We respect your right to privacy and aim to ensure you have a positive experience with us, whether visiting our website, making bookings, or interacting with our brand. We know your personal data is important to you, and we want you to feel confident in our data protection practices, which reflect our commitment to handling your information with care.

• Identity Data: Includes first name, last name, username or similar identifier, title, date of birth, and gender.
• Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
• Financial Data: Includes bank account and payment card details.
• Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
• Usage Data: Includes information about how you use our website, products, and services.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.
• Call Recordings: Includes recordings of calls made to our reservation centres.

We process your personal data under the following legal bases:

• Consent: You have given clear consent for us to process your personal data for a specific purpose.
• Contract: Processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights and interests do not override those interests.

We process personal data for the following activities, along with their respective legal bases:

You may receive marketing communications from us if you have requested information or purchased goods/services from us, unless you have opted out. By opting in to receive marketing communications, you may also receive materials from our affiliated brands or partners offering related products, as well as through completed request-a-quote (RAQ) forms or brochure requests.

We may also receive your contact information from third-party lists, where you have provided consent to share your data with us for marketing purposes. This allows us to share information and offers related to our services with you.

If you prefer not to receive marketing from us or our affiliated brands, you can opt out at any time by unsubscribing through any marketing email sent to you or by contacting us.

For direct mail, you can unsubscribe by completing a specific form, Data Request Form | The Travel Corporation or by emailing us at compliance@ttc.com.

If you are associated with a business or organisation that is our customer, we may collect personal data, including:

• Business Details: Name, address, contact information, payment details, and financial information of the business.
• Role Within the Business: Your position (e.g., owner, partner, director, employee, agent).
• Work Contact Details: Work address, telephone numbers, fax number, and work email.

Purpose: This data is collected to fulfill contractual obligations and manage our business relationships effectively.

Legal Bases: The processing is necessary for the performance of a contract and is based on our legitimate interests in managing customer relationships and providing services.

We and our suppliers or subcontractors may generate personal data about you in the following ways:

• Enquiries, Bookings, Complaints: Data generated when handling enquiries, bookings, or complaints.
• Fulfillment of Contracts: Data generated during the fulfillment of bookings or contractual agreements.
• Analysis of Personal Data: Insights gained through data analysis to improve services and customer experience.
• Website Usage: Data collected from your use of our website, as detailed in our cookie policy.
• Telephone Calls: Recordings of telephone calls for training and quality purposes.

Purpose: This data is used for operational purposes such as improving customer service, service delivery, and business analytics.

Legal Bases: The processing is based on legitimate interests to maintain and improve our services, fulfill contractual obligations, and comply with legal requirements.

We collect information regarding your accounts, registrations, and participation in loyalty programs.

Purpose: This data is used to manage your account, facilitate registrations and memberships, and administer loyalty programs.

Legal Bases: Processing is necessary for the performance of a contract and is based on our legitimate interests in providing personalised services and improving customer loyalty.

We process messages and communications related to bookings, enquiries, or contracts between you, us, and third parties.

Purpose: Correspondence data is essential for confirming bookings, responding to inquiries, resolving issues, and fulfilling contractual obligations.

Legal Bases: Processing is necessary for the performance of a contract and is based on our legitimate interests in providing efficient customer service and managing relationships.

We collect personal data from your use of our website, including:

• Data Collection: Information about your visits and interactions, including IP address, device details, browser type, operating system, and time-zone.
• Cookies and Web Beacons: Data collected through cookies and web beacons to enhance user experience and analyse website performance.
• Page Interactions: Data about the pages visited, services/products viewed, duration of interaction, etc.

Purpose: This data helps us improve website functionality, personalise user experience, and optimise marketing efforts.

Legal Bases: Processing is based on legitimate interests to understand user preferences, improve performance, and deliver relevant content and advertising.

We may process content you provide related to your experiences with us, including:

• Feedback, Blogs, Reviews, and Images: Content submitted to our platforms.
• Marketing Use: Use of such content in marketing materials, on our website, in emails, or shared with trade partners.

Purpose: User-generated content enhances marketing, promotes engagement, and provides authentic testimonials.

Legal Bases: Processing is based on consent when you submit content and is necessary for our legitimate interests in promoting services and engaging with our audience.

We may obtain personal data about you from third parties, including:

• Providers of Holidays, Accommodation, and Travel Services: Data obtained to fulfill bookings and provide comprehensive travel services.
• Credit, Fraud, and Identity Verification Agencies: Data obtained for identity verification, fraud prevention, and secure transactions.
• Businesses You Are Associated With: Data to enhance customer service and manage business relationships.
• Purchased Third-Party Lists: We may also receive personal data from third-party providers, including purchased marketing lists, where you have opted in to allow your information to be shared for marketing purposes.
• Social Media Platforms: We may collect personal data through interactions on social media platforms (e.g., Facebook, Instagram), including engagement with our advertisements and campaigns.

We may share your personal data with other affiliated brands under The Travel Corporation (TTC) if you have explicitly opted in, requested a quote (RAQ), or requested a brochure from those brands. Your data will only be shared under these specific circumstances, and we do not sell or share your personal information for any other purposes.

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and we use them to improve your customer experience. Please see our separate Cookie Notice.

We (along with any affiliate of the Travel Corporation, subcontractor, or other entity processing your personal data on our behalf) may transfer, store, and process your personal data within Canada. We may also transfer your personal data outside of Canada, including to companies within our group or to third parties, based on contracts that incorporate the Standard Contractual Clauses issued by the European Commission or other legally recognised mechanisms. We ensure the protection of your personal data by adhering to these standards and implementing adequate safeguards for such transfers.

Our website is not meant for children, as defined by data protection laws, and we cannot always know the age of those using it. If a child has shared personal information without permission from a parent or guardian, the parent or guardian should contact us. If we find out that a child’s personal information was collected without proper consent, we will delete the child’s account, if they have one.

In some cases, we may need to collect children’s personal information, such as for bookings, buying travel-related services, or other special situations (like family-focused features). When we handle children’s information, we follow strict rules to ensure it is used lawfully, only when necessary, and kept secure.

If you have questions about how we protect children’s personal information, or if you are a parent or guardian who wants to delete or update your child’s information, please contact us at compliance@ttc.com.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. Specific retention periods for different aspects of your personal data are available upon request.

You have rights under data protection laws regarding your personal data, including the right to:

• Access your personal data.
• Correct your personal data.
• Erase your personal data.
• Object to processing of your personal data.
• Restrict processing of your personal data.
• Transfer your personal data.
• Withdraw consent.

To exercise any of these rights, please use our dedicated online Data Request Form at Data Request Form | The Travel Corporation (ttc.com), or email your request to compliance@ttc.com.

The laws we comply with are regulated by the Office of the Privacy Commissioner of Canada (OPC). You can contact the OPC at 30 Victoria Street, Gatineau, Quebec, K1A 1H3, by phone at 1-800-282-1376, or online at https://www.priv.gc.ca/en/ . In addition to your rights mentioned above, you may also reach out to the OPC if you have a complaint or concern. The OPC has the authority to ensure compliance with applicable laws and may take enforcement actions in cases of non-compliance. However, we hope you will contact us first to discuss any concerns or complaints before reaching out to the OPC.

We prioritise your data security with strict measures to prevent unauthorised access, loss, or disclosure:

• Physical Security: Secure premises and controlled access to storage areas.
• Encryption and Network Security: Data encryption, firewalls, and advanced security protocols.
• Access Control: Restricted data access with strong authentication.
• Data Minimisation: Collect and retain only necessary data.
• Audits and Monitoring: Regular checks for vulnerabilities and compliance.
• Staff Training: Ongoing education on data protection practices.
• Incident Response: Rapid action plan for data breaches.
• Third-party Compliance: Ensured through contracts.
• Privacy by Design: Privacy integrated into our systems from the start.
• Continuous Improvement: Regular updates to security measures.

These measures ensure your personal data is safe and handled responsibly at all times.

We keep our privacy notice under regular review. Any changes we make to our privacy notice will be posted on this page and, where appropriate, notified to you by email.

The data controller responsible for the processing of your personal data is Insight Vacations, located at 33 Kern Road, Toronto, Ontario M3B 1S9. You can contact us at email at compliance@ttc.com,  by phone at 0800 533 5619, or by post 33 Kern Road, Toronto, Ontario M3B 1S9 for any privacy-related queries.

If your data is shared with affiliated brands under TTC, those brands will process your data in accordance with their own privacy notices, and personal data will only be shared under the circumstances outlined in this notice.

For further details on how we and our affiliated brands handle your data, please refer to the individual privacy notices of each brand.