Skip to main content

Privacy Policy

Jump to Navigation

We respect your interests and concerns regarding the privacy of your personal information. This privacy policy explains how we collect and use your personal information. The policy applies to all personal information we process about you when you travel with us, purchase or use our services, visit our websites, or otherwise interact us. This policy also describes the measures we take to safeguard the personal information we collect, how long we retain the information, how you can contact us about our privacy practices, and how to exercise your rights regarding your personal information.

Our specific privacy practices may vary in the different countries in which we operate to reflect local practices and legal requirements.

Who We Are

We are Armstrong Hospitality Group Ltd (AHG) and subsidiaries including Great Canadian Railtour Company Ltd (operator of Rocky Mountaineer) (RM) with a head office at 1100-980 Howe Street, Vancouver, British Columbia, Canada, V6Z 0Z8.

The type of personal data we obtain: We obtain certain personal information in connection with the services we provide. This may include:

  • Personal identifying information such as name, title, gender, date of birth, nationality, country of residence and passport number.
  • Contact information such as postal address, email address and phone number.
  • When you create a personal account on our website, we may also record your sign in details and other information you fill out on your personal account or registration form. For business accounts, we also collect information relating to your company such as company name and business location.
  • Information about your booking(s) and travel plans which includes the itinerary, travel companions, pricing, date of travel, and, if applicable, flight details.
  • We also record any specified requests or needs such as medical, dietary, or mobility considerations or any other assistance needs identified, or personal information you choose to share with us such as anniversaries, celebrations, interests or preferences as well as your consented responses to our surveys.
  • Payment information including name and billing address.
  • Our communications with you including emails, chat discussions, or social media posts. We also record your communication preferences such as subscriptions or unsubscribe notifications for our guest satisfaction survey, newsletters, marketing materials or other communications. We may also record telephone calls for training purposes.
  • Information we collect when you use our website and other digital media may include your IP address, browser type, operating system, referring website, and certain web-browsing behavior. We also collect information via cookies and similar technologies when you visit our website.

How we collect your personal data

We collect personal data in the variety of ways including:

  • You provide us directly with data when you call us, access and navigate through our website, create an online account, subscribe to receive information from us such as brochures, emails, or notifications.
  • We receive personal information from travel companions, travel agents and other companies involved in facilitating your travel arrangements such as travel wholesalers, tour operators or other travel organizers.
  • We collect information via cookies and similar technologies on our website.

Why we collect your personal data

The main purpose and use of your personal information is to provide our services to you. To facilitate your travel booking and ensure the fulfillment of your travel arrangements and purchases to provide you the best travel experience we can.

Sharing your data with third parties

We may disclose or share some of your personal data with companies within our corporate group, with your travel agent, travel organizer or travel companions, or certain service providers or subcontractors for the following purposes:

  • To facilitate your travel booking and ensure the fulfillment of your travel arrangements and purchases.
  • To let you benefit from the services of our partners, with your consent. For example, we may share both non-personalized information (destination, travel date and duration of the trip) and personal information (name, title, loyalty program membership number, travel companions) with a hotel partner so it can provide you with a personalized hotel experience. Although we select our partners with great care, these partners have their own privacy policies that apply to the way they use your personal data.
  • For support services such as IT suppliers, marketing agencies, and credit and charge card companies. All such third parties are required to adequately safeguard your personal information and only process it in accordance with our instructions. Within Rocky Mountaineer’s corporate group certain business activities are carried out by processing or consolidating information, including personal information, in centralized databases and systems. These central databases and systems may be hosted or managed by one group company for the others for operational efficiency purposes. This means that all group companies may have access to your personal data for these purposes. Our companies only process your personal data as required for the relevant business function and in accordance with this privacy policy.
  • For statistical research and direct marketing both as performed by us and by third party service providers. All such third parties are required to adequately safeguard your personal information and only process it in accordance with our instructions.
  • With public authorities or government organizations as required by law to collect and share your identifying information and your booking and travel information for the purpose of border control, immigration, security, or in combatting terrorism. We may also share your personal information with public authorities in the interest of your health, safety and security in the event of an emergency.

How we secure your personal information

We protect your personal information by security safeguards which are appropriate to the sensitivity of the information. These include premises security; locked filing cabinets; information technology security such as restricted access to specific programs, firewalls and software security; and restricting access to personal information only to those employees and partners to which it is necessary. We keep our employees up-to-date on policies and procedures regarding protecting personal information.

We may use the services of a third party to process personal information. However, we ensure there are confidentiality agreements in place so that your information is protected while in their possession.

Your rights with regards to your personal information

You may contact our Privacy Officer (please see below) to exercise any of the rights you are granted under applicable data protection laws, which includes the right to access your data, to rectify them, to erase them, to restrict the processing of your data, the right to data portability and the right to object to processing.

How to contact our Privacy Officer

We welcome your feedback or any questions regarding our privacy policy or the use of your information. We have a Privacy Officer who is responsible for matters relating to privacy and data protection. Our Privacy Officer can be reached at the following address:

How to contact our UK and EU data privacy representatives

EDPO UK Representative

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, Great Canadian Railtour Company Ltd has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Great Canadian Railtour Company Ltd. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR: