Privacy Policy

Last Updated: [Date]

[Hotel Name] (“we,” “our,” or “us”) is committed to protecting your personal information and complying with the British Columbia Personal Information Protection Act (PIPA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit [Website URL] (the “Site”) or make a reservation.

By using the Site or booking a stay, you consent to the practices described here.

1. Information We Collect

1.1 Information You Provide

We may collect the following information when you contact us or make a reservation:

  • Full name

  • Email address

  • Phone number

  • Address or country of residence

  • Guest preferences or requests

  • Arrival and departure dates

  • Number of guests

  • Payment information (processed securely by a third-party PMS and/or payment gateway)

  • Any information communicated via email, forms, or direct inquiries

We only collect information necessary for booking, communicating with guests, and providing hospitality-related services.

1.2 Automatically Collected Information

When you browse our Site, we may collect:

  • IP address

  • Browser type and version

  • Device type

  • Operating system

  • Pages viewed and time spent

  • Referring website

  • Cookie identifiers (see Cookie Policy)

1.3 PMS Reservation System

We expect to use either:

  • WebRezPro, or

  • Cloudbeds

(collectively, the “PMS Providers”).
Your reservation details are processed and stored by the PMS Provider to:

  • Confirm reservations

  • Manage guest stays

  • Process payments (through a PCI-compliant partner once selected)

  • Ensure compliance with hospitality obligations

You may view their privacy practices on their respective websites.

2. Purpose of Collecting Personal Information

We collect and use your information for:

  • Processing and managing reservations

  • Communicating booking confirmations and service updates

  • Providing customer service and responding to inquiries

  • Creating and managing guest profiles and stay preferences

  • Fulfilling legal, tax, and regulatory requirements

  • Ensuring Site performance and security

  • Improving our services and guest experience

  • Sending emails or offers where consent is provided (CASL-compliant)

We do not use personal information for automated decision-making unrelated to normal hotel business operations.

3. Consent

By using our Site, submitting a reservation, or otherwise providing personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

Under PIPA, consent may be withdrawn, subject to legal or contractual restrictions.
Requests may be made by contacting us at the email below.

4. Disclosure of Personal Information

We may disclose your information only in the following circumstances:

4.1 PMS Providers

Reservation and guest details are shared with WebRezPro or Cloudbeds to manage bookings and stays.

4.2 Service Providers

Trusted contractors may access certain information to support:

  • Website hosting and security

  • Email service providers

  • IT support

  • Analytics tools

They may only use the information for authorized purposes.

4.3 Legal Requirements

We may disclose information:

  • When required by Canadian law or provincial regulation

  • To comply with tax, tourism, or safety requirements

  • To protect the rights, property, or safety of our guests, employees, or the public

We do not sell, rent, or trade personal information.

5. International Transfers

Because our guests may be located worldwide and our PMS or hosting providers may store data in other countries, your information may be processed outside Canada.

Where applicable, we ensure appropriate safeguards consistent with BC PIPA and industry standards.

6. Data Security

We use administrative, technical, and physical security measures to protect personal information, including:

  • Encrypted reservations

  • Secure servers

  • Restricted access controls

  • PCI-compliant payment processing (via our PMS provider and chosen payment gateway)

However, no method of transmission is completely secure, and we cannot guarantee absolute protection.

7. Data Retention

We retain personal information only as long as necessary to:

  • Fulfill the purposes described in this policy

  • Maintain guest records in compliance with BC hospitality and tax requirements

  • Resolve disputes or protect our legal rights

When no longer needed, information is securely deleted or anonymized.

8. Your Rights

Under BC PIPA, you may:

  • Request access to your personal information

  • Request corrections to inaccurate information

  • Withdraw consent for certain uses (where applicable)

  • Ask about how your data has been used or disclosed

Requests may be submitted to:
[Contact Email]

International guests (e.g., EU, UK) may have additional rights in their home jurisdictions, and we will make reasonable efforts to respond accordingly.

9. Children’s Privacy

Our Site and services are not directed toward children under 16.
We do not knowingly collect personal information from minors unless required for a reservation involving a family booking.

10. External Links

Our Site may link to third-party websites such as maps, travel sites, or reservation systems.
We are not responsible for their privacy practices.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically.
Updates will appear on this page with a revised “Last Updated” date.

12. Contact Information

For questions, requests, or concerns, contact us:

[Hotel Name]
Email: [Contact Email]
Phone: [Phone Number]
Address: [Hotel Address, BC, Canada]

DATA RETENTION SCHEDULE (BC PIPA Compliant)

Last Updated: [Date]
Applies to: [Hotel Name], [Website URL]

This schedule outlines how long we retain different categories of personal information in compliance with the BC Personal Information Protection Act (PIPA) and hospitality industry standards.

Under PIPA, organizations must retain personal information only as long as necessary to fulfill the purposes for which it was collected and to meet legal, tax, and operational requirements.

1. Reservation & Guest Stay Information

Includes:

  • Full name

  • Contact information

  • Stay dates

  • Guest preferences

  • Identification information (if required at check-in)

  • Communications related to a booking

Retention Period:
2 years after the guest’s final stay
Reason:

  • Standard hospitality practice

  • Handling post-stay inquiries, disputes, or complaints

  • Loyalty or return-guest service (unless guest requests deletion)

2. Financial & Payment Records

Includes:

  • Invoice information

  • Payment confirmations

  • Transaction details

  • Folio records

Retention Period:
7 years
Reason:

  • Required for Canadian tax law and CRA audit purposes

  • Industry-standard financial retention period

(Note: Full credit card details should never be stored by the hotel—only the PCI-compliant payment processor or PMS should store them.)

3. PMS Reservation Data (WebRezPro / Cloudbeds)

Includes:

  • Booking details

  • Payment status

  • Guest communications logged through PMS

Retention Period:
Follows the PMS provider’s default retention for audit and booking history
Hotel access retained for 2 years unless required for financial compliance

Reason:

  • The PMS may store records longer for technical or regulatory reasons

  • The hotel only accesses what is necessary for operational purposes

4. Email Inquiries & Contact Form Submissions

Includes:

  • Name

  • Email

  • Messages

  • Communication logs

Retention Period:
1 year from last contact
Reason:

  • Customer service follow-up

  • Complaint resolution window

5. Marketing & Newsletter Subscription Data

Includes:

  • Email address

  • Name (if provided)

  • Marketing preferences

  • Consent records (required under CASL)

Retention Period:
Kept until the guest unsubscribes or withdraws consent
Proof of consent must be retained for 3 years after unsubscribe (CASL requirement)

6. Website Analytics & Cookie Data

Includes:

  • Cookies

  • Tracking identifiers

  • IP address

  • Device and usage data

Retention Period:
6–26 months, depending on analytics provider settings (e.g., Google Analytics defaults)

Reason:

  • Analytical comparison, website improvement

  • Industry standard for web analytics storage

7. Security & Server Logs

Includes:

  • Firewall logs

  • Access logs

  • Error logs

Retention Period:
30 days – 12 months, depending on system
Reason:

  • Security investigation

  • Fraud prevention

Recommended: 90 days unless otherwise required.

8. Staff & Employment Records (if applicable)

Includes:

  • Employee files

  • Payroll records

  • Contracts

Retention Period:
7 years after employment ends
Reason:

  • BC employment standards & CRA requirements

9. CCTV / Video Surveillance Data (if used)

Includes:

  • Security video footage

Retention Period:
7–30 days (standard in Canada)
Reason:

  • Safety and security

  • Investigation of incidents

10. Data Subject Requests (Access / Correction / Deletion Requests)

Includes:

  • Request logs

  • Communications

  • Proof of resolution

Retention Period:
1 year
Reason:

  • PIPA compliance verification

  • Accountability and audit protection