What is the purpose of this notice?
After 25 years in business, Samesun hostels have processed hundreds of thousands of reservations. This notice is to share with our guests how we handle the information we collect from you – what we hold, where it’s from, who sees it, and what we do with it. We also aim to outline your rights under data protection law in relation to our processing of your data.
This data protection notice covers personal data that is collected through our website (samesun.com), our restaurants’ websites, our in-house booking engine; and through booking engines that are integrated into third party websites. Although you should bear in mind that where you access our booking engine on a third-party website, this data protection notice only applies to information we collect through your use of the booking engine, and does not apply to data collected or held by the operator of the third-party website.
Who controls the use of your personal data?
When this data protection notice mentions “we”, “us”, “our” or “Samesun” we are referring to Samesun Ventures Inc. This comprises the Canadian and USA hosteling companies that collect your data through reservation details, and are in charge of the processing of your personal data. For more information about us, please visit our website. https://samesun.com/about-samesun/
What personal data is collected?
Here’s the information that can be requested from you when you reserve at one of our hostels; this applies to a direct booking through our website, or through a third-party website.
Email address
Phone number
Credit card number
Passport or identification number
Information about previous stays
Room or bed preference

Why do you use my personal data?
As you probably expect, the main reason we use your personal data is in order to process your bookings and to deal with any queries or issues that arise in relation to those bookings. We also use your personal data for other reasons, such as tailoring our confirmation emails so they are relevant to you, and monitoring your use of our websites to help us make improvements.
We collect your name as an identifier, and your credit card number to guarantee the reservation. By the terms of our cancellation policy, we will need this number to charge your card if you don’t show up to your booking without letting us know at least 24 hours prior to your scheduled arrival.
Similarly, you may be required to provide certain information if you want to enter into a competition, participate in a survey, or if you contact our management team with a query or complaint. We will inform you where such information is required.
Surveys, in particular, we consider to be instrumental to our operations. We get feedback from you so we can improve our product and give our guests the best possible experience. We don’t consider surveys marketing material, which is why you opt into it upon making a reservation. If you don’t want to participate, please let us know by emailing dpo@samesun.com, and our Data Protection Officer make sure you don’t get a survey at the end of your stay.
Information you are required to provide
You are not obliged to provide us with any of your personal data. However, if you want to make a booking you will need to provide us with the information that is indicated as required on our reservations page at samesun.com. If you don’t provide us with this information, we won’t be able to process your booking. If you book with us directly, you’ll need to give us the following information only – your name, where you are from, your travel dates and preferred room type, email address, and a credit card number and expiry date. When you book with us, you’re agreeing to receive a confirmation letter and a pre-arrival letter.
Who do we share your personal data with?
We use two principal booking engines to process your data. Internally in the hostel, we use a booking system called RoomMaster http://roommasterpms.co.uk/privacy-policy/ to hold your information, which interfaces with Siteminder https://www.siteminder.com/legal/data-security/ to process the reservation data. Please review their respective policies on data protection by clicking on the names.
There are other ways that your data enters our systems. We work with certain Online Travel Agencies (OTAs), which are third party sites you can use to book with us. You give them your personal information directly, which they then pass on to us. These sites are –
Booking.com https://www.booking.com/content/privacy.html?label=opensearch-plugin;sid=35df6b6aa3af0415ec47633b39198eec
Hostelworld https://www.hostelworld.com/securityprivacy.php,
Dorms.com https://www.dorms.com/info/privacy-policy,
Ctrip https://pages.english.ctrip.com/about/en/privacy-policy.html,
and Expedia.com https://www.expediagroup.com/privacy-policy
You can also book with us through agencies, who share your data with us in a similar way. These are –
SWAP http://www.swap.ca/about-us/privacy-policy.html
STA http://www.statravel.com/policies.htm
Working Holiday Club http://theworkingholidayclub.com/privacy.html
Kilroy https://www.kilroy.be/over-ons/privacy-policy
Stepwest https://www.stepwest.com/terms-and-conditions/
Bamba http://www.bambaexperience.com/Privacy-Policy-c122i0.html
V Travel http://www.vtravel.bg/privacy-policy.php
Experience Education http://www.experienceeducation.ca/privacy-policy/
Please click on the names above to check out their respective privacy policies.
Although we hope it never happens, on very rare occasions our customers can get into difficulties while travelling. Where we think that there is a risk to your health or wellbeing, we may share your personal data with third parties in order to get you help. We may also receive requests from law enforcement agencies for personal data that we hold (e.g. we might be asked to assist with locating a missing person). In such circumstances we will only share your personal data with such law enforcement agencies in compliance with data protection law.
Samesun Ventures Inc may disclose your Personal Data in the good faith belief that such action is necessary to:
To comply with a legal obligation
To protect and defend the rights or property of Samesun Ventures Inc
To prevent or investigate possible wrongdoing in connection with our services
To protect the personal safety of guests or the public
To protect against legal liability
What other kinds of data do we collect?
We may also collect information that your browser sends whenever you visit our websites or when you access them by or through a mobile device – this is usage data.
This usage data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our websites that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the websites by or through a mobile device, this usage data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
We use cookies and similar tracking technologies to track the activity on our websites and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Our website uses cookies to distinguish you from other users of our website. Cookies are used to ensure that we give you the best experience on our website, and allow us to improve our website.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
We use the following types of cookies:
Strictly necessary cookies – These are cookies that are essential for the operation of our website. These cookies remember information you have entered on forms when you navigate to different pages during a web browser session, identify you as being logged in to our website, etc.
Performance cookies – These cookies allow us to recognize and count the number of visitors and to see how visitors move around on our website when they are using it. These cookies help us to improve the way the website works, for example, by ensuring that users are finding what they are looking for easily. These cookies provide statistics on how our website is used, help us improve the website by measuring any errors that occur, etc.
Functionality cookies – These are cookies that are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, remember if we have already asked you if you want to fill in a survey, and remember your preferences, for example your choice of language or region.
Whether a cookie is considered as a ‘first’ or ‘third party’ cookie refers to the domain placing the cookie. First-party cookies are those cookies set by a website that is being visited by the user at the time (e.g. cookies placed by www.zoetis.com). Third-party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website this would be a third-party cookie (e.g. Google Analytics).
Whether a cookie is considered as a ‘persistent’ or ‘session’ cookie refers to the duration of the cookie. A persistent cookie remains on a user’s device for the period of time specified in that cookie, and is activated each time that said user visits the website that created the concerned cookie. A session cookie allows to link the actions of a user during a browser session. A session starts when a user opens a browser window and ends when the browser window is closed. Once the browser is closed, all session cookies are deleted.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
By using this website, you consent to the processing of data about you by Google in the manner described in Google’s privacy policy https://policies.google.com/privacy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out services provided by Google https://tools.google.com/dlpage/gaoptout.

Retention of personal data
We retain your personal data on the principle that we keep it for no longer than is necessary for the purpose for which we collected it, and in accordance with any requirements that are imposed on us by law.
Transaction Data – If you are an active user of our website (i.e. you have made a booking in the last 6 months) we want to ensure that you have access to data in relation to your previous bookings, and that we have access to this data for our own business purposes. We therefore won’t delete your transaction data while you remain an active customer, unless you ask us to do so. If you cease to be an active customer, we will retain your personal data for a period of 6 months, after which point it gets purged from our system automatically.
For personal data that is not transaction data or related to confirmation emails, we will apply the following criteria:
Managing legal claims – When we assess how long we keep personal data we take into account whether that data may be required in order to defend any legal claims which may be made. If such data is required, we may keep it until the statute of limitations runs out in relation to the type of claim that can be made (which varies from 2 to 12 years).
Important Information about Consent
When we process your personal data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent by contacting us using the contact details at the bottom of this notice. Please note that if you withdraw your consent we may not be able to continue to provide the related service to you.
Your rights under data protection law

You have various rights under data protection law in connection with our processing of your personal data. For example, you have the right to request a copy of your personal data that we hold and to request that we correct any errors in the personal data that we hold. These rights are subject to certain exceptions and exemptions. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

For our European guests, the rights of the General Data Protection Regulation (GDPR) apply:

Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – you have the right to restrict how we process your data.
Right of portability – you have the right to have the data we hold about you transferred to another organization.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review: in the event that Samesun refuses your request under rights of access, we will provide you with a reason as to why.
We extend all of the above rights to our American guests as well, along with the following rights applied by the California Consumer Privacy Act (CCPA). The information related to consumer rights under CCPA can all be found in this document:
Right to ask us what data we collect and for what purpose
Right to ask what personal information is being sold or shared
Right to know how we respond to requests.
Samesun will comply as quickly as possible to any guest request, and will not discriminate against guests who exercise their rights under CCPA.
Our managers have been trained on how to help you exercise these rights. There are a few conditions and exemptions; get more details from the Information Commissioner’s Office. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
For information on the CCPA, visit this website: https://oag.ca.gov/privacy/ccpa
Other Relevant Privacy Policies
While we don’t advertise online through websites that aren’t our own, we do have a social media presence on a few sites that have their own data protections policies. These policies are available by following the links below:
Facebook https://www.facebook.com/policy.php?CAT_VISITOR_SESSION=c7b73ebc78d1681ade25473632eae199
Instagram https://help.instagram.com/519522125107875
YouTube https://www.youtube.com/yt/about/policies/#community-guidelines

How Do We Protect Your Data?

Our online services are hosted securely by OVH Canada, whose stringent data protection and security measures are listed here https://www.ovh.com/ca/en/about-us/security.xml
We train our employees about the importance of confidentiality and maintaining the privacy and security of your information. Access to your personal information is restricted to employees who need it to provide benefits or services to you. Your information will not be released to anyone who isn’t you, unless with specific written consent and identity verification. Exceptions to this are described above under the heading ‘Who do we share your personal data with?’.
The security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
Questions and Complaints
If you have any queries or complaints in connection with our processing of your personal data, you can get in touch with us using the following contact details:
Email: DPO@samesun.com
Phone: 1-877-972-6378
Mail: 245 Harvey Ave, Kelowna BC, V1Y 6C2, Canada