GDPR Compliance Information

Introduction

While Painted Brick Adventure Travel Ltd. is based in Canada, we recognize the importance of the General Data Protection Regulation for visitors from the European Union and European Economic Area. This page explains how we honor GDPR principles and your rights when processing personal data.

Data Controller

Painted Brick Adventure Travel Ltd. acts as the data controller for personal information collected through our website and tour services.

Contact details:
Painted Brick Adventure Travel Ltd.
427 Baker Street, Nelson, BC V1L 4H7, Canada
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Contractual Necessity

Processing is necessary to fulfill tour booking contracts, including communicating booking details, providing pre-trip materials, and delivering tour services.

Legitimate Interests

We process data to improve our services, analyze website usage, prevent fraud, and maintain business records, provided these interests do not override your fundamental rights.

Consent

For marketing communications and certain cookies, we rely on your explicit consent, which you may withdraw at any time.

Legal Obligations

We process data where required by Canadian law, including tax reporting and business record retention.

Your GDPR Rights

If you are an EU or EEA resident, you have the following rights regarding your personal data:

Right to Access

You may request confirmation of whether we process your data and obtain a copy of the personal information we hold about you.

Right to Rectification

You can request corrections to inaccurate or incomplete personal data.

Right to Erasure

You may request deletion of your personal data in certain circumstances, subject to legal retention obligations.

Right to Restrict Processing

You can ask us to limit how we use your data while we address concerns about accuracy or legitimate processing grounds.

Right to Data Portability

You may request your data in a structured, commonly used format for transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority if you believe we have violated your rights.

How to Exercise Your Rights

To exercise any GDPR rights, contact us at [email protected] with your request. Please include sufficient information for us to verify your identity and locate your data. We will respond within 30 days of receiving a valid request.

There is no fee for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse the request.

Data Collection and Use

What We Collect

We collect personal data you provide when booking tours or contacting us, including name, email, address, dietary requirements, medical information relevant to tour safety, payment details, and communication preferences. We also collect technical data automatically through website cookies, including IP address, browser type, and browsing behavior.

Why We Collect It

Personal data enables us to process bookings, deliver tour services, ensure participant safety, improve our offerings, and communicate effectively with customers.

Data Sharing and Transfers

We share personal data only when necessary to provide services, including with tour guides, local accommodation providers, activity operators, and payment processors. All third parties are contractually required to protect your data.

International Transfers

As a Canadian company, we process data primarily in Canada. Canada benefits from an adequacy decision by the European Commission, recognizing Canadian privacy law as providing adequate protection. Data shared with partners in other jurisdictions is protected through appropriate safeguards such as standard contractual clauses.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy. Booking records are typically kept for seven years to comply with tax and business record requirements. Marketing data is retained until you unsubscribe or request deletion. Technical website data is anonymized or deleted after analysis.

Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or alteration. These include encrypted data transmission, secure payment processing, access controls limiting who can view personal information, and regular security assessments.

Cookies and Tracking

We use cookies to provide website functionality and analyze usage. You can manage cookie preferences through our cookie banner or browser settings. Essential cookies are necessary for site operation, while analytics cookies require your consent. For detailed information, see our Cookies Policy.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Children's Data

We do not knowingly collect personal data from individuals under 16 without parental consent. If we discover such data has been collected, we will delete it promptly.

Policy Updates

We may update this GDPR information to reflect changes in our practices or legal requirements. Significant changes will be communicated to registered users via email. The updated version will always be available on our website with a revised date.

Questions and Complaints

If you have questions about our GDPR compliance or wish to exercise your rights, contact us at [email protected]. If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.