In fact, it is one of our highest priorities and remains the cornerstone of our commitment to you. However you choose to provide information to us, we use vigorous security safeguards and adhere to Ten Privacy Principles to ensure your personal information is protected.
You are invited to use this privacy information to learn more about current legislation designed to protect your privacy, about the types of information we collect and how it is used, and about the steps we have taken to ensure your personal information is handled appropriately.
Personal Information Protection and Electronic Documents Act
The Personal Information Protection and Electronic Documents Act formerly referred to as Bill C-6 is essentially about balance. On one hand, it respects an individual’s right to privacy while on the other, it recognizes the need for industry and organizations to collect, use and disclose personal information. This law as its name suggests, encompasses two primary objectives. The first objective is to establish rules that govern the collection, use and disclosure of personal information by private sector organizations. The second objective is to acknowledge the validity and legality of electronic documents.
This federal law will significantly impact the way private businesses; corporations, federal agencies, not-for-profit organizations and associations handle the personal information with which they have been entrusted. At the same time, it will clearly establish a code of privacy practices that will provide Canadians from coast to coast with a mechanism to ensure their personal information is handled respectfully.
The heart of this Act is based on the Ten Principles established by the Canadian Standards Association’s Model Code for the Protection of Personal Information. These principles were recognized as a Canadian standard in 1996 and address the ways in which organizations should collect, use and disclose personal information. They also address an individual’s right to access his/her personal information in addition to his/her right to have it amended where appropriate.
In order to govern the commercial information-handling practices within provincial jurisdictions, each province has been encouraged to enact legislation that is substantially similar to the federal law. Quebec enacted comparable legislation in 1994 called an Act Respecting the Protection of Personal Information in the Private Sector. As other provinces enact similar legislation, organizations conducting commercial activity within a province will be subject to the provisions of their provincial laws rather than the federal Act. However, the Personal Information Protection and Electronic Documents Act will continue to regulate cross-border, inter-provincial and international trade and commerce.
The implementation of this federal law relating to privacy is occurring in three stages. The first phase, which is effective as of January 1, 2001 will affect federally-regulated private organizations including Canadian banks and airlines as well as to organizations that collect, use or disclose personal information for profit on an inter-provincial or international basis. On January 1, 2002 , this law was extended to cover personal health information. On January 1, 2004, most organizations regardless of their size, which collect, use or disclose personal information in the course of commercial activity, will become subject to the provisions of this Act.
For more information regarding this legislation, please visit the official Web site of the Privacy Commissioner of Canada or the Electronic Commerce branch of Industry Canada.
What Information is collected?
At Merit Travel Group we gather and use personal information to provide you with the travel services you have requested, or to offer additional products and services we believe you might be interested in. Providing us with your personal information is always your choice. Most of the information we collect comes to us directly from you, and only with your consent. For example, when you request a quotation or purchase online, through telephone conversations, or in person, we will ask you to provide the information that enables us to complete your request or to provide you with better service. These same principles also apply to our corporate clients.
The types of information we may ask for depends on the nature of your request. Information that is essential for fulfilling most travel requests and transactions typically includes your name, mailing address, e-mail address, phone number(s), date of birth, passport information and credit card numbers and expiry date. We may also request additional information to help us provide you with advice and information about other products and services that we believe would interest you.
When you visit Merit web sites, information is not collected that could identify you personally unless you choose to provide it voluntarily. You are welcome to browse these Web sites at any time anonymously and privately without revealing any personal information about yourself. All the information you provide to us is securely maintained and is kept strictly confidential.
Our Ten Privacy Principles
In relation to our Ten Privacy Principles, Merit Travel Group means: Merit Travel, Merit Vacations, Merit Ski Vacations, Merit Ski Vacations, Exclusive Tours, Exclusive Vacations, CARP Travel, Merit Corporate Travel Management, Merit Odyssey & Merit Loyalty Group and other brands used by Merit.
Merit Travel Group has always been and will continue to be, committed to maintaining the accuracy, confidentiality, and security of your personal information. As part of this commitment, we have established Ten Privacy Principles to govern our actions as they relate to the use of customer information.
THE TEN PRINCIPLES FOR COLLECTION, USE AND DISCLOSURE OF OUR CLIENTS’ INFORMATION.
- Identifying Purposes
- Limiting Collection
- Limiting Use, Disclosure and Retention
- Individual Access
- Challenging Compliance
PRINCIPLE 1 – ACCOUNTABILITY
Each Merit Travel Group location or store is responsible for maintaining and protecting the customer information under its control. In fulfilling this mandate, each Merit Travel Group location or store is required to designate an individual or individuals who is/are accountable for that Company’s compliance with the Ten Privacy Principles.
PRINCIPLE 2 – IDENTIFYING PURPOSES
The purposes for which customer information is collected shall be identified before or at the time the information is collected.
PRINCIPLE 3 – CONSENT
The knowledge and consent of the customer are required for the collection, use or disclosure of customer information except where required or permitted by law.
PRINCIPLE 4 – LIMITING COLLECTION
The customer information collected must be limited to those details necessary for the purposes identified by the Merit Travel Group . Information must be collected by fair and lawful means.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION
Customer information may only be used or disclosed for the purpose for which it was collected unless the customer has otherwise consented, or when it is required or permitted by law. Customer information may only be retained for the period of time required to fulfill the purpose for which it was collected.
PRINCIPLE 6 – ACCURACY
Customer information must be maintained in as accurate, complete and up-to-date form as is necessary to fulfill the purposes for which it is to be used.
PRINCIPLE 7 – SAFEGUARDING CUSTOMER INFORMATION
Customer information must be protected by security safeguards that are appropriate to the sensitivity level of the information.
PRINCIPLE 8 – OPENNESS
Merit Travel Group is required to make information available to customers concerning the policies and practices that apply to the management of their information.
PRINCIPLE 9 – CUSTOMER ACCESS
Upon request, a customer shall be informed of the existence, use and disclosure of their information, and shall be given access to it. Customers may verify the accuracy and completeness of their information, and may request that it be amended, if appropriate.
PRINCIPLE 10 – HANDLING CUSTOMER COMPLAINTS AND SUGGESTIONS
Customers may direct any questions or enquires with respect to the privacy principles outlined above or about our practices by contacting the designated person(s) accountable for privacy in each Merit Travel Group location or store.
Where And Why We Collect Personal Information
You can purchase airline tickets, or make a flight booking, by contacting our reservations call centres, by going directly to one of our ticket offices, by visiting our website or by going through an IATA accredited travel agency. In order to purchase an airline ticket or hold a flight booking, there is basic information we require. This information is necessary in order to identify you, contact you, or process your purchase.
These may include:
- Phone number
- Credit card number and expiration date
- Language preference
This information will allow us to:
establish your identification
protect you and us from error and fraud
understand your needs and eligibility for products and services
recommend particular products and services to meet your needs
provide ongoing services
comply with legal requirements
offer other products that are suitable to you
Process for dealing with Hardcopies of Corporate Travel Profiles
The following process will pertain to those Travel Profiles received as hardcopies as well as those received electronically, but printed for the purpose of database entry
Hardcopies of Traveler Profiles will be dealt with in the following manner:
An individual will complete the required information and fax or email their profile to our office
All profiles are pre-populated with information on where and to whom the document should be forwarded.
Once received by the Merit Account Management office , all profiles are forwarded to the Documents department for immediate database entry – profiles received electronically are printed for the purpose of database entry.
Once database entry is complete, the hardcopy profile is kept in a locked drawer for up to 60 days at which time all hardcopy profiles are destroyed.
Access to hardcopy travel profiles housed at Merit Travel Group is limited to employees of Merit’s Corporate Documents Department/Corporate Operations Supervisor/Manager of Customer Care and Account
Access to personal travel information housed on Merit’s GDS – Database System is limited to Travel Consultants, Corporate Documents Department, Corporate Operations Supervisor, Customer Care Manager, Account Management Department and Merit’s MIS Department.
Merit Travel Group has in place sophisticated security measures and procedures to ensure that your personal information is protected from misuse and from unauthorized access. However, no data transmission over the Internet can be guaranteed to be 100% secure. We cannot ensure the security of the information you transmit to us over the Internet.
New Use of Personal Information
Should Merit Travel Group wish to use your personal information for a purpose not contemplated at the time of initial collection, such as additional services, products, or promotional offers that may be of interest to you, we may use your contact information, including your email address, to ask for your consent to use your personal information for the new purpose.
Any information you provide will be used by Merit Travel Group to market vacation ideas, special rates for cruises, tours and airfares – plus enter-to-win competitions and more. By completing entries and surveys and participating in promotional activities, you are agreeing to this use of the information.
This web site may, in future, contain links to other sites. Please be aware that Merit Travel Group is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.
If you would like to join our mailing list and be informed of seat sales, last minute vacations and other promotional offers, we ask for your name, address, phone number and email address. We use this information to communicate to you via email.
For certain opt-in services, Merit Travel Group may collect profile information about you (e.g. hotel and car preferences, etc), as well as demographic information (e.g. education level, etc). This information will be used to communicate specific information to you based on the profile and demographic information you provide.
With Whom We May Share Your Information?
Merit Travel Group businesses and affiliates, their employees and suppliers are all governed by strict standards and policies to ensure your information is secure and treated with the utmost care and respect.
At Merit Travel Group, client information is strictly confidential. With your consent we will share information with other Merit Travel Group businesses or suppliers who perform services on our behalf. Unless you authorize us to release it, or release is required or permitted by law, we never sell, lease or trade information about you or your travel information to other parties.
Merit Travel Group Businesses and Affiliates
To ensure you benefit from our full range of products and services and as permitted by law, client information is sometimes shared with other Merit Travel Group businesses and affiliates. This is done only when the proposed services are available through another member, and only with your consent. If you would prefer not to receive special offers promoting products and services, or that we not share your information, kindly let us know by following the instructions in our ‘ Opt-Out ‘ policy.
In the course of daily operations, access to private, sensitive and confidential information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it. For example, when you call us, visit a store, or e-mail us, our designated employees will access your information to verify that you are the traveller and to assist you in fulfilling your travel requests.
As a condition of their employment, all employees of Merit Travel Group are required to abide by the privacy standards we have established. They are also required to work within the principles of ethical behaviour as set out in our internal Employee Rules and must follow all applicable laws and regulations . Employees are informed about the importance of privacy and they are required to sign either a code of conduct or a confidentiality agreement that prohibits the disclosure of any client information to unauthorized individuals or parties. To reinforce their understanding and commitment to upholding client privacy and confidentiality, employees periodically receive up-to-date literature about our privacy policies, principles and standards.
Unauthorized access to and/or disclosure of client information by an employee of Merit Travel Group is strictly prohibited. All employees are expected to maintain the confidentiality of customer information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
Outside Service Suppliers
At Merit Travel Group, we sometimes contract outside organizations to perform specialized services such as market research, mailing services or data processing. Our trusted service suppliers may at times be responsible for processing and handling some of the information we receive from you.
When we contract our suppliers to provide specialized services, they are given only the information necessary to perform those services. Additionally, they are prohibited from storing, analyzing or using that information for purposes other than to carry out the service they have been contracted to provide. In fact, our suppliers are bound by strict contractual obligations that have been designed to protect the privacy and security of your information. Furthermore, as part of our contract agreements, our suppliers and their employees are required to protect your information in a manner that is consistent with the privacy policies and practices that we have established.
Our Opt-Out Policy
In order to provide you with a variety of products, services and advice, Merit Travel Group will with your consent, share your client information with other Merit Travel Group businesses, affiliates and suppliers. Should you not wish to receive promotional materials from, or have your personal information shared with, these Companies, simply:
* Contact your nearest branch
* Call us at 1-800-268-1820
On Merit web sites, cookies are not currently used but may be used in the future to increase the robustness of our sites and to provide more efficient navigation. Cookies cannot view or retrieve data from other cookies, nor can they capture files and data stored on your computer.
WHAT IS A COOKIE?
A cookie is a small text file containing a unique identification number that a Web site sends to your computer’s web browser. While you visit a particular site, a cookie may be used to track the activities of your browser as well as provide you with a consistent, more efficient experience. There are two common types of cookies: persistent and non-persistent.
Persistent cookies are stored on your computer’s hard drive where they remain resident until they are either deleted or they reach a predetermined expiration date. Persistent cookies are most commonly used to provide visitors with a customized experience by recording preferences such as how a visitor prefers to have his/her web pages displayed. Additionally, cookies are commonly used to gather statistical information such as the average time spent on a particular page. This kind of information is valuable for several reasons, including providing insight on how to improve the design, content and navigation of a Web site.
Non-persistent cookies do not permanently record data and they are not stored on your computer’s hard drive. Rather, non-persistent cookies are stored in memory and are only available during an active session. Once a session ends, the cookie disappears. Non-persistent cookies are used primarily for technical reasons such as providing seamless navigation.
WHY WERE COOKIES CREATED?
The World Wide Web uses the Hypertext Transfer Protocol (HTTP) to govern how files such as graphics, text and sound are exchanged over the Internet. This protocol treats every action (i.e. mouse clicks) independently making the nature of the Web ‘stateless’. This means that every time you click on a new page for instance, a new connection is established and all previous activity is forgotten.
To provide visitors with a more uniform experience, cookies were used originally to maintain relevant information as visitors viewed various pages of a Web site. In effect, cookies were created to bring state and consistency to the ‘stateless’ environment of the Internet.
HOW DO COOKIES WORK?
The first time you visit a Web site, you may be sent a cookie that contains a unique identification number that can be easily retrieved during future visits. Cookies are used for different purposes such as to personalize the way you want a Web site to look.
When you type the Web site address in the address bar of your browser, your browser will contact the site you’ve entered and request its home page. The browser will search your hard drive for a cookie that may have been sent during a previous visit. If a cookie is found, the browser will send any information gathered from a previous visit to the web server. If a cookie is not found, then the browser will know you have not visited the site before.
Accessing Your Information
You may access and verify any of your regular information files whenever you wish. Most of this information is available in the form of transaction records.
Should you have questions concerning a decision we have made, we will inform you of the reasons for those decisions if we are permitted to do so by law. If for some reason, you are refused access to factual information held in your file, you may challenge this refusal by contacting our head office.
Amending Your Information
To help us keep your personal information up-to-date, we encourage you to amend inaccuracies and make corrections as often as necessary. Despite our best efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date information in your file(s), we will make the proper changes. Where appropriate, we will communicate these changes to other parties who may have unintentionally received incorrect information from us.
To Make a Change
To make a change to the personal contact information contained in your file, please call us at 1-800-268-1820 or visit one of our branches.
Teresa Man has been appointed the Privacy Officer. For any questions or concerns, she can be reached at:
111 Peter Street, Suite 200
Toronto, ON, M5V 2H1
tel: 416.364.3775 x 4235
toll free: 1.866.696.8591