Legal notice HOTEL DON SAUL
Personal Information Management Policies
FIRST: GENERALITIES
We have a special interest in protecting and respecting your information and personal data, and that is why we have designed these information processing policies within the framework of Law 1581 of 2012 and regulatory decree 1377 of 2013.
1.1 Introduction
HOTEL DON SAUL and the companies that operate them may collect personal data from their users, guests, or visitors through various means designed to access the services provided by them. In any case, the collection will be done with the express authorization of the data owner and the processing of this data will be subject to what is established by law.
The personal information subject to the considerations established here may be collected by HOTEL DON SAUL through the website www.hoteldonsaul.com, through visiting or acquiring services offered on the platform, or directly in hotels linked or associated with HOTEL DON SAUL.
The considerations established by the Information Holder will be understood as accepted when he visits or uses the website www.hoteldonsaul.com and/or when entering data or personal information through the functions established for it, regardless of the purpose.
1.2 General principles
The collection and collection of personal data, as well as the use, processing, processing, exchange, transfer, and transmission of this data by HOTELDONSAUL or any of the companies operating HOTEL DON SAUL, will always be guided by principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access, and restricted circulation.
1.3 Legal definitions
In accordance with Law 1581 of 2012 and decree 1377 of 2013, the following definitions will govern the policies for the treatment of personal information.
1.3.1 Data Processor: By data processor, we mean the natural or legal person, public or private, who, by themselves or in conjunction with others, processes personal data on behalf of the data controller;
1.3.2 Data Controller: By data controller, we mean the natural or legal person, public or private, who, by themselves or in conjunction with others, decides on the database and/or the processing of data;
1.3.3 Database: By database, we understand the organized set of personal data that is subject to processing;
1.3.4 Personal Data: By personal data, we mean any information linked or that can be associated with one or more specific or determinable individuals;
1.3.5 Sensitive Data: Sensitive data are those that affect the privacy of the Holder or whose misuse may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.
1.3.6 Public Data: Public data are data that are not semi-private, private, or sensitive. Public data include, among others, data relating to the civil status of individuals, their profession or occupation, and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins, and duly executed judicial decisions that are not subject to reserve.
1.3.7 Transfer: Data transfer takes place when the Person in Charge and/or Data Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is in charge of the Treatment and is located inside or outside the country.
1.3.8 Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Treatment by the Person in Charge on behalf of the Data Controller.
SECOND: HOLDER’S AUTHORIZATION
The data provided will be subject to authorized processing, granted in advance, expressly and informed by the Holder thereof, directly to HOTEL DON SAUL, or through the companies that operate them.
However, visiting, entering, or using the website www.hoteldonsaul.com constitutes, in itself, a prior, express, and informed authorization for the storage, collection, and processing of information in accordance with the data processing policy contained herein.
In any case, the collection of data will be limited to personal data that is relevant and appropriate for the purpose pursued with this.
THIRD: INFORMATION TREATMENT
3.1 Collected data. The collection of data for the development of the treatment and purposes pursued by it will fall on the personal data received and stored by HOTEL DON SAUL and the linked or associated companies and hotels of HOTEL DON SAUL, and will comprise all the information provided or provided when visiting the website www.hoteldonsaul.com, as well as all information related to services or reservations made, and accommodation and lodging data provided to HOTEL DON SAUL or any of the associated hotels.
Without prejudice to the fact that in some cases they are public data, the information collected will correspond to names, identity card number, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, consumption habits or travel habits, among others. If a reservation is made through the website www.hoteldonsaul.com, the information corresponding to the credit card provided for the purposes of the reservation and stay will be collected.
3.2 Processing to which data will be subjected and its purpose.
The data and information obtained and collected by HOTEL DON SAUL, by the operating companies of such hotels, will be used in the normal course of their commercial activities only for the purpose established in these information processing policies, in such a way that it allows the creation of direct and effective communication with the client, leading to establish a closer link.
The treatment consists of sending digital information through different communication channels, with the intention of contacting the owner to send service surveys after each stay that allow the qualification of the service provided, and communicate invitations, offers, promotions, service portfolio, or information from the Hotel or hotels that are part of HOTEL DON SAUL, without their data being provided, transferred, or delivered to different or unrelated persons to the DON SAUL Hotel that collected the information, or to the hotels and activities linked to HOTEL DON SAUL and the activities it performs. Additionally, through data collection, it seeks to: make, process, process, and/or complete reservations or purchase of hotel nights or other services; carry out internal studies on tourism habits; evaluate the quality of our services; send surveys and questionnaires regarding the services provided; promptly address your requests, petitions, or needs; communicate invitations, offers, promotions, and general information about the service portfolio offered by natural or legal persons directly linked to the hotel operation and specifically with the services provided by HOTEL DON SAUL or the companies and hotels that operate them.
The information or data provided that is collected, gathered, or stored in accordance with these policies may be shared, transmitted, updated, and/or deleted between HOTEL DON SAUL and its operating companies for the purpose defined in these policies, to be used in the manner established here. By accessing the website www.hoteldonsaul.com, you authorize your information and data to be shared with the tourist suppliers to whom your reservations and/or requests are made.
It is assumed that all the information or data provided through the website www.hoteldonsaul.com is true, accurate, and complete, and may be withdrawn at any time in the event it is considered harmful or detrimental to your interests or the interests of a third party.
The data and the information in general that is received when entering the website www.hoteldonsaul.com can be both yours and the team from which you are accessing. In order to optimize and make your experience visiting the website www.hoteldonsaul.com more efficient, cookies and/or web beacons may be used, and the information from the visited internet pages, your IP address, the operating system of the device from which you are accessing, may be obtained and stored through a recognition and tracking process that allows the identification of your preferences and identification when you visit the page again, and store certain records based on your IP address. The IP address is not associated or linked to your name or personal data.
3.3.- Sensitive data and data corresponding to children and adolescents.
Neither HOTEL DON SAUL nor the operating companies will process data considered sensitive, nor is the collection of data intended to collect sensitive information.
The collection of data corresponding to children and adolescents under the age of majority, and the respective authorization, must always be given through their legal representative, after the exercise of the child’s right to be heard.
The processing of data corresponding to children and adolescents must respond to and respect the best interests of children and adolescents, and their fundamental rights.
In the event that for any reason a question may lead to a response regarding sensitive data or data from girls, boys, and adolescents, the answer to such a question will be optional.
3.4.- Duties of the data controller.
The data controllers, and/or data controllers and processors of personal data, undertake to: a) Guarantee the Holder, at all times, the full and effective exercise of the right to data protection; b) Request and keep, under the conditions provided for by law, a copy of the respective authorization granted by the Owner; c) Properly inform the Data Subject about the purpose of the collection and the rights granted to him by virtue of the authorization granted; d) Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access; e) Ensure that the information provided to the Data Processor is true, complete, accurate, updated, verifiable, and understandable; f) Update the information, by promptly informing the Data Processor of any developments regarding the data previously provided to them, and take the necessary measures to ensure that the information provided remains up-to-date; g) Rectify the information when incorrect and communicate the relevant information to the Data Processor; h) Provide the Data Processor, as appropriate, only with data whose Processing is previously authorized in accordance with the provisions of this law; i) Demand from the Data Processor at all times, respect for the security and privacy conditions of the Owner’s information; j) Process inquiries and claims made in the terms indicated in the law; k) Inform the Data Processor when certain information is under discussion by the Holder, once the respective claim has been filed and the appropriate procedure has not been completed; l) Inform at the request of the Holder about the use given to their data; m) Inform the data protection authority when there are violations of security codes and risks in the management of the information of the Owners. n) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
FOURTH: IMPLEMENTATION OF PROCEDURES TO ENSURE THE RIGHT TO FILE CLAIMS.
At any time and free of charge, the owner or his representative may request HOTEL DON SAUL. the rectification, updating, or deletion of their personal data, upon accreditation of their identity. The rights of rectification, update, or deletion can only be exercised by:
- The owner or their heirs, upon accreditation of their identity, or through electronic instruments that allow them to identify themselves. • Their representative, upon accreditation of the representation. When the request is made by a person other than the owner and it is not proven that they are acting on their behalf, it will be considered not presented. The request for rectification, updating, or deletion must be made through the means enabled by HOTEL DON SAUL indicated in the privacy notice and must contain, at a minimum, the following information:
- The full name and address of the owner or any other means to receive the response 2. Documents proving the identity or the personality of their representative. 3. A clear and precise description of the personal data to which the owner seeks to exercise any of the rights. 4. In some cases other elements or documents that facilitate the location of personal data.
PARAGRAPH 1. DATA RECTIFICATION AND UPDATE. HOTEL DON SAUL. it is obliged to rectify and update at the request of the owner, the information that is incomplete or inaccurate, in accordance with the procedure and terms indicated above. In this regard, the following will be taken into account: In requests for rectification and updating of personal data, the owner must indicate the corrections to be made and provide the documentation that supports their request
HOTEL DON SAUL. has full freedom to enable mechanisms that facilitate the exercise of this right, as long as they benefit the owner. Consequently, electronic or other means may be enabled.
HOTEL DON SAUL. may establish forms, systems, and other simplified methods, which must be informed in the privacy notice and made available to interested parties on the website www.hoteldonsaul.com
HOTEL DON SAUL will use the customer service or customer service services in operation, as long as response times do not exceed those indicated by article 15 of Law 1581 of 2012.
Whenever HOTEL DON SAUL. makes available a new tool to facilitate the exercise of its rights by the owners of information or modifies the existing ones, it will inform through its website www.hoteldonsaul.com.
PARAGRAPH 2. DATA DELETION. The owner has the right, at all times, to request HOTEL DON SAUL to delete (eliminate) their personal data when:
a.) Consider that they are not being processed in accordance with the principles, duties, and obligations provided for in Law 1581 of 2012. b.) They have ceased to be necessary or relevant for the purpose for which they were collected. c.) The necessary period for the fulfillment of the purposes for which they were collected has elapsed.
This deletion implies the total or partial elimination of personal information according to the request of the owner in the records, files, databases, or treatments carried out by HOTEL DON SAUL. It is important to note that the right to cancellation is not absolute and the controller may deny the exercise of it when:
The request for deletion of information will not proceed when the owner has a legal or contractual duty to remain in the database
- The deletion of data obstructs judicial or administrative actions related to tax obligations, investigation and prosecution of crimes, or updating of administrative sanctions.
- The data is necessary to protect the legally protected interests of the owner; to take action in the public interest, or to comply with a legal obligation acquired by the owner
. If the cancellation of personal data is appropriate, HOTEL DON SAUL must operationally delete such data in such a way that the deletion does not allow the information to be recovered
FIFTH: RIGHTS AND POWERS OF THE HOLDER
5.1- Holder’s rights. Once the authorization has been granted by the Holder for the corresponding treatment, he has the right to: a) Know, update, and rectify his personal data. This right can be exercised against partial, inaccurate, incomplete, fractionated data, which lead to error, or those whose Treatment is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, unless it is expressly excepted as a requirement for Treatment, in accordance with the provisions of Article 10 of Law 1581 of 2012; c) Be informed by the data controller and/or processor, upon request, of the use that has been made of their personal data; d) Submit complaints to the Superintendence of Industry and Commerce for breaches of the law; e) Revoke the authorization and/or request the deletion of the data when the Treatment does not respect the constitutional and legal principles, rights, and guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that the Treatment has engaged in conduct contrary to this law and the Constitution; f) Request, at any time from the controller or processor, the deletion of their personal data and/or revoke the authorization granted for the Treatment of the same, through the presentation of a claim, it will not proceed when the Holder has a legal or contractual duty to remain in the database. g) Access free of charge to their personal data that have been subjected to Treatment: (i) at least once every calendar month, and (ii) each time there are substantial modifications to the Information Processing Policies that motivate new consultations. In the case of requests whose frequency is greater than one per calendar month, the controller and/or processor may charge the Holder for shipping, reproduction, and, if applicable, certification of documents.
5.2.- Legitimization for the exercise of the rights of the Holder.
The following persons are also legitimized to exercise the rights granted to the data subject: a). The owner himself, who must prove his identity sufficiently by means provided by the controller; b). Their heirs, who must prove such status; c). The representative and/or attorney of the Holder, upon accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another; e). The rights of children, girls, or adolescents will be exercised by the people who are authorized to represent them, upon accreditation of the power of representation.
5.3.- Area responsible for the attention and accompaniment of the Holder.
The attention and response to queries, requests, and complaints from Owners regarding any aspect of the treatment will be the responsibility of the legal area. The Information Holder who wishes to know, update, rectify, request proof of the authorization granted; be informed of the use that has been made of their personal data; revoke the authorization and/or request the deletion of the data and/or access free of charge to their personal data that have been the subject of Treatment, must request it in writing directly to the email events@hoteldonsaul.com or send the communication to Calle 17#23-52 Pasto Nariño colombia. In either case, it must be indicated: a) full name; b) identity document; c) physical address and email; d) contact telephone number; e) Brief description of the information and data to which it refers expressly indicating the scope and content of the request; and, f) accompany the documents that support their request.
5.4.- Procedure for exercising the