プライバシーポリシー
About Destination Canada
The Canadian Tourism Commission, operating as ‘Destination Canada’ (DC), is a Crown Corporation wholly owned by the Government of Canada. Established in 2001 under the Canadian Tourism Commission Act, DC markets Canada internationally. Its aim is to provide a consistent voice for Canada in the international tourism marketplace, and to sustain a vibrant and profitable tourism industry by supporting cooperative relationships between the public and private sectors.
Tourism partnerships, promotion and marketing
In keeping with its mandate to promote and encourage Canadian tourism, DC engages in marketing activities with public and private sector organizations. This work includes partnered global marketing and sales programs geared at developing a strong Canadian brand presence internationally. Our partners range from small-to-medium-size enterprises to large tourism-focused businesses. DC also interacts regularly with partners in the tourism industry, such as provincial and destination marketing organizations and trade associations.
Tourism and travel research
DC offers a variety of tools and resources to small and medium-sized tourism enterprises. This includes research and market intelligence reports geared at supporting and encouraging Canadian travel. Both tourism partners and individuals can subscribe to our news reports for regular updates about Canadian tourism research and statistics, marketing programs, travel issues, industry trends and more.
Business events
In addition to our tourism marketing and research efforts, DC works collaboratively with a range of industry associations and private-sector partners to encourage the hosting of business events in Canada. Business events help increase exports of Canadian goods and services, encourage attendance at Canadian educational facilities, boost direct foreign investment in Canada, and leverage Canada’s overall brand in encouraging commercial activity.
About Destination Canada
The Canadian Tourism Commission, operating as ‘Destination Canada’ (DC), is a Crown Corporation wholly owned by the Government of Canada. Established in 2001 under the Canadian Tourism Commission Act, DC markets Canada internationally. Its aim is to provide a consistent voice for Canada in the international tourism marketplace, and to sustain a vibrant and profitable tourism industry by supporting cooperative relationships between the public and private sectors.
Tourism partnerships, promotion and marketing
In keeping with its mandate to promote and encourage Canadian tourism, DC engages in marketing activities with public and private sector organizations. This work includes partnered global marketing and sales programs geared at developing a strong Canadian brand presence internationally. Our partners range from small-to-medium-size enterprises to large tourism-focused businesses. DC also interacts regularly with partners in the tourism industry, such as provincial and destination marketing organizations and trade associations.
Tourism and travel research
DC offers a variety of tools and resources to small and medium-sized tourism enterprises. This includes research and market intelligence reports geared at supporting and encouraging Canadian travel. Both tourism partners and individuals can subscribe to our news reports for regular updates about Canadian tourism research and statistics, marketing programs, travel issues, industry trends and more.
Business events
In addition to our tourism marketing and research efforts, DC works collaboratively with a range of industry associations and private-sector partners to encourage the hosting of business events in Canada. Business events help increase exports of Canadian goods and services, encourage attendance at Canadian educational facilities, boost direct foreign investment in Canada, and leverage Canada’s overall brand in encouraging commercial activity.
Our privacy policy
In order to fulfill its legal mandate, DC may collect, use, and disclose “personal data”. This includes data from consumers (such as visitors to our website or newsletter subscribers), and data from our tourism partners (such as destination marketing agencies, travel agents and tour operators).
At DC, we are committed to safeguarding the privacy of all individuals who entrust us with their personal data. This policy is meant to help individuals understand what information we collect, why we collect it, and how it is managed. The policy applies where we are acting as a “data controller”, that is, where we determine both the purpose and means of processing of personal data. DC does not process data on behalf of others.
Our privacy policy
In order to fulfill its legal mandate, DC may collect, use, and disclose “personal data”. This includes data from consumers (such as visitors to our website or newsletter subscribers), and data from our tourism partners (such as destination marketing agencies, travel agents and tour operators).
At DC, we are committed to safeguarding the privacy of all individuals who entrust us with their personal data. This policy is meant to help individuals understand what information we collect, why we collect it, and how it is managed. The policy applies where we are acting as a “data controller”, that is, where we determine both the purpose and means of processing of personal data. DC does not process data on behalf of others.
What we collect
DC limits its collection of personal data to that which is authorized under an operating program or activity of the corporation. This includes information provided directly from consumers and/or tourism partners, or that provided through the use of our website or services, as set out in the following section. For a full index and description of our personal data holdings, see our “Personal Information Index”.
What we collect
DC limits its collection of personal data to that which is authorized under an operating program or activity of the corporation. This includes information provided directly from consumers and/or tourism partners, or that provided through the use of our website or services, as set out in the following section. For a full index and description of our personal data holdings, see our “Personal Information Index”.
Why we collect it
Consumers
We use cookies on our websites. Through the use of cookies, we may collect and process data about your use of our websites ("usage data"). Usage data may include your Internet Protocol (IP) address, geographical location, browser type and version, operating system, referral source, length of visit, and page views and website navigation paths. It may also include information about the timing, frequency and pattern of your use of our websites.
Usage data is collected and monitored through the use of data analytic tracking systems. Usage data may be processed for the purposes of analyzing the use of our websites and services, in keeping with our mandate. Where cookies are not strictly necessary for our website or the provision of services, we may also ask you to consent to the use of cookies.
In addition to the collection of usage data, we may collect and process information that you provide to us for the purpose of subscribing to our email notifications, research and/or newsletters ("notification data"). This includes DC news, story ideas, tourism snapshots, special offers, incentives and contests, and specialist programming. Notification data may include your email address, name, and organization type, as provided by you. Notification data may be processed for the purposes of sending you publications that you’ve elected to receive, in keeping with our mandate.
Where you elect to contact us, we may collect and process information contained in or relating to any communication that you send to us ("correspondence data"). Correspondence data may include your contact information, the contents of your communication, and any metadata associated with the communication. Correspondence data may be processed for the purposes of communicating with you and/or your organization, and for general record-keeping, in keeping with our mandate.
Tourism partners
In the course of fulfilling our mandate, we may collect and process information about our customers and tourism partners (e.g., travel agencies, tour operators, venues, event planners, provincial and territorial destination tourism marketing agencies, and conference or training organizers). Customer and partner information ("customer relationship data") may include an individual’s name, his or her employer, job title or role, contact details, and information contained in communications between DC and the program partner, including event information. Customer relationship data is sourced directly from the individual or his or her employer. It may be processed for the purposes of managing our relationships with tourism partners, communicating with partners, keeping records of those communications, and for promoting products, services, and events in keeping with our mandate. In some cases, we may obtain consent prior to collecting customer relationship data.
Job applicants
If you apply for employment at DC, in order to process your job application we may collect and process data about your career interests and employment history (“job applicant data”). Job applicant data is used for staffing and recruitment activities, and to maintain an inventory of candidates for current and future work opportunities. Personal information will only be used for legitimate business interests, and only then with your express consent.
Why we collect it
Consumers
We use cookies on our websites. Through the use of cookies, we may collect and process data about your use of our websites ("usage data"). Usage data may include your Internet Protocol (IP) address, geographical location, browser type and version, operating system, referral source, length of visit, and page views and website navigation paths. It may also include information about the timing, frequency and pattern of your use of our websites.
Usage data is collected and monitored through the use of data analytic tracking systems. Usage data may be processed for the purposes of analyzing the use of our websites and services, in keeping with our mandate. Where cookies are not strictly necessary for our website or the provision of services, we may also ask you to consent to the use of cookies.
In addition to the collection of usage data, we may collect and process information that you provide to us for the purpose of subscribing to our email notifications, research and/or newsletters ("notification data"). This includes DC news, story ideas, tourism snapshots, special offers, incentives and contests, and specialist programming. Notification data may include your email address, name, and organization type, as provided by you. Notification data may be processed for the purposes of sending you publications that you’ve elected to receive, in keeping with our mandate.
Where you elect to contact us, we may collect and process information contained in or relating to any communication that you send to us ("correspondence data"). Correspondence data may include your contact information, the contents of your communication, and any metadata associated with the communication. Correspondence data may be processed for the purposes of communicating with you and/or your organization, and for general record-keeping, in keeping with our mandate.
Tourism partners
In the course of fulfilling our mandate, we may collect and process information about our customers and tourism partners (e.g., travel agencies, tour operators, venues, event planners, provincial and territorial destination tourism marketing agencies, and conference or training organizers). Customer and partner information ("customer relationship data") may include an individual’s name, his or her employer, job title or role, contact details, and information contained in communications between DC and the program partner, including event information. Customer relationship data is sourced directly from the individual or his or her employer. It may be processed for the purposes of managing our relationships with tourism partners, communicating with partners, keeping records of those communications, and for promoting products, services, and events in keeping with our mandate. In some cases, we may obtain consent prior to collecting customer relationship data.
Job applicants
If you apply for employment at DC, in order to process your job application we may collect and process data about your career interests and employment history (“job applicant data”). Job applicant data is used for staffing and recruitment activities, and to maintain an inventory of candidates for current and future work opportunities. Personal information will only be used for legitimate business interests, and only then with your express consent.
How it is managed
Accountability
In keeping with our commitment to privacy, we have put in place appropriate technical and organizational measures to help ensure that personal data we collect is protected and properly handled. This includes a Privacy Management Framework that sets out key responsibilities for privacy and the protection of personal information. The Privacy Management Framework also establishes a common set of standards and practices for the handling of personal information across the corporation. In addition to supporting individual accountability for privacy, the Framework helps to promote a coherent and effective organizational approach for privacy protection.
Openness
Each year we update and publish a full inventory of our personal data holdings. Our publicly available Personal Information Index describes what personal data we collect, the purposes for which that data is collected, how the data may be used, who we share that data with, how long it is retained, and how individuals to whom the information belongs may access the data.
Safeguards
Personal data held by DC is safeguarded in accordance with government standards for the protection of personal information. Generally speaking, personal data is secured in a manner commensurate with its sensitivity. In order to help safeguard personal data, DC has a formal information security program in place. The program includes physical, technical, and organizational measures designed to protect against anticipated threats to personal data. Those measures also help prevent the unauthorized disclosure, access, or use of personal data.
In addition to the above security practices, DC regularly conducts privacy impact assessments (PIAs) in relation to new or substantially modified programs and services involving the use of personal data. PIAs help identify, measure and mitigate the privacy risks associated with the introduction of new programs or services, ensuring that privacy is a core consideration in the design, development and operation of all programs and services involving the use of personal data. In keeping with our commitment to transparency and openness, we post summaries of our PIAs on our external website.
Limited sharing and retention
DC does not share your personal data with other companies, organizations or individuals, except with your consent (or where authorized by law). Personal data is never sold, and is never used except in keeping with the purposes for which it was first collected. In some cases, we may provide your personal data to trusted program partners or service vendors for processing. In such instances, we ensure that the organizations we share your data with comply with strict instructions for the proper handling of that data.
We only retain personal data for so long as it is required to fulfill the purpose for which it was first collected. Personal data that is used to make a decision that may impact an individual is retained for a minimum of two years, as required under Canada’s Privacy Act. When personal data is no longer required, it is securely destroyed or de-identified.
How it is managed
Accountability
In keeping with our commitment to privacy, we have put in place appropriate technical and organizational measures to help ensure that personal data we collect is protected and properly handled. This includes a Privacy Management Framework that sets out key responsibilities for privacy and the protection of personal information. The Privacy Management Framework also establishes a common set of standards and practices for the handling of personal information across the corporation. In addition to supporting individual accountability for privacy, the Framework helps to promote a coherent and effective organizational approach for privacy protection.
Openness
Each year we update and publish a full inventory of our personal data holdings. Our publicly available Personal Information Index describes what personal data we collect, the purposes for which that data is collected, how the data may be used, who we share that data with, how long it is retained, and how individuals to whom the information belongs may access the data.
Safeguards
Personal data held by DC is safeguarded in accordance with government standards for the protection of personal information. Generally speaking, personal data is secured in a manner commensurate with its sensitivity. In order to help safeguard personal data, DC has a formal information security program in place. The program includes physical, technical, and organizational measures designed to protect against anticipated threats to personal data. Those measures also help prevent the unauthorized disclosure, access, or use of personal data.
In addition to the above security practices, DC regularly conducts privacy impact assessments (PIAs) in relation to new or substantially modified programs and services involving the use of personal data. PIAs help identify, measure and mitigate the privacy risks associated with the introduction of new programs or services, ensuring that privacy is a core consideration in the design, development and operation of all programs and services involving the use of personal data. In keeping with our commitment to transparency and openness, we post summaries of our PIAs on our external website.
Limited sharing and retention
DC does not share your personal data with other companies, organizations or individuals, except with your consent (or where authorized by law). Personal data is never sold, and is never used except in keeping with the purposes for which it was first collected. In some cases, we may provide your personal data to trusted program partners or service vendors for processing. In such instances, we ensure that the organizations we share your data with comply with strict instructions for the proper handling of that data.
We only retain personal data for so long as it is required to fulfill the purpose for which it was first collected. Personal data that is used to make a decision that may impact an individual is retained for a minimum of two years, as required under Canada’s Privacy Act. When personal data is no longer required, it is securely destroyed or de-identified.
Universal data rights
Access
Individuals have the right to request a confirmation as to whether or not DC processes their personal data. Where we do, the individual has the right to access that personal data. Providing the rights and freedoms of others are not affected, and except as provided under the Privacy Act, we will supply individuals with a copy of their personal data at no cost.
Individuals can request a copy of their personal data by contacting our Privacy Office at privacy@destinationcanada.com, or by telephone at +1.604.638.8300.
Corrections
We make reasonable effort to ensure that your personal data is as accurate, complete and up-to-date for the purposes for which it is to be used. You have the right to have your personal data corrected where inaccurate or incomplete. Corrections are best processed by contacting the official or department at DC to which your information was first provided. If you have provided your personal data to DC using an on-line form, you may be able to update that information by amending your on-line profile, or by following the link on DC-provided publications.
Individuals can also request corrections to their personal data by contacting our Privacy Office at privacy@destinationcanada.com, or by telephone at +1.604.638.8300
Challenging compliance
Concerns relating to DC's collection, use or disclosure of personal data may be communicated to DC's Privacy Office at privacy@destinationcanada.com. Failing the resolution of a privacy concern or issue, individuals may exercise their right to pursue outstanding matters by way of a complaint to the Office of the Privacy Commissioner of Canada.
Universal data rights
Access
Individuals have the right to request a confirmation as to whether or not DC processes their personal data. Where we do, the individual has the right to access that personal data. Providing the rights and freedoms of others are not affected, and except as provided under the Privacy Act, we will supply individuals with a copy of their personal data at no cost.
Individuals can request a copy of their personal data by contacting our Privacy Office at privacy@destinationcanada.com, or by telephone at +1.604.638.8300.
Corrections
We make reasonable effort to ensure that your personal data is as accurate, complete and up-to-date for the purposes for which it is to be used. You have the right to have your personal data corrected where inaccurate or incomplete. Corrections are best processed by contacting the official or department at DC to which your information was first provided. If you have provided your personal data to DC using an on-line form, you may be able to update that information by amending your on-line profile, or by following the link on DC-provided publications.
Individuals can also request corrections to their personal data by contacting our Privacy Office at privacy@destinationcanada.com, or by telephone at +1.604.638.8300
Challenging compliance
Concerns relating to DC's collection, use or disclosure of personal data may be communicated to DC's Privacy Office at privacy@destinationcanada.com. Failing the resolution of a privacy concern or issue, individuals may exercise their right to pursue outstanding matters by way of a complaint to the Office of the Privacy Commissioner of Canada.
Rights specific to residents of the European Union
DC is subject to Canada’s Privacy Act. We strive however to comply with the privacy laws and regulations of all jurisdictions in which we have an establishment and market to, including the European Union (EU). Subject to the Privacy Act and the laws of Canada, EU residents may have the following additional rights, as provided by the General Data Protection Regulation (GDPR).
Erasure
In some circumstances, EU residents may have the right to the erasure of their personal data. The right to erasure may be exercised where: personal data is no longer necessary in relation to the purposes for it was first collected or otherwise processed; consent is withdrawn (where data processing was based on consent); there is no further legitimate interest in processing the data; data is being used for direct marketing purposes on the objection of the individual; or where the personal data has been unlawfully processed. This right is not absolute. DC may continue to process personal data of EU residents where the processing is necessary for compliance with a legal obligation, or for the establishment, exercise or defence of a legal claim.
Restricted processing
In some circumstances, residents of the EU may have the right to restrict the processing of their personal data. Such circumstances include: where the accuracy of the individual’s personal data is contested; where processing is unlawful but erasure is opposed; or where personal data is no longer needed for the purposes of processing, but where the individual requires personal data for the establishment, exercise or defence of a legal claim. Where processing has been restricted, DC may continue to store that personal data. In such cases, we will only process your personal data with your consent or: for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for purposes of an important public interest.
Portability
In some circumstances, residents of the EU may have the right to receive personal data they have provided to DC (as data controller) in a portable manner (i.e., in a format that is structured, commonly used, and machine readable). EU residents may also have the right to request that DC transmit that data to another data controller. The right to data portability only applies when personal data is provided on the basis of consent, or for the purposes of a contract, and where DC processes that data by automated means. Except with respect to job applicant data supplied through our on-line application platform, DC does not process data automatically.
Rights specific to residents of the European Union
DC is subject to Canada’s Privacy Act. We strive however to comply with the privacy laws and regulations of all jurisdictions in which we have an establishment and market to, including the European Union (EU). Subject to the Privacy Act and the laws of Canada, EU residents may have the following additional rights, as provided by the General Data Protection Regulation (GDPR).
Erasure
In some circumstances, EU residents may have the right to the erasure of their personal data. The right to erasure may be exercised where: personal data is no longer necessary in relation to the purposes for it was first collected or otherwise processed; consent is withdrawn (where data processing was based on consent); there is no further legitimate interest in processing the data; data is being used for direct marketing purposes on the objection of the individual; or where the personal data has been unlawfully processed. This right is not absolute. DC may continue to process personal data of EU residents where the processing is necessary for compliance with a legal obligation, or for the establishment, exercise or defence of a legal claim.
Restricted processing
In some circumstances, residents of the EU may have the right to restrict the processing of their personal data. Such circumstances include: where the accuracy of the individual’s personal data is contested; where processing is unlawful but erasure is opposed; or where personal data is no longer needed for the purposes of processing, but where the individual requires personal data for the establishment, exercise or defence of a legal claim. Where processing has been restricted, DC may continue to store that personal data. In such cases, we will only process your personal data with your consent or: for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for purposes of an important public interest.
Portability
In some circumstances, residents of the EU may have the right to receive personal data they have provided to DC (as data controller) in a portable manner (i.e., in a format that is structured, commonly used, and machine readable). EU residents may also have the right to request that DC transmit that data to another data controller. The right to data portability only applies when personal data is provided on the basis of consent, or for the purposes of a contract, and where DC processes that data by automated means. Except with respect to job applicant data supplied through our on-line application platform, DC does not process data automatically.
Definitions
“Personal data” means information about an identifiable individual that is recorded in any form, as provided in section 3 of Canada’s Privacy Act.
“Data controller” means a legal person which, alone or jointly, determines the purposes and means of processing personal data.
“Personal Information Index” refers to the index and description of personal data collected and processed by Destination Canada, as set out in section 11(1) of Canada’s Privacy Act.
Definitions
“Personal data” means information about an identifiable individual that is recorded in any form, as provided in section 3 of Canada’s Privacy Act.
“Data controller” means a legal person which, alone or jointly, determines the purposes and means of processing personal data.
“Personal Information Index” refers to the index and description of personal data collected and processed by Destination Canada, as set out in section 11(1) of Canada’s Privacy Act.
カナダ観光局について
Canadian Tourism Commissionは、カナダ政府が完全所有する官営会社で、「カナダ観光局」(Destination Canada、略称DC)の名称で運営されています。カナダ観光局法に基づき、2001年に設立されたDCは、世界各国でのカナダのマーケティング活動に従事しています。その目的は、国際的な観光市場でカナダに関する継続的な情報発信に取り組むとともに、官民の協力関係を支援し、活力にあふれ収益性の高い観光産業を維持することにあります。
観光のパートナーシップ、プロモーション、マーケティング
DCでは、カナダ観光の誘致・促進という使命に合わせ、官民の組織とともにマーケティング活動に従事しています。この活動には、国際的にカナダブランドの強力な存在感を発揮するため、提携によるグローバルなマーケティング・営業プログラムも含まれます。パートナーは、中小規模の企業から大手の観光専業企業まで多岐にわたります。また、DCは、州・地域のマーケティング機関や業界団体など、観光産業のパートナーと定期的な交流機会を持っています。
観光・旅行調査
DCは、中小の観光関連企業に各種のツールやリソースを提供しています。この中には、カナダ旅行の支援・誘致を目的とした調査・市場情報レポートなどが含まれます。DCのニュースレポートは、カナダ観光調査・統計、マーケティングプログラム、旅行関連の課題、業界動向などに関する最新情報を定期的に発信しており、観光産業のパートナーと個人の双方を対象に定期購読を受け付けております。
ビジネスイベント
観光関連のマーケティング・調査活動に加え、DCは幅広い業界団体や民間部門パートナーとの協業を通じて、カナダでのビジネスイベント開催の誘致にも取り組んでいます。ビジネスイベントは、カナダの製品・サービスの輸出拡大、カナダの教育機関への留学誘致、対カナダ海外直接投資の促進、商業活動誘致に当たってのカナダの総合的なブランド力の向上に寄与するものです。
個人情報の取り扱いについて
DCは、法的義務を履行するため、「個人情報」を収集し、使用し、開示することがあります。これには、消費者(DCのウェブサイト閲覧者やニュースレター購読者)の情報や、観光関連パートナー(観光地のマーケティング代理店、旅行代理店、ツアーオペレーターなど)の情報が含まれます。
DCは、DCに個人情報を委託するすべての個人のプライバシー保護を遂行します。このポリシーは、DCが収集する情報の内容、情報収集の理由、情報の管理方法について個人の理解を支援するためにあります。このポリシーは、DCが「データ管理者」として機能する場合、つまり個人情報処理の目的と手段の双方をDCが決定する場合に適用されます。DCが他者に代わってデータを処理することはありません。
DCが収集する情報の内容
DCは、個人情報の収集に当たって、DCの運営プログラムまたは業務活動の下で許可される情報に限定します。これには、消費者または観光関連パートナーから直接得られる情報、あるいはDCのウェブサイトもしくは以下の条項に規定するサービスの使用によって得られる情報が含まれます。DCが保有する個人情報のすべてのインデックスおよび説明については、DCの「個人情報インデックス」をご覧ください。
情報収集の理由
消費者
DCは、DCのウェブサイトでcookieを使用します。DCは、cookieの使用により、お客様によるDCウェブサイト使用に関するデータ(以下「使用データ」という)を収集し、処理することがあります。使用データには、IP(Internet Protocol)アドレス、地理的位置、ブラウザーのタイプおよびバージョン、オペレーティングシステム(OS)、参照元、ウェブサイト滞在時間、ページビュー、ウェブサイトナビゲーションパスが含まれます。また、お客様によるDCウェブサイト使用のタイミング、頻度、パターンに関する情報が含まれます。
使用データは、データ解析トラッキングシステムの使用により、収集され、監視されます。使用データは、DCの使命に従い、DCのウェブサイトおよびサービスの使用を分析する目的で処理することがあります。DCウェブサイトやサービス提供にcookieが絶対に必要ではない場合でも、cookieの使用についてお客様に同意を求めることがあります。
使用データの収集に加え、DCのメール通知、調査、ニュースレター(以下「通知データ」という)の購読のためにお客様から提供される情報を収集し処理することがあります。これには、DCニュース、ストーリーアイデア、観光スナップショット、特別オファー、インセンティブ企画・コンテスト、スペシャリストプログラムなどが含まれます。通知データには、お客様から提供されるメールアドレス、氏名、所属組織タイプが含まれます。通知データは、お客様が受け取りを選択した定期刊行物の送付を目的に、DCの使命に従って、処理されることがあります。
お客様がDCへの連絡を選択した場合、お客様がDCに送信する一切の通信内容に含まれる、またはそれに関連する情報(以下「通信文データ」という)を収集し、処理することがあります。通信文データには、お客様の連絡先情報、通信文の内容、通信に伴う一切のメタデータが含まれます。通信文データは、お客様またはお客様所属組織とのコミュニケーションを目的に、またDCの使命に沿った一般的な記録保持のために処理することがあります。
観光関連パートナー
DCの使命を履行する過程で、DCは、お客様および観光関連パートナー(旅行代理店、ツアーオペレーター、会場、イベントプランナー、州・準州の観光マーケティング機関、会議・トレーニング主催者など)に関する情報を収集し処理することがあります。お客様およびパートナーに関する情報(以下「取引関係データ」という)には、個人の氏名、その雇用者、役職・職務、連絡先、DCとプログラムパートナーとのコミュニケーションに含まれるイベント情報などの情報が含まれます。取引関係データは、個人またはその雇用者から直接入手されます。このデータは、DCの使命に従い、DCと観光関連パートナーとの関係の管理、パートナーとのコミュニケーション、これらのコミュニケーションの記録保持、製品、サービス、イベントのプロモーションを目的に処理されることがあります。場合によっては、取引関係データ収集の前に同意を取得することがあります。
求人応募者
DCの求人に応募する応募者について、DCは、求人応募を処理するために、応募者のキャリア上の関心事項および職歴に関するデータ(以下「求人応募者データ」という)を収集し処理することがあります。求人応募者データは、人員配置や人材採用活動のために使用し、また、現在および将来の求人機会用に志望者一覧を保持する目的で使用します。個人情報は、正当な事業利益を目的に、求人応募者の明示的な同意がある場合に限り、使用します。
管理方法
責任
DCは、プライバシーに関する義務に従い、DCが収集した個人情報が確実に保護され、適切に取り扱われるように、適切な技術的および組織的な措置を講じます。これには、プライバシーと個人情報保護の主な責任を定めるプライバシー管理フレームワークが含まれます。また、プライバシー管理フレームワークは、DC組織全体での個人情報の取り扱いの標準手順および慣行の共通セットを定めています。このフレームワークは、プライバシーに関する個人の責任の裏付けとなるだけでなく、プライバシー保護について一貫性と実効性のある組織的取り組みの促進にも寄与します。
公開性
毎年、DCは、保有する個人情報の完全な一覧を更新し公開しています。一般公開されている個人情報インデックスは、DCが収集する個人情報の内容、当該情報を収集する目的、当該情報の使用方法、当該情報の共有先、当該情報の保持期間、当該情報が帰属する個人による当該情報へのアクセス方法を掲載しています。
保護
DCが保持する個人情報は、個人情報保護のための国の基準に沿って保護されます。一般的には、個人情報はその機微性に応じた方法で保護されます。個人情報保護のため、DCは公式の情報セキュリティプログラムを導入しています。同プログラムは、予期される脅威から個人情報を保護するための物理的、技術的、組織的な措置を含みます。こうした措置は、個人情報の漏洩、不正アクセス、または不正使用の防止の一助にもなります。
上記のセキュリティ慣行に加え、DCは、個人情報の使用を伴う新規または大幅改訂後のプログラムおよびサービスに関して、プライバシー影響評価(PIA)を定期的に実施しています。PIAは、新規のプログラムまたはサービスの導入に伴うプライバシーリスクの特定、評価、緩和に役立ち、個人情報の使用を伴うすべてのプログラムおよびサービスの設計、開発、運用においてプライバシーが中心的な考慮事項であることを保証します。DCの透明性と公開性の原則に沿って、DCは外部向けウェブサイトのPIA結果の要旨を掲載しています。
共有・保持の制限
DCは、お客様の同意がある場合(または法律で認められる場合)を除き、お客様の個人情報を他の企業、組織、個人と共有しません。個人情報が販売されることはなく、当初の収集目的から外れた目的に使用されることもありません。場合によっては、個人情報の処理のために、信頼できるプログラムパートナーまたはサービス提供業者に個人情報を提供することがあります。そのような場合、DCは、個人情報共有先となる組織が、当該情報の適切な取り扱いに関する厳格な指示を順守するよう徹底します。
DCは、個人情報が当初の収集目的の履行に必要な限り、当該個人情報を保持します。個人に影響が及びかねない決定に用いられる個人情報は、カナダのプライバシー法に定められているように、最低2年間保持されます。個人情報が不要になった場合、安全に破棄または匿名加工します。
普遍的データ権
アクセス
個人は、DCが当該個人の個人情報を処理するかどうかについて、確認を求める権利を有します。DCが処理する場合、当該個人は、かかる個人情報にアクセスする権利を有します。他者の権利および自由の付与は、影響を受けません。プライバシー法に規定するように、DCは、個人にその個人情報の写しを無償で提供します。
自身の個人情報の写しを希望する個人は、DCプライバシー室にメール(privacy@destinationcanada.com)または電話(+1.604.638.8300)で請求できます。
訂正
使用目的に照らして、お客様の個人情報が正確であり、完全であり、また最新であることを徹底するため、DCは合理的な努力を払っています。お客様は、自身の個人情報が不正確または不完全な場合、これを訂正する権利を有します。訂正を最も的確に処理するには、かかる情報の最初の提供先であるDC担当者または部署にお問い合わせください。オンラインのフォームからDCに個人情報を提供した場合、オンラインのプロフィールを修正するか、DC提供刊行物にあるリンク先をたどることにより、当該情報を更新できます。
個人は、DCのプライバシー室にメール(privacy@destinationcanada.com)か電話(+1.604.638.8300)で問い合わせることにより、自身の個人情報の訂正を請求することもできます。
苦情対応
DCによる個人情報の収集、使用または開示に関する懸念がある場合は、DCのプライバシー室にメール(privacy@destinationcanada.com)で問い合わせることができます。個人は、プライバシーの懸念や問題を解決できない場合、カナダのプライバシーコミッショナー事務所への苦情申し立てにより、未解決事項追及の権利を行使できます。
欧州連合(EU)居住者に固有の権利
DCは、カナダのプライバシー法に準拠します。しかしながら、DCが施設を設置し、マーケティング活動の対象としている欧州連合(EU)などあらゆる管轄権のプライバシー法令に準拠するよう努めています。EU居住者は、同プライバシー法およびカナダの法律に従い、EU一般データ保護規則(GDPR)に規定するように、以下の追加の権利を有することがあります。
消去
状況によっては、EU居住者は自身の個人情報の消去権を有することがあります。当初の収集目的または処理目的に関して個人情報が必要ではなくなった場合、(データ処理が同意に基づいていた場合に)その同意が撤回された場合、データ処理に正当な利益がなくなった場合、個人の意に反して直接マーケティング目的に個人情報が使用されている場合、または個人情報が違法に処理されていた場合、消去権が行使されることがあります。この権利は絶対的なものではありません。DCは、法的義務の順守のために、または法的請求権の確立、行使もしくは防御のために、EU居住者の個人情報の処理が必要な場合は、かかる情報の処理を継続することがあります。
処理の制限
状況によっては、EU居住者は、自身の個人情報の処理を制限する権利を有することがあります。そのような状況には、個人の個人情報の正確さについて異議申し立てがある場合、処理が違法であるが消去に反対されている場合、処理の目的に照らして個人情報が不要になっているにもかかわらず、個人が法的請求権の確立、行使もしくは防御のために個人情報を必要としている場合が挙げられます。処理が制限されている場合、DCは、当該個人情報の保存を継続することがあります。そのような場合には、法的請求権の確立、行使、防御のために、別の自然人もしくは法人の権利を保護するために、または重要な公共の利益のために、お客様の同意の下で当該個人情報を処理します。
ポータビリティ
状況によっては、EU居住者は、(データ管理者としての)DCに提供した個人情報を、持ち運び可能な形(つまり構造化され、一般的に使用されていて、機械の読み取り可能なフォーマット)で受け取る権利を有することがあります。また、EU居住者は、DCが当該情報を別のデータ管理者に送信するよう請求する権利を有することがあります。データポータビリティの権利は、個人情報が同意の下または契約上の目的のために、DCが当該情報を自動化手段で処理する場合に限り、適用されます。DCのオンライン求人応募プラットフォームから提供された求人応募者データに関する場合を除き、DCは、データを自動処理していません。
定義
「個人情報」は、カナダのプライバシー法第3条で規定するように、形式を問わず記録された、特定可能な個人に関する情報を指します。
「データ管理者」は、個人情報処理の目的および手段を単独または連帯して決定する法人を指します。
「個人情報インデックス」は、カナダのプライバシー法第11条(1)項で規定するように、カナダ観光局が収集し処理した個人情報のインデックスおよび説明を指します。