Legal Notice - Hotel Andes Plaza

Hotel Andes Plaza

Information Handling Policies

FIRST: GENERALITIES

We have a special interest in protecting and respecting your information and personal data, and for this reason, we have designed these information processing policies within the framework of law 1581 of 2012 and regulatory decree 1377 of 2013.
  • 1.1.- Introduction. Compañía Hotelera Andes Plaza may collect personal data from its users, guests, or visitors through the different means designated for accessing the services offered by them. In any case, the collection will be carried out under the express authorization of the data owner, and the processing of these will be subject to what is established by the law. The personal information that is the subject of the considerations established herein may be collected by Compañía Hotelera Andes Plaza through the website www.emhotels.com, through visits or service acquisitions offered on the platform, or directly at the hotels linked or associated with Compañía Hotelera Andes Plaza. The considerations established herein will be deemed accepted by the Data Owner when they visit or use the website www.emhotels.com and/or when they enter personal data or information through the functions established for this purpose, regardless of the aim.
 
  • 1.2- General Principles. The obtaining and collection of personal data, as well as the use, processing, exchange, transfer, and transmission of these by Compañía Hotelera Andes Plaza or any of the operating companies of Compañía Hotelera Andes Plaza hotels, will always be guided by the principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access, and restricted circulation.
  • 1.3- Legal Definitions. In accordance with law 1581 of 2012 and decree 1377 of 2013, the following definitions will govern the policies for the processing of personal information.
    • 1.3.1.- Processor: The processor is understood as the natural or legal person, public or private, who by themselves or in association with others, processes personal data on behalf of the Data Controller;
    • 1.3.2.- Data Controller: The data controller is the natural or legal person, public or private, who by themselves or in association with others, decides on the database and/or the processing of the data;
    • 1.3.3.- Database: A database is understood as the organized set of personal data that is subject to Processing;
    • 1.3.4.- Personal Data: Personal data is understood as any information linked or that can be associated with one or more determined or determinable natural persons;
    • 1.3.5.- Sensitive Data: Sensitive data are those that affect the Data Owner’s privacy or whose improper use can lead to discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or those promoting any political party’s interests or ensure the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
    • 1.3.6.- Public Data: Public data is the data that is neither semi-private, private, nor sensitive. Public data includes, among others, data related to individuals’ civil status, profession or occupation, and their status as a trader or public servant. Due to its nature, public data may be contained, among others, in public records, public documents, gazettes, and official bulletins, and duly executed judicial decisions that are not subject to reservation.
    • 1.3.7.- Transfer: A data transfer takes place when the Data Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is a Data Controller and is located either inside or outside the country.
    • 1.3.8- Transmission: Processing of personal data that involves their communication within or outside the territory of the Republic of Colombia when it aims to be processed by the Processor on behalf of the Controller.

SECOND: AUTHORIZATION OF THE DATA OWNER:

The data provided will be subject to authorized processing, granted in a prior, express, and informed manner by the Owner directly to Compañía Hotelera Andes Plaza, or through the Compañía Hotelera Andes Plaza hotels or the companies that operate them. However, the visit, entry, or use of the website www.emhotels.com constitutes in itself prior, express, and informed authorization for the storage, collection, and processing of information in accordance with the data processing policy contained herein. In any case, data collection will be limited to those personal data that are pertinent and adequate for the intended purpose.

THIRD: INFORMATION PROCESSING:

  • 3.1– Collected Data. The data collection for the development of the Processing and its intended purposes will fall on the personal data received and stored by Compañía Hotelera Andes Plaza and the companies and hotels linked or associated with Compañía Hotelera Andes Plaza and will include all the information provided or supplied during the visit to the website www.emhotels.com, as well as all that related to the services or reservations made, and the lodging and accommodation data provided to Compañía Hotelera Andes Plaza or any of its associated hotels. Notwithstanding that in some cases it concerns public data, the information collected will correspond to the name, identity card number, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, consumption habits, or travel habits, among others. If a reservation is made through the website www.emhotels.com, the information corresponding to the credit card provided for reservation and stay purposes will be collected.
  • 3.2– Processing to which the data will be subjected and its purpose. The data and information obtained and collected by Compañía Hotelera Andes Plaza, by the Compañía Hotelera Andes Plaza hotels, or by the operating companies of such hotels, will be used in the normal course of their commercial activities only for the purpose established in the present information processing policies, allowing for direct and effective communication with the customer, leading to a closer relationship. The processing consists in sending digital information through different communication channels, with the intention of contacting the owner to send service surveys after each stay that allows for evaluation of the provided service and communicating invitations, offers, promotions, service portfolios, or information from the Hotel or the hotels that are part of Compañía Hotelera Andes Plaza, without at any time being the data facilitated, transferred, or delivered to persons other than the Hotel that collected the information or to the hotels and activities linked to Compañía Hotelera Andes Plaza and its activities. Additionally, through the collection of data, it seeks to: conduct, process, manage, and/or complete reservations or purchase of hotel nights or other services; conduct internal studies on tourism habits; evaluate the quality of our services; send surveys and questionnaires regarding the services provided; timely address your requests, inquiries, or needs; communicate invitations, offers, promotions, and general information on the service portfolio offered by natural or legal persons that are directly linked with hotel operation and specifically with the services provided by Compañía Hotelera Andes Plaza and the companies and hotels that operate them.The information or data provided, collected, gathered or stored in accordance with these policies may be shared, transmitted, updated, and/or deleted between Compañía Hotelera Andes Plaza, the Compañía Hotelera Andes Plaza hotels, and their operating companies with the purpose defined in these policies, to be used in the way established herein. By accessing the website www.emhotels.com, you authorize your information and data to be shared with the tourist providers to which they refer and before whom their reservations and/or requests are processed. It is assumed that all information or data provided or placed through the page www.emhotels.com is truthful, accurate, and complete and may be withdrawn at any time in the event that it is considered harmful or detrimental to your interests or the interests of a third party. The data and generally the information received when accessing the website www.emhotels.com may be both yours and from the equipment from which you are accessing. With the aim of optimizing and making your experience visiting the page more efficient www.emhotels.com, cookies and/or web beacons may be used, and information about visited web pages, your IP address, the operating system of the equipment from which you are accessing may be obtained and stored through a recognition and tracking process that allows identifying your preferences and identifying you when you visit the page again, and storing certain records based on your IP address. The IP address is not associated with nor linked to your name or personal data.
  • 3.3.- Sensitive Data and Data Corresponding to Children and Adolescents. Neither Compañía Hotelera Andes Plaza nor the operating companies of Compañía Hotelera Andes Plaza hotels will process data considered sensitive, nor is the data collection oriented towards collecting sensitive information. The collection of data corresponding to children and adolescents under age, and the respective authorization, must always be done through their legal representative, after the minor exercises their right to be heard. The processing of data corresponding to children and adolescents must respond to and respect their superior interest and fundamental rights. In the event that for any reason a question may lead to the answer being about sensitive data or data of girls, boys, and adolescents, the answer to such a question will be optional.
  • 3.4.- Duties of the Data Controller Regarding Information Processing. The information controllers, and/or the responsible parties and processors of personal data, are obliged to:
    • a) Guarantee the Data Owner, at all times, the full and effective exercise of the right of habeas data;
    • b) Request and keep, in the conditions provided by law, a copy of the respective authorization given by the Data Owner;
    • c) Properly inform the Data Owner about the purpose of the collection and the rights that assist them by virtue of the granted authorization;
    • d) Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, unauthorized or fraudulent use or access;
    • e) Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable, and understandable;
    • f) Update the information, promptly informing the Data Processor of all updates regarding the data previously provided and taking the necessary measures to keep the information updated;
    • g) Correct the information when it is incorrect and communicate the relevant corrections to the Data Processor;
    • h) Provide the Data Processor, as the case may be, only the data whose Processing is previously authorized in compliance with the law;
    • i) Require the Data Processor at all times to respect the conditions of security and privacy of the Data Owner’s information;
    • j) Address consultations and claims made within the terms stipulated by law;
    • k) Inform the Data Processor when certain information is under discussion by the Data Owner, once the claim has been filed, and the respective procedure has not concluded;
    • l) Inform the Data Owner, upon request, about the use of their data;
    • m) Inform the data protection authority when there are violations of security codes and risks in the management of Data Owners’ information.
    • n) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

FOURTH: RIGHTS AND POWERS OF THE DATA OWNER:

  • 4.1.- Rights of the Data Owner. Once the authorization for the corresponding processing has been granted by the Data Owner, they have the right to:
    • a) Know, update, and rectify their personal data. This right can be exercised concerning partial, inaccurate, incomplete, fragmented data that leads to error or those whose Processing is expressly prohibited or not authorized;
    • b) Request proof of the granted authorization, except when explicitly exempted as a requirement for Processing, in accordance with article 10 of law 1581 of 2012;
    • c) Be informed by the responsible and/or data manager, upon request, of the use given to their personal data;
    • d) File complaints before the Superintendence of Industry and Commerce for violations of the provisions in the law;
    • e) Revoke the authorization and/or request the deletion of the data when their Processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will proceed when the Superintendence of Industry and Commerce determines that the Processing incurs behaviors contrary to this law and the Constitution;
    • f) Request, at any time, the responsible or in charge, the deletion of their personal data and/or revocation of the granted authorization for their Processing, through the submission of a claim, which will not proceed when the Data Owner has a legal or contractual duty to remain in the database.
    • g) Access their personal data for free that have been subject to Processing:
      • (i) at least once every calendar month, and
      • (ii) each time there are substantial modifications to the information processing policies that justify new queries. In case of requests whose frequency is greater than one per calendar month, the responsible and/or in charge may charge the Data Owner for the costs of sending, reproduction, and, where applicable, document certification.
  • 4.2.- Legitimation for the Exercise of the Data Owner’s Rights. The following persons are also legitimated to exercise the rights of the Data Owner:
    • a). The owner themselves, who must sufficiently prove their identity through the means that the responsible provides;
    • b). Their successors, who must prove such quality;
    • c). The representative and/or attorney-in-fact of the Data Owner, upon accreditation of the representation or power of attorney;
    • d). By stipulation in favor of another or for another;
    • e). The rights of children and adolescents will be exercised by the persons authorized to represent them, after proving the power of representation.
  • 4.3.- Responsible Area for Attending and Accompanying the Data Owner. The attention and response to requests, inquiries, and claims of the Data Owners regarding any aspect of the processing will be in charge of the legal department. The Data Owner who wishes to know, update, rectify, request proof of the granted authorization, be informed of the use of their personal data, revoke the authorization and/or request the deletion of the data and/or access their personal data that have been subject to Processing for free, must request it in writing directly to the email andesvirtual@hotelandesplaza.co or send the communication to Avenida 15 Calle 100 Chicó Norte, Bogotá (Colombia). In either case, it should indicate:
    • a) full name;
    • b) identification document;
    • c) physical address and email;
    • d) contact phone number;
    • e) Brief relation of the information and data to which it refers, expressly indicating the scope and content of the request, and,
    • f) accompany the documents that they consider support their request.
  • 4.4.- Procedure for Exercising the Rights to Know, Update, Rectify, or Suppress Information, and Revoke Authorization. The procedures for accessing, updating, deleting, and rectifying personal data, and revoking authorization may be carried out through inquiries or claims, directed to the email andesvirtual@hotelandesplaza.co or to the address Avenida 15 Calle 100 Chicó Norte, Bogotá (Colombia), depending on the purpose they pursue, determining at least, the legitimation to make the request and clearly and concretely expressing the intention. All requests, suggestions, and recommendations related to information processing must be addressed to the email andesvirtual@hotelandesplaza.co . The information owner or the authorized person must attach to their writing proof of their acting capacity and must provide the data and documents necessary to account for their identity and quality.The email must specify the reason or purpose of the communication, and for this, it will suffice that the text indicates that the right to know, update, rectify, delete or revoke the granted authorization is being exercised.
  • 4.5.- Procedure for Correcting, Updating, or Deleting Data and for Submitting Complaints and Claims. Anyone authorized by law, and who considers that the information contained should be corrected, updated, or deleted, or when they consider that the treatment given to personal data violates legal norms, may file, in accordance with article 15 of Law 1581 of 2012, claims to the email andesvirtual@hotelandesplaza.co. Complaints and claims will be managed under the following rules:
    • 4.5.1.- The claim will be made by request addressed to the Data Controller or the Data Processor, with the identification of the Data Owner, description of the facts that lead to the complaint, and the address, accompanied by the documents they wish to assert. If the complaint is incomplete, the interested party will be required within five (5) business days of receipt of the claim to rectify the errors. After two (2) months from the date of the requirement, without the applicant providing the required information, it will be understood that the claim has been withdrawn. If the person who receives the complaint is not competent to resolve it, it will be transferred to the appropriate party within a maximum period of two (2) business days and the situation will be informed to the interested party.
    • 4.5.2.- Once the complete claim is received, a legend stating “claim in process” and the reason for it will be included in the database, within a period no longer than two (2) business days. This legend must be maintained until the claim is resolved.
    • 4.5.3.– The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. If it is not possible to resolve the claim within this term, the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term, will be informed to the interested party.
    • 4.6.- Consultation and Access to Information. Consultations of personal data contained in the Compañía Hotelera Andes Plaza database, will be addressed by written request through the email andesvirtual@hotelandesplaza.co. Consultations will be addressed within a maximum period of ten (10) business days from the date of receipt. If it is not possible to address the consultation within this term, the interested party will be informed before the expiration of ten (10) business days, expressing the reasons for the delay and indicating the date on which the consultation will be addressed, which in no case may exceed five (5) business days following the expiration of the first period.

FIFTH: SECURITY.

  • 5.1.- Security in Information Management. The collected data will always be treated within a framework of confidentiality, so they will not be facilitated, transferred, or delivered to persons different from or unrelated to the Hotel, Compañía Hotelera Andes Plaza, or Compañía Hotelera Andes Plaza operating companies, or anyone else with legitimate authorization for it.
  • 5.2.- Transfer and Transmission of Data. In the event that a contract is signed with a third party professional with experience in the management and use of databases, the data controller will sign the personal data transmission contract referred to in article 25 of decree 1377 of 2013.

SIXTH: DISSEMINATION AND VALIDITY.

  • 6.1.- Means of Dissemination of Information Processing Policies and Privacy Notice. This document, which establishes the information processing policies on collected personal data, will be permanently published at the link _URL of information processing._ so that it can be consulted by anyone interested. At the time of requesting the Data Owner’s express authorization for data processing, the specific purposes for which consent is obtained will be indicated, and the Data Processing Policy and the rights available to them will be communicated.
  • 6.2.- Effective Date of Information Processing Policies. The collection, storage, use, and circulation of personal data, in development of the considerations established herein, will be conducted and maintained as long as the need for direct communication with the client exists, and there are no more efficient means to achieve it, according to the proposed purposes of the Processing. In case the purpose cannot be achieved through the Processing of personal data, these will be permanently deleted from the database. This document becomes effective on February 22, 2016.
  • 6.3.- Procedure for Modifying Policies. In the event that modifications are made to the personal data processing policies outlined herein, they will be notified and communicated through this same website, prior to their entry into force.
  • 6.4.- Incorporation of the Terms of Use of the Website www.emhotels.com. In accordance with applicable regulations, the information processing policy is an integral part of the terms and conditions of use of the website www.emhotels.com.
  • 6.5. – Data Controller.Compañía Hotelera Andes Plaza, with NIT 830.012.169-9, is the data controller and processor of personal data, along with each of the linked operating companies that have collected the information. When the information has been received or collected by any of its affiliated companies, with express authorization to be transferred, Compañía Hotelera Andes Plaza will be responsible for the processing. Any communication can be addressed to Avenida 15 Calle 100 Chicó Norte, Bogotá (Colombia), or to the email andesvirtual@hotelandesplaza.co.