Gray Collection, its subsidiaries and entities in which it has an interest, including hotels, restaurants and spas within the portfolio of brands to which it provides operational or management services (collectively “Gray Collection”, “we”, “us” or “our”) is committed to protecting the privacy and security of your information.
By visiting this website or by registering for an account via this website (collectively the “Website”), contacting us or agreeing to receive emails from Gray Collection, you accept the terms and conditions of this Policy.
This Policy does not extend to websites operated by third parties. Gray Collection is therefore not liable for their privacy policies, procedures and practices.
Collection of information
We collect your personal information in several ways, including when you enter information on our Website, make a reservation, register for an account, apply for a job, contact us by telephone or by email, post on our social media accounts, etc. Depending on the circumstances, personal information may include your first name, last name, email address, phone number, postal address, resume, username and password. If you choose to withhold any personal information requested by us, it may not be possible for you to gain access to certain parts of the Website.
The legal bases for our processing of personal information are primarily that the processing is necessary for providing the Website and that the processing is carried out in our legitimate interests, which are further explained in the “Use and Communication of Information” section. We may also process personal information upon your consent, asking for it as appropriate.
Use and communication of information
We take steps designed to ensure that only those employees who need access to your personal information to fulfil their employment duties will have access to it.
We use the information that we collect in a variety of ways in providing the Website and operating our business, including:
• to operate, maintain, enhance and provide all features of the Website, to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Website;
• to send you communications subject to applicable laws. We may use MailChimp and/or GetResponse to manage our newsletter and other email lists, which applicable privacy policies can be respectively found at http://mailchimp.com/legal/privacy and https://www.getresponse.com/legal/privacy-us; or
• for any other purposes authorized or required by law.
In certain circumstances, we may disclose certain information that we collect from you:
• within our family of companies, including parents, corporate, affiliates, subsidiaries, business units and other companies that share common ownership;
• with third party service providers who provide website, application development, hosting, maintenance, and other services for us (including, as the case may be, Synxis and/or Booker and/or OpenTable for making online reservations, please consult their respective policies at https://www.sabre.com/about/privacy/ ,https://www.booker.com/privacy-policy, and https://www.opentable.com/legal/privacy-policy). These third parties may have access to, or process personal information as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information;
• with law enforcement and governmental entities when required by law. For greater clarity, we may disclose personal information or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies; and
When we disclose your personal information to third parties, we take reasonable measures to ensure that the rules set forth in this Policy are complied with and these third parties provide sufficient guarantees to implement appropriate technical and organisational measures.
We may finally make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding your interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Website.
Retention of information
Your personal information may be stored and processed in any country where we have facilities or in which we engage third party service providers. By using the Website, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your personal information will at all times continue to be governed by this Policy and, if applicable, we will comply with the General Data Protection Regulation (“GDPR”) requirements providing adequate protection for the transfer of personal information from the EU/EEA to third country.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate physical, technical and administrative safeguards to protect personal information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal information in our possession. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe your personal information has been compromised, please contact us as set forth in the “Contact” section. If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which your personal information will be kept, please contact us as set forth in the “Contact” section.
Right regarding personal information
On written request and subject to proof of identity, you may access the personal information that we hold, and ask that any necessary corrections be made, where applicable, as authorized or required by law. However, to make sure that the personal information we maintain about you is accurate and up to date, please inform us immediately of any change in your personal information.
Specific provisions for Europeans Users
Please note that the term personal information used in this Policy is equivalent to the term “personal data” under the GDPR and other applicable European data protection laws. Under the GDPR, you may be entitled to specific rights, including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your personal information and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of personal information about you, under certain conditions; (v) the right to demand that we restrict processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, or believe your personal information is inaccurate; (vi) the right to data portability of personal information that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: http://ec.europa.eu/justice/data-protection/index_en.htm.
Under the GDPR, is acting both as a “Data Controller” and as a “Data Processor”. As Data Controller, Gray Collection is responsible for safeguarding the data of our customers as they interact directly with our services. As Data Processor, Gray Collection is responsible for safeguarding the data of our partners’ and customers’ users as it flows through our system.
The Website is not directed to children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Website at any time or in any manner. If we learn that personal information has been collected via the Website from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided personal information, then you may alert us as set forth in the “Contact” section and request that we delete that child’s personal information from our systems.
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Website, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Website after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.
If you have any questions or comments about this Policy or your personal information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices with respect to any service providers outside Canada, our Privacy Officer can be reached by mail or email using the following contact information:
200-425 rue Saint-Jean-Baptiste
Montréal (Québec) H2Y2Z7