Personal data processing policy

AITE SAS, identified as a legal entity with NIT: 900.503.035-1, operating under the trade name ECO HOTEL AITE, guarantees the protection of personal data at all times, in accordance with Article 13 of the Colombian Political Constitution, Law 1581 of 2012, and Regulatory Decree 1377 of 2013.

  1. DEFINITION

In compliance with current legislation on personal data protection, the following definitions are provided for the purpose of providing a systematic and comprehensive application to this manual.

  • Authorization: Prior and express consent by the owner of the personal data for processing and collection.
  • Database: A set of personal information obtained with the authorization of the owner of the personal data.
  • Personal Data: Information collected by ECO HOTEL AITE SAS from individuals or legal entities, public or private.
  • Data subject: Natural person whose personal data is being processed.
  • Processing: A set of operations on personal data, such as collection, storage, use, circulation or pressure.
  1. RIGHTS OF MINORS AND ADOLESCENTS

The rights of minors and adolescents will be respected and prevail. The collection and storage of personal data of minors and adolescents by any means and in any form is prohibited.

  1. INFORMATION REQUESTED AND OBTAINING IT

ECO HOTEL AITE SAS, within the scope of its corporate purpose, will collect and store the personal data of all its clients in order to fully fulfill its contractual obligations and satisfy and understand the needs of each of its clients.

 

The information obtained from clients will be done through:

  • Website Subscribers Newsletter
  • Loyalty Program
  • Satisfaction Survey
  • Guest database of the reservation system
  • Database of Travel Agencies visited

 

The different forms of collection of personal data will have the sole purpose of developing the corporate purpose of ECO HOTEL AITE SAS

 

Personal information collected from customers through the channels described above may include, but is not limited to:

  • Full Names and Surnames
  • Address of Residence
  • Identification Document
  • City – Country
  • Contact telephone numbers
  • Email
  • Contact telephone number
  • Contact address
  • City – Country
  • Contact telephone numbers

This data may be stored and/or processed on servers located in data centers, whether our own or contracted with third-party providers, which is authorized by our guests, visitors, clients, users, and suppliers upon acceptance of this Privacy Policy.

  1. ACCURACY OF THE INFORMATION

Our guests, visitors, clients, users, and suppliers must provide truthful information about their personal data in order for ECO HOTEL AITE SAS to provide services, and under this condition they agree to provide the required information.

ECO HOTEL AITE SAS assumes the veracity of the information provided and does not verify, nor assume the obligation to verify, the identity of the guests, visitors, clients, users and suppliers, nor the veracity, validity, sufficiency and authenticity of the data that each of them provides. Therefore, it does not assume responsibility for damages and/or losses of any kind that may arise from the lack of veracity, validity, sufficiency or authenticity of the information, including damages that may be due to homonymy or identity theft.

  1. PURPOSES OF THE PROCESSING OF PERSONAL DATA

The information collected is used to process, confirm, fulfill and provide the services and/or products acquired, directly and/or with the participation of third-party providers of products or services, as well as to promote and advertise our activities, products and services, carry out transactions, make reports to the different national or international administrative control and surveillance authorities, police authorities or judicial authorities, banking entities and/or insurance companies, for internal administrative and/or commercial purposes such as market research, audits, accounting reports, statistical analysis, billing, and offering and/or recognition of benefits of our loyalty programs.

By accepting this Privacy and Data Processing Policy, our guests, visitors, clients, users and suppliers, in their capacity as owners of the data collected, authorize ECO HOTEL AITE SAS to process such data, in whole or in part, including the collection, storage, recording, use, circulation, processing and deletion of such data, for the execution of activities related to the services and products purchased, such as making reservations, making modifications, cancellations and changes to such reservations, refunds, handling of queries, complaints and claims, payment of compensation and indemnities, accounting records, correspondence, processing and verification of credit and debit cards and other payment instruments, identifying fraud and preventing money laundering and other criminal activities and/or for the operation of loyalty programs and other purposes indicated in this document.

The foregoing is without prejudice to other purposes that have been reported in this document and in the terms and conditions of each of the products and services of each of our business units.

We advise that third-party providers (such as reservation system providers, travel agencies, call centers, banks, and insurance companies) may be involved in these activities.

Additionally, our travelers, clients, and users, as owners of the data collected, by accepting this privacy policy, authorize us to:

  • Use the information received from them for marketing purposes of their products and services, and the products and services of third parties with which ECO HOTEL AITE SAS maintains a business relationship.
  • Providing personal data to police or judicial control and surveillance authorities pursuant to a legal or regulatory requirement and/or using or disclosing this information and personal data in defense of its rights and/or assets, insofar as such defense is related to the products and/or services contracted by its travelers, clients, and users.
  • Allow access to information and personal data to auditors or third parties contracted to carry out internal or external audit processes related to the commercial activity we carry out.
  • Consult and update personal data at any time in order to keep said information up-to-date.
  • Contract with third parties to store and/or process information and personal data for the proper execution of contracts entered into with us, under the security and confidentiality standards to which we are bound.
  1. NATIONAL DATABASE REGISTRY

ECO HOTEL AITE SAS reserves the right, in the cases contemplated by law and in its statutes and internal regulations, to maintain and catalog certain information stored in its databases or banks, without prejudice to any confidentiality agreements previously entered into and accepted by the parties.

ECO HOTEL AITE SAS will proceed, in accordance with current regulations and the rules issued by the National Government, to register its databases with the National Database Registry (RNBD), which will be administered by the Superintendency of Industry and Commerce. The RNBD is the public directory of databases subject to processing that operate in the country and will be freely accessible to citizens, in accordance with the rules issued by the National Government.

  1. PRIVACY NOTICE

A privacy notice shall be understood to mean the electronic document, known or unknown, that is available to the owner of the personal data.

The Privacy Notice will inform you about how the collected information will be treated, how to access it, and what characteristics will be given to personal data.

  1. CONTENT OF THE PRIVACY NOTICE

The Privacy Notice will contain, at a minimum, the following information.

  • Name or company name and contact details of the Data Controller.
  • The processing to which the data will be subjected and its purpose.
  • The rights that the Holder has.

The mechanisms provided by the Controller to ensure that the Data Subject is aware of the Data Processing policy and any substantial changes to it or to the corresponding Privacy Notice. In all cases, the Controller must inform the Data Subject how to access or consult the Data Processing policy.

The owner of personal data, in accordance with applicable legislation, the Personal Data Processing Policy Manual, and the Privacy Policy, shall have the following rights:

  • Access, know, rectify, and update your personal data, as the data controller.
  • By any valid means, request proof of the authorization granted to ECO HOTEL AITE SAS, in its capacity as Data Controller.
  • To receive information from ECO HOTEL AITE SAS, upon request, regarding the use of your personal data.
  • Appear before the legally constituted authorities, especially the Superintendency of Industry and Commerce, and file complaints for violations of the provisions in force in the applicable regulations, after consulting or submitting a request to the Data Controller.
  • Modify and revoke authorization and/or request the deletion of data when the processing does not respect the constitutional and legal principles, rights, and guarantees in force.
  • Have knowledge and access free of charge to your personal data that has been processed.
  1. PEOPLE WHO MAY EXERCISE THE RIGHTS OF THE OWNER
  • By the owner, who must sufficiently prove his identity through the various means made available to him by the responsible party.
  • By the representative or attorney of the owner, upon prior accreditation of the power.
  • By stipulation in favor of another or by another.
  1. INFORMATION CONSULTATION

The personal data of the holders of information held by ECO HOTEL AITE SAS may be accessed by the persons described above.

Those interested in consulting the information must make a written request, which will be processed within five (5) days. If this is not possible, a response will be given within the term of five (5) days. The owner of the personal data will be notified and the date on which the consultation will be resolved will be set, which at no time may be greater than half of the first term.

All of the above, without prejudice to the electronic or other means of communication that may be enabled for this purpose.

Data subjects will have the right to consult their personal data free of charge, once every calendar month, and in cases where substantial changes are made to the Data Processing Policies.

  1. CLAIMS

The Holder who considers that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in the Law, may file a claim with the Data Controller, channeling and sending it through the department designated for this purpose, Commercial Management, to the email address cliente@irotama.com, which will exercise the function of protection of personal data within ECO HOTEL AITE SAS. The claim may be filed by the Holder, taking into account the information indicated in article 15 of Law 1581 of 2012 and in decree 1377 of 2013, and other regulations that modify or add to them.

You must include the following information in the application:

  • First and last names.
  • Document type.
  • Document number.
  • Telephone.
  • Email.
  • Country.
  • Affair.
  1. RECTIFICATION AND UPDATE OF PERSONAL DATA

ECO HOTEL AITE SAS will be obligated to rectify and update, at the request of the owner, any information obtained that is incomplete or inaccurate.

The procedure to be followed for correcting and updating personal data is the same as that described in the Information Consultation section.

To request rectification or updating of personal data, the data subject must provide detailed information on the corrections to be made.

  1. DELETION OF PERSONAL DATA

The owner has the right, at any time, to request that ECO HOTEL AITE SAS delete personal data when:

 

  • Consider that they are not being treated in accordance with the principles, duties, and obligations provided for in current regulations.
  • They are no longer necessary or relevant for the purpose for which they were collected.
  • The period necessary for the fulfillment of the purposes for which the funds were collected has been exceeded.
  • This deletion involves the total or partial elimination of personal information in accordance with the owner's request from records, files, and databases.
  • It is important to note that the right to cancellation is not absolute and the data controller may deny the exercise of the right when:
  • The owner has a legal or contractual obligation to remain in the database.
  • The deletion of data hinders judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes, or the updating of administrative sanctions.
  • The data may be necessary to protect the legally protected interests of the data subject; to carry out an action based on the public interest; or to comply with a legal obligation of the data subject.

 

  1. SECURITY OF PERSONAL DATA INFORMATION

Based on the Personal Data Processing Policy Manual, ECO HOTEL AITE SAS will have all the technical and administrative measures that allow the necessary security elements to prevent the adulteration, loss, consultation, or unauthorized or fraudulent access to personal information contained in the databases.

Notwithstanding the foregoing, the client assumes the risks arising from providing this information over a medium such as the Internet, which is subject to various variables – third-party attacks, technical or technological failures, among others.

ECO HOTEL AITE SAS will make its best technological effort to guarantee the security of the personal information of all its clients and/or users, using reasonable and current security methods to prevent unauthorized access, to maintain the accuracy of the data and to guarantee the correct use of the information.

 

 

  1. IMPLEMENTATION OF SECURITY MEASURES

ECO HOTEL AITE SAS will maintain mandatory security protocols for staff with access to personal data and information systems. The procedure must consider, at a minimum, the following aspects:

  1. a) Third parties contracted by ECO HOTEL AITE SAS must adhere to and comply with the information security policies and manuals, as well as the security protocols we apply to all our processes. b) Every contract between ECO HOTEL AITE SAS and third parties (contractors, external consultants, temporary collaborators, etc.) involving the processing of information and personal data will include a confidentiality agreement detailing their commitments to the protection, care, security, and preservation of the confidentiality, integrity, and privacy of said information. c) Scope of the procedure with a detailed specification of the protected resources. d) Measures, norms, procedures, rules, and standards aimed at guaranteeing the level of security required by Law 1581 of 2012. e) Functions and obligations of staff. f) Structure of personal data bases and description of the information systems that process them. g) Procedure for reporting, managing, and responding to incidents. h) Procedures for making backup copies and recovering data. i) Periodic checks to be performed to verify compliance with the provisions of the implemented security procedure. j) Measures to be taken when a medium or document is to be transported, discarded, or reused. k) The procedure must be kept up-to-date at all times and must be reviewed whenever significant changes occur in the information system or its organization. l) The content of the procedure must always comply with current provisions regarding the security of personal data.
  2. VALIDITY

This Personal Data Processing Policy Manual comes into effect on August 20, 2013, and supersedes any previously adopted manual.