Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal information.

Effective: January 1, 2025
Last Updated: January 15, 2025
Applies to: Canadian Operations

Introduction

Coastalya Marine Services Inc. ("Coastalya," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, book our services, or interact with us.

Our Privacy Principles

Transparency

We clearly explain what information we collect and why

Choice

You control how your information is used and shared

Security

We protect your data with industry-leading security measures

Accountability

We take responsibility for the data in our care

Scope of This Policy

This Privacy Policy applies to:

  • Our website (coastalya.com) and all subdomains
  • Mobile applications and digital platforms
  • Yacht charter services and related offerings
  • Email communications and marketing materials
  • In-person interactions at our marina facilities

Information We Collect

We collect information in several ways to provide and improve our yacht charter services. The types of information we collect include:

Personal Information You Provide

Information you voluntarily provide when booking services or contacting us:

Information Type Examples Collection Purpose Legal Basis
Contact Information Name, email, phone, mailing address Communication, booking confirmation, service delivery Contract Performance
Charter Details Dates, guest count, service preferences, special requests Service customization, crew preparation, safety planning Contract Performance
Payment Information Credit card details, billing address, transaction history Payment processing, fraud prevention, financial records Contract Performance
Emergency Contacts Emergency contact names, relationships, phone numbers Safety protocols, emergency response Vital Interests
Health & Dietary Info Food allergies, dietary restrictions, mobility needs Safe service delivery, catering preparation Vital Interests
Marketing Preferences Communication preferences, interests, opt-in status Personalized marketing, newsletter delivery Consent

Information Collected Automatically

Technical information gathered when you visit our website or use our services:

Device Information

  • IP address and geolocation
  • Browser type and version
  • Operating system
  • Device identifiers
  • Screen resolution

Website Usage

  • Pages viewed and time spent
  • Click patterns and navigation paths
  • Search terms used
  • Referral sources
  • Download and form interactions

Communication Data

  • Email open and click rates
  • Phone call logs (business purposes)
  • Chat transcripts
  • Social media interactions
  • Survey responses

Information from Third Parties

Data we may receive from external sources with your consent:

Social Media Platforms

Public profile information when you interact with our social media accounts or use social login features

Business Partners

Contact information from travel agents, event planners, or corporate clients making bookings on your behalf

Analytics Providers

Aggregated website performance data and user behavior insights from service providers like Google Analytics

Public Records

Publicly available business information used for B2B relationship verification and fraud prevention

How We Use Your Information

We use the information we collect for legitimate business purposes to provide exceptional yacht charter experiences. Here's how we use your data:

Service Delivery

Our primary use of your information is to deliver the yacht charter services you've requested:

  • Booking Management: Process reservations, manage scheduling, and send confirmations
  • Service Customization: Tailor experiences based on your preferences and requirements
  • Safety Preparation: Ensure proper safety equipment and emergency procedures for your group
  • Crew Coordination: Brief our team on guest preferences, dietary needs, and special requests
  • Catering Services: Prepare meals that accommodate dietary restrictions and preferences
  • Payment Processing: Handle secure transactions and maintain financial records

Communication

We communicate with you throughout your charter experience:

  • Pre-Charter Communication: Booking confirmations, preparation instructions, weather updates
  • Service Support: Respond to inquiries, provide assistance, resolve issues
  • Safety Notifications: Important safety information, weather advisories, emergency communications
  • Follow-up: Post-charter surveys, feedback requests, service quality assessments

Marketing & Engagement

With your consent, we use your information for marketing purposes:

  • Newsletter Content: Maritime news, special offers, seasonal updates
  • Personalized Marketing: Targeted offers based on your charter history and preferences
  • Event Invitations: Exclusive events, boat shows, maritime celebrations
  • Social Media Engagement: Share experiences (with permission), respond to comments

Business Operations

We use data to improve our services and operate our business effectively:

  • Service Improvement: Analyze feedback to enhance charter experiences and service quality
  • Website Optimization: Understand user behavior to improve website functionality and navigation
  • Fleet Management: Track vessel usage, maintenance needs, and capacity planning
  • Staff Training: Identify training needs based on guest feedback and service interactions
  • Business Analytics: Generate insights for strategic planning and operational efficiency

Cookies, Tracking & Advertising

Important: Google Ads & Third-Party Cookies

We use Google Ads and other advertising services that place cookies on your device. These cookies enable personalized advertising and help us measure the effectiveness of our marketing campaigns.

What this means: You may see our advertisements on other websites based on your visit to our site. We also use conversion tracking to measure how many people take actions after seeing our ads.

Understanding Cookies

Cookies are small text files stored on your device when you visit websites. They help us provide a better user experience and enable certain website functionality.

Advertising & Remarketing

We participate in online advertising programs that may track your browsing behavior across websites:

Google Advertising

  • Google Ads: Show our advertisements on Google search results and partner websites
  • Remarketing: Display our ads to people who have visited our website
  • Conversion Tracking: Measure how many website visitors complete bookings after seeing our ads
  • Audience Building: Create similar audiences for more effective advertising

Social Media Advertising

  • Facebook Pixel: Track website visits and conversions from Facebook ads
  • Custom Audiences: Show ads to people similar to our existing customers
  • Instagram Integration: Coordinate advertising across Facebook and Instagram platforms

Children's Privacy

Protecting children's privacy is especially important to us. Our services are designed for adults, but we welcome families and take special care when children are involved.

Age Requirements

Under 13 Years

We do not knowingly collect personal information from children under 13 without explicit parental consent. If we discover we have collected such information, we will delete it immediately.

13-17 Years

Minors in this age group may participate in our services but must be accompanied by a parent or legal guardian who provides consent for data collection.

18+ Years

Adults can make bookings independently and provide consent for their own data processing.

Parental Rights & Controls

Parents and legal guardians have special rights regarding their children's information:

Review

Request to see what information we have collected about your child

Refuse Collection

Refuse to allow further collection of your child's information

Request Deletion

Ask us to delete information we have collected about your child

Correct Information

Request corrections to your child's personal information

Child Safety Measures

When children participate in our charter services, we implement additional safety measures:

Information Collection

  • Emergency contact information is mandatory
  • Medical information and allergies are carefully documented
  • Swimming ability and water safety experience is assessed
  • Special dietary needs are recorded and communicated to catering staff

On-Board Protocols

  • Children must be supervised by adults at all times
  • Properly fitted life jackets are provided and required
  • Child-specific safety briefings are conducted
  • Crew members receive specialized training for family charters

If We Discover Unauthorized Collection

If we become aware that we have collected personal information from a child under 13 without parental consent, we will:

1

Immediate Action

Stop processing the child's information immediately

2

Parent Notification

Contact the parent or guardian within 24 hours

3

Data Deletion

Delete the information within 30 days unless consent is obtained

4

Process Review

Review and improve our age verification processes

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We're committed to keeping you informed about any changes.

Types of Changes

Minor Updates

Small changes that don't affect your rights or how we use your information:

  • Clarification of existing practices
  • Contact information updates
  • Formatting and readability improvements
  • Correction of typos or broken links
Notification: Website update notice

Material Changes

Significant changes that affect your privacy rights or our data practices:

  • New types of information collection
  • Changes to data sharing practices
  • New purposes for data use
  • Changes to your privacy rights
Notification: Email notice + website banner (30 days advance notice)

How We Notify You

Email Notification

For material changes, we'll send an email to all customers at least 30 days before the changes take effect. The email will:

  • Clearly explain what's changing and why
  • Highlight how the changes may affect you
  • Provide links to the updated policy
  • Explain your options, including how to opt out if applicable

Website Notice

We'll display a prominent notice on our website for at least 30 days, including:

  • A banner at the top of all pages
  • A detailed notice on our privacy policy page
  • Updates to our footer with the last modified date

In-Service Notifications

For customers with active bookings, we may also provide notifications through:

  • Account dashboard alerts
  • Text message notifications (for urgent changes)
  • Verbal notification during charter services

Your Choices When We Make Changes

When we make material changes to our Privacy Policy, you have several options:

Accept Changes

Continue using our services under the updated policy. No action required on your part.

Modify Preferences

Update your privacy preferences or opt out of certain data uses while continuing to use our services.

Object to Changes

Contact us to discuss your concerns or request that your data be processed under the previous terms where legally possible.

Withdraw Consent

Request deletion of your personal information and discontinue use of our services.

Policy Version History

v2.1 - January 15, 2025

Current Version

Enhanced clarity on cookie usage, expanded information on international transfers, updated children's privacy section.

v2.0 - January 1, 2025

Major Update

Complete policy revision for new website launch, added detailed sections on data rights and international transfers.

v1.5 - June 15, 2024

Security Update

Updated security measures section, added incident response procedures.

Privacy Contact Information

We're here to help with any questions or concerns about your privacy. Our dedicated privacy team is available to assist you with requests, questions, or complaints.

Privacy Officer

Margaret Thompson, J.D.
Chief Privacy Officer & Legal Counsel

Email: [email protected]

Phone: +1 519-725-8076 ext. 105

Hours: Monday-Friday, 9:00 AM - 5:00 PM EST

Response Guarantee: All privacy inquiries answered within 3 business days

General Privacy Support

For general privacy questions and information requests

Email: [email protected]

Phone: +1 519-725-8076 ext. 200

Live Chat: Available on our website during business hours

Data Breach Reporting

For urgent security or privacy incidents

Email: [email protected]

Emergency: +1 519-725-8076 ext. 911

Available: 24/7 for security incidents

Mailing Address

Privacy Department
Coastalya Marine Services Inc.
235 Queens Quay West
Toronto, Ontario M5J 2G8
Canada

External Privacy Authorities

If you're not satisfied with our response to your privacy concerns, you can contact these authorities:

Office of the Privacy Commissioner of Canada

Website: www.priv.gc.ca

Phone: 1-800-282-1376

Email: [email protected]

Information and Privacy Commissioner of Ontario

Website: www.ipc.on.ca

Phone: 1-800-387-0073

Email: [email protected]

Our Privacy Commitment

Privacy is not just about compliance for us—it's about trust, respect, and building lasting relationships with our guests. We're committed to:

  • Transparency: Being clear and honest about our data practices
  • Respect: Honoring your privacy choices and preferences
  • Security: Protecting your information with the highest standards
  • Accountability: Taking responsibility for the data in our care
  • Continuous Improvement: Regularly updating our practices and policies

Thank you for trusting Coastalya with your personal information. We don't take that trust lightly.

How We Share Your Information

We only share your personal information when necessary for business operations, legal compliance, or with your explicit consent. Here's when and how we share data:

We Never Sell Your Information

Coastalya does not sell, rent, or trade your personal information to third parties for their marketing purposes. Any data sharing is strictly for service delivery, legal compliance, or with your explicit consent.

Data Security & Protection

Protecting your personal information is a top priority. We implement comprehensive security measures to safeguard your data against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

Encryption

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for stored data
  • Database: Encrypted database connections and field-level encryption
  • Backups: All backup files are encrypted and stored securely

Access Controls

  • Multi-Factor Authentication: Required for all staff accounts
  • Role-Based Access: Limited access based on job responsibilities
  • Regular Audits: Quarterly access reviews and permission updates
  • Session Management: Automatic timeouts and secure session handling

Network Security

  • Firewalls: Enterprise-grade network firewalls and intrusion detection
  • VPN Access: Secure remote access for authorized personnel
  • Network Monitoring: 24/7 monitoring for suspicious activity
  • DDoS Protection: Advanced protection against denial-of-service attacks

Application Security

  • Secure Development: Security-first development practices and code reviews
  • Vulnerability Testing: Regular penetration testing and security assessments
  • Updates & Patches: Timely application of security updates
  • Input Validation: Strict validation to prevent injection attacks

Organizational Measures

Staff Training

All employees receive comprehensive privacy and security training, including:

  • Data protection principles and best practices
  • Incident response procedures and reporting protocols
  • Social engineering awareness and phishing prevention
  • Secure handling of customer information

Contractual Protections

We ensure strong privacy protections through contracts:

  • Data Processing Agreements with all service providers
  • Non-disclosure agreements for all staff and contractors
  • Privacy clauses in business partnership agreements
  • Regular vendor assessments and compliance reviews

Policies & Procedures

Comprehensive internal policies govern data handling:

  • Data retention and disposal policies
  • Incident response and breach notification procedures
  • Access control and permission management protocols
  • Regular policy reviews and updates

Physical Security

Office & Marina Security

  • Access Control: Key card systems and visitor logs
  • Surveillance: Security cameras in common areas
  • Secure Storage: Locked filing cabinets for physical documents
  • Clean Desk Policy: No sensitive information left unsecured

Data Center Security

  • Tier 3+ Facilities: Enterprise-grade data centers with redundant systems
  • Biometric Access: Multi-factor authentication for data center entry
  • Environmental Controls: Fire suppression, temperature, and humidity monitoring
  • 24/7 Monitoring: Round-the-clock security personnel and surveillance

Security Incident Response

In the unlikely event of a security incident, we have procedures in place to respond quickly and effectively:

1hr

Immediate Response

Incident detection, containment, and internal notification within one hour

24hr

Assessment & Investigation

Full impact assessment, forensic investigation, and preliminary findings

72hr

Notification & Remediation

Regulatory notification (if required) and customer communication if data is compromised

30d

Follow-up & Prevention

Detailed incident report, system improvements, and prevention measures

Security Certifications & Compliance

SOC 2 Type II

Annual third-party security audits

ISO 27001

Information security management certification

PCI DSS

Payment card industry compliance

PIPEDA

Canadian privacy law compliance

Your Privacy Rights

You have important rights regarding your personal information. We respect these rights and provide easy ways for you to exercise them.

Right to Access

Request copies of the personal information we hold about you, including how we use it and who we share it with.

What you get: Complete data export, usage explanation, sharing history

Right to Correction

Ask us to correct or update personal information that is inaccurate, incomplete, or outdated.

Response time: Updates made within 5 business days

Right to Deletion

Request deletion of your personal information when it's no longer needed or you withdraw consent.

Exceptions: Legal requirements, active bookings, safety records

Right to Portability

Receive your personal information in a structured, machine-readable format for transfer to another service.

Format: JSON, CSV, or PDF as requested

Right to Restriction

Limit how we process your information while disputes are resolved or during verification processes.

Effect: Processing paused except for essential operations

Right to Object

Object to processing based on legitimate interests, including marketing and profiling activities.

Marketing: Immediate opt-out, no questions asked

How to Exercise Your Rights

Making a privacy request is simple and free. Here's how:

Email Request

Send your request to our dedicated privacy team:

Email: [email protected]
Subject: Privacy Rights Request - [Your Name]

Phone Request

Call our privacy hotline during business hours:

Phone: +1 519-725-8076 ext. 105
Hours: Monday-Friday, 9AM-5PM EST

Written Request

Mail your request to our privacy officer:

Address: Privacy Officer, Coastalya
235 Queens Quay W, Toronto, ON M5J 2G8

What to Include in Your Request

  • Your full name and contact information
  • Specific right you want to exercise
  • Booking reference numbers (if applicable)
  • Preferred response method (email, phone, mail)
  • Identity verification information (we may request additional verification)

Our Response Timeline

Within 3 days Acknowledgment of your request
Within 7 days Identity verification (if needed)
Within 30 days Complete response to your request

Additional Rights

Complaint Rights

If you're not satisfied with how we handle your privacy request, you can file a complaint with:

  • Office of the Privacy Commissioner of Canada
  • Website: www.priv.gc.ca
  • Phone: 1-800-282-1376

Automated Decision Making

You have the right to:

  • Know when automated systems make decisions about you
  • Request human review of automated decisions
  • Challenge decisions made without human involvement

We currently do not use automated decision-making for booking or service decisions.

International Data Transfers

Some of our service providers and partners are located outside of Canada. When we transfer your information internationally, we ensure it receives adequate protection.

Transfer Safeguards

Adequacy Decisions

We primarily transfer data to countries that have been deemed to provide adequate protection by Canadian authorities, including:

  • European Union member states
  • United Kingdom
  • Switzerland
  • South Korea

Standard Contractual Clauses

For transfers to other countries, we use Standard Contractual Clauses approved by privacy authorities to ensure your data receives equivalent protection.

Certification Programs

We work with service providers certified under recognized privacy frameworks like the EU-US Privacy Framework and Asia-Pacific Privacy authorities.

Where We Transfer Data

United States

Services: Cloud hosting (AWS, Google Cloud), payment processing (Stripe), analytics (Google)

Safeguards: Standard Contractual Clauses, certified data centers, CCPA compliance

Data Types: Website analytics, payment records, backup storage

European Union

Services: Email services (Mailchimp), customer support tools

Safeguards: GDPR compliance, adequacy decision

Data Types: Contact information, communication preferences

Australia

Services: Website optimization tools, customer feedback platforms

Safeguards: Privacy Act compliance, contractual protections

Data Types: Anonymous usage data, survey responses