Privacy Policy

Privacy Policy — Sultan Travel Ltd.

Last Updated: October 28, 2025
(Version 1.0 — English / Français bilingue prêt pour publication)

  1. About Us

Sultan Travel Ltd. (“Sultan Travel”, “we”, “our”, “us”) is a licensed travel services agency based in Etobicoke, Ontario, Canada.
We assist clients with booking flights, vacation packages, and related travel services through trusted global partners such as Amadeus and major airlines.

We take privacy seriously and comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act to modernize legislative provisions as regards the protection of personal information (Law 25 / Bill 64), and, where applicable, the European Union’s General Data Protection Regulation (GDPR).

Contact Information
📍 Etobicoke, Ontario, Canada
📧 info@sultantravel.ca

  1. Scope of This Policy

This policy applies to:

  • Visitors of https://sultantravel.ca,
  • Clients engaging our travel-booking services,
  • Individuals receiving our marketing emails or SMS messages,
  • Prospective customers who provide contact details for offers or inquiries.

It explains how we collect, use, store, and protect your information, and your rights to access, correct, or delete that information.

  1. Information We Collect

Category

Examples

Purpose

Contact Information

Name, phone number, email address, mailing address

To communicate with you and confirm bookings

Travel Identification Details

Passport number, date of birth (for ticket issuance)

Required by airlines and Amadeus for travel documents

Marketing Preferences

Opt-in status, language preference

To send email or SMS offers when you consent

Technical Data

IP address, browser type, device ID (via Google Analytics & Cloudflare)

To improve site performance and security

Website Form Submissions

Messages sent through our WordPress contact form

To respond to inquiries and provide support

We do not process payment data or store credit-card details online.
All ticket payments are handled directly by airlines or trusted travel vendors.

  1. How We Use Your Information
  • Travel Services: To book flights and related arrangements via Amadeus and airlines.
  • Customer Support: To respond to questions and requests.
  • Marketing Communications: To send travel deals, reminders, or promotions via Ooma SMS and Zoho Campaigns email (if you opt in).
  • Legal Compliance: To maintain records for audit and regulatory purposes.
  • Website Optimization: Through Google Analytics and Cloudflare for performance and security.

 

  1. Lawful Bases for Processing (GDPR Article 6)

Activity

Legal Basis

Flight booking and ticket issuance

Contractual necessity

SMS / Email marketing

Consent (freely given and revocable)

Customer support / records

Legitimate interest

Legal and tax obligations

Legal requirement

  1. Consent & Opt-Out Mechanisms
  • You will only receive promotional SMS or emails if you have explicitly opted in.
  • You may withdraw consent at any time:
    • SMS → reply STOP to unsubscribe.
    • Email → click Unsubscribe link in any Zoho Campaigns email.
  • Consent withdrawal does not affect lawful processing done before withdrawal.
  1. Cookies and Analytics

Our website uses:

  • Google Analytics (for aggregated, non-identifiable traffic metrics)
  • Cloudflare DNS and firewall security (for DDoS protection and performance)

You may disable cookies through your browser settings.
We do not use advertising pixels or behavioural retargeting.

(Français : Nous utilisons Google Analytics et Cloudflare uniquement pour la sécurité et la performance du site.)

  1. Sharing and Disclosure of Information

We do not sell, rent, or trade your personal data.
We may share information with:

  • Amadeus — for booking and ticket processing. View Policy
  • Airlines — for traveler verification and itinerary fulfillment.
  • Zoho Campaigns — for email marketing. View Policy
  • Ooma — for SMS communications. View Policy

All partners process data under contractual obligations and are compliant with international privacy standards.

  1. Data Retention

Personal information is kept for a maximum of five (5) years after your last interaction or booking, unless longer retention is required by law or airline policy.
After that period, data is securely deleted or anonymized.

  1. International Data Transfers

Your information may be processed in Canada, the United States (GoDaddy hosting, Zoho, Ooma), and the European Union (Amadeus systems).
We use Standard Contractual Clauses and comparable safeguards to ensure adequate protection for cross-border transfers.

  1. Security Measures
  • SSL/TLS encryption for all website traffic
  • Cloudflare firewall protection
  • Limited employee access on a need-to-know basis
  • Secure Amadeus platform for ticketing data
  • Encrypted Zoho Campaigns and Ooma transmissions
  • Routine security audits and employee privacy training

 

  1. Your Rights under PIPEDA, Law 25, and GDPR

You have the right to:

  • Access and obtain a copy of your data;
  • Request correction of inaccurate information;
  • Withdraw marketing consent;
  • Request erasure (“right to be forgotten”) where applicable;
  • File a complaint with a privacy authority.

Requests can be sent to info@sultantravel.ca. We respond within 30 days.

  1. Children’s Privacy

We do not knowingly collect information from individuals under the age of 16 without parental consent.
Travel arrangements for minors are processed through parents or guardians.

  1. Automated Decision-Making

No automated decision-making or profiling is performed.
Promotional offers are generic and not based on automated scoring.

  1. Breach Notification and Incident Response

In the event of a data breach, we will:

  1. Contain and assess the incident immediately;
  2. Notify affected individuals and the Office of the Privacy Commissioner of Canada (OPC) within 72 hours if risk of harm exists;
  3. Maintain records of breach events as required under PIPEDA and Law 25.
  1. Accountability and Governance

A designated Privacy Officer oversees compliance with PIPEDA and Law 25.
Employees receive annual privacy training, and policies are reviewed annually.

We use audit logs and data minimization principles to ensure accountability.

  1. Links to Other Websites

Our website may contain links to external sites for airlines or partners.
We are not responsible for the privacy practices of those third parties.
We encourage you to read their privacy statements when leaving our site.

  1. Complaints and Regulatory Contacts

If you believe your rights have been violated, you may contact:

  • Office of the Privacy Commissioner of Canada (OPC)
    https://www.priv.gc.ca/en/
  • Commission d’accès à l’information du Québec (CAI)
    https://www.cai.gouv.qc.ca/
  • For EU residents: your local Data Protection Authority (DPA)

 

  1. Changes to This Policy

We may update this policy to reflect changes in law or practice.
Any updates will be posted at https://sultantravel.ca/privacy-policy with a revised “Last Updated” date.

  1. Contact Us

Privacy Officer — Sultan Travel Ltd.
📍 Etobicoke, Ontario, Canada
📧 info@sultantravel.ca
🌐 https://sultantravel.ca

Français / French Note Préparatoire

Une version française de cette politique sera disponible sur demande conformément à la Loi 25 du Québec.
(A French translation can be provided upon request to meet bilingual requirements.)