Privacy Policy

last updated May 20, 2024

This website is operated by 8742995 Canada Inc., a wholly owned subsidiary of Serefin Travel Holdings Inc. (collectively, “Serefin”). As providers of The Mapped Travel Club providing online and call-center travel booking services (the “Program”), we recognize that maintaining customer trust is the most important thing we can do. We respect your privacy and we constantly update the policies and procedures contained herein (the “Privacy Policy”), which reinforce our commitment to you.

The web page located at travel.zooming.ca and all linked pages together form the “Site”. When used herein, the term “Services” shall refer to the Program and any other product, or services we make available to or perform for you through the Site, including any landing pages or informational pages.

This Privacy Policy applies to the supply of the Services by Serefin and/or its affiliates ("we", "us" and "our"). Should you respond to any advertising or promotional material from “Everything Mapped” or any other part of the Mapped Media Digital Network, any personal information that is collected will be subject to the Everything Mapped privacy policy. Please read this Policy carefully and review it periodically for the latest information about our privacy practices. By accepting our Terms of Service or by accessing or using our Services or Site, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy, and consent to the use of your information by us as set forth herein. This Privacy Policy may be supplemented or amended from time to time, so we encourage you to periodically review this policy. If you do not agree with the practices described in this Privacy Policy, or if you do not have authority to agree to this Privacy Policy, please do not provide us with your Personal Information or interact with the Site and/or Services.

We will routinely update this Privacy Policy to clarify our practices and to reflect new or different privacy practices, such as when we add new services, functionality or features to the Site and/or Services. Changes to this Privacy Policy will be communicated to you as indicated herein. You can determine when this Privacy Policy was last revised by referring to the “effective as of” date indicated below. If you do not agree to the revised Privacy Policy, please stop using the Site and/or Services.

This Privacy Policy applies to the collection, use, disclosure and storage of the Personal Information (as defined below) provided to us by you in your use of our Services.

What is “personal information”?

"Personal Information" as used in this Privacy Policy means information that either alone or in combination with other information in our possession, could be used to identify you, including but not limited to your name and date of birth and any “billing information”, including credit card or payment details provided when using our Services.

The information that you are asked to provide, and the reasons why you are asked to provide it, will be disclosed to you upon our request for any such information.

The collection, use and disclosure of Personal Information by any third parties with which we have business relationships is governed by the privacy policies of such third parties, over which we have no responsibility or control. However, if we receive from such entities information about you, then this Privacy Policy will apply to our collection, use and sharing of such information.

When do we collect your personal information?

We may ask for Personal Information from you in the following circumstances:

  • when you make a travel booking with us or purchase any other product or service from us, whether online, by telephone or by any other means;
  • when you contact us to discuss a booking or make use of any of our Services;
  • when you register for any loyalty program or subscribe to our e-mail notification service;
  • when you enter competitions, sweepstakes or register for promotions; and
  • when you take part in surveys or provide us with feedback or questions.

In some cases, we may use other available information about you (for example from credit reference agencies, anti-fraud screening services, publicly available on-line information and CCTV) for the purposes outlined herein.

When visiting our website, we also automatically collect session information about your computer through the use of cookies[e.g., your IP address, Web browser software (such as Firefox, Safari, Chrome or Internet Explorer], and referring website). We may also collect information about your online activity, such as trips viewed and bookings made. We use this automatically collected information to customize your user experience, to inhibit fraud, and to serve advertisements and special offers and other information that may be of interest to you. In some countries, including countries in the European Economic Area, this information may be considered "personal data" under applicable data protection laws.

Why do we collect personal information?

When you provide us with your Personal Information, we use it for a number of purposes, including:

  • to fulfil any existing and/or future travel arrangements you make with us including necessary reservation, payment and ticketing arrangements and any administration associated with the travel arrangements (this may sometimes include sensitive personal data, for example relating to your health or disabilities). You recognize that, by providing us with such sensitive personal data, you give your explicit consent to process such data as required, and in accordance with, this Privacy Policy;
  • to provide any other Services;
  • To facilitate communication between you and Serefin including, without limitation, responding to your questions or comments, sending emails concerning our products and services, or to contact you for feedback regarding us, our advertisers or our business partners;
  • to fulfil security, customs, immigration and border control requirements associated with your travel arrangements, which may include providing information to relevant police enforcement and appropriate government agencies, as required by law;
  • to provide to appropriate third parties involved in the delivery of travel services to you, as necessary;
  • to provide you with information about products, services and promotions that may be of interest to you, if you have opted into such communications;
  • To customize, analyze, adjust and improve the Site and/or Services to meet our or our business partners' needs and expectations;
  • for quality assurance testing, market analysis, industry studies, systems testing, analysis of statistics, benchmarking, auditing, analyzing performance measures, and preparing and distributing products and services with anonymized aggregate data and information (which may include monitoring or recording your telephone conversations with us for the purposes set out in this notice);
  • for arranging and administering any relevant insurance products;
  • for payment card verification and anti-fraud screening;
  • To prevent fraud, criminal activity, or misuse of our Services, and to ensure the security of our IT systems, architecture, and networks; and
  • To enforce our agreements with you and to comply with legal obligations and legal processes, and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

We will use the email address we have on file for you to communicate with you about any of the above-listed items.

Do we disclose any information to outside parties?

We represent and warrant that we will not sell, trade, or otherwise transfer to outside parties, your Personal Information. In certain circumstances we may share your Personal Information without further notice to you, unless such notice is required by applicable laws, with the following categories of third parties:

  1. Business Partners, and more particularly, your loyalty program operator, with whom we may jointly offer products or services.
  2. Suppliers, such as hotel, airline, car rental, and tour providers who fulfill your travel reservations. These suppliers are not controlled by us and Personal Information disclosed to them is subject to the applicable supplier's privacy policy and security practices.
  3. Third-party Vendors, who provide services or functions on our behalf, including payment processing, business analytics, customer service, marketing, distribution of surveys or sweepstakes programs, and fraud prevention. Third-party vendors have access to and may collect information only as needed to perform their functions and are not permitted to share or use the information for any other purpose.
  4. Referring Websites, for example, through a link you clicked on another site that directed you to this Site.
  5. Companies within our Corporate Family. To the extent that our corporate affiliates have access to your information, where such access is necessary in the normal course of Serefin business, they will follow practices that are at least as restrictive as the practices described in this Privacy Policy. For clarity, an affiliate is an entity that controls, is controlled by, or is under common control with Serefin. They will also comply with all applicable laws governing the transmission of promotional communications.
  6. Business Transfers. In the event of a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Information and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets. Disclosure of your Personal Information under this section shall be governed by confidentiality agreements associated with the Transaction.
  7. As required by law. We may be required to share your Personal Information by law or in the good faith belief that disclosure of your Personal Information is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of our employees, users of the Services, or the public, or (v) protect against legal liability.

We may also disclose Personal Information to any other person if you consent to the disclosure, as outlined further below.

Legal basis for processing under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)

Under the GDPR, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect Personal Information from you only (i) where we need the Personal Information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.

If we ask you to provide Personal Information to comply with a legal requirement or to enter into a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).

If we collect and use your Personal Information in reliance on our legitimate interests, this interest will normally be to operate our platform, provide our services and communicate with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform or services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

We will obtain consent when we want to use Personal Information for a new purpose or for a purpose other than those stated at the time of collection, in this Privacy Policy or in the terms and conditions of the specific product, service, program, contest, promotion or event you signed up for, participated in or purchased. Consent can be "express" through words/actions or by specific acts or "implied" by the conduct of the individual whose Personal Information is being collected, used or shared. Unless we determine that we require an additional consent for specific products, services, programs, contests, promotions or events, you agree and consent that as our customer, we may collect, use, share or otherwise process your Personal Information in accordance with this Privacy Policy. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, or would like to withdraw or limit your consent, you can contact us as described below in "Contacting Us About Your Privacy". If you have a product, service or program, such as an insurance privacy policy, or are participating in a contest, promotion or event, that is offered by a third party together with us, you may also have to provide your consent preferences or withdraw your consent with that third party separately. Please note that it may take some time for all of our records to reflect changes in your preferences. For example, if you request that you not receive personalized marketing communications from us, your preference may not be captured for a promotion already in progress.

Direct marketing

If you have opted to receive direct marketing, either from us or a third party, you may be contacted from time to time with information which we think you may find of interest. We may also pass on your contact details to other internal parts of our organization so they may inform you about products or services which may be of interest to you.

Contact may be made by post, telephone, email, or social media depending on the preferred choice of communication you selected during your registration process with us. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. You can also control the marketing communications you receive by updating your settings through your online account with us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications, but we will continue to contact you regarding management of your account, any bookings you have with us, and to respond to your requests.

How do we protect your information?

We implement commercially reasonable technical, administrative and organizational security measures to protect your Personal Information both online and offline from loss, misuse and unauthorized access, disclosure, alteration, or destruction. For example, only authorized employees are permitted to access Personal Information, and they may do so only for permitted business purposes.

We also offer the use of a secure server. All supplied sensitive/financial information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway provider’s database only to be accessible by those who are (i) authorized with special access rights to such systems and (ii) are required to keep the information confidential. We also employ firewalls and intrusion detection systems to help prevent unauthorized persons from gaining access to your Personal Information. For your protection, following completion of a transaction, your financial information will not be stored on our servers.

You should be aware, however, that Serefin has no control over the security of other Websites on the Internet that you might visit, even where such other sites are linked to our Services. If you share your computer or use a computer that is accessed by the general public, remember to sign off and close your browser window when you have finished your session. This will help to ensure that others cannot access your information.

We want you to feel confident using the Services. However, no system can be completely secure. Therefore, although we take commercially reasonable steps to secure your information, we do not promise, and you should not expect, that your information, searches or other communications will always remain secure. In the event of a breach of the confidentiality or security of your information, we will notify you if reasonably possible and as reasonably necessary so that you can take appropriate protective steps. We may notify you under such circumstances using the email address(es) we have on record for you. You should also take care with how you handle and disclose your information.

Links to Third-Party websites

Our Site or the Services may contain links to other websites not operated or controlled by Serefin, including social media platforms (“Third Party Sites”).

The information that you share with Third Party Sites shall be governed by the specific privacy policies and terms of service of such Third-Party Sites and not by this Privacy Policy, and Serefin bears no responsibility or liability in law or otherwise with respect to the content or terms of such Third-Party Sites. By providing these links we do not imply that we endorse or have reviewed the Third-Party Sites or their corresponding Privacy Policies or Terms of Use. Please contact the Third-Party Sites directly for information on their privacy practices and policies.

Data retention

We retain Personal Information for as long as reasonably necessary (i) for the purposes described in this Privacy Policy, (ii) while we have a business need to do so, or (iii) as required by applicable law (e.g. for tax, legal, accounting, or other purposes), whichever is longer. When we have no ongoing legitimate need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

Where do we keep your personal information?

We store, access and use Personal Information in Canada. Unless there is a legal or regulatory requirement to keep such information in Canada, Personal Information may also be stored, accessed, or used outside of Canada. Where Personal Information is located outside of Canada, it is subject to the laws of that jurisdiction.

Users Outside Canada

The Site is hosted in Canada and is governed by Canadian law. If you are visiting the Site from outside Canada, please be aware that your information may be transferred to, stored and processed in Canada, where our servers are located and our central database is operated. The data protection and other laws of Canada and other countries might not be as comprehensive as those in your country. By using the Site, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share that information as described in this Privacy Policy.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers’ systems to recognize your browser and capture and remember certain information.

We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders over the telephone.

For more information regarding cookies, including the type and function of cookies used, please consult our Cookie Notice.

Your rights and dispute resolution

Our policy is to respond to access requests as directed by applicable laws. However, we may decline access to Personal Information in certain circumstances, including where the information requested would reveal confidential information or Personal Information about someone else, or if legal or regulatory requirements prohibit providing access or permit denial of access to the requested information.

  1. If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by contacting us using the contact details provided below.
  2. You can ask us to restrict processing of your Personal Information or request portability of your Personal Information by contacting us using the contact details provided below.
  3. You have the right to opt-out of marketing communications we send you at any time, by clicking on the “unsubscribe” link in the marketing e-mails we send you.  To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided below. Note that we may retain certain information associated with your account, but which does not readily identify you.
  4. Although you may have previously provided your consent to our collection and processing of your Personal Information, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
  5. You have the right to file a complaint with a data protection authority as it relates to our collection and use of your Personal Information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Children

You must be at least the greater of (i) eighteen years old; or (ii) the age of majority in your jurisdiction or older (the “Required Age”) to use our Services. By using our Site, you confirm that you are the Required Age. We do not intentionally collect information about or from persons under the Required Age. If we learn that we have collected information from persons under the Required Age, we will delete that information as quickly as possible.

Further information

Caricom API Data: Please note that some or all of the Caricom states listed below have entered into an agreement with the USA whereby advance passenger data, required by and provided to Caricom states for border security purposes, will be passed to the USA Department for Homeland Security for processing on behalf of those Caricom states listed as follows: Anguilla, Antigua and Barbuda, The Bahamas, Barbados, Belize, Bermuda, British Virgin Islands, Cayman Islands, Dominica, Grenada, Guyana, Haiti, Jamaica, Montserrat, Saint Lucia, St Kitts and Nevis, St Vincent and the Grenadines, Surinam, Trinidad and Tobago, Turks and Caicos Islands. Collectively members or associate members of ´Caricom´. The UK Information Commissioner's Office has accepted that this will not breach the Data Protection Act but that we are required to bring this to your attention.

US Secure Flight Data: The Transportation Security Administration (TSA) requires you to provide your full name, date of birth, and gender for the purpose of watch list screening, under the authority of 49 U.S.C. section 114, the Intelligence Reform and Terrorism Prevention Act of 2004 and 49 C.F.R parts 1540 and 1560. You may also provide your Redress Number, if available. Failure to provide your full name, date of birth, and gender may result in denial of transport or denial of authority to enter the boarding area. TSA may share information you provide with law enforcement or intelligence agencies or others under its published system of records notice. For more on TSA privacy policies, or to review the system of records notice and the privacy impact assessment, please see the TSA Web site at www.tsa.gov.

Contacting us about your privacy

If you wish to review, confirm and/or update your Personal Information on file with us, you can do so by visiting your profile on this Site.

If you have any questions regarding this Privacy Policy, or to issue a complaint, you may contact us using the information below:

Serefin Travel Holdings Inc.
Attention: Privacy Officer
Email: privacy@serefin.com

For your protection, we may ask you for additional information to verify your identity. In most cases, we will provide the access you request and correct or delete any inaccurate information you discover. In some cases, however, we may limit or deny your request if the law permits or requires us to do so.

We reserve the right to update or alter this Privacy Policy from time to time without notice to you. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable laws. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy. Your continued use of the Site shall be construed as your acceptance to any amendments made to this Privacy Policy.