Privacy and Cookie Policy
This Privacy and Cookie Policy (“Policy”) applies to www.aurarestaurant.ca (the “Site”), which is operated by Paul’s Restaurants Ltd. dba the Inn at Laurel Point. This Policy describes the personal information that the Inn at Laurel Point (“Laurel Point”, “we” or “us”) collects from or about you when you use the Site, make bookings, or inquire about or purchase services from us, how we use that information, and to whom we disclose it. “Personal information” means information about an identifiable individual, and does not include general, statistical or aggregated information.
Please read this Policy carefully. If you do not agree with this Policy, you should not access or use the Site. This Policy should be read in conjunction with the www.laurelpoint.com website Terms of Use, into which it is incorporated by reference.
This Policy was last updated on May 15, 2018. We may amend this Policy from time to time and, as such, you should review its terms each time that you visit our Site. Any changes to this Policy will be promptly communicated on this page, but will not go into effect until at least five (5) days after they are posted.
Accountability and Openness / Compliance
Laurel Point is responsible for personal information under our control. We have established policies and procedures to effectively safeguard any confidential personal information that we have on file or which we collect, and to deal with complaints and inquiries. We only collect personally identifiable data as described in this Policy, and are committed to maintaining the accuracy, confidentiality and security of your personal information. We will ensure that you have access to information regarding the policies and procedures that we use to manage your personal information.
Laurel Point has designated a chief privacy officer (“Privacy Officer”) who is accountable for the protection of data containing personal information and for our compliance with this Policy generally, as well as for ensuring that information about our policies and practices relating to the management of personal information is easily accessible. All questions or concerns regarding this Policy and our compliance with it should be directed to the Privacy Officer in writing, and sent by email to privacy@laurelpoint.com or by post to:
Chief Privacy Officer
Inn at Laurel Point
680 Montreal Street
Victoria, BC
Canada V8V 1Z8
Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual user.
In the event of a security breach concerning personal information, we will notify affected individuals within 72 hours of discovering the breach. In any event, if a breach is likely to affect the rights and freedoms of the affected individual, we will ensure that the notification is made without undue delay.
Consent
Except as expressly provided in this Policy or as otherwise permitted by law, consent is required for the collection of personal information and the subsequent use or disclosure of that information. Consent may be express or implied, except in the case of sensitive personal information – such as information about race, ethnicity, religion, health, or sexuality – in which case consent must be explicit. For consent to be meaningful, it must be informed, unambiguous and freely given. Consent will only be valid if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting. Typically, consent will be sought for the use or disclosure of personal information at the time of collection, and reasonable efforts will be made to ensure that you understand the purpose(s) for which the information will be used or disclosed. In certain circumstances, consent regarding use or disclosure may be sought after the information has been collected, but before use, such as when Laurel Point wishes to use personal information already in its possession for a purpose that was not previously identified.
We try to limit the circumstances under which we collect and process sensitive personal information. Examples of situations where we may do so include those in which you have requested specific assistance from us, such as wheelchair accessible facilities or meals that are compliant with religious dietary guidelines, or where you have chosen to provide such information to us, or it has been provided to us by a third party, such as a travel agent through which you have made a booking.
By voluntarily submitting your personal information, making bookings with us, or using our services, you signify your agreement to the terms and conditions of this Policy and to our use of your personal information in accordance with this Policy. You may always choose not to disclose personal information. You may make inquiries, or change or withdraw your consent to the collection, use and/or disclosure of your personal information at any time by contacting the Privacy Officer in writing using one of the addresses listed above. In some circumstances, particularly where our use of your information is integral to the provision of a product or service, your refusal to provide consent, or a change or withdrawal of consent, may affect your transactions and/or our ability to provide you with information, products or services.
Collection of Information
What Information is Collected and How?
We collect personal information only to the extent that it is necessary for the purposes set out below (see: Purpose – Why We Collect, Use and Disclose Information). In most cases, we will collect personal information directly from you when you interact with us with respect to our hotel, events, or any other product or service that we offer. Occasionally, we may collect personal information from a third party based on your consent or as otherwise permitted by law. Personal information will always be collected using means that are fair and lawful.
Examples of personal information that we may collect, use and disclose include your name and email address, telephone number, and home address; passport numbers and other government-issued identification information; nationality and date of birth; car license and description; credit card details (type of card, credit card number, name on card, expiration date, and security code); employer or other relevant details, if you are an employee of a corporate account holder; guest stay information, including date of arrival and departure, special requests, and observations about your service preferences (including room preferences, facilities and other services used); information that you provide regarding your marketing preferences; and any other information that you may provide to us in conjunction with your use of our facilities and services.
If you provide comments or other feedback to us, you agree that such comments or other feedback become the property of Laurel Point, and we may use and disclose them for any purpose provided that we do not associate them with your personally identifiable information without your express consent.
Information Collected Through Automated Means
Users may visit our websites without telling us who they are, or revealing any information about themselves. However, like many organizations’ websites, our web server automatically logs certain non-identifying information related to a user’s visit to the website, including the Internet Protocol (IP) address of the user’s computer, the user’s Internet service provider (ISP), the type and version of the browser that the user is using, the date and time the user accessed our website, the Internet address of the website from which the user linked directly to our website, the operating system that the user is using, and the pages of the website that the user has visited. We will not attempt to link this information with the identity of individuals visiting our website unless we have permission to do so. We may, however, review server logs and anonymous traffic for system administration and security purposes, for example to detect intrusions into our network, for planning and improving web services, and to monitor and compile statistics about website usage. The possibility therefore exists that server log data, which contains users’ IP addresses, could in instances of criminal malfeasance be used to trace and identify individuals. In such instances, we may share raw data logs with the appropriate authorities for the purpose of investigating security breaches.
We also use cookies, analytics, pixels and other technologies in order to improve our service, your user experience, and to analyze how the Site is used to assist with our business and marketing.
Cookies: “Cookies” are small text files that are placed on your computer by websites that you visit. They are used to identify you to the web server, and will tell the server who you are when you return to a page on the same website. Your browser will only send a cookie back to the domain that originally sent it to you. A cookie cannot run any programs, deliver any viruses, or send back information about your system. Session cookies expire when you close your browser. Persistent cookies remain on your device until they are deleted or expire. We may use cookies to determine and facilitate your access privileges on our website, to complete and support a current activity, to track website usage, to remember your language and other preferences, and to generally improve your experience.
When you visit the Site for the first time a banner informs you of the use of cookies, seeks your express consent to their use, and provides a direct link to this information page. Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. If you decline cookies, you will still be able to use the Site, but your ability to access certain features and functions may be affected. To find out more about cookies, including how to see what cookies have been set and how to manage and remove them, please visit AboutCookies.org or All_About_Cookies.org.
Google Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about the use of the Site, and to report on activities, trends and user behavior patterns. We do this to obtain an overview of how people are accessing and using the Site, as well as to provide marketing services to you. Information that we use from Google Analytics includes: IP address; time per page; pages per session; bounce rate; device information; frequency of use; language; demographic; geographic and interests. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners. You can opt out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Retargeting/Remarketing: We use Google AdWords Remarketing and other tools to advertise our services across the Internet. When you visit the Site, your device will be tagged with a cookie which will allow relevant ads, tailored to you based upon which parts of the Site you have viewed, to be displayed. Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you. You can opt out of Google’s use of cookies by visiting http://www.google.com/settings/ads. Please also see the general “Cookies” section above.
Pixels: Pixel tags (also known as web beacons and clear GIFs) are tiny snippets of JavaScript code that we have placed on the Site. They may be used in connection with some online services to track the actions of users of the online services, measure the success of our marketing campaigns and compile statistics about the usage of online services and response rates. For example, we use pixels to measure the return on investment of Facebook Ads by reporting on the actions people take after viewing those ads. We also use them to show you more relevant advertisements on Facebook based on your traffic on our Site. Facebook may use cookies, beacons and similar technology as part of this process. You may opt out of Facebook’s Custom Audience ads here: http://www.aboutads.info/choices/.
Retention of Personal Information
Subject to any legal or accounting requirements, we will retain personal information only as long as necessary to fulfill the purposes for which it was collected. Personal information that is no longer required will be destroyed, erased or made anonymous, although copies of deleted information may continue to exist on back-up media. You may request the erasure of your personal information at any time, which we will endeavor to do without undue delay as required by applicable law. Written requests should be sent to the Privacy Officer at the address set out above (see: Accountability and Openness / Compliance)
Purpose – Why We Collect, Use and Disclose Information
We will identify the purposes for which we collect personal information before or when we request the information. We will not collect personal information which is not necessary and, except as specified below, will not use or disclose personal information for any purpose other than the purpose(s) for which it was collected without first obtaining your consent. The information that we collect is used and disclosed only for business purposes. These include:
- to operate and maintain our establishment and the Site, and to respond to your requests, questions and concerns;
- to complete and manage your online reservations;
- to provide high quality customer service, including through the establishment of customer profiles which help us to better address your individual needs;
- to provide you with personalized content, and to maximize our ability to provide you with information and services that are useful and relevant to you;
- to obtain feedback regarding our hotel and services, which may include inviting you by email to write a guest review after your stay. This can help other travelers select the accommodations that suit them best;
- to support our marketing activities, as permitted by law;
- to verify that any information submitted by you is accurate and complete;
- to communicate with you for other reasons related to our business and to create a record of your involvement with us;
- to assist in ensuring your lost and forgotten belongings can be returned to you if they are located;
- for legal purposes, which may include the handling and resolution of claims and legal disputes, or for regulatory investigations and compliance;
- to detect and prevent error, fraud, theft and other illegal or unwanted activities;
- to provide you with information and promotional materials, and other marketing communications, regarding Laurel Point, and our products and services;
- internal business purposes, including analysis, to administer or improve our services, enhance the user experience, and to improve the functionality and quality of our Site and online travel services;
- to comply with any legal, accounting and regulatory requirements, including reporting requirements;
- any other reasonable purpose for which you provide consent, or for which consent may be implied in accordance with this Policy and applicable law.
Where personal information that has been collected is to be used for a purpose not previously identified, and for which consent cannot be reasonably implied, the new purpose will be identified and consent obtained prior to the use of that information for the new purpose unless otherwise permitted by law.
We comply with Canadian “anti-spam” legislation, and will only send you electronic communications as permitted by law. Note that you may always unsubscribe from our electronic communications by following the “unsubscribe” link clearly included in each communication, or by notifying the Privacy Officer at the address set out above (see: Accountability and Openness / Compliance).
Legal Basis for the Use of Your Personal Information
Laurel Point will only process your personal information where we have a legal basis to do so. The legal basis will depend upon the reason or reasons that we collected and require the use of your information. The legal basis will generally be:
- The performance of the contract that we have with you, including for the purpose of making, managing and completing reservations.
- Our legitimate interests, such as providing you with the best appropriate content for the Site, emails and newsletters, to enhance customer experience, improve and promote our products and services and the content on our Site, and for administrative, fraud detection and legal purposes.
- To comply with legal obligations.
- To protect your vital interests, or those of another natural person.
- Because you have consented to our use of your personal information for particular purposes, such as the creation of customer accounts, the processing of reservations, and direct marketing. You may withdraw your consent at any time by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Compliance).
Disclosure to Third Parties
Your personally identifiable information is never sold and, except as specifically provided in this Policy or permitted by law, will not be shared with third parties unless we provide you with both prior notice and choice.
You acknowledge that, in the course of our supply of products and services to you, we may delegate our authority to collect, access, use, and disseminate your information to third party subcontractors. Third party subcontractors may include payment processors, property management systems, booking engines, direct booking platforms, analytical support services, web hosts, customer relationship management systems, and parties that we engage to send out marketing materials. If we transfer any personal information to a third party subcontractor, we will provide the subcontractors only with the information needed to perform the subcontracted service, and will use appropriate contractual or other means to provide a comparable level of protection while the information is being used by them. Without limitation, we will ensure that our third party subcontractors are bound to adhere to this policy, appropriate confidentiality provisions and all applicable laws. Details regarding the personal information that we make available to our third party contractors, and how it is used, is available by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Compliance). Any request made by you to correct, change or erase your personal information will be promptly communicated to any third party subcontractors in possession of that information. However, you agree not to hold us liable for the actions or inactions of any third party subcontractor, even if we would normally be held vicariously liable for their actions, and understand that you must take legal action against them directly should they commit any tort or other actionable wrong against you.
We may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law, government request, request of a law enforcement agency, search warrant, subpoena or court order, or based on our good faith belief that it is necessary to do so in order to comply with such law, request, warrant, subpoena or court order, or enforce our rights or to protect our assets, the users of our websites, products or services, or the public.
Subject to certain restrictions, Laurel Point may also use and disclose your personal information without your knowledge or consent where necessary in connection with a proposed or completed business transaction. “Business transaction” includes those transactions described in the Personal Information Protection and Electronic Documents Act, S.C. 200, c.5, as amended. In each such case, Laurel Point and the other part(ies) to the transaction or proposed transaction will enter into an agreement limiting the purposes for which the personal information may be used and disclosed, ensuring its protection by means appropriate to the sensitivity of the information, and providing for the return or destruction of the information if the transaction does not proceed, or if the transaction does proceed, to notify you within a reasonable time that your personal information has been disclosed.
Safeguards – How Information is Protected
We have implemented reasonable physical, organizational, contractual and technological security measures to protect personal information in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the personal information, with the highest level of protection given to the most sensitive personal information. We use user IDs, passwords, and encryption technology, maintain our servers in locked premises, and restrict the employees and contractors who have access to personal information to those having a “need to know” and who are bound by confidentiality obligations, in order to ensure that information is handled and stored in a confidential and secure manner. When destroying personal information, we delete electronically stored personal information and shred any tangible materials containing personal information. While we will endeavour to destroy all copies of personal information, you acknowledge that deleted information may continue to exist on back-up media but will not be used unless permitted by law.
We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the Internet or other public means of communication to collect and process personal data may involve the transmission of data on an international basis and across networks not owned and/or operated by us. Therefore, by downloading and using our information and services, and/or communicating electronically with us, you acknowledge and agree to our processing of personal information in this way and agree that we are not responsible for any personal information which is lost, or which is altered, intercepted or stored by a third party without authorization.
Accuracy / Access
Laurel Point has a responsibility to ensure that all personal information contained in our records or which is disclosed to third parties for the purposes described above is accurate, complete and up-to-date. You may make a request in writing for access to your personal information by time by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Compliance). Including “Request personal information” in the subject line of your email will facilitate compliance with your request. We will inform you of your personal information held by us, and provide an account of the use that has been made of the information, as well as identify any third parties to whom the information has been disclosed. In certain circumstances, Laurel Point may not be able to provide you with access to all or some of your personal information, in which case you will be advised in writing of the reasons for our inability to provide you with the information.
If you demonstrate the inaccuracy or incompleteness of your personal information, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data or if your personal information changes. Except as provided by applicable law, you have the right to require that we erase any of your personal information without undue delay, particularly in cases where the information is no longer required by us, you no longer consent to our use of your personal information, or if our use was in violation of this policy or applicable law. All notices and requests regarding inaccuracies, changes or erasure should be in writing and sent to the Privacy Officer at the address set out above (see:
Accountability and Openness / Compliance).
Special Notification for California Residents
Individuals who have provided their personal information to us may request information regarding our disclosure of certain of their personal information to third parties for direct marketing purposes. Requests must be in writing and sent to the Privacy Officer at the address set out above (see: Accountability and Openness / Compliance). Requests may be made no more than once per calendar year. Within thirty (30) days of receiving your request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the preceding calendar year, as well as the names and addresses of the third parties.
International Transfer and Storage of Information
You acknowledge and agree that your personal information may be transmitted, transferred, processed, and/or stored outside of Canada, including in the United States. We will use reasonable means to ensure that your information is protected, but cannot guarantee that the laws of any foreign jurisdiction will accord the same degree of protection as the laws of Canada. By submitting your personal information to us, you consent to the transmission, transfer, processing and/or storage of your personal information outside of Canada.
Links to other Websites
The Site may contain optional links to services and other third party Internet sites that we believe may be of interest to you. You acknowledge that these third parties may collect data from users or their computers. The accessing and use of third party websites is at your own risk, and we cannot assume responsibility for the privacy practices, policies or actions of the third parties who operate those websites. This Policy applies only to Laurel Point websites, and we encourage you to review the privacy policies contained on each Internet site that you access.
Minors
Individuals under 19 years of age should not use our Site or related services, although in certain exceptional circumstances we may collect information from individuals who are at least 16 years of age if express consent has been given, the information is required to process and complete a reservation, and is otherwise permitted by law. Additional conditions and safeguards may apply. Laurel Point will never knowingly collect personal information from individuals under 16 years of age. If we are advised, or otherwise discover that personal information has been collected from a person under 16 years of age, we will take all commercially reasonable steps to delete that information.
Governing Law
You agree that your access to and use of the Laurel Point website, and this Policy, are governed exclusively by the laws of the Province of British Columbia and the federal laws of Canada applicable therein (excluding conflicts or choice of laws principles). In case of any inconsistency between this Policy, and applicable law, applicable law shall prevail and this Policy shall be interpreted so as to apply only to the extent permitted by law.