Effective / Last updated: 1 July 2026
Backroads Whistler (“Backroads Whistler,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you entrust to us. This Privacy Policy explains what personal information we collect, why we collect it, how we use, disclose, and protect it, and the choices and rights you have.
This policy applies to https://www.backroadswhistler.com (our “Website”) and to the bookings, rentals, tours, communications, and related services we provide (our “Services”).
We are a private-sector organization based in British Columbia, Canada. We handle personal information in accordance with British Columbia’s Personal Information Protection Act (PIPA), and, where it applies to our commercial activities across provincial or national borders, the federal Personal Information Protection and Electronic Documents Act (PIPEDA). Our email marketing also follows Canada’s Anti-Spam Legislation (CASL).
1. Who we are and how to reach our Privacy Officer
Backroads Whistler is a family-owned canoe and kayak guided-tour and boat/kayak rental operator, in business since 1985, on the River of Golden Dreams and Alta Lake in Whistler, British Columbia. We operate seasonally, roughly May through October.
As required by BC PIPA, we have designated a Privacy Officer who is responsible for overseeing our compliance with privacy law and for answering your questions and requests about personal information.
Privacy Officer, Backroads Whistler
- Mail: 3375 Lakeside Road, Whistler, BC, Canada
- Email: admin@backroadswhistler.com
- Phone: +1-604-932-3111
Please direct any privacy question, access or correction request, complaint, or request to withdraw consent to our Privacy Officer using the details above.
2. The personal information we collect, and why
We collect personal information so we can take and fulfill your booking, run our trips and rentals safely, communicate with you, comply with our legal obligations, and (with your consent) market our Services. We only collect what is reasonable for these purposes. The sections below describe each information flow.
2.1 Bookings, reservations, and waivers
When you book a trip or rental, we collect — through our third-party reservation platform, Flybook — information such as your name, email address, phone number, trip and booking details, the number and ages of participants, and your answers to booking questions.
As part of booking, participants (or a parent/guardian on their behalf) complete a waiver. A waiver may include emergency contact information and basic health or safety information relevant to participating in an on-water activity.
We use this information to:
- confirm, schedule, and manage your booking and rental;
- verify eligibility and prepare you for your trip;
- run our activities and respond appropriately in an emergency; and
- meet safety, insurance, and legal requirements.
We treat waiver information — particularly emergency-contact, health, safety, and participant details — as more sensitive personal information. We collect it only for safety and liability purposes, limit who can see it, and do not use it for marketing. See Section 4 (Sensitive information and minors).
2.2 Payments
Payments are processed by our payment providers, Square and Fullsteam. Your card details are entered directly with the payment processor. We do not store full card numbers on our own systems. We receive confirmation of payment and limited transaction details (for example, the amount, date, and a payment reference) so we can manage your booking and our accounts.
2.3 Newsletter and marketing communications
If you opt in — either through the newsletter/marketing checkbox shown at online booking, or through a signup form on our Website — we collect your name and email address to send you news, seasonal updates, water and trip conditions, and offers. We manage these communications through our email marketing provider, Sender (sender.net).
Your marketing consent is express, separate from your booking, and never a condition of booking or renting with us. You can withdraw it at any time (see Section 3 (Consent) and Section 11 (Your privacy rights and choices)).
2.4 Inquiries and contact forms
If you contact us by email, phone, or through a form on our Website, we collect the information you choose to provide (such as your name, contact details, and message) so we can respond and keep a record of our correspondence.
2.5 Website analytics and cookies
We use Google Analytics 4, loaded through Google Tag Manager, to understand how visitors find and use our Website — for example, pages viewed, device type, general (approximate) location, referral source, and interactions such as clicks on “Book.” This includes cross-domain measurement into our Flybook booking domain, so we can understand the booking journey across our sites. This information is collected using cookies and similar technologies. See Section 7 (Cookies and tracking) and our Cookie Policy for details.
2.6 Advertising
We use, or are in the process of setting up, Meta (Facebook and Instagram) advertising tools, including the Meta Pixel, to measure the performance of our advertising and to show relevant ads to people who have visited our Website (retargeting). Where consent is required, we load these tools only after you have consented through our cookie banner.
2.7 Website comments and accounts
- Comments. If you leave a comment on our Website, we collect the information in the comment form together with your IP address and browser details to help us detect spam. An anonymized hash of your email address may be provided to the Gravatar service to display a profile picture.
- Shop accounts. Our Website includes a largely dormant online shop and account feature (WooCommerce). If you create an account, we store the profile information you provide.
2.8 Embedded content and maps
Our pages may include embedded content such as Google Maps, videos, and social media feeds. These third-party services can collect information about you and set their own cookies, behaving as if you had visited their site directly. Their handling of your information is governed by their own privacy policies.
2.9 Information collected automatically
Like most websites, our servers and tools automatically log technical information — such as your IP address, device and browser type, and pages visited — for security, troubleshooting, load management, and analytics (server logs).
3. Consent
Under BC PIPA and PIPEDA, we collect, use, and disclose personal information with your knowledge and consent, except where the law permits or requires us to act without it. We ask for consent in a manner appropriate to the sensitivity of the information.
- Express consent is a clear, affirmative “yes” — for example, ticking the marketing opt-in box, or signing a waiver.
- Implied or deemed consent may apply where the purpose is obvious and you voluntarily provide the information — for example, when you email us an inquiry and we use your email address to reply, or when you provide booking details in order to complete a reservation.
Marketing consent (CASL). For commercial electronic messages such as our newsletter and promotional emails, we rely on your express consent under CASL. Marketing consent is always requested separately from your booking, is never a condition of booking or renting, and every marketing email:
- clearly identifies Backroads Whistler as the sender and includes our mailing address and contact information; and
- contains a working unsubscribe mechanism that is simple to use and free of charge.
Withdrawing consent. You may withdraw your consent, subject to legal or contractual restrictions and reasonable notice, at any time:
- Marketing: click “unsubscribe” in any marketing email, or contact our Privacy Officer. We honour unsubscribe requests promptly and, in any event, within the ten business days required by CASL.
- Other uses: contact our Privacy Officer. We will explain the consequences of withdrawal. Please note that some information is necessary to provide the Services — for example, if you withdraw consent to the collection of booking or waiver information, we may be unable to accept or fulfil your booking, or to let you participate.
4. Sensitive information and minors
Some information we handle is more sensitive and receives extra care.
- Waiver, health, emergency, and participant information. We collect this only for participant safety, emergency response, insurance, and liability purposes. We do not use it for marketing, we limit access to staff who need it to run trips safely, and we retain it only as long as reasonably necessary for those purposes and any related legal or insurance requirements (see Section 8).
- Minors. Our Services are offered to adults. A booking that includes a minor is made by a parent or guardian, and any personal information about a minor on a waiver (including health or emergency information) is provided by that parent or guardian on the minor’s behalf. We do not knowingly collect personal information directly from a child without the consent of a parent or guardian. See also Section 12 (Children and minors).
5. How we share your information
We do not sell your personal information, and we do not disclose it for others’ independent marketing. We share personal information only as needed to run our business, as follows.
Service providers (processors). We use trusted service providers to operate our Website and deliver our Services. They are permitted to use your information only to provide their services to us, under our instructions and, where required, under contractual privacy and security obligations. Our key providers include:
| Provider | Purpose |
|---|---|
| Flybook | Online bookings, reservations, and waivers |
| Square and Fullsteam | Payment processing |
| Sender (sender.net) | Email newsletter and marketing |
| Google (Analytics 4, Tag Manager, Maps) | Website analytics, tag management, embedded maps |
| Meta (Facebook/Instagram Pixel) | Advertising measurement and retargeting |
| Our website hosting provider | Website hosting and server logs |
Professional advisors and authorities. We may disclose personal information to our professional advisors (such as accountants, insurers, or lawyers), or to courts, law enforcement, or government authorities, where reasonably necessary to comply with the law, respond to a valid legal request, enforce our terms, or protect the rights, safety, or property of Backroads Whistler, our customers, or others.
Business changes. If our business is involved in a reorganization, sale, or transfer of assets, personal information may be disclosed to the parties involved, subject to appropriate confidentiality protections and applicable law.
6. Where your information is processed (cross-border)
Several of our service providers — including Flybook, Fullsteam, Google, Meta, and Sender — are located in, or store and process data in, the United States or other countries outside Canada. This means your personal information may be stored or processed outside Canada, including in the United States, and while it is there it may be subject to the laws of those countries, including lawful access by their courts, law enforcement, and government authorities.
We disclose this to you in the interest of transparency, consistent with BC PIPA and PIPEDA. By providing your information and using our Services, you consent to this cross-border storage and processing. If you have questions about our cross-border practices, please contact our Privacy Officer.
7. Cookies and tracking
We use cookies and similar technologies for essential Website functionality, analytics, and — where enabled — advertising. When you first visit, our Complianz consent banner lets you review and manage non-essential cookies, and change your choices at any time.
For a detailed, up-to-date list of the specific cookies we use, their purposes, and their durations, please see our separate Cookie Policy. View our Cookie Policy
8. How long we keep your information
We keep personal information only as long as reasonably necessary for the purposes described in this policy, or as required by law. In general:
- Booking, rental, and account records are kept for as long as needed to provide the Services and then to meet our legal, tax, accounting, insurance, and liability obligations.
- Waiver and safety information is retained for the period reasonably necessary for safety, insurance, and liability purposes, and any applicable limitation periods.
- Marketing contacts are kept until you unsubscribe or ask us to remove you, after which we remove you from active marketing (we may keep a minimal suppression record so we do not contact you again).
- Analytics and log data are kept for limited periods set within the relevant tools.
When we no longer need personal information, we take reasonable steps to securely delete, destroy, or anonymize it.
9. How we protect your information
We use reasonable physical, technical, and administrative safeguards to protect personal information against loss, theft, and unauthorized access, collection, use, disclosure, copying, modification, or disposal. These include limiting access to those who need it, using reputable service providers, and keeping our systems reasonably current.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. However, we work continually to protect your information and to maintain safeguards appropriate to its sensitivity.
10. If a privacy breach occurs
If a breach of security safeguards occurs and it creates a real risk of significant harm to affected individuals, we will, as required by PIPEDA:
- report the breach to the Office of the Privacy Commissioner of Canada (OPC) as soon as feasible;
- notify affected individuals as soon as feasible, so they can take steps to protect themselves; and
- notify any other organization that may be able to reduce the risk of harm.
We keep records of breaches of security safeguards as required by law, and we will otherwise respond to any privacy incident in accordance with applicable privacy legislation.
11. Your privacy rights and choices
Subject to legal limits and exceptions, you have the right to:
- Access the personal information we hold about you and receive information about how it has been used and to whom it has been disclosed;
- Correct personal information that is inaccurate or incomplete;
- Withdraw consent or unsubscribe from marketing at any time (see Section 3); and
- Request deletion of personal information we are not required or permitted by law to retain.
How to exercise your rights. Contact our Privacy Officer (see Section 1). To protect your privacy, we may need to verify your identity before we act on a request. We will respond to access and correction requests within the timeframe required by BC PIPA — generally within 30 business days — and will let you know if we need an extension permitted by law. For an access request, BC PIPA allows us to charge a minimal fee to cover the cost of providing the information; if a fee applies, we will give you an estimate first, and you can decide whether to proceed.
12. Children and minors
Our Website and Services are directed to adults. We do not knowingly collect personal information directly from children. A booking that includes a minor must be made by a parent or guardian, who is responsible for any personal information about the minor (including any health or emergency information provided on a waiver). If you believe we have collected a child’s information without appropriate consent, please contact our Privacy Officer and we will take appropriate steps to address it.
13. Complaints
If you have a concern or complaint about how we handle your personal information, please contact our Privacy Officer first (see Section 1). We take privacy concerns seriously and will do our best to resolve them.
If you are not satisfied with our response, you may contact the relevant regulator:
- Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) — our primary provincial privacy regulator. Website: https://www.oipc.bc.ca
- Office of the Privacy Commissioner of Canada (OPC) — for matters under PIPEDA. Website: https://www.priv.gc.ca
14. Visitors from outside British Columbia
Our audience is primarily Canadian and North American, and this policy is written specifically for British Columbia and Canadian law. We do not specifically target Quebec or the European Union.
However, we welcome guests from across Canada and around the world. If you interact with us from Quebec, from the European Union or United Kingdom, or from elsewhere, additional privacy laws — such as Quebec’s Law 25, the EU/UK General Data Protection Regulation (GDPR) — may in principle apply to your information. We aim to handle all personal information responsibly and consistently with the principles in this policy. If you have questions about your rights under the laws of your jurisdiction, please contact our Privacy Officer.
15. Third-party links
Our Website may link to, or embed content from, other websites and services we do not control. This Privacy Policy does not apply to those third-party sites or services. We encourage you to review the privacy policies of any third-party site you visit.
16. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or the law. The “Effective / Last updated” date at the top shows when it was last revised. Material changes will be posted on this page, and where appropriate we will provide additional notice.
17. Contact us
For any privacy question or request, please contact:
Privacy Officer, Backroads Whistler
3375 Lakeside Road, Whistler, BC, Canada
Email: admin@backroadswhistler.com
Phone: +1-604-932-3111
Website: https://www.backroadswhistler.com