Privacy Policy

1. Introduction

Atlific Hotels (“Atlific” or “we”) is a hotel management company independently operating more than 50 hotels throughout Canada. Our portfolio includes both independent‑label and branded properties. In the case of branded hotels, we are franchisees of brands such as Best Western, Choice Hotels, Hilton Worldwide, Intercontinental Hotels & Resorts, Marriott International, Realstar Hospitality, and Wyndham Hotel Group (“franchisors”). This privacy policy (the “Privacy Policy”) in compliance with provincial and federal regulations (where applicable), generally applies to any personal information (as defined below in Section 2 entitled Information We May Collect and How We May Use It) collected by Atlific about all individuals who are not Atlific employees accessing our hotels’ premises (“guests”), visitors of our websites, applicants for employment opportunities with Atlific and any other individuals with whom Atlific deals, such as representatives of customers and business partners.

We make reasonable efforts to tell our guests why and how we collect, use, and disclose their Personal Information. We obtain their consent where required and handle their Personal Information in a manner that a reasonable person would consider appropriate under the circumstances.

The Privacy Policy is a statement of principles, guidelines and practices concerning the protection of personal information, how that information is used and/or shared, and of the choices you can make about the way your information is collected by Atlific through the channels outlined below:

  • Our corporate website (www.atlifichotels.com) and our independently owned and managed hotels’ websites, including any WiFi login pages on-property (together referred to as our “websites”), from which you might be accessing this Privacy Policy;
  • Social media pages that we control/manage on various platforms including Facebook, Twitter, Instagram, SnapWidget, and others (together referred to as “social media”), and from where you might be accessing this Privacy Policy;
  • Email communications that we send to you as part of regular business operations;
  • Email communications that we send to you as part of marketing newsletters, which you would have subscribed to receive per applicable Canadian Anti-Spam Laws, commonly referred to as CASL;
  • Phone conversations and other customer communication channels such as online chat and messaging services. These communications may be recorded for purposes of quality assurance and training;
  • Fax communications if related to the operations of our business;
  • Other customer communication channels such as fax, online chat or messaging services;
  • If applicable, on-property operations that are used to facilitate business transactions, including a recorded stay as one of our guests.

2. Information We May Collect and How We May Use It

Definition of Non-Identifiable Information: Personal information that is de-identified and/or aggregated and cannot be associated with an identifiable individual is not considered to be personal information. Atlific reserves the right to conduct statistical analyses through the use of personal information and/or data collected, including the data collected from individuals who enter our properties, through our websites, WiFi or entertainment services on an anonymous and/or aggregated basis in order to understand users’ interests, improve our services and measure interest in and use of our websites and/or mobile app. Atlific reserves the right to provide its analyses based on such anonymous and/or aggregated data to third parties.

Definition of Personal Information: When used in this Privacy Policy, personal information means any information about an identifiable individual.

Definition of Non-Identifiable Information: Personal information that is de-identified and/or aggregated and cannot be associated with an identifiable individual is not considered to be personal information. Atlific reserves the right to conduct statistical analyses through the use of personal information and/or data collected, including the data collected from individuals who enter our properties, through our websites, WiFi or entertainment services on an anonymous and/or aggregated basis in order to understand users’ interests, improve our services and measure interest in and use of our websites and/or mobile app. Atlific reserves the right to provide its analyses based on such anonymous and/or aggregated data to third parties.

Definition of Personal Information: When used in this Privacy Policy, personal information means any information about an identifiable individual.

Atlific generally collects personal information from or about our guests and other individuals with whom we deal for general business related purposes such as to help prevent fraud, unauthorized activities, claims and other liabilities and to ensure the security of our properties. We may also use personal information to authenticate the identity of individuals contacting us by telephone, electronic means or otherwise, for internal training and quality assurance, to manage our business and ensure the efficiency, reliability and security of our systems and networks, and to ensure the security of our guests and of our hotels.
We may also collect and use, to the extent permitted by law, guests’ personal information to understand the interests and changing needs of our guests so we may provide personalized products, recommendations and services.

Other uses include processing payments, verifying creditworthiness if applicable, opening and managing accounts, delivering requested products and services, guaranteeing a reservation, ensure a high standard of service, meet regulatory requirements, and enrolling you in a loyalty program in cases in which you clearly outlined your consent orally or in writing.

More specifically, Atlific collects and uses personal information in the following manner:

I. Information Collected From or About You. In many cases, we collect personal information directly from you when you visit our premises, make a reservation at one of our hotels, use our services, make a compliant, submit an inquiry, contact us in person or through our websites, and use our websites to log in to our WiFi. You will therefore know when we collect this information. We also may receive personal information about you from our franchisors when you make your reservation directly with them, from third party intermediaries when you make your reservation through them, from our customers, such as your employer or from any other third party through which your visit at our hotels is administered or organized (for instance if you attend a conference organized by a professional association), but at all times, with your prior consent and/or as authorized by law either orally or in writing, before or at the time of collection, unless the purpose for the collection are obvious and were done so voluntarily by you.

  • Guests. We may collect information such as your name, contact information, email address, payment information, gender, date and place of birth, home address, telephone number, language preference, membership or loyalty program information, employer details, travel itinerary, prior stays, stay preferences, and other similar type of information in relation to your reservation or under your broader hotel stay, including the use of onsite outlets such as restaurants, concierge services, health clubs and spas, only in cases in which these hotel amenities are run and maintained by hotel staff. If hotel amenities are run by third-parties, we recommend that you check their privacy policy if applicable. We usually collect this personal information to provide you with our products and services or to provide you with the information requested or to contact you to answer your questions, requests or inquires or to administer the contest or promotions which you have entered. In applicable cases, we also collect information related to the security of the premises and well-being of our guests, such as companion information, and names and ages of accompanying children.
  • Customers, suppliers and other business partners, as individuals. We may collect the name, address, telephone numbers (office, cell), email addresses, and in certain circumstances, personal information collected in the context of a background check (such as employment records, credit records and criminal records) from employees of our customers, suppliers or business partners. We collect this personal information to evaluate and select customers, suppliers and other business partners, to initiate orders, process payments, establish and maintain responsible business relations, provide ongoing service and manage risk.
  • Employment Applications. We may collect the information which you have included in your resume when you submit a job application or when you apply for employment with Atlific, for recruitment and other customary human resources purposes. For example, we may send you information about new job opportunities within Atlific as well as other career development resources. We may also collect personal information in the context of a background check (such as employment records, credit records and criminal records)

II. Information Collected Automatically. In some cases, we may collect information automatically which may not necessarily identify you as an individual. For instance, we may collect the following type of information:

  • CCTV. As a security measure and in order to ensure the safety of our guests and employees, we may use Closed Circuit Television (CCTV) at various locations on our premises in order to maintain the security of our properties. We will post a clear and understandable notice about the use of such cameras on our premises. This collection is subject to applicable privacy laws and may be shared in limited circumstances, as detailed in Section 6 Sharing of Personal Information of this Privacy Policy.
  • Lock Information. As a security measure, we may collect information through our door lock system. This information includes the time when room doors were opened and closed. This information may be shared in limited circumstances, as detailed in Section 6 Sharing of Personal Information of this Privacy Policy.
  • Browser, Device, Behaviour and Technical Information. When you visit our websites and use our WiFi, we may collect technical information, using electronic means such as cookies. This information may include information about your visit or usage, including the IP address of your device/computer and which browser you used to access our websites or WiFi, your operating system, resolution of screen, location, language settings in browsers, the site you came from, keywords searched (if arriving from a search engine), the number of page views, as well as information you entered and advertisements you have seen. We may also collect your gender, age group and interests, but such information is always aggregated and is not associated with any identifiable individual. We use this information to measure, to monitor traffic to our websites and improve the effectiveness of our websites or enhance the experience of our guests. Moreover, we may use the personal information collected from our guests to assess their interests and changing needs with a view to improving our products and services and developing new ones, as well as to evaluate potential improvements or other modifications to the functionality of our websites. For information on how you can limit the type of information that we collect, use or share about you when you visit and/or use our websites or WiFi, please refer to Section 5 Right to Withdraw Consent of this Privacy Policy. We may also collect and use the following type of information:
    • Google Analytics: We use Google Analytics which allows us to see information on user online activities including, but not limited to, page views, source and time spent on our websites and/or mobile app. This information is depersonalized and is displayed as numbers, meaning that it cannot be tracked back to individuals. You may opt-out of our use of Google Analytics by visiting the Google Analytics opt-out page.
    • Google Ads, previously known as Google AdWords: We use Google Ads to reach potential new clients or existing ones. Remarketing on Google Ads is also used to advertise Atlific across the Internet and to advertise on third party websites (including Google) to previous visitors to our websites. Google Ads remarketing will display ads to you based on what parts of the Atlific websites you have viewed by placing a cookie on your web browser. It could mean that we advertise to previous visitors who haven’t completed a task on our site or this could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. This cookie does not in any way identify you or give access to your computer or mobile device. The cookie is only used to indicate to other websites that you have visited a particular page on our websites, so that they may show you ads relating to that page. If you do not wish to participate in our Google Ads Remarketing, you can opt out by visiting Google’s Ads Preferences Manager.
    • Pixel Tags: We may use pixel tags (which are known as web beacons and clear GIFs) on our websites to track actions of users on our websites. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of our websites so we can manage our content more effectively. Information we collect using pixel tags is usually not linked to our users’ personal data.
  • Geolocation Information. When you use our WiFi or utilize internet-connected devices on our premises, we, or our third-party providers, may gather location data, and any other personal information that would be clearly indicated on the devices themselves.
  • Traffic and Device Count. In some cases, we may track the number of individuals who enter our hotels or monitor foot traffic patterns within our hotels, without identifying guests in order to assist us in predicting demographic information about our guests during their visit to our properties. We may also track devices which have accessed and/or visited our hotels or used our services, websites and/or WiFi for similar purposes, as well as ensuring we do not exceed our capacity to deliver reliable internet services to our guests.
  • Social Media. If you interact with us through a third party social media platform (such as Facebook or Twitter or a similar platforms) through which you allow us to collect (or the third party to share) information about you, (including personal information) such as details of your friends/connections, “likes”, comments you have shared, groups and location. In addition, we may receive information about you (including your personal information) if other users of a third party website give us access to their profiles and you are one of their friends/connections or information about you is otherwise accessible through your friends’/connections’ web page, profile page, or similar page on a social media platform or other third party website or interactive service. We may supplement the information we collect about you directly with the information we receive from third parties in order to enhance our ability to serve you, to tailor our content to you and send you details of promotions and/or offers which we believe may be of interest to you, although at all times, in compliance with applicable privacy laws.
  • Vehicle Information. If you park on one of our hotels, we may collect information about your vehicle for the purposes of managing our parking facilities, providing parking services to you, and enforcing our parking regulations.

We may use your information to contact you regarding future services and/or to conduct surveys on the quality of our products, services or customer service or to provide you with offers for additional products and services that we feel may be of interest to you. For more details on the type of commercial electronic messages that you may receive from us, please refer to Section 3 Electronic Communications and Notifications of this Privacy Policy. Unless required or authorized by law, Atlific will not collect or use personal information for any other or new purpose without obtaining further consent.

3. Electronic Communications and Notifications

You may receive the following type of electronic communications and notifications from Atlific:

  • Electronic Notifications. You may receive electronic notifications for various purposes including to facilitate or to confirm a transaction, to provide you with information about your ongoing use of our products and services or your ongoing subscription or accounts, to inform you of any incident regarding the security of your information or in order to enforce a legal right or obligation.
  • Commercial Electronic Messages. You may receive commercial electronic messages (“CEMs”) from Atlific if we have your consent to send you CEMs:
    1. Express Consent: You can verify that you have provided consent to Atlific (or verify the status of your consent) by clicking on [Update Your Preferences] from any Atlific CEM that you might receive.
    2. Implied Consent: Atlific may infer your implied consent if: (i) we have an existing business relationship with you or had a business relationship with you which terminated less than two years ago (for instance, you have made a reservation to our hotels, contacted our teams, or conducted a transaction on one of our onsite outlets; (ii) we have received an inquiry from you within the last 6 months; and/or (iii) you have provided your electronic address to Atlific and the CEM sent by Atlific complies with the Canadian Anti-Spam Legislation.

For more information on how you may unsubscribe from receiving such commercial electronic messages (CEMs) please refer to Section 5 Right to Withdraw Consent of this Privacy Policy.

In general, by interacting and/or doing business with us, visiting our hotels or submitting information to us in connection with using Atlific services, visiting, interacting with and/or using our websites and/or WiFi, you are providing your consent to the collection, use and disclosure of personal information as set out in this Privacy Policy.

Exceptions to consent requirement. In certain circumstances, your personal information may be collected, used or shared without consent. These exceptional circumstances may include:

  • where it is clearly in the interest of the individual and consent cannot be obtained in a timely way, such as in emergencies, where the life, health or safety of the individual is threatened, or where legal, medical or security reasons make it impossible or impractical to obtain consent;
  • when information is being collected, used or shared for the detection, prevention of or remediation to, the breach of an agreement, fraud or other illegal activity, and the collection of consent might defeat the purpose of collecting the information; and
  • to comply with a subpoena, warrant or other court order, requests received from law enforcement authorities, or as may be otherwise required or authorized by law or by any regulatory bodies having jurisdiction.

For more information on how Atlific may share your personal information, please refer to the Section 6 Sharing of Personal Information of this Privacy Policy.

Consent may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice; however, without such consent, Atlific may in some cases limit the services it is able to provide to you and/or Atlific may be prevented from entering into a business relationship, maintaining such relationship and/or interacting with you. You may also withdraw your consent as follows:

  • Mail marketing, Telephone marketing and Quality control communications. You may decide that you prefer Atlific not to use your personal information to promote new and/or additional products and/or services which may be of interest to you, not to share your information with our affiliates and franchisors and refuse that we contact you by mail or telephone for marketing purposes or by email or telephone for quality control purposes. If this is the case, you may advise us by communicating directly with our privacy officer. Refer to Section 13 Role of the Privacy Officer.
  • Commercial Electronic Messages. You can always limit the commercial electronic communications that Atlific sends to you. To opt-out of commercial communications, simply click the link labeled “unsubscribe” or “opt-out” at the bottom of any commercial electronic communication we send you. Please note that even if you opt-out of promotional communications, we may still contact you when authorized by law, for instance with important information about our services, your information or account.
  • Choice with Cookies. When visiting or using our websites, you can always block the use of cookies by activating the settings in your browser. The “Help” feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you choose to withhold consent, or subsequently block cookies, you may not be able to access all or part of the content of our websites. Additionally you can disable or delete similar data used by browser add-ons, by changing the add-on’s settings or visiting the website of its manufacturer. Our websites use the following types of cookies for the purposes set out above:
Type of Cookie Purposes
Essential Cookies These cookies are essential to provide you with services available through our websites and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with these services.
Functionality Cookies These cookies allow our websites to remember choices you make when you use our websites. The purpose of these cookies is to provide you with a more personal experience and to avoid you have to re-select your preferences every time you visit our website.
Analytics and Performance Cookies These cookies are used to collect information about your traffic to our websites and how users use our websites. The information gathered may include the number of visitors to our websites, the websites that referred them to our websites, the pages they visited on our websites, what time of day they visited our websites, whether they have visited our websites before, and other similar information. We use this information to help operate our websites more efficiently, to gather broad demographic information and to monitor the level of activity on our websites.
Targeted and Advertising cookies These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show advertisements which we think will be relevant to your interests while you are on third party websites.
Social Media Cookies These cookies are used when you share information using a social media sharing button or “like” button on our websites, or you link your account, or engage with our content on or through a social networking website such as Facebook, Twitter, Instagram, or other. The social network will record that you have done this.

6. Sharing of Personal Information

Your personal information will not be sold or otherwise transferred to unaffiliated third parties without your approval, except Atlific reserves the right to disclose personal information when authorized by law or as follows:

  • Affiliates and franchisors. Atlific may share stay information, payment information, and observations about service preferences with its franchisors. Subject to Section 5 Right to Withdraw Consent provided in this Privacy Policy, Atlific may also share personal information with its affiliates and franchisors for purposes related to marketing the services offered by Atlific, at all times in compliance with applicable privacy laws. Please refer to Section 12 Privacy Policy of Third Parties, for further information.
  • Customers through which your visit at our hotels is organized. If your visit to our hotel is administered or organized by our customer, such as your employer or another third party, we may share personal information about you with such employer or third party when such information is required in the normal course of business, or otherwise on the condition that you have provided consent to Atlific sharing your personal information to our customer and we are being presented with a reasonable written request for access to your personal information (for example in the context of a work-related investigation).
  • Third-party service providers. We may hire or utilize third-party service providers, which may be affiliates, to perform services on our behalf. We provide them with a limited amount of information which is necessary in order for them to provide the services required. They are prohibited from using the information for purposes other than to facilitate and carry out the services they have been engaged to provide.
  • As permitted or required by law. From time to time, Atlific may disclose your personal information if such disclosure is necessary for the establishment, exercise or defence of legal claims, as part of the administration of our loss prevention program, or as otherwise permitted by law, for instance if Atlific is compelled to disclose personal information in response to a law, regulation, court order, subpoena, valid demand, search warrant, government investigation, other legally valid request or enquiry or if reasonably necessary to protect the rights, property and safety of others and ourselves. We may also disclose information to our accountants, auditors, agents and lawyers in connection with the enforcement or protection of our legal rights.
  • Business transaction. We may disclose personal information to a third party in connection with a corporate merger, acquisition, consolidation, the sale of a portion of our business, business unit or property, or other fundamental corporate change, whatever form it may take. However, in the event the transaction is completed, your personal information will remain protected by applicable privacy laws. In the event the transaction is not completed, we will require the other party not to use or disclose your personal information in any manner whatsoever and to completely delete such information.
  • Applicants. If you complete and submit an employment application (including an online application found on our websites), you consent to the disclosure of your completed on-line employment application to Atlific personnel.

7. Security

Atlific uses reasonable security measures to protect your personal information against unauthorized access. We have implemented security measures that contain administrative, technical and physical controls that are designed to safeguard your personal information. For example, we use industry-standard encryption technology to secure sensitive personal information when it is being collected and transmitted over the Internet as well as firewalls, site monitoring and intrusion detection software. In the event there is a security incident concerning any of your personal information collected and retained by Atlific as set out in our Privacy Policy, we may contact you by email, letter, and telephone or through other secure form of communication.

There are security and privacy limitations of the internet which are beyond the control of Atlific. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have any reason to believe that your interaction with us is no longer secure, please immediately notify our Privacy Officer as instructed in Section 13 Role of the Privacy Officer.

8. Retention of Personal Information

We have personal information retention processes designed to help ensure that we retain your personal information for no longer than as reasonably necessary for the purposes stated in this Privacy Policy or to otherwise meet our legal requirements.

9. Location, Storage, and Cross-Border Transfer

Your personal information is stored in secured locations and on servers controlled by Atlific or its service providers, located either at our facilities or at the facilities of our service providers. Notwithstanding the foregoing, Atlific and its third party service providers may process or store your personal information outside of Canada. In accordance with the laws of those countries, in certain circumstances your personal information may be accessible by foreign law enforcement, regulatory bodies or other authorities. For more information about our practices and policies regarding the use of foreign service providers, please contact us as described below.

10. Children

Atlific recognizes the importance of safeguarding the privacy of children. Children cannot make reservations at our hotels and cannot stay at our hotels without parental consent. Our websites are not aimed at, nor intended for, children under the age of thirteen (13). If you are under the age of thirteen (13), please do not use our websites, and if you are over the age of (13) but under the age of majority in the province or jurisdiction in which you reside, you should use our websites only with the involvement and permission of a parent or legal guardian. No personal information is purposefully or knowingly collected from the children under the age of thirteen (13) by Atlific without parental consent.

11. Updating and Accessing Your Information

Atlific respects your right to access and correct your personal information and complies with all laws regarding access and correction. If you wish to update your personal information held by Atlific, please contact us using the contact information detailed in Section 13 Role of the Privacy Officer.

If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information to in the previous year. If the correction is made, we will note the guest’s correction request in our records.

12. Privacy Policy of Third Parties

This Privacy Policy only addresses the use and disclosure of information by Atlific. Other websites that may be accessible through our websites, such as our franchisors’ websites, have their own privacy policies and data collection, use and disclosure practices. We encourage you to familiarize yourself with the privacy statements provided by all third parties prior to providing them with information or taking advantage of an offer or promotion.

By including outside links on any of our websites we are not implying that we endorse the linked site or its services. We have no control over nor are we responsible for any third party’s collection, use, and disclosure of your personal information.

In addition, we are also not responsible for data collection, use, disclosure or security policies or practices of other organizations such as but not limited to Facebook, Apple, Google, Microsoft, Best Western, Choice Hotels, Hilton Worldwide, Intercontinental Hotels & Resorts, Marriott International, Realstar Hospitality, and Wyndham Hotel Group.

13. Role of The Privacy Officer

Atlific Hotels’ Privacy Officer and the General Managers of hotels that are managed by Atlific Hotels are responsible for ensuring compliance with this policy and with provincial and federal regulations.

If you have any questions, complaints, concerns, or questions about this Privacy Policy or the privacy practices of Atlific in respect of how we collect, use and share your personal information, please direct your inquiry in writing to the Privacy Officer:

Christine Kennedy
Vice President, Finance – Atlific Hotels
250 St. Antoine Ouest, Suite 400
Montreal, QC, Canada
H2Y 0A3

14. Disclosure Statement

In addition to every specific case outlined in this Privacy Policy, we will also use and disclose Personal Information when we deem it necessary or appropriate as follows:

  • to comply with applicable law, including laws outside your country of residence;
  • to comply with legal process;
  • to respond to requests from public and government authorities, including authorities that may be outside your country of residence, and to meet national security or law enforcement requirements;
  • to enforce our terms and conditions;
  • to protect our operations;
  • to protect the rights, privacy, safety, or property of Atlific Hotels, our managed hotels, you, others; and
  • to allow us to pursue available remedies or limit the damages that we may sustain.

15. Changes to Privacy Policy

Atlific reserves the right to change this Privacy Policy at any time by notifying you of the existence of a new Privacy Policy. Such changes, modifications, additions or deletions shall be effective immediately upon notice thereof, which may be given by means including, but not limited to, posting on our websites and the mobile app, or by any other means by which you obtain notice thereof. If the changes are significant, we will provide a more prominent notice. Your continued use of our services, websites, mobile app and/or WiFi after such modifications will constitute your acknowledgement of the modified Privacy Policy.

16. Data Subject Rights as per European Union General Data Protection Regulation (GDPR)

The European Union’s General Data Protection Regulation (GDPR) entails our guests to the following additional rights regarding their Personal Information which may already be part of this Privacy Policy as outlined in this document:

  1. Right to Information: Guests have the right to request a copy of the Personal Information collected about them.
  2. Right to Rectification: Guests have the right to request the completion or rectification of incorrect Personal Information concerning them if it is incorrect or incomplete. See Section 11 Updating and Accessing Your Information.
  3. Right of Deletion: Under certain circumstances, guests can request the deletion of their Personal Information.
  4. Right to Withdraw Consent: If guests have given us their consent to process their Personal Information in individual cases, guests can revoke their consent and prevent further data processing, provided that no other justification is relevant. This right of withdrawing consent does not apply to the data that we store for the purposes of fulfilling this policy.
  5. Right to Limitation of Processing: Guests may request that we transfer their Personal Information electronically and which we have still stored to another service provider.
  6. Right to Complain: Guests can complain about our data processing to us or to the competent data protection authority. Refer to Section 13 Role of the Privacy Officer.
  7. Please note there are exceptions to the above rights and therefore not every right can be exercised in every situation. Any requests under the rights outlined above must provide sufficient detail to identify the Personal Information being sought. A request to access Personal Information should be forwarded to Atlific Hotels’ Privacy Office as per Section 13 Role of the Privacy Officer.

We will make the request information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. If a request is refused in full or in part, we will notify the requester in writing, providing the reasons for refusal and the recourse available for the requester.

17. Data Subject Rights as per California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) entails our guests who reside in California to the following additional rights regarding their Personal Information which may already be part of this Privacy Policy as outlined in this document:

  1. Right to Request Disclosure: under CCPA rules, our guests have the right to receive, free of charge, the following information covering the twelve months preceding your request, for a maximum two times in a 12-month period:

    1. The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
    2. The specific pieces of Personal Information we collected about you;

    You may also request:

    1. The business or commercial purpose for collecting or selling (if applicable) Personal Information about you;
    2. The categories of Personal Information about you that we sold and the categories of third parties to whom we sold such Personal Information (if applicable); and
    3. The categories of Personal Information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).
  2. Right to Opt-Out of Sale or Sharing: guests have the right, at any time, to opt-out of the sale and/or sharing of their personal information with third-parties. Please note that we are currently unable to respond to Web browser “Do Not Track” settings. If you would like to opt-out of information sharing, please contact us by referring to Section 13 Role of the Privacy Officer. The Right to Opt-Out of Sale or Sharing is restricted in the following situations that might restrict Atlific’s ability to:

    1. Comply with federal, state, provincial or local laws;
    2. Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, provincial, or local authorities;
    3. Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, provincial, or local law;
    4. Exercise or defend legal claims;
    5. Collect, use, retain, sell, or disclose consumer information that is deidentified or in the aggregate consumer information;
  3. Right to Delete Personal Information: Under certain circumstances, guests can request the deletion of their Personal Information. If submitted properly through the designated way as per Section 13 Role of the Privacy Officer, we will respond to your request consistent with applicable law. We reserve the right to deny your request to delete personal information under exceptions granted by the law. This includes, but is not limited to:

    1. We are unable to verify your request;
    2. Your request violates our security practices;
    3. Your request restricts our ability to match reasonable consumer expectations;
    4. Your request violates our legal obligations, or our ability to exercise legal claims or rights, or defend legal claims.
    5. Your request includes personal information that is medical information, or other types of information exempt from CCPA.
  4. Right to Non-Discrimination/No Retaliation: when exercising any of your CCPA rights, you have the right to not be unlawfully discriminated against because you exercised your CCPA rights.

Please note there are exceptions to the above rights and therefore not every right can be exercised in every situation. Any requests under the rights outlined above must provide sufficient detail to identify the Personal Information being sought. A request to access Personal Information should be forwarded to Atlific Privacy Officer as per Section 13 Role of the Privacy Officer.

We will make the requested information available within 45 days, or provide written notice of an extension where additional time is required to fulfill the request. If a request is refused in full or in part, we will notify the requester in writing, providing the reasons for refusal and the recourse available for the requester.

END OF PRIVACY POLICY