Website Privacy Notice
References in this Notice to “you” or “your” are references to individuals who use the Website. References in this Notice to “we”, “us” or “our” are references to MAGNA .
MAGNA is a leading travel company, with headquarters in Canada and registered at 95 Wellington Street West, Suite 800, Toronto, Ontario, Canada, N5J 2N7.
Minors (as defined under the laws of their jurisdiction or residence) are not eligible to register for, use, or Purchase the Products or Services available on our Website. We do not knowingly collect personal data from any Minor, and will not use this information if we discover that it has been provided by a minor.
Significance of personal data protection
Your privacy is important to us and we recognise that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process.
Purpose of this Notice
We respect your need to understand how and why information is being collected, used, disclosed, transferred and stored. Thus we have developed this Notice to familiarize you with our practices. This notice sets out the way in which we process your information when you use our Website or other digital platforms, including Facebook, in accordance with applicable data protection laws. It is important that you read this Notice together with any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.
Defining controller of personal data
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of MAGNA as controller. Unless we notify you otherwise MAGNA is the controller for your personal data.
Personal data collected by us
Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).
Throughout the course of conducting our business as a travel and tourism company, in dealing with Representatives, Partners, Suppliers, Clients, Guests of Partners & Clients, industry peers and contacts, and potential Partners and/or Clients, we may collect and process Personal Data about you.
We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Notice.
We do not collect any special categories of personal data about you through our Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this Notice:
“Contact Data”: including your contact address, email address, telephone numbers and fax numbers;
“Identity Data”: including your first name, last name, username or similar identifier, title.
“Marketing and Communications Data”: including your marketing and communication preferences. We also track when you receive and read marketing communications from us, which information we use to improve our marketing services, provide you with more relevant information and improve the quality of our marketing materials. Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you;
“Profile Data”: including information collected progressively when you visit our Website including your referral Website, pages you visit, actions you take, patterns of page visits and information from forms you fill in;
“Technical Data”: includes information collected when you access our Website or any other integrated system and digital platforms, your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using;
“Usage Data”: information about how you use our Website, and
Related Persons Information: name and contact information of dependents or beneficiaries (including home address; home and work telephone numbers; mobile telephone numbers; date of birth; gender; emergency contacts; beneficiary information; dependent information)
Methods of collecting personal data
We may collect Personal Data by the methods listed below:
(a) Exchanges of Business Cards during:
• Business Meetings
• Exhibitions & Events
• Networking events
• Sales Call
(b) Inquiry through:
• Phone call
• Instant Messaging (i.e. WhatsApp etc.)
(c) Subscription to receive:
• Marketing & Promotion emailers
• Corporate Updates & Advisories
• Product & Service Updates & Advisories
• Direct E-mails
• Instant Messaging (i.e. WhatsApp, etc., with expressed and explicit consent)
• Sales, Marketing & Promotion collaterals
• Mobile SMS
(d) Business and/or Booking Contacts as:
• Overseas Representative
(e) Social Media Platforms (These may also be covered by separate Privacy Policies of each of the social media platforms)
(f) Website Cookies
Information about Related Persons
Grounds for lawful processing of data
When you use our Website we will use your personal data in the following circumstances:
“performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
“legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
“legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or client portals to ensure that the security of our Website or client portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
“consent”: Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Purposes for collecting personal data
MAGNA collects, processes, and otherwise uses your Personal Data for purposes that are required by applicable law, regulations, collective agreements or other contracts, to allow the us to fulfil its business needs and legal obligations. These purposes include:
Marketing & Promotional activities, but subject to the wilful and explicit provision of consent;
Fulfilment of Contractual Obligation to deliver Products and Services (either to Representatives, Partners, Clients, Suppliers and/or Guests);
Accounting & Finance processes and procedures
Personal data may also be used internally for research, analysis and auditing.
The personal data we collect helps us to keep you posted about our latest product announcements, offers, promotions and events. It also allows us to improve our services, content and advertising. If you wish to unsubscribe, you can choose to do so.
We may also use the personal data to improve our product offering, develop, and deliver products, services, content and advertising.
We may use personal data to send you important notices and communications regarding our products and services availed or changes to the terms and conditions and policies.
We may use the personal data we collect to allow you to access specific account information.
We may use the information provided by you to customize your visit to the Website by displaying appropriate content at our judgment and discretion.
The personal data we collect may be used to send you information about products and services offered by us, to contact you for payment reminder notices, travel vouchers and to keep you updated on the Travel sector through our newsletters. In event you do not wish to receive such information, you may unsubscribe through the facility in the email message you receive.
Personal data may also be used internally for research, analysis and auditing.
Collection and use of non-personal data
Non-personal data is data which can never be used to identify an individual. We may collection information regarding customer activities on our various portals. This aggregated information is used in research, analysis, to improve and monitor products and for various promotional schemes. It may be shared in aggregated, non-personal form with third party to enhance customer experience, products offering or services.
Cookies and other technologies
For your convenience, our Website provides links to other sites. When you click on one of these links, you are leaving our Website and entering another site. We are not responsible for such third party sites. You should carefully review the privacy statements of any other sites you visit, because those privacy statements will apply to your visit to such other sites.
Disclosure and Sharing of Personal Data (to third parties)
Your Personal Data will be disclosed only to individuals within MAGNA who need access to your Personal Data to perform their duties for the purposes listed in Section 9 above or where required by applicable law.
Within MAGNA , your Personal Data will be disclosed only to a limited number of restricted individuals, which may include marketing, sales, contracting, reservations, human resources, legal, finance, regulatory and compliance, accounting, compensation and benefit as well as certain managers to the extent any of these functions need access to your Personal Data in connection with their job responsibilities.
MAGNA may disclose your Personal Data to third parties providing information technology support or technical and organizational services ONLY in connection with the fulfilment of its business needs and legal obligations. The personal data collected is primarily used and passed on to third parties where it is necessary to process your booking, enquiry or participation. We may share personal data as required to fulfil the service offering and/or to make booking, reservation, blocking and any such activity initiated by user. We may share personal data with companies which provide services such as information processing, extending credit, fulfilling customer orders, delivering products and/or services to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information.
MAGNA will exercise appropriate due diligence in the selection of its third-party service providers, and require that they maintain adequate technical and organizational security measures to safeguard your Personal Data, and to process your Personal Data ONLY as instructed by MAGNA and for no other purposes.
It is understood that your Personal Data will be disclosed to third parties only as necessary in connection with the performance of contracts, the Company’s business activities and the purposes listed in Section 9 above, as permitted by consent or as otherwise authorized or permitted by the law.
We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data.
Where required, we will (subject to our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
·our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us; and
service providers who provide information technology and system administration services to us.
We may share your personal data with persons or entities outside of MAGNA to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this Notice.
Due to the multinational character of MAGNA , some of the affiliated companies and other recipients may be located in countries outside Hong Kong that do not provide a level of data protection equivalent to that set forth by the law in your home country. MAGNA will take steps to make sure that such recipients act in accordance with applicable law and provide an adequate level of protection for your personal data including appropriate technical and organizational security measures, also through implementation of appropriate contractual measures to secure such transfer, in compliance with the applicable law.
Data protection and security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing.
MAGNA maintains physical, technical, and organizational security measures to protect the Personal Data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed in your local jurisdiction, the United States, or elsewhere. All the information you provide us through online systems is protected by a secure server. We will never share your private details with anyone else, unless as specified above to facilitate your booking.
Marketing and exercising your right to opt-out of marketing
As part of the registration process, we give you the ability to receive via e-mail or direct messaging, information about our Products and Services, updates to our Website, customized advertisements and promotions that are targeted to your specific interest, such as promotions, contests, sweepstakes and other travel opportunities available on our Website and/or sponsored by our travel service providers and advertisers. We send this information directly ourselves, or via third party service providers.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims.
We will retain your personal data in our databases in accordance with our document management, retention and destruction policy and applicable laws. This period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to have sufficient information to respond to any issues that may arise later. For example, we may need or be required to retain information to allow you to obtain credit for trip your purchased but had to cancel. We may also need the retain certain information to prevent fraudulent activity; to protect ourselves against liability, permit us to pursue available remedies or limit any damages that we may sustain; or if we believe in good faith that a law, regulation, rule or guideline requires it.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Changes to notice
Under certain circumstances, you have rights under applicable data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights under Personal Data (Privacy) Ordinance are set out below:
(a) right to access personal data
(b) right to correct personal data
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.