed and their consent obtained for the collection, use and disclosure of their personal information, except where otherwise required or permitted by law. When it is appropriate, the written consent of the individual shall be obtained (i.e. by mail, email or fax). Sometimes, an individual's consent may be obtained verbally or implied through their conduct with Corporate Traveller (i.e. if purchasing travel insurance, consent to collect the personal information necessary to obtain such insurance will be implied).
As well, Corporate Traveller may periodically request written confirmation from an individual that the information collected and maintained by Corporate Traveller is up to date and accurate. Corporate Traveller, at its option, may also ensure that it has continuing consent to use and retain personal information.
Corporate Traveller will disclose personal information, without notice and without consent, only if required to do so by law or in the good faith belief that such action is necessary to:
a. cooperate with regulatory bodies and law enforcement officials to conform to obligations imposed by law or statute;
b. meet an emergency need; or
c. as required pursuant to an investigation.
Corporate Traveller primarily acts in the capacity of an agent and accordingly must disclose personal information to other companies that are involved in providing travel services and products to our clients in which case Corporate Traveller will rely upon the express or implied consent discussed above. Companies registered in the United States may be required to provide information under the USA PATRIOT Act H.R. 3162. These third parties are required by Corporate Traveller to safeguard the personal information and are not permitted to use it for any other purpose.
4. Limiting Collection
Corporate Traveller shall only collect the personal information that is required to meet the purposes identified by Corporate Traveller. Corporate Traveller is committed to collecting personal information in a fair, open and lawful manner. For this reason, Corporate Traveller does not indiscriminately collect personal information.
5. Limiting Use, Disclosure and Retention
Corporate Traveller does not use personal information for purposes other than those for which it was originally collected, unless it has first obtained the consent of the person from whom such information was received. Corporate Traveller retains personal information only for as long as it is needed and only for the fulfillment of the purposes for which it was originally collected.
Personal information shall be maintained in as accurate, complete and up-to-date form as is necessary to fulfill the purpose for which it was collected.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the personal information. Corporate Traveller's security safeguards include:
· premises security
· locked file cabinets
· restricted access to files containing personal information
· technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access
· internal passwords and security policies to control access to the Corporate Traveller network and software
· policy prohibitions against unauthorized use or disclosure
If Corporate Traveller uses the services of any third parties to process personal information, Corporate Traveller will enter into legal agreements that require them to protect this personal information in a manner acceptable to Corporate Traveller. In entering into these legal agreements, Corporate Traveller does not transfer any interest in this personal information to them. Rather, the purpose of these legal agreements is to ensure that the personal information delivered to third parties is maintained at a level of security equal to that proved by Corporate Traveller under this Policy.
Corporate Traveller also ensures that any of its employees who deal with personal information are properly trained and are aware of the necessary and appropriate measures required to protect personal information.
Corporate Traveller's website may contain links to other sites. Corporate Traveller is not responsible for the privacy practices or the content of such websites and encourages users to read the privacy statements of any such sites. Clients are reminded that no data transmission is 100% secure over the Internet.
Corporate Traveller shall make available to individuals on whom it may keep records, all relevant information about Corporate Traveller's policies and practices that apply to the management of their personal information. This policy is available on our website at www.corporatetraveller.ca and can be accessed at any time. A hard copy of this policy is also available in each of our offices.
9. Individual Access
Upon request, Corporate Traveller will inform an individual if Corporate Traveller has any personal information about the individual under its care and control, as well as provide the individual with details about such personal information. Corporate Traveller reserves the right to confirm the identity of the person seeking access to personal information before complying with any access request. In responding to an access request, Corporate Traveller may charge a reasonable fee.
Corporate Traveller is also committed to ensuring the personal information that is collected and maintained is accurate. An individual may challenge the completeness of the personal information under Corporate Traveller's care and control. Where an individual successfully demonstrates that an error in the accuracy or completeness of their personal information exists, Corporate Traveller will amend the personal information accordingly.
Corporate Traveller may deny access to personal information when denial of access is required or authorized by law. Possible reasons for denying access to personal information include:
· when granting access would have an unreasonable impact on other people's privacy
· to protect Corporate Traveller's rights and property
· where the request is frivolous or vexatious
If Corporate Traveller is unable to provide access to all of the personal information it holds about an individual, then the reasons for the denial of access will be provided to the individual.
Requests for access to an individual's personal information shall be made to the Privacy Officer through firstname.lastname@example.org or by mail at:
1133 Melville Street, Suite 600Q
Vancouver, BC V6E 4E5
10. Challenging Compliance
An individual may challenge Corporate Traveller's compliance with this policy by directing their questions, concerns or complaints to the Privacy Officer at the aforementioned contact information.