Privacy Policy

We collect your personal information in several ways, including when you enter information on our Website, make a reservation, register for an account, apply for a job, contact us by telephone or by email, post on our social media accounts, etc. Depending on the circumstances, personal information may include your first name, last name, email address, phone number, postal address, resume, username and password. If you choose to withhold any personal information requested by us, it may not be possible for you to gain access to certain parts of the Website.

We also collect data relating to your visit to our Website. This information may include your IP address, the date, time and duration of your visits as well as the web pages you consulted. Our Website, like most other commercial websites, also uses cookies. These are files that are installed on your computer hard drive or web browser in order to collect information such as your language of preference, browsing history and browser type and version, all for the purpose of optimizing your experience on our Website. We use cookies to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf (e.g. Google Analytics, Facebook and/or Instagram). These cookies cannot be used to extract personal information. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to disable all cookies. Disabling cookies on your browser could adversely affect your browsing experience on the Website.

The legal bases for our processing of personal information are primarily that the processing is necessary for providing the Website and that the processing is carried out in our legitimate interests, which are further explained in the “Use and Communication of Information” section. We may also process personal information upon your consent, asking for it as appropriate.

We take steps designed to ensure that only those employees who need access to your personal information to fulfil their employment duties will have access to it.

We use the information that we collect in a variety of ways in providing the Website and operating our business, including:

• to operate, maintain, enhance and provide all features of the Website, to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Website


• to understand and analyze the usage trends and preferences of our users, to improve the Website, and to develop new products, services, feature, and functionality. We may use in this regard the services of Adviso, which privacy policy can be found at https://www.adviso.ca/en/privacy-policy;


• to send you communications subject to applicable laws. We may use MailChimp and/or GetResponse to manage our newsletter and other email lists, which applicable privacy policies can be respectively found at http://mailchimp.com/legal/privacy and https://www.getresponse.fr/email-marketing/legale/intimite.html; or
• for any other purposes authorized or required by law

In certain circumstances, we may disclose certain information that we collect from you:

• within our family of companies, including parents, corporate, affiliates, subsidiaries, business units and other companies that share common ownership;


• with law enforcement and governmental entities when required by law. For greater clarity, we may disclose personal information or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies; and


• to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of your personal information commits to a privacy policy that has terms substantially consistent with this Policy.

When we disclose your personal information to third parties, we take reasonable measures to ensure that the rules set forth in this Policy are complied with and these third parties provide sufficient guarantees to implement appropriate technical and organisational measures.

We may finally make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding your interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Website.

Your personal information may be stored and processed in any country where we have facilities or in which we engage third party service providers. By using the Website, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your personal information will at all times continue to be governed by this Policy and, if applicable, we will comply with the General Data Protection Regulation (“GDPR”) requirements providing adequate protection for the transfer of personal information from the EU/EEA to third country.

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate physical, technical and administrative safeguards to protect personal information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal information in our possession. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe your personal information has been compromised, please contact us as set forth in the “Contact” section. If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which your personal information will be kept, please contact us as set forth in the “Contact” section.

On written request and subject to proof of identity, you may access the personal information that we hold, and ask that any necessary corrections be made, where applicable, as authorized or required by law. However, to make sure that the personal information we maintain about you is accurate and up to date, please inform us immediately of any change in your personal information.

Specific provisions for Europeans Users

Veuillez noter que l’expression « renseignements personnels » est utilisée aux présentes comme équivalent à l’expression « données à caractère personnel » en vertu du RGPD et des autres lois européennes applicables sur la protection des données. Vous pourriez avoir des droits spécifiques en vertu du RGPD, notamment : (i) le droit de retirer votre consentement au traitement lorsque celui-ci est fondé sur le consentement; (ii) le droit d’accéder à vos renseignements personnels et à certains renseignements supplémentaires, sous certaines conditions; (iii) le droit de vous opposer au traitement illicite de données, sous certaines conditions; (iv) le droit à l’effacement de vos renseignements personnels, sous certaines conditions; (v) le droit de demander que nous limitions le traitement des renseignements personnels, sous certaines conditions, si vous croyez que nous avons outrepassé le fondement légitime du traitement, que le traitement n’est plus nécessaire, ou que vos renseignements personnels sont inexacts; (vi) le droit à la portabilité des renseignements personnels que vous nous avez fournis dans un format structuré, couramment utilisé et lisible par machine, sous certaines conditions; (vii) le droit de vous opposer aux décisions prises de façon automatisée dont vous subissez les conséquences juridiques ou d’une autre nature, sous certaines conditions; (viii) le droit de déposer une plainte auprès des autorités de protection des données. Pour en savoir plus sur les droits que vous confère le RGPD, consultez la page sur la protection des données de la Commission européenne à l’adresse suivante : https://ec.europa.eu/info/law/law-topic/data-protection_fr.

Under the GDPR, is acting both as a “Data Controller” and as a “Data Processor”. As Data Controller, Gray Collection is responsible for safeguarding the data of our customers as they interact directly with our services. As Data Processor, Gray Collection is responsible for safeguarding the data of our partners’ and customers’ users as it flows through our system.

The Website is not directed to children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Website at any time or in any manner. If we learn that personal information has been collected via the Website from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided personal information, then you may alert us as set forth in the “Contact” section and request that we delete that child’s personal information from our systems.

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Website, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Website after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

If you have any questions or comments about this Policy or your personal information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices with respect to any service providers outside Canada, our Privacy Officer can be reached by mail or email using the following contact information:

Gray Collection

Privacy Officer
200-425 rue Saint-Jean-Baptiste
Montréal (Québec) H2Y2Z7
info@experienceoldmontreal.com