Privacy Policy — Neat Whistler | Vacation Rentals & Stays in Whistler BC

Privacy Policy

Introduction

At NeatWhistler.ca ("we", "our"), we respect the privacy of every guest and are committed to protecting your personal information. We use ChargeAutomation’s guest‑experience platform to simplify online check‑in, process payments and security deposits, and manage communications with guests. This policy explains what data we collect, how we use it, and how we safeguard your information. When you make a booking or complete our online check‑in, you consent to the practices described below.

Personal Data We Collect

During online check‑in and throughout your stay, we may collect the following information:

Basic contact information – name, email address, phone number and postal address. This information is necessary to manage your booking and communicate with you.

Identification documents – copies of government‑issued IDs or passports, along with a selfie for identity verification. The ChargeAutomation platform uses these documents solely to verify your identity and complete any required guest‑registration or authority reporting.

Booking details – reservation dates, property address, number of guests and any preferences you share with us.

Payment information – we use secure PCI‑DSS compliant payment gateways (e.g., Stripe, PayPal) to collect booking fees, security‑damage deposits and any optional services. We do not store full payment‑card numbers or sensitive financial data outside these secure forms.

Digital signatures and custom questionnaire responses – if we require you to sign a rental agreement or provide specific information about your stay, we collect that information through ChargeAutomation’s forms.

Messages and communications – we record messages sent through our platform (including check‑in instructions or support requests) to ensure a smooth guest experience.

We do not collect more data than necessary to provide our services. Please avoid providing sensitive information (such as medical data) that is not required for your stay.

How We Use Your Information

We use your personal data for the following purposes:

To manage your reservation – verifying identity, ensuring compliance with local regulations and sending check‑in details and house rules. Under data‑protection laws, we act as the data controller and instruct ChargeAutomation, as our data processor, to handle your data solely to deliver these services.

To collect payments and security deposits – processing reservation fees, security holds and any approved add‑on services. Payments are handled through integrated third‑party gateways compliant with international security standards.

To comply with legal obligations – some jurisdictions require us to register guests with local authorities. We may forward necessary guest details to municipal or provincial authorities when required by law.

To improve our service – analyzing aggregated, anonymized data to understand trends and enhance our guest experience. Any data used for analytics is stripped of personal identifiers.

We do not sell your personal information or share it for marketing purposes. Data is shared only with third‑party service providers (e.g., payment processors, identity verification providers or property‑management systems) as required to deliver our services. These providers must follow strict confidentiality and security obligations.

Legal Basis and Your Responsibilities

Under privacy laws such as the EU General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), we must have a lawful basis to process personal data. Our lawful bases include:

Performance of a contract – processing is necessary to fulfil the booking contract between you and us.

Legal obligations – we may process data to comply with municipal or provincial regulations that require guest registration.

Legitimate interests – we have a legitimate interest in ensuring the safety of our properties, preventing fraud, and improving our services, provided these interests are not overridden by your rights.

When supplying guest information, you confirm that the data is accurate and lawful to share. You should not submit information that you do not have the right to provide. If you collect personal data about other travelers (e.g., fellow guests), you must obtain their permission first.

Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your information:

Encryption – sensitive data (such as identity documents and payment details) is encrypted in transit and at rest.

Access controls – only authorised staff can access your data for the purposes described in this policy, and they are bound by confidentiality agreements.

Secure authentication – we recommend that users set strong passwords and enable two‑factor authentication where available.

Security incident response – if a data breach affecting your information occurs, we will notify you as soon as reasonably possible and assist with any required notifications.

Despite these measures, no system can guarantee absolute security. We encourage you to use unique passwords and keep your account information confidential.

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes outlined above. When you close your account or request deletion, we will delete or anonymize your data unless retention is required by law (e.g., for tax or financial reporting). We reserve the right to keep anonymized, aggregated data that cannot identify any individual.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access – you can ask us to confirm whether we hold personal data about you and obtain a copy of that data.

Rectification – you can request correction of inaccurate or incomplete information.

Deletion – you can request deletion of your personal data when it is no longer needed or when you withdraw consent (if consent was the legal basis).

Restriction or objection – you may request that we restrict processing of your data or object to certain types of processing, such as direct marketing (which we do not perform).

To exercise these rights, please contact us using the details below. If you make a request that we cannot fulfil through the ChargeAutomation platform, we will ask ChargeAutomation to assist with your request.

International Data Transfers

We operate in Canada but use cloud services and integrations that may store or process data outside of your home country. ChargeAutomation complies with GDPR and similar data‑protection laws and ensures that any subprocessors implement appropriate safeguards. By submitting your data, you consent to its transfer and processing in accordance with this policy.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. The "last updated" date at the top of the policy indicates when it was last revised. If we make material changes, we will notify you via our website or through direct communication.

Contact Us

If you have any questions about this policy or how we handle your personal data, please contact us:

Email: info@neatwhistler.ca

Mail: Neat Whistler, P.O. Box 685, Whistler, BC, Canada

We are committed to responding promptly and to resolving any concerns you may have about your privacy.