• (819) 423-0001
  • 1 877 423-0001
Auberge Montebello white transparent logo
Three-star-hotel

Privacy Policy Provisions for International Visitors

Last Updated: August 26, 2025

Auberge Montebello Privacy Policy – Provisions for International Visitors

At Auberge Montebello, located in Montebello, Quebec, we welcome guests from around the world, including international visitors from the European Union (EU) and other regions. We are committed to protecting your personal information in accordance with applicable privacy laws, including Quebec’s Act respecting the protection of personal information in the private sector (Law 25) and, where applicable, the EU General Data Protection Regulation (GDPR) for EU residents. These provisions explain how we handle personal information for international visitors, the additional protections we provide, and the implications for our business dealings.

1. Scope of These Provisions

These provisions apply to international visitors, including EU residents, who:

  • Visit our website ([website URL]) hosted on secure Canadian web servers.
  • Make reservations or use our services (e.g., booking accommodations, dining, or spa services).
  • Interact with us through contact forms, inquiries, or marketing communications.

 

If you are an EU resident, the GDPR applies to the processing of your personal data when we offer goods or services to you or monitor your behavior (e.g., through website analytics). These provisions supplement our general Privacy Policy to ensure compliance with GDPR requirements.

2. Legal Basis for Processing Personal Information

For international visitors, including EU residents, we process your personal information based on the following legal grounds:

  • Contractual Necessity: To fulfill your booking or service requests (e.g., processing your reservation, payment, or special requests like dietary needs).
  • Consent: For non-essential purposes, such as sending marketing emails or using analytics cookies, we will obtain your explicit, informed consent. You may withdraw consent at any time (see Section 5).
  • Legitimate Interests: For purposes like improving our website, ensuring security, or preventing fraud, provided these interests do not override your rights and freedoms.
  • Legal Obligations: To comply with Canadian laws (e.g., tax or reporting requirements) or respond to legal requests.

 

For EU Residents: We ensure that all processing of your personal data complies with GDPR’s legal basis requirements (Article 6). Where consent is required, we will provide clear opt-in mechanisms, such as checkboxes on booking forms or cookie consent banners.

3. Collection and Use of Personal Information

We collect and use personal information from international visitors as described in our general Privacy Policy, including:

  • Contact and Booking Information: Name, email, phone number, address, payment details, and guest preferences.
  • Usage Data: IP address, browser type, device information, and website interactions (via cookies, with consent where required).
  • Third-Party Data: Information received from booking platforms (e.g., Booking.com, Expedia) or travel agencies.

 

For EU Residents:

  • We adhere to GDPR’s data minimization principle, collecting only the data necessary for the stated purpose (e.g., booking or customer service).
  • We will inform you of the specific purposes for data collection at the point of collection (e.g., via website forms or booking confirmations).

 

4. International Data Transfers

As a Canadian business, Auberge Montebello hosts its website and stores guest data on secure Canadian web servers, ensuring compliance with Quebec’s Law 25. However, some personal information may be transferred outside Canada, such as to third-party service providers (e.g., cloud-based booking systems, payment processors, or analytics tools) located in the United States or other jurisdictions.

For All International Visitors:

  • We conduct a Privacy Impact Assessment (PIA) before transferring data outside Quebec, as required by Law 25, to ensure the receiving jurisdiction provides adequate protection.
  • We enter into written agreements with third-party providers to safeguard your data in accordance with Canadian privacy laws.

    For EU Residents:
  • The GDPR requires specific safeguards for data transfers outside the EU/EEA. Canada is recognized by the European Commission as providing an adequate level of data protection for commercial organizations under PIPEDA (and by extension, Law 25), which facilitates transfers of EU personal data to our Canadian servers.
  • If your data is transferred to a third country (e.g., the U.S.) that does not have an adequacy decision, we implement Standard Contractual Clauses (SCCs) or other GDPR-approved mechanisms to ensure equivalent protection.
  • You will be informed of any international data transfers and the safeguards in place, as required by GDPR Article 13.
    Business Impact:
  • Compliance with GDPR for EU guests may increase operational costs (e.g., implementing SCCs or conducting PIAs) but enhances trust, attracting more EU visitors.
  • Using Canadian servers strengthens our compliance profile, as Canada’s adequacy status simplifies data transfers for EU guests compared to jurisdictions without adequacy (e.g., the U.S.).

 

5. Rights of International Visitors

All international visitors have the following rights under Quebec’s Law 25:

  • Access: Request a copy of your personal information.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal retention requirements (e.g., tax records).
  • Data Portability: Receive your data in a structured, commonly used format (e.g., CSV).
  • Withdraw Consent: Opt out of non-essential data processing (e.g., marketing or analytics) at any time.


For EU Residents:

Under GDPR, you have additional rights, including:

  • Restriction of Processing: Request that we limit how your data is used in certain circumstances.
  • Objection to Processing: Object to processing based on legitimate interests (e.g., direct marketing).
  • Automated Decision-Making: Request human intervention if automated decisions (e.g., personalized offers) significantly affect you.
  • We will respond to your requests within 30 days, as required by both Law 25 and GDPR.

 

How to Exercise Your Rights:
Contact our Privacy Officer:
By Email: info@aubergemontebello.com
By Phone: (819) 423-0001 or (877) 423-0001
By Mail: Auberge Montebello, 676, rue Notre-Dame, Montebello (Quebec) J0V 1L0

 

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies, as outlined in our Cookie Policy. For international visitors:

  • Consent: Non-essential cookies (e.g., analytics, marketing) require your explicit consent, provided through a cookie consent banner on our website.
  • Transparency: We disclose the types of cookies used, their purposes, and any third parties involved (e.g., Google Analytics).

 

For EU Residents:

  • GDPR requires informed and specific consent for non-essential cookies. Our cookie consent banner allows you to opt in or out of individual cookie categories.
  • You can manage cookie preferences at any time via our Cookie Settings.
  • We avoid automated profiling that produces legal or significant effects unless we obtain your explicit consent or it is necessary for a contract (e.g., booking).


7. Data Security

We implement robust security measures to protect your personal information, including:

  • Encryption for payment processing and data transmission (e.g., HTTPS).
  • Secure Canadian web servers for data storage.
  • Access controls to limit staff access to guest data.

For EU Residents:

Our security measures align with GDPR’s requirement to protect personal data against unauthorized access, loss, or misuse (Article 32).

  • In the event of a data breach, we will notify you and the relevant EU supervisory authority within 72 hours, as required by GDPR, in addition to complying with Law 25’s breach notification rules.


8. Data Retention

We retain personal information only for as long as necessary for the purposes outlined in our Privacy Policy or as required by law (e.g., seven years for tax records under Canadian law).

For EU Residents:

GDPR requires that we delete data when it is no longer needed. We will inform you of retention periods at the point of collection (e.g., in booking confirmations).

  • Upon request, we will delete your data unless we are required to retain it for legal purposes.

 

9. Complaints and Supervisory Authorities

If you have concerns about how we handle your personal information, please contact our Privacy Officer (details above). We will address your concerns promptly.

For EU Residents:

  • You have the right to lodge a complaint with an EU supervisory authority in your country of residence, such as the Data Protection Commission in Ireland or the CNIL in France.
  • You may also contact the Commission d’accès à l’information du Québec (CAI), which oversees compliance with Law 25,
    at:
 https://www.cai.gouv.qc.ca/ or 
Phone: 1-888-528-7741

10. Contact Us

If you have questions or concerns about our use of cookies or this Cookie Policy, please contact us:

If you have questions, concerns, or requests regarding this Cookie Policy or your personal information, please contact us:

By Email: info@aubergemontebello.com
By Phone: (819) 423-0001 or (877) 423-0001
By Mail: Auberge Montebello, 676, rue Notre-Dame, Montebello (Quebec) J0V 1L0