Privacy and Personal Information Protection Policy

Effective Date of the Policy: September 14, 2023
Last Updated: February 23, 2024


At Spiritours, we place great importance on the protection of personal information for our clients, employees, and representatives. In accordance with the private sector privacy protection law, we are committed to preserving the confidentiality of personal information collected in the course of our activities. Our privacy policy aims to inform you about our practices regarding the collection, use, disclosure, retention, and protection of your personal information. By providing us with your personal information, you agree to the terms of this policy and authorize us to process your information in accordance with it.

1. Consent

1.1 Commitment to Privacy Protection
We are committed to protecting the privacy of our users. We collect and use personal information only with their explicit consent and in accordance with applicable laws.

1.2 Acceptance of the Terms of Our Policy

By accessing our website or providing us with personal information, you agree to the terms of our privacy policy. This includes your consent to the collection and use of your personal information in accordance with this policy.

1.3 Right to Withdraw Consent

You have the right to withdraw your consent at any time. However, this is subject to certain legal or contractual restrictions. We will inform you of the possible consequences of this withdrawal, such as the inability to provide certain products or process certain requests. Your decision to withdraw will be recorded in our records.

1.4 Exceptions to the Need for Consent

In certain exceptional circumstances, we may collect, use, or disclose personal information without obtaining your prior consent. This may occur in situations where legal, medical, or security imperatives make obtaining your consent impossible or impractical. These situations include, but are not limited to, cases of suspected breach of contract, prevention or detection of fraud, or law enforcement needs.

2. Collection of Personal Information

2.1 We collect personal information through various means, including:

  • Emails and communications with our customer service
  • Online registration forms
  • Mobile application provided to our clientele
  • Cookies and similar technologies on our website
  • Phone calls


2.2 We may also collect information through third parties, such as:

  • A technological service provider like an ordering platform or newsletter service.
  • A recruitment portal that allows candidates to submit their resumes and personal data.
  • Professional social networks like LinkedIn for recruitment or marketing purposes.
  • A customer satisfaction survey company that collects feedback on our products or services.
  • An online payment service provider to process financial transactions.
  • A cloud computing company storing customer data.
  • A digital marketing company analyzing user behavior on our website.
  • An IT security service provider monitoring threats and protecting data.
  • A customer relationship management (CRM) company that helps organize and analyze customer interactions.
  • A logistics service provider managing product delivery and collecting recipient information.


2.3 We may use advanced technologies to collect personal information, including identifying, locating, or profiling our customers (e.g., creating consumer profiles). However, we are committed to ensuring the privacy protection of our customers:

  • Responsible use of technology: We use these technologies only to improve our services and better understand the needs of our customers.
  • Activation of features: Our customers always have the choice to activate or deactivate these features according to their preferences.


We are committed to being transparent about the use of these technologies and respecting the privacy choices of our customers. (see Appendix II)

3. Types of Personal Information Collected

3.1 We collect various types of data, including but not limited to:

  • Personal identifiers (name, postal address, email, phone number)
  • Technical or digital information (IP address, online activities)
  • Financial information (payment details, credit history)
  • Health data (weight, gender at birth, health history, lifestyle, medication)
  • Demographic data (age, ethnic origin, nationality, place of residence)
  • Information necessary for the provision of our travel services: passport number and expiration date, date of birth, dietary restrictions, medical conditions


3.2 Children’s Privacy

We do not knowingly collect or solicit personal information from children under the age of 13. By using our website, you represent that you are at least 13 years old. If you are under 13, please do not attempt to send any personal information to us. If we discover that we have inadvertently collected personal information from a user under 13 years old, we will attempt to immediately delete that information from our files and records. We also encourage website users under the age of 13 to seek permission from their parents or guardians before submitting any information about themselves online.

If you believe that a child under 13 has provided us with personal information, please contact us using the contact information provided in the following section.

4. Use of Personal Information

4.1 We use your personal information for a range of essential activities, including but not limited to:

  • Responding to inquiries: To efficiently respond to your requests and queries and provide our travel services. To manage bookings, issue airline tickets, and travel insurance.
  • Transaction management: Processing payments and issuing receipts for transactions made.
  • Registrations and participations: Managing your registrations for events, training, newsletters, downloads from our website, or participation in webinars.
  • Human resources management: For internal management and administration of human resources, recruitment, employment contracts, and service agreements.
  • User experience improvement: Operating, maintaining, and enhancing our website, customizing your online experience, and providing requested services and information.
  • Marketing communication: Sending relevant information, special offers, and news, with the option to unsubscribe at any time.
  • User account management: Managing your user account to access various features of our site.


These uses aim to enhance your experience with our services and facilitate effective interaction with our organization.


4.2 We provide various options to allow you to control and limit the collection of your personal information. These options include:

  • Communication choices: You can choose to receive our communications through different means (phone, SMS, email), or refuse them altogether.
  • Account settings: When creating an account on our site, you have the option to opt out of certain services.
  • Cookie management: Our site allows you to refuse or customize the use of cookies. Please note that blocking certain cookies may affect the accessibility and functionality of our site.
  • Granular consent: In most situations, when we collect information for specific purposes, you have the option to consent only to certain uses of your data.


It is important to note that some of these options may limit your access to all features of our service. For example, by refusing certain cookies, some parts of our website may not work as expected, or by choosing not to create an account, some customization features may not be available.

5. Sharing and Disclosure of Personal Information

5.1 Personal information collected by our organization is accessible to specific categories of our staff and certain partner organizations for the purpose of providing our products and services effectively. For example:

  • Customer service: Accesses contact information to respond to inquiries.
  • IT department: Accesses technical data for support and maintenance.
  • Marketing department: Uses data for advertising campaigns and market research.
  • Travel partners and service providers involved in your trip.
  • Travel companions.
  • Blue Cross travel insurance company. [Privacy Policy | Blue Cross Quebec]
  • Delivery partners: Receives addresses for order delivery.
  • Payment service providers: Accesses financial information for transaction processing.
  • Personal information and data security managers: Accesses information to ensure the security and protection of data against unauthorized access or cyberattacks.
  • Legal consultants: Uses data to ensure compliance with applicable laws and regulations.
  • Cloud service providers: Hosts data on secure servers, allowing for storage and retrieval of information.
  • Research and development partners: Accesses certain data to collaborate on new innovations or improvements to products/services.
  • Collection agencies: In cases of payment default, certain information may be shared with external collection agencies.


We ensure that this information is used exclusively for the stated purposes and in compliance with confidentiality. Data transfers outside Quebec are conducted as part of international collaborations, while ensuring adequate protection of information in accordance with applicable laws.

6. Links to other websites

6.1 Our website may contain links to third-party websites

When you follow these links, you are leaving our website. The information exchanged at that time is no longer subject to our privacy policy. We recommend reviewing the privacy statements of other websites you visit before providing any information.

7. Personal Information Security

7.1 Security Measures for the Protection of Personal Information

To ensure the security and confidentiality of personal information, Spiritours implements rigorous security measures, encompassing both physical and technological aspects. Here are some concrete examples:

  • Physical Security: Use of security locks for office, cabinet, and file access, along with restricted access to areas where personal data is stored.
  • Access Controls: Limitation of access to personal data to authorized employees only.
  • Staff Training: Regular awareness training for staff on best data security practices.
    Surveillance and Intrusion
  • Detection: Implementation of systems to monitor any suspicious activity and detect potential intrusions (IPS).
  • Disaster Recovery Plans: Development of plans to quickly restore data in the event of incidents such as outages or cyberattacks.


We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or disclosure. Personal data is stored in specialized software (PC Voyages) hosted by a reliable and internationally renowned provider (Microsoft – Azure) for optimal data protection. Servers are set up in a cascade so that data is automatically recorded on a second server if the first server fails. They take responsibility for backups to ensure there is no risk to our clients.

These measures aim to protect personal information against any unauthorized access, use, or disclosure and maximize its integrity and confidentiality. While we do our utmost to protect your personal data, it is important to keep in mind that no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.

7.2 Employee and Board Commitment

Each employee, administrator, volunteer, independent contractor, or ad hoc advisor commits to respecting the personal information we collect. Moreover, these individuals pledge to maintain the confidentiality of information specific to our activities and not to disclose or use it personally or for the benefit of others. This commitment begins upon the commencement of employment, directorship, volunteering, independent contracting, or ad hoc advising and continues indefinitely.

8. Conservation and Destruction of Personal Information

We will only retain your personal data for the duration necessary for the purposes stated in this privacy policy. We will keep and use them to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal policies.

We will also retain usage data for internal analysis purposes. This data is typically kept for a shorter period, unless used to enhance the security or functionality of our website, or if we are legally obligated to retain it for a longer period.

Credit card payment information is destroyed after the authorized payment(s) and is never stored in our PC Voyages software. Registration forms are stored in a digital file for a period of 6 years after the last tax year, as required by provincial law on record-keeping and retention of supporting documents (Digital copies of passports are also retained for 6 years unless specifically requested otherwise by you). Paper copies of passports and registration forms, if any, are destroyed immediately after being scanned, within 48 hours of receipt.

For other data in the secure software linked to the billing system, they are retained indefinitely (with customer authorization since October 2023), otherwise, the system will only retain the name, first name, address, phone, and email.

9. Your Rights

9.1 Recognition and Respect of Your Rights

In the context of our privacy policy, we acknowledge and respect the fundamental rights of individuals whose personal information we hold. These rights include:

  • Right of access: Individuals have the right to access the personal information we hold about them. For example, a customer may request to view the data collected during their registration for our service.
  • Right to rectification: If information is inaccurate or incomplete, individuals can request its update. For instance, an employee may request the correction of their incorrect postal address in our records.
  • Right to be forgotten: Individuals can request that their personal information be removed from public disclosure or that any hyperlink associated with their name be delisted if such disclosure causes harm or violates the law or a court order. This right to erasure or forgetfulness allows individuals to control the availability of their personal information on the internet.


Right to lodge a complaint: In case of concerns about the processing of their data, individuals can file a complaint according to our established process.

Subject to applicable laws, upon receiving a written request from an individual and after verifying their identity, we will inform the person if we hold any personal information about them and provide them with this information.

We may refuse a person access to their information in accordance with the applicable laws, in which case we will provide the reasons for the refusal.

To facilitate these rights, the contact information for our privacy officer is clearly provided for any questions or concerns. These measures ensure that individuals can exercise their rights with confidence and transparency.

10. Modifications to the Policy

This policy may be updated to reflect changes in our practices or legal requirements. The modifications will be posted on our website. We encourage you to regularly check this privacy policy to stay informed about any changes.

11. Contact

Any requests or questions regarding this privacy policy can be sent to the person responsible for the protection of personal information at the following address:

By email:
By postal mail: 514-374-7965 extension 205




Sale or Transfer of Business or Assets

When a business is sold or transferred, your personal data may also be transferred to the acquirer or beneficiary of the assets. If this occurs, Spiritours will require the acquirer to use your personal data in accordance with this privacy policy. This includes the use of your personal data only by the acquirer and its affiliated companies. If we are involved in a reorganization, dissolution, or liquidation, it may also result in the transfer of your personal data to a third party. In all cases, we will strive to protect your personal data and inform you of any transfer as required by applicable law.


Use of Cookies and Google Analytics

We use tracking technologies such as cookies, tags, and scripts to enhance and analyze our website. We use both temporary and persistent cookies for various reasons, including providing the services available on the website, authenticating users, customizing the user experience, and tracking information related to website traffic and usage.

You can configure your browser to refuse cookies or to be notified when a cookie is sent. However, please note that some parts of our website may not function properly if you refuse cookies.

Analytical Data

We may engage third parties, such as Google Analytics, to help us collect and analyze information about the sections visited on the website to assess and improve the user experience and the website. These third parties may use cookies and other tracking technologies. If you wish to prevent the storage and processing of such data (including your IP address) by Google, you can download and install the browser plugin available at the following link: Browser Add-on Download Page for Google Analytics Opt-out.

You can also review the privacy policy of Google Analytics by clicking the following link: Privacy Policy and Terms of Service – Google.

Conversion Pixels

Conversion pixels, also known as “transparent GIFs” or “tracking pixels,” are tiny images, usually a single pixel, that can be placed on a web page or in an email to indicate when you have viewed that page or opened that email and to analyze response rates.

N’oubliez pas vos achats! / Don't forget your shopping!

Avant de partir, n’oubliez pas de vérifier votre panier d’achats, réserver le voyage de ressourcement de vos rêves aujourd’hui avant qu’il n’y ait plus de place. / Before you leave, don't forget to check your shopping cart, book your dream retreat today before it sells out.