Some flights at Toronto Pearson are impacted by changes to international airspace. Airlines are adjusting routes and schedules in response, which may lead to delays or cancellations. Passengers are advised to check their flight status directly with their airline before coming to the airport.

Complete privacy policy

Complete Privacy Statement

Thank you for your interest in the personal information protection practices of the Greater Toronto Airports Authority. Before you begin reading our Privacy Statement, there are a few things we would like you to know:

  • The Greater Toronto Airports Authority is also referred to as the “GTAA” or “we”, “our” or “us”.
  • The GTAA is a non-governmental, private corporation that operates Toronto Pearson International Airport.
  • This Privacy Statement applies only to the GTAA. Not all of the information in this Privacy Statement will apply to you. What applies to you depends on how you interact with the GTAA and the services provided by the GTAA.
  • As you navigate our website and engage with GTAA’s services, you may receive additional privacy notices relevant to specific services.
  • By interacting with the GTAA and engaging with the services provided by the GTAA, you acknowledge that we may collect, use, disclose, and otherwise handle your Personal Information in accordance with this Privacy Statement.
  • We may update this Privacy Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The date of the latest revision will be posted at the top of this Privacy Statement, enabling you to know when it was last updated.
  • Many businesses are located at Toronto Pearson International Airport. When you deal with those businesses your personal information is governed by the privacy policies of those businesses. This Privacy Statement does not apply.
  • This Privacy Statement does not apply to government agencies, such as the Canadian Air Transport Security Authority, the Canada Border Services Agency and the U.S. Department of Homeland Security (including the U.S Customs and Border Protection Agency).

You can click on the sections below to learn more about what interests you.

Notice to Quebec Residents

If you reside in Quebec and we collect your personal information, please be aware that your personal information will be transmitted outside of Quebec to Ontario, other locations in Canada, the United States, and other international locations.

Notice to EEA and UK Residents

If you use the GTAA website or services while you are located in the EEA or UK, your personal data may be transmitted to Canada, the United States, and other international locations. The GTAA, located at P.O. Box 6031, 3111 Convair Drive, Toronto, Ontario, Canada L5P 1B2, is the controller of this personal data.

The legal basis for processing this personal data is as follows:

  • Legitimate business interests in responding to your inquiries, maintaining the safety and security of Toronto Pearson and GTAA’s online services, improving our business and marketing, evaluating your suitability for employment (if you are an applicant for employment).
  • Performing our contractual obligations to you if you purchase a product or service from us, including parking, amenities or gift cards.
  • With your consent if you sign up for marketing communications.
  • Complying with legal obligations in maintaining corporate records.

Understanding the Personal Information We Collect

We collect personal information to provide you with and to improve our services as well as to protect your safety and the security of the GTAA, Toronto Pearson and occupants of Toronto Pearson. Below you will find examples of the types of personal information that you can expect that we may collect depending on the nature of your interactions with the GTAA:

General Dealings

  • Contact Details: Name, address, email, and phone number.
  • Travel Details: Carrier, originating airport, stopovers, destination airport, number of passengers, and, in some cases, baggage details.
  • Service Requests and Complaints Details: Communications relating to your service requests or complaints.
  • Transaction Details: Name, email address, postal code/zip code, mobile number, payment cardholder name, payment card number, expiration date, and security code. In some cases, such as for Toronto Pearson gift card purchase, we may ask for address details for shipping.
  • Call Recordings: Recordings of calls made to us in which you provide identifying information.
  • Vehicle Information: License plate number, make, model, and colour.
  • Accessibility Details: Details provided by your airline if you request wheelchair and mobility services.

Marketing, Contests and Surveys

  • Subscription Details: Contact Details and preference data including provided or inferred product or services interests, location data, and demographic information.
  • Contests and Promotion Details: Contact Details and information relating to your entry, response to skill testing questions, winner selection, prize reporting, location data, and, if applicable, image for promotional purposes.
  • Survey Response Details: Responses to questions and demographic information such as age, gender, location, income, purpose of traveling, and other details relevant to us interpreting the survey results.
  • Social Media Interactions: Our followers, mentions, and direct messages.
  • Online Advertising Interactions: Interaction metrics such as clicks and views and associated technical information such as IP address, device type, browser type, and browsing behaviour.

Online Services

  • Account Details: For areas of our online services requiring registration, username, password, first and last name, email address, phone number or other applicable registration information.
  • Online Interactions: We gather information from your interactions with our website, such as IP addresses, device information, and browsing history, using cookies and other tracking technologies.
  • Wi‑Fi Usage Information: When you access our Wi‑Fi network, we collect electronic data such as IP addresses, browser and device specifics, operating system details, and browsing behavior through cookies and similar technologies.
  • Cookies and other Tracking Data: We use third party tools to analyze website usage and engage in remarketing activities.

Taxi and Limo Services

The GTAA does not provide taxi and limo services. However, companies and drivers who provide pre‑arranged taxi and limo services may provide information to the GTAA about their pre‑arranged trips, including passenger first and last name, flight number if known, and scheduled date and time of arrival.

In addition, drivers and companies providing these services must register with the GTAA. If you offer pre‑arranged taxi and limo services at Toronto Pearson, please see information at Pre‑Arranged Taxi and Limo Service Providers [insert link to section] below.

Building and Security Operations

  • Images: Images of individuals and vehicles at Toronto Pearson captured through closed circuit video surveillance and other methods.
  • Anonymous Video Analytics and Traffic Counters: Cameras and other technologies in our facilities help conduct traffic analyses and count devices, gathering statistical data without identifying individuals.
  • Security Incident Data: Date, time, location, names of individuals involved in the incident, witness statements, images, and other relevant information, such as Vehicle Information.
  • Pass Card Data: Logs relating to the use of GTAA‑issued or managed pass cards used to access restricted areas of Toronto Pearson.
  • Pass Card Issuance Data: Information collected for the purposes of issuing and managing issued pass cards, such as name, employer, photo, contact information, and information relevant to security clearances and the level of security clearance.
  • Identity Verification Information: Some of our services or restricted areas of Toronto Pearson may require us to identify you. If you use those services or seek to access those restricted areas, we may collect government‑issued identification details, your date of birth, citizenship and/or residency status, and other information relevant to verifying your identity.
  • Background Check Data: In limited cases, such as for security clearing and employment, we may collect criminal history, employment verification, educational records, and other information relevant to background checks.
  • Person of Interest Identification: For security purposes, we may use technology that assists in identifying individuals.

Health and Safety

  • Health and Safety Incidents: Date, time, location, names of individuals involved in the incident, and other relevant information, including, but not limited to, injuries sustained, medical treatment provided, witness statements, and images.
  • Screening Information: Health information, in limited circumstances, such as pandemics, to address public health requirements.

Recruitment

  • Employment Applicant Data: Name, Contact Details, resume, cover letter, and other information you or your references or our third‑party background check providers provide during the employment application process, including references, Identity Verification Information, and Background Check Data.
  • Optional Diversity and Inclusion Data: Details such as race, gender identity, sexual orientation, disability or accessibility needs, and other personal characteristics.

Fire & Emergency Services Training Institute

If you are an applicant or registered student of the Fire & Emergency Services Training Institute, please see the information at “Fire & Emergency Services Training Institute” below.

Understanding Why We Use Personal Information

The personal information we collect serves multiple purposes, including providing and enhancing our services, complying with our legal and contractual obligations, and ensuring a safe, efficient airport experience for travellers, employees, our vendors and service providers, and our tenants. Below you will find examples of the purposes for which we collect and use personal information depending on the nature of your interactions with us at Toronto Pearson. For information on the types of personal information, please see “Understanding the personal information we collect”.

Visitor Management and Operations

  • Visitor Support Services: Responding to requests, handling lost and found items, and providing tourist assistance. Examples of types of data used: Contact Details, Travel Details, and Service Requests and Complaints Details.
  • Parking Services: Providing online reservations, vehicle location services, and parking enforcement. We also use this data to analyze parking usage to optimize space allocation, manage peak times, improve overall visitor convenience, and enforce parking rules. Examples of types of data used: Contact Details, Account Details, Images, and Vehicle Information.
  • Processing Purchases: Processing transactions for services and products that you purchase from us or through marketplaces we operate. Examples of types of data used: Transaction Details and Payment Details to complete your parking registration and any amenities you purchase such as car washing and to process your GTAA gift card orders.
  • Wi‑Fi Services: Providing, securing, and managing Wi‑Fi services, including enforcing our Wi‑Fi terms and conditions. Examples of types of data used: Account Details, Wi‑Fi Usage Information, and Online Interactions.
  • Pre‑arranged Transportation Management: Managing pre‑arranged taxis and limos to optimize pick‑ups, manage peak times, and enforce transportation rules. Examples of types of data used: Vehicle Information and Travel Details.
  • Accessibility Support: Providing accessibility support options, including mobility aid loan services (such as wheelchairs). Examples of types of data used: Contact Details, Travel Details, and Accessibility Details.

Safety, Health and Incident Management

  • Security Monitoring: Monitoring activities at Toronto Pearson to prevent unauthorized access, to enforce compliance with airport regulations, and to detect and prevent security or health and safety incidents. Examples of types of data used: Images, Pass Card Data, Pass Card Issuance Data, Biometric Data, and Vehicle Information.
  • Incident Response: Responding to, investigating, and learning from security incidents, medical incidents, and other emergencies. Examples of types of data used: Images, Security Incident Data, Biometric Data, and Health and Safety Incident Data.
  • Threat Awareness Monitoring: Monitoring for security threats. Examples of types of data used: Images, Identity Verification Data, Biometric Data, Vehicle Information, Social Media Interactions, and, if shared with us, Travel Details.
  • Health Screening: Implementing pandemic response initiatives and addressing other relevant health issues using Screening Information and, if shared with us, Travel Details.

Business Development and Improvement

  • Visitor Analysis: Assessing the number of visitors, number of visits, visit duration, visitor flow, visitor characteristics, and use of Toronto Pearson services and amenities. Examples of types of data used: Anonymous Video Analytics and Traffic Counters, Wi‑Fi Usage Information, Online Advertising Interactions, Survey Response Details, Transaction Details, and Travel Details.
  • Online Services Analysis: Assessing the effectiveness of Wi‑Fi and other online services and developing and improving those services. Examples of types of data used: Wi‑Fi Usage Information, Online Advertising Interactions, Survey Response Details, Transaction Details, Cookies and other Tracking Data.
  • Marketing and Advertising: Engaging travelers and others through marketing and advertising and measuring and improving the effectiveness of marketing communications and advertisements, including developing target audiences based on actual or inferred characteristics. Examples of data used: Subscription Details, Contest and Promotion Details, Survey Response Details, Social Media Interactions, Online Advertising Interactions, Online Interactions, Wi‑Fi Usage Information, Cookies and other Tracking Data, and Transaction Details.
  • Recruitment: Evaluating applicant suitability for employment and managing and improving the recruitment process. Examples of types of data used Employment Applicant Data and Optional Diversity and Inclusion Data. Optional Diversity and Inclusion Data help us assess and enhance our diversity initiatives, ensuring equal employment opportunities and fostering an inclusive workplace environment.
  • Innovation and Improvement: Analyzing our business operations and identifying areas to improve the efficiency and quality of our services and opportunities to provide new services. Examples of data used: Call Recordings, Service Requests and Complaint Details, Transaction Details, Subscription Details, Survey Response Details, Online Interactions, Online Advertising Interactions, Wi‑Fi Usage Information, and Anonymous Video Analytics and Traffic Counters.
  • Risk Management: Conducting regular assessments and monitoring to identify and address potential risks, ensuring the integrity of our operations and safeguarding against fraud or other illegal activities. Examples of data used: Contact Details, Vehicle Information, Images, Security Incident Data, Pass Card Data, and Health and Safety Incident Data.
  • Legal Compliance: Maintaining necessary business records. We may use all forms of personal information we collect for this purpose as required by law.
  • Property and Business Sales: Transferring personal information relevant to the sale of all or a portion of our business operations.
  • Other Consent‑Based Purposes: Using personal information for other purposes for which you have given consent.

Privacy Beyond Our Direct Services to You

At Pearson Airport, you will find a variety of services and amenities provided by other businesses, including lounges and spas, gyms, shops, banking and currency exchanges, restaurants, meet and greet or porter services, and baggage storage. Canadian and U.S. border control agencies also operate at Toronto Pearson. For your convenience, our website may provide information about and link to these businesses and agencies. However, they operate independently of the GTAA and have their own privacy policies. The GTAA does not control and is not responsible for their privacy practices.

Pre‑Arranged Taxi and Limo Service Providers

Companies and drivers who provide pre‑arranged taxi and limo services at Toronto Pearson must register and provide information about their drivers and pick‑up reservations online. Registered drivers will provide their first and last name, email address, driver’s licence details, mobile number, and language. Vehicles used for pickups must be registered by providing licence plate number, vehicle type, make, model, year and verification of insurance coverage and municipal licence.

Fire & Emergency Services Training Institute

The GTAA operates the Fire & Emergency Services Training Institute, which is a private career college that provides training for fire and emergency service professionals. We collect information relevant to creating an online account for you, registering you for training courses, and managing and improving our training programs. This information may include your first and last name, mailing address, email address, date of birth, phone number, online account username and password, and course progression and completion information.

Third parties involved in our business

The GTAA shares personal information with third parties who assist us in our business by providing services to the GTAA or on behalf of the GTAA. In some limited cases, we are also required to share personal information with third parties such as government agencies or pursuant to an enforceable legal obligation.

Examples of third parties we share your personal information with:

  • Technology Service Providers: Companies providing the technology infrastructure and services that support our applications, including cloud hosting, software services, and those offering data analytics, machine learning, business intelligence, and AI services.
  • Payment and Financial Services: Entities processing payments or providing financial services.
  • Gift Card Issuer and Gift Card Manager and Merchants: The financial institution issuing our gift cards and our third‑party gift card program manager will receive and process your personal information when you participate in our gift card program. You have a direct relationship with the gift card issuer and the merchants where you use your gift card. The privacy policies of these organizations will apply and not this Privacy Statement.
  • Event and Promotional Partners: Collaborators on events and promotional activities.
  • Marketing and Advertising Agencies: To promote our business activities and properties.
  • Advertising Networks and Publishers: Digital advertising platforms, including social media platforms where our ads appear.
  • Customer Relationship Management (CRM) Providers: Providers that manage customer, tenant and prospect data.
  • Email Marketing Services: Platforms that manage and execute email campaigns, promotions, and communications.
  • Social Media Management Tools: Services that help manage interactions and content across social media platforms, streamlining engagement and content distribution.
  • Feedback and Survey Platforms: Tools that collect and analyze tenant feedback, aiding in service improvement and tenant satisfaction strategies.
  • Background Check Services: Agencies providing credit reporting, reputation, and background verification services.
  • Analytics Service Providers: Firms offering data analytics services.
  • Security Personnel: Contracted security firms and their personnel.
  • Insurance Companies: Providers of insurance coverage related to our operations.
  • Law Enforcement and Government Agencies: Police and other governmental authorities in compliance with legal obligations.
  • Professional Advisors: Lawyers, auditors, and management consultants offering legal, financial, or strategic advice.

About AI and Automated Decisions

GTAA and the third parties involved in our business may incorporate artificial intelligence and machine learning tools to process your personal information, including using it to train and refine algorithms. We and our service providers may also use these tools to make automated decisions using your personal information.

These tools help with internal business activities, such as automating tasks, evaluating data, developing new products and services, securing business systems, and other business purposes.

GTAA is committed to the ethical use of your personal information in using these tools. If we use automated decision‑making exclusively to make a decision about you, we will provide you with additional information.

About Cookies and Other Online Trackers

Cookies are small data files we place on your internet browser when you visit our websites. These are essential for ensuring our websites operate efficiently and remember your preferences (like language or login details) for future visits. Cookies also help us analyze site usage—tracking visitor numbers, traffic patterns, and assessing website performance. Additionally, we use cookies to identify potential interest in our advertisements, allowing us to show our ads to you on social media platforms and other websites.

We may use pixels on our websites and in emails to gain insights into how you interact with our content. A pixel, often referred to as a "tracking pixel" or "web beacon," is a tiny image file that is embedded within an email or webpage. When you open an email or visit a webpage containing a pixel, it communicates with the server, allowing analytics and advertising service providers to track certain activities such as whether you have opened an email, clicked on links within it, or how you engage with our website content or advertising. This data helps us to improve your browsing experience and customize our advertising to better match your interests. You can prevent tracking by disabling automatic image loading in your email settings or employing browser extensions designed to block tracking technologies.

Storage, Retention and Security

The GTAA is located in Ontario, Canada. Your personal information may be transferred and stored outside of Ontario. Any transfer of personal information will comply with data protection laws applicable to GTAA. If your information is transferred outside of Ontario, it may be subject to the laws of those other regions, including access by courts, law enforcement, or regulatory agencies.

We store personal information for as long as necessary to achieve the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider factors such as the amount, nature, and sensitivity of the personal information, the risk of unauthorized use or disclosure, the purposes of processing and whether these purposes can be achieved by other means, and applicable legal requirements.

We implement various measures with the intent to keep your personal information safe and secure. We use technical measures and policies and procedures that are designed to keep your personal information secure. These technical measures, policies and procedures take into account the sensitivity of personal information. Our security measures will depend on the sensitivity of personal information. Examples of security measures are:

  • Physical Protections: Secure access to premises and data storage areas.
  • Technical Safeguards: Firewalls and, for sensitive data, secure data transmission and encryption.
  • Policy and Training: Employee training programs.
  • Risk Management: Assessment and mitigation of reasonably foreseeable and likely security risks.
  • Incident Response: Protocols for addressing and recovering from data breaches.
  • Data Management: Principled data collection, retention, and secure destruction practices.
  • Third‑Party Oversight: Standards for third parties involved in our business.

You have a shared responsibility to protect your personal information when you use our websites, any mobile apps and online services. You should ensure your device is up to date and protected by anti‑virus and anti‑malware software. You should use the latest version of browsers. If you are using one of our online services that requires an account, you should not use the same password you are using on other sites. Keep your password secure and do not share your password with others.

Your Privacy Rights Explained

You have the following rights respecting your personal information. These rights may be subject to legal and jurisdictional limitations.

  • Right of access. You have the right to access your personal information. Please note that we may decline access to information that we have collected for security purposes. For example, we will not provide copies of closed‑circuit video surveillance without a court order or other legally enforceable request.
  • Right to correction. You have the right to correct any personal information that we hold about you that you demonstrate is inaccurate or incomplete for the purpose for which it was collected.
  • Right to deletion. You have the right to require us to delete your personal information if the continued processing of that personal information is not justified. For example, we will not delete information if it is required for complying with legal obligations, retaining records for audit purposes, defending or asserting our legal rights, or providing you with services that you are still using.

In some jurisdictions, you may also have the following rights subject to some legal limitations:

  • Right of portability. You may have the right to receive a copy of the personal information you have provided to us in a structured, commonly used, machine‑readable format that supports re‑use, or to request the transfer of your personal information to another person. (Applicable only if the data was collected from you in the United Kingdom, the European Economic Areas and certain other jurisdictions.)
  • Right to restriction. You may have the right to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you. (Applicable only if the data was collected from you in the United Kingdom, the European Economic Areas and certain other jurisdictions.)
  • Right to object. You may have a right to object to any processing based on our legitimate interests where there are grounds relating to your situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason. (Applicable only if the data was collected from you in the United Kingdom, the European Economic Areas and certain other jurisdictions.)

If you would like to exercise any of these rights, contact our Privacy Office.

You may also have a right to complain to the privacy commissioner or data protection authority in the place where you interact with us. Before exercising that right, we encourage you to contact our Privacy Officer to permit us to investigate your concerns and address them if they are well‑founded.

Controlling the Collection and Use of Your Personal Information

You can control the collection and use of your personal information in the following ways:

  • Opting Out of Marketing Communications: You have the option to unsubscribe from our marketing emails by following the unsubscribe instructions in any marketing email you receive. To opt out of promotional text messages, reply with "STOP". Opting out does not apply to non‑promotional messages.
  • Managing Mobile Location Analytics: You can opt‑out of our foot‑traffic data collection that uses mobile analytics by visiting https://smart-places.org.
  • Interest‑Based Advertising and Analytics: You can use your browser settings to manage cookies. To opt‑out of personalized advertising content, please visit Digital Advertising Alliance of Canada Opt-Out Page.

Contact the Privacy Office

We have appointed a Chief Privacy Officer. Our Privacy Officer and other staff in our Privacy Office are responsible for overseeing our compliance with applicable privacy laws. If you wish to access and/or change any personal information you have given us, please submit a formal request by completing our Information Request Form.

For general questions regarding privacy laws, contact the office of the Privacy Commissioner of Canada at 112 Kent Street, Ottawa, Ontario, K1A 1B3, or visit their website at