By using our Sites, you consent to our collection, use and disclosure of your personal information as outlined in this policy. Your consent is the legal basis for our use of your personal information. You can withdraw your consent at any time. However, if you withdraw your consent to certain uses, we may no longer be able to provide our services to you.
This policy is divided into three general areas: (i) how we process your information; (ii) your rights with respect to your personal data; and (iii) information on cookies, third party sites, security measures and similar issues that may impact personal data. At the end of the policy, we provide you with information on how to contact our Data Privacy Officer and, for those individuals residing in the European Economic Area, our EU Representative.
Who We Collect Information From
We collect personal information from:
- visitors to our Sites;
- individuals who establish a relationship with us by telephone, sign up to receive communications or who sign up for Points services; and
- customers of those of our Partners who have engaged us to deliver services on their behalf.
Our Sites are not intended for children. If we become aware that we have inadvertently received or collected personal information pertaining to a child under the age of consent in the country where the child is located without valid consent, we will delete such information from our records.
What Personal Information We Collect
We may collect personal information which includes:
- user account information that you upload on our Sites, such as your picture, name, home address, email address and phone number;
- loyalty program account information for the third party loyalty programs you register with our Sites, including your program account numbers, passwords and balances, and details of buy, sell, trade and redemption transactions involving those loyalty programs;
- information for travel bookings through our Sites, including personal information of people you make reservations or bookings for using our Sites. It is your responsibility to obtain the consent of other individuals prior to providing us with their personal information;
- information about any other services booked or purchases made through our Sites;
- purchase and sale transaction information such as your credit card information and the details of your transaction;
- information contained in any email messages, questions, comments, complaints or requests you send us;
- your current geographic location;
- your IP address;
- the date and time you accessed our services, the hardware, software or internet browser you used to access our Sites, and information about your computer’s operating system, such as application versions and your language settings;
- information about which pages have been shown to you, site navigation details and links on our Sites that you follow;
- information you submit to our Sites in connection with sweepstakes, contests, surveys and other promotions offered by us; and
- information, including images, contained in posts you make about Points and its services on publicly accessible websites, blogs, mobile applications and/or community forums.
When you use our mobile applications, we collect and use information about you in the same way and for the same purposes as we do when you use our Sites. Our mobile applications also use the unique device identifier for the device on which you have installed our mobile application, as well as error reporting information if the application stops working properly.
We may also receive personal information about you from our loyalty program and redemption partners (collectively, our "Partners") to the extent that you have given consent to the Partner to provide us with such Personal Information.
Special Categories of Personal Data
We do not process special categories of data, namely, sensitive personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
How We Use Personal Information
We will only collect and use your personal information for the following purposes, except as permitted or required by applicable law:
- allowing you to track, manage and access your loyalty points and miles on our Sites;
- allowing you to gather and view your travel information on our Sites;
- processing transactions that you have submitted to us and displaying your account history to you;
- acknowledging your comments and/or replying to your questions, complaints and requests;
- communicating with you and providing you with information on and direct marketing of special offers or promotions (including sweepstakes and contests) that we believe may be of interest to you;
- to serve advertisements to you in various marketing channels, including but not limited to social media, search engines, mobile apps, and various websites including our own Sites;
- to notify you of offers of Points products and services that may be of interest to you;
- for market research. We sometimes ask our customers to take part in market research. Any additional personal details that you give us as part of the market research will be used only with your consent;
- for profiling and analytical purposes, including marketing and website analytics, in order to optimize and customize our online platform to your needs, as well as the products and services marketed to you, and to make the Sites easier to use;
- to provide customer service;
- for improved service, when you make calls to our Customer Service Team an automated telephone number detection system to relate your telephone number to your existing reservations;
- communicating with you by email, mail and phone to handle any requests you or your booked accommodations have made;
- improving the performance and utility of our services;
- generally managing and administering our business;
- preventing and prosecuting fraud and/or credit risk;
- meeting legal and regulatory requirements; and
- any other purpose to which you may consent in the future.
Limited to Disclosed Purposes
We limit the collection, use, and disclosure of personal information to that which is needed to achieve the above noted purposes.
Special Note on Profiling
We may analyse your personal information (including through the use of automated processes) in order to create a profile of your interests and preferences so that we can contact you with information or to offer you services that are relevant to you. We may make use of additional information about you when it is available from our Partners and other external sources to help us do this effectively. We may also use and analyse your personal information to detect and reduce fraud and credit risk.
Who We Disclose Personal Information To
We will only disclose your personal information in the following circumstances, except as permitted or required by applicable law:
- from one Points Affiliate to another Points Affiliate to allow Points Affiliates to offer their products and services to you;
- to our Partners and other third party suppliers, as necessary to provide you with services that you have requested or to fulfill the transactions you have submitted;
- to third party companies and contractors that provide us with services in the conduct of our business ("service providers"), such as payment processing services, information technology services for our software applications, advertising, marketing and survey services and other essential similar services, but only as necessary for those service providers to provide services to us;
- to third parties as we deem necessary or appropriate to prevent, limit or otherwise prosecute fraud;
- as necessary to meet legal and regulatory requirements; and
- any other circumstance in which you provide consent to disclose.
All Points service providers are contractually bound to keep your information secure. Our service providers can use, store and disclose your personal information solely for purposes for which it is disclosed to them (to provide us with services).
We may use and disclose your personal information in connection with the proposed or actual financing, sale or other business transaction involving part or all of our business or assets. Such use and disclosure would be for the purpose of allowing third parties to determine whether to proceed with the proposed transaction, and if the transaction proceeds, for the purpose of completing the transaction. Assignees or successors to our business or assets may use and disclose your personal information for the purposes described in this policy. You will be notified via email and/or a prominent notice on our Sites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Other Data Protection Laws and Privacy Policies Impacting Personal Data
Points, our Partners and our service providers are located in various jurisdictions including, among others, Canada, the United States and the European Union and, as a result, your personal information may be stored, processed or transferred into or out of these countries. The data protection laws in these countries may be different to those in your country and your information may be subject to access by the regulatory authorities in, and to the laws of, those other jurisdictions.
We will retain your personal information for as long as
- your account is active;
- your personal information is needed to provide you services; or
- it is necessary to meet legal, regulatory, insurance and audit requirements.
If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at email@example.com.
Accuracy of Your Personal Information
We will use commercially reasonable efforts to ensure that your personal information is correct, complete and up-to-date to the extent we are notified of any changes by you. You can review and update your personal information on our Sites. You can assist by keeping us informed of any changes, or informing us if you find any errors in our information about you. If we have disclosed inaccurate information about you to a third party that you are aware of, we would be pleased to contact the third party in order to correct the information upon your request.
Your Rights with Respect to Your Personal Information
If you wish to change any of your personal information we have on file in our records, other than that available to you and capable of being modified through the Services, you may contact our Privacy Officer as noted at the bottom of this page. To protect your privacy and security, we may take reasonable steps to verify your identity prior to making corrections.
You are entitled to be informed or and have access to any of your personal information in our custody or control. Upon written request to our Privacy Officer as noted at the bottom of this page, we will provide you with your personal information under our custody or control, as well as information regarding how your personal information is being used and the identity of any third party(s) to whom that information has been disclosed. Please note that we may not be able to provide access to personal information in certain circumstances, such as if the personal information was collected for the purposes of an investigation, if disclosure would reveal the personal information of a third party, or if prohibited by law. To protect your privacy and security, we may take reasonable steps to verify your identity prior to providing such access.
Rights of European Data Subjects
In addition to rights with respect to your personal data already noted elsewhere in this policy, for those individuals residing in the European Economic Area, you have certain additional rights under the General Data Protection Regulation (GDPR):
Restrictions on Further Processing
You have the right, where there is a dispute in relation to the accuracy or basis of processing of your personal data, to request a restriction on further processing by us.
You have the right to erasure of your personal data (“right to be forgotten”) in certain circumstances.
You have the right to request that personal data that you have provided to us be returned to you, or be provided to another third party of your choice, in a structured, commonly used and machine-readable format.
You have the right not to be subject to a decision based solely on automated decision-making. In connection with such right, you may have the right to request human intervention with respect to such automated decision-making, as well as express your point of view or contest any such automated decision-making.
Opt-out of Direct Marketing / Profiling
You may elect to “opt out” of direct marketing activities, including any profiling we may conduct for direct marketing purposes. Accordingly, we may rely on your consent permitting us to process your information in accordance with this policy for direct marketing, including profiling for direct marketing, unless you take affirmative action to opt out of such processing. You may opt out at any time by contacting our Data Privacy Officer or EU Representative, as provided further below.
Lodge Complaints with Supervisory Authorities
You have the right to lodge a complaint with a data protection supervisory authority in your country.
Cookies and JSON Web Tokens
A cookie is a small text file that is stored on a user's computer for record-keeping purposes. JSON web tokens, or JWT tokens, are authentication confirmations that are used to authenticate a user. We use both session ID cookies and persistent cookies, as well as JWT tokens on our Sites. Session ID cookies expire when you close your browser. Persistent cookies remain on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser's "help" file. Cookies provide us with information on your use of our Sites, including the time and length of your visit, the pages you look at on our Sites, the website you visited just before coming to ours, and the name of your Internet service provider.
We use session cookies and tokens to make it easier for you to navigate our Sites. We use persistent cookies and tokens to store your username, so you don't have to enter it more than once, and to track and target your interests, to evaluate the performance of our Sites, and to tailor promotions and other marketing messages to you and enhance your experience on our Sites.
You can reject cookies by adjusting the preference settings in your browser. If you reject our cookies, you may not be able to take full advantage of certain features available on our Sites, such as contests and surveys. You can learn more about interest-based advertising by visiting http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/choices.
Clear gifs (also known as tracking pixels or web beacons) are tiny graphics with a unique identifier, similar in function to cookies. They are used to track the online movements of users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence.
We and our service providers use clear gifs to help us better manage content on our Sites, by informing us what content is effective, and to gauge the effectiveness of certain communications and marketing campaigns. For instance, we use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients and to allow us to serve you related advertising on the Internet.
Links to Third Party Sites
Social Media Features
We take reasonable measures, including administrative, physical and technical safeguards, to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Personal information uploaded to our Sites is transmitted to us using industry standard encryption, which creates a private conversation between your computer and our Sites. We authenticate our Sites and enable TLS/SSL encryption to protect your sensitive data and transactions.
Nevertheless, Points cannot absolutely guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes. In the event that your personal information in our possession or under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify you and take other steps in accordance with applicable laws or regulations.
Remember that email sent over the Internet is generally unencrypted and transmitted in clear text. We recommend that you use caution when forwarding free-format email messages to us and that you do not include confidential information (such as unique user IDs, passwords or personally identifiable information) in those messages. Confidential information should be transmitted to us through other secure methods such as by telephone.
Revision of Policy
This policy may be revised from time to time. We will notify you of material changes prior to such material change being effective, either by e-mail at the address you have provided to us in connection with your registration on our Sites or by a prominent notice on our Sites. Your continued use of our Sites or failure to cancel your account on our Sites following such notification shall constitute your acceptance of the revised policy. We encourage you to periodically review this page for the latest information on our privacy practices.
Disputes and Complaints
In addition to contacting our Data Privacy Officer, individuals residing in the European Economic Area may contact our EU Representative at:
Points will respond to your request for access in accordance with applicable privacy legislation.