- Home
- Privacy policy
Hotel Rosales Boutique Privacy Policy
By publishing this policy, Hotel Rosales Boutique demonstrates its commitment to current legislation on the use of cookies, providing you with information so that you can understand what type of cookies we use and why we do so.
CHAPTER I GENERAL PROVISIONS
ARTICLE 1. DEFINITIONS.
For the purposes of applying the rules contained in this manual and in accordance with the provisions of Article 3 of Law 1581 of 2012, the following is understood:
a) Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data.
b) Privacy notice: Verbal or written communication generated by the responsible party addressed to the Owner for the processing of their personal data, through which they are informed about the existence of the information processing policies that will be applicable to them, the way to access them and the purposes of the Processing that is intended to be given to the personal data.
c) Database: Organized set of personal data that is subject to Processing.
d) Personal data: Any information linked to or that can be associated with one or more specific or determinable natural persons.
e) Private data: This is data that, due to its intimate or reserved nature, is only relevant to the owner.
f) Sensitive data: Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties. as well as data relating to health, sex life and biometric data.
g) Data Processor: Natural or legal person, public or private, who, by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller.
h) Data Controller: Natural or legal person, public or private, who by itself or in association with others, decides on the database and/or the Processing of the data.
i) Owner: Natural person whose personal data are subject to Processing.
j) Processing: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion of these.
ARTICLE 2. OBJECT.
The purpose of this document is to regulate the procedures for the collection, handling and processing of personal data carried out by EL HOTEL ROSALES, in order to guarantee and protect the fundamental right of habeas data of its guests, visitors, customers, users and suppliers within the framework of the provisions of the law. All of the above in compliance with the provisions of paragraph (k) of Article 17 of Law 1581 of 2012, which regulates the duties of those responsible for the processing of personal data, among which is that of adopting an internal manual of policies and procedures to guarantee adequate compliance with the law and in particular, for the attention of queries and complaints.
ARTICLE 3. SCOPE OF APPLICATION.
This manual will be applicable to the personal data registered and to be registered in the different databases managed by HOTEL ROSALES, that is, to the databases of our guests, visitors, customers and suppliers, who provide us with their data for commercial purposes. The information collected by HOTEL ROSALES may include, in whole or in part, depending on the needs of each product and/or service, among others, the following data:
• Names and surnames.
• Type and number of identification.
• Nationality and country of residence.
• Date of birth and gender.
• Marital status and/or relationship in relation to minors or disabled persons requesting our services.
• Landlines and cell phones for contact (personal and/or work).
• Postal and electronic addresses (personal and/or work).
• Profession or trade
• Company in which you work and position.
• Origin and destination
• Reason for your trip
• Credit card(s) information (number, bank, expiration date).
• Personal data of the cardholder (names and surnames, type and identification number).
• Information about the address where the cardholder receives their bank statements. This data may be stored and/or processed on servers located in computer centers, either owned or contracted with third-party providers, which is authorized by our guests, visitors, customers, users and suppliers by accepting this Privacy Policy.
ARTICLE 4. VERACITY OF INFORMATION.
Our guests, visitors, customers, users and suppliers must provide truthful information about their personal data in order to make it possible for HOTEL ROSALES to provide the services. and under which condition they agree to deliver the required information. HOTEL ROSALES presumes the veracity of the information provided and does not verify, nor does it assume the obligation to verify, the identity of guests, visitors, customers, users and suppliers, nor the veracity, validity, sufficiency and authenticity of the data provided by each of them. Therefore, it does not assume responsibility for damages and/or losses of any kind that may have its origin in the lack of veracity, validity, sufficiency or authenticity of the information, including damages that may be due to homonymy or identity theft.
ARTICLE 5. APPLICABLE LEGISLATION.
This manual was prepared taking into account the ordinances of Law 1581 of 2012 “By which general provisions for the protection of personal data are dictated” and Decree number 1377 of 2013 “By which Law 1581 of 2012 is partially regulated”.
ARTICLE 6. INFORMATION ON UNDERAGE CHILDREN AND ADOLESCENTS.
HOTEL ROSALES will ensure the appropriate use of the personal data of children and adolescents minors, guaranteeing that in the processing of their data their best interests and their fundamental rights are respected and, as far as possible, taking into account their opinion, as owners of their personal data.
ARTICLE 7. PURPOSES OF PROCESSING PERSONAL DATA
The information collected is used to process, confirm, fulfill and provide the services and/or products purchased, directly and/or with the participation of third-party suppliers of products or services, as well as to promote and advertise our activities, products and services, carry out transactions, make reports to the different national or international administrative control and surveillance authorities, police or judicial authorities, banking entities and/or insurance companies, for internal administrative and/or commercial purposes such as market research, audits, accounting reports, statistical analysis, invoicing, and offering and/or recognizing benefits of our loyalty programs. The foregoing, without prejudice to other purposes that have been informed in this document and in the terms and conditions of each of the products and services of each of our business units. We warn that these activities may involve third party suppliers (such as providers of reservation systems, travel agencies, call centers, banks, insurance companies). In addition, our travelers, customers and users, in their capacity as owners of the data collected, by accepting this privacy policy, authorize us to:
• Use the information received from them for marketing purposes of their products and services, and of the products and services of third parties with whom HOTEL ROSALES maintains a business relationship.
• Provide personal data to the police or judicial control and surveillance authorities, pursuant to a legal or regulatory requirement and/or use or disclose this information and personal data in defence of their rights and/or their property insofar as such defence is related to the products and/or services contracted by their travellers, customers and users.
• Allow access to information and personal data to auditors or third parties hired to carry out internal or external audit processes specific to the commercial activity we carry out.
• Consult and update personal data, at any time, in order to keep said information updated.
• Contract with third parties the storage and/or processing of personal information and data for the correct execution of the contracts entered into with us, under the security and confidentiality standards to which we are obligated.
CHAPTER II AUTHORIZATION
ARTICLE 8. AUTHORIZATION.
The collection, storage, use, circulation or deletion of personal data by HOTEL ROSALES requires the free, prior, express and informed consent of the owner of the data. HOTEL ROSALES, in its capacity as responsible for the processing of personal data, has had the necessary mechanisms in place to obtain the authorisation of the owners, guaranteeing in all cases that it is possible to verify the granting of said authorisation. With the aforementioned authorization, the client accepts the policies and conditions set forth herein.
ARTICLE 9. FORM AND MECHANISMS FOR GRANTING AUTHORIZATION.
The authorization of the owner of the information will be recorded in each of the channels and mechanisms of data collection of HOTEL ROSALES, so it may be recorded in a physical, electronic document or in any other format that allows its subsequent consultation. The authorization will be issued by the owner prior to the processing of their personal data, in accordance with the provisions of Law 1581 of 2102. With the consent authorization procedure, it is guaranteed that the owner of the personal data has been made aware of both the fact that their personal information will be collected and used for specific and known purposes, and that they have the option of knowing any alteration to them and the specific use that has been given to them. The foregoing in order for the owner to make informed decisions regarding their personal data and control the use of their personal information.
CHAPTER III RIGHTS AND DUTIES
ARTICLE 10. RIGHTS OF THE OWNERS OF THE INFORMATION.
In accordance with the provisions of Article 8 of Law 1581 of 2012, the owner of the personal data has the following rights:
a) To know, update and rectify your personal data vis-à-vis HOTEL ROSALES, in its capacity as data controller.
b) Request proof of the authorisation granted to HOTEL ROSALES, in its capacity as Data Controller.
c) To be informed by HOTEL ROSALES upon request, regarding the use it has given to their personal data.
d) File complaints with the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012, once the consultation or complaint process has been exhausted before the Data Controller.
e) Revoke the authorisation and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees.
f) To have free access to your personal data that have been subject to Processing.
ARTICLE 11. DUTIES OF HOTEL ROSALES IN RELATION TO THE PROCESSING OF PERSONAL DATA.
HOTEL ROSALES will bear in mind, at all times, that personal data are the property of the people to whom they refer and that only they can decide on them. In this sense, it will use them only for those purposes for which it is duly authorized, and respecting in all cases Law 1581 of 2012 on the protection of personal data. In accordance with the provisions of Article 17 of Law 1581 of 2012, HOTEL ROSALES undertakes to permanently comply with the following duties:
a) To guarantee to the Owner, at all times, the full and effective exercise of the right of habeas data.
b) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
c) Carry out in a timely manner, that is, in the terms provided for in articles 14 and 15 of Law 1581 of 2012, the updating, rectification or deletion of the data.
d) To process the queries and claims made by the Holders in the terms indicated in Article 14 of Law 1581 of 2012.
e) Insert in the database the legend “information under judicial discussion” once notified by the competent authority about judicial proceedings related to the quality or details of the personal data.
f) Refrain from circulating information that is being disputed by the Owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.
g) Allow access to information only to persons who can have access to it.
h) To inform the Superintendence of Industry and Commerce when there are violations of security codes and there are risks in the administration of the information of the Holders.
i) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
CHAPTER IV ACCESS, CONSULTATION AND COMPLAINT PROCEDURES
ARTICLE 13. RIGHT OF ACCESS
The power of disposition or decision that the owner has over the information that concerns him/her, necessarily entails the right to access and know if his/her personal information is being processed, as well as the scope, conditions and generalities of such processing. Likewise, the owner has the right to request their rectification in the event of being inaccurate or incomplete and to cancel them when they are not being used in accordance with legal or contractual purposes and terms or according to the purposes and terms contemplated in this Privacy Policy. HOTEL ROSALES will guarantee the right of access when, upon accreditation of the identity of the owner or his representative or attorney-in-fact, he requests it as provided for in Law 1581 of 2012. Customers and users may exercise their rights to know, update, rectify and delete their personal data by sending their request to the email: contact www.hotelrosalesneiva@gmail.com or by telephone (8)8722477, in accordance with this Privacy Policy.
You must include the following information in the application:
• Names and surnames.
• Type of document.
• Document number.
•Telephone.
• Email.
• Country.
• Subject.
ARTICLE 13. RESPONSE TO QUERIES.
In any case, regardless of the mechanism implemented for the attention of consultation requests, they will be attended to within a maximum term of ten (10) business days from the date of receipt. When it is not possible to respond to the query within said period, the interested party will be informed before the expiration of the 10 days, stating the reasons for the delay and indicating the date on which the query will be answered, which in no case may exceed five (5) business days following the expiration of the first term.
ARTICLE 14. CLAIMS.
In accordance with the provisions of Article 14 of Law 1581 of 2012, the Owner or his successors who consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, they may file a claim with the Data Controller, which will be processed under the following rules:
1. The claim may be submitted by the Owner in the formats provided for this purpose by HOTEL ROSALES in its Hotel Registry. If the complaint received does not have complete information that allows it to be processed, that is, with the identification of the Owner, the description of the facts that give rise to the claim, the address, and accompanying the documents that are to be asserted, the interested party will be required within five (5) days following its receipt to correct the defects. If two (2) months have elapsed since the date of the request without the applicant submitting the required information, it will be understood that the claim has been withdrawn. If, for any reason, the Company receives a claim that should not actually be directed against it, it will notify the appropriate party within a maximum period of two (2) business days and will inform the interested party of the situation.
2. Once the complete claim has been received, a legend will be included in the database maintained by HOTEL ROSALES that says “claim in process” and the reason for it, within a period of no more than two (2) business days. This legend must be maintained until the claim is decided.
3. The maximum term for dealing with the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend to it within said period, the interested party will be informed before the expiration of the aforementioned period of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
ARTICLE 15. IMPLEMENTATION OF PROCEDURES TO GUARANTEE THE RIGHT TO FILE COMPLAINTS.
At any time and free of charge, the owner or his representative may request the rectification, updating or deletion of his personal data from HOTEL ROSALES, after proving his identity.
The rights of rectification, updating or deletion may only be exercised by:
• The owner or his successors, after proving his identity, or through electronic instruments that allow him to identify himself.
• Their representative, after accreditation of the representation. When the application is made by a person other than the holder and it is not proven that he or she is acting on behalf of the owner, it will be considered not to have been submitted. The request for rectification, updating or deletion must be submitted through the means provided by HOTEL ROSALES indicated in the privacy notice and contain, at least, the following information:
1. The name and address of the holder or any other means of receiving the response
2. Documents that prove the identity or personality of their representative.
3. The clear and precise description of the personal data with respect to which the owner seeks to exercise any of the rights.
4. In the case of other elements or documents that facilitate the location of the personal data.
PARAGRAPH 1. RECTIFICATION AND UPDATING OF DATA.
HOTEL ROSALES is obliged to rectify and update, at the request of the owner, the information provided by the owner that turns out to be incomplete or inaccurate, in accordance with the procedure and terms indicated above. In this regard, the following will be taken into account: In requests for rectification and updating of personal data, the owner must indicate the corrections to be made and provide the documentation that supports their request. HOTEL ROSALES is free to enable mechanisms that facilitate the exercise of this right, as long as these benefit the owner. Consequently, electronic or other means that it deems pertinent may be enabled. HOTEL ROSALES may establish forms, systems and other simplified methods, which must be informed in the privacy notice and which will be made available to interested parties on the website. HOTEL ROSALES will use the customer service services it has in operation, as long as the response times are not longer than those indicated by Article 15 of Law 1581 of 2012. Every time HOTEL ROSALES makes available a new tool to facilitate the exercise of their rights by the owners of information or modifies existing ones, it will inform us through its website.
PARAGRAPH 2. DELETION OF DATA.
The owner has the right, at any time, to request HOTEL ROSALES. the deletion (deletion) of your personal data where:
a.) Consider that they are not being treated in accordance with the principles, duties and obligations provided for in Law 1581 of 2012.
b.) They are no longer necessary or relevant for the purpose for which they were collected.
c.) The period necessary for the fulfilment of the purposes for which they were collected has been exceeded. This deletion implies the total or partial elimination of the personal information in accordance with what is requested by the owner in the records, files, databases or treatments carried out by HOTEL ROSALES.
It is important to bear in mind that the right of cancellation is not absolute and the responsible party may deny the exercise of it when:
• The request for deletion of the information will not proceed when the owner has a legal or contractual duty to remain in the database.
• The deletion of data hinders judicial or administrative actions linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
• The data are necessary to protect the legally protected interests of the owner; to carry out an action in the public interest, or to comply with an obligation legally acquired by the owner. In the event that the cancellation of personal data is appropriate, HOTEL ROSALES must operationally carry out the deletion in such a way that the deletion does not allow the recovery of the information.
ARTICLE 16. REVOCATION OF AUTHORIZATION.
The owners of the personal data may revoke their consent to the processing of their personal data at any time, provided that it is not prevented by a legal provision. To do this, they must contact the ROSALES HOTEL, by email: contact hotelrosalesneiva@gmail.com. or by phone (8) 8722477. It should be borne in mind that there are two modalities in which the revocation of consent can be given. The first may be for all the purposes consented to, i.e. that HOTEL ROSALES must completely stop processing the owner’s data; the second may occur on certain types of processing, such as for advertising or market research purposes. With the second modality, i.e. the partial revocation of consent, other purposes of the processing that the controller, in accordance with the authorisation granted, can carry out and with which the owner agrees are safeguarded.
CHAPTER V INFORMATION SECURITY
ARTICLE 17. SECURITY MEASURES.
In development of the principle of security established in Law 1581 of 2012, HOTEL ROSALES has adopted the technical, human and administrative measures necessary to provide security to the records by preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access. Notwithstanding the foregoing, the client assumes the risks that arise from delivering this information in a medium such as the Internet, which is subject to various variables – attacks by third parties, technical or technological failures, among others. HOTEL ROSALES will make its best technological effort to guarantee the security of the personal information of all its customers and/or users, employing reasonable and current security methods to prevent unauthorized access, to maintain the accuracy of the data and to guarantee the correct use of the information.
ARTICLE 18. IMPLEMENTATION OF SECURITY MEASURES.
HOTEL ROSALES will maintain mandatory security protocols for staff with access to personal data and information systems. The procedure must consider, at least, the following aspects:
a) Third parties hired by HOTEL ROSALES will be obliged to adhere to and comply with the information security policies and manuals, as well as the security protocols that we apply to all our processes.
b) Any contract between HOTEL ROSALES and third parties (contractors, external consultants, temporary collaborators, etc.) that involves the processing of personal information and data will include a confidentiality agreement that details its commitments to the protection, care, security and preservation of the confidentiality, integrity and privacy of the same.
c) Scope of application of the procedure with detailed specification of the protected resources.
d) Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required in Law 1581 of 2012.
e) Functions and obligations of the staff.
f) Structure of personal databases and description of the information systems that process them.
g) Procedure for notification, management and response to incidents.
h) Procedures for making backup copies and recovering data.
i) Periodic controls that must be carried out to verify compliance with the provisions of the security procedure to be implemented
j) Measures to be adopted when a medium or document is to be transported, discarded or reused.
k) The procedure must be kept up to date at all times and must be reviewed whenever there are relevant changes in the information system in its organisation.
l) The content of the procedure must be adapted at all times to the provisions in force on the security of personal data
CHAPTER VI FINAL PROVISIONS
ARTICLE 19. MODIFICATIONS TO THE PRIVACY POLICY.
HOTEL ROSALES reserves the right to make modifications or updates to this Privacy Policy at any time, in order to respond to new legislation, internal policies or new requirements for the provision or offer of its services or products.
ARTICLE 20. VALIDITY OF THE PROCESSING OF PERSONAL INFORMATION AND DATA.
The information provided by customers and users will remain stored for up to fifteen (15) years from the date of the last processing, to allow us to comply with the legal and/or contractual obligations under their responsibility, especially in accounting, fiscal and tax matters.