DATA PRIVACY AND INFORMATION MANAGEMENT POLICIES
DATA PRIVACY AND INFORMATION MANAGEMENT POLICIES
Law 1581 of 2012 and Regulatory Decree 1377 of 2013
DATA CONTROLLER
• NAME: HOTEL SORATAMA SA
• NIT: 800.156.522-5
• ADDRESS: CARRERA 7 NUMBER 19-20 PEREIRA, RISARALDA
• EMAIL: administracion@hotelsoratama.com
• WEBSITE: www.hotelsansimon.com
• PHONE: 57 (1) 3358650
1. OBJECTIVE: To establish and disseminate the Information Processing and Personal Data Protection Policies implemented by HOTEL SORATAMA, in order to guarantee adequate compliance with Law 1581 of 2012 and Decree 1377 of 2013 and other regulations that modify or complement them, which aim to develop the constitutional right of all persons to know, update and rectify the information collected in databases or files, and other constitutional rights, freedoms and guarantees referred to in Article 15 of the Political Constitution "Habeas Data"; as well as the right to information enshrined in Article 20 thereof.
2. SCOPE: This document applies to personal data recorded in any database managed by the company and which makes them susceptible to processing.
3. DEFINITIONS:
3.1 Authorization: Prior, express and informed consent used by the Soratama Hotel of the owner to carry out the confirmation of the processing of their personal data.
3.2 Database: organized set of personal data that is the object of processing by HOTEL SORATAMA
3.3 Inquiries: Request for the Holder's personal information stored in any database, for which Hotel Soratama is obliged to provide the Holder with all information contained in the individual record or that is linked to the Holder's identification.
3.4 Personal data: Any information linked to or that can be associated with one or more specific or determinable natural or legal persons.
3.5 Sensitive data: Personal data that reveals racial or ethnic origin, political opinions, religious or moral beliefs, union membership, information concerning health or sexual life, or any other data that, due to its nature or context, may lead to discriminatory treatment of the data subject. This data is specially protected.
3.6 Habeas data: It is the fundamental right that allows to know, update and rectify the information stored about people in databases and in files of public and private entities.
4. GENERAL GUIDELINES
4.1 The policies set forth in this document are binding on Hotel Soratama, as the source and data processor.
4.2 Both the controller and those in charge must safeguard databases containing personal data and maintain confidentiality regarding the processing.
4.3 This policy applies to the general public, whether natural or legal persons who provide their personal data to Hotel Soratama and are the legal owners of the information, or persons who provide their personal data by any means. Therefore, the provisions of this policy will apply to personal data recorded in any of our databases that make it susceptible to the established processing. Hotel Soratama is responsible for and in charge of information sources.
4.4 WHY IS HOTEL SORATAMA THE SOURCE AND CONTROLLER OF THE INFORMATION? Hotel Soratama is an organization responsible for collecting personal and third-party information through the receipt of documentation, as well as the processing of said information, modifying it as requested by the owner and/or their representatives through any physical or technological means that allows the inclusion or modification of personal data.
4.5 DUTIES OF HOTEL SORATAMA AS A SOURCE OF INFORMATION The sources of information must comply with the following obligations, without prejudice to compliance with the other provisions set forth in this law and in others that govern their activity:
• Ensure that the information provided to database operators or users is truthful, complete, accurate, up-to-date and verifiable.
• Report, periodically and in a timely manner, to the operator all developments regarding the data previously provided and adopt other necessary measures to ensure that the information provided to the operator remains up-to-date.
• Rectify information when it is incorrect and inform operators accordingly.
• Design and implement effective mechanisms to report information to the operator in a timely manner.
• Request, where appropriate, and retain a copy or evidence of the respective authorization granted by the information holders, and ensure that operators are not provided with any data whose provision has not been previously authorized, when such authorization is necessary, in accordance with the provisions of this law.
• Certify, on a semi-annual basis, to the operator that the information provided is authorized in accordance with the provisions of this law.
• Resolve the claims and requests of the owner in the manner regulated by this law.
• Inform the operator that certain information is being disputed by its owner, when a request for rectification or update has been submitted, so that the operator can include a note to that effect in the database until the process is completed.
• Comply with the instructions issued by the supervisory authority in relation to compliance with this law.
4.6 DUTIES OF HOTEL SORATAMA AS DATA PROCESSOR
• Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.
• Take measures to preserve information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent access, use, or consultation.
• Promptly update, rectify, or delete data in accordance with this law.
• Update the information reported by those responsible for the treatment within five (5) business days from its receipt.
• Process queries and complaints made by the Owners in accordance with the terms set forth in the Law.
• Adopt a document that guarantees proper compliance with the Law and, in particular, for the handling of queries and complaints from Owners.
• Record the legend “claim in process” in the database in the manner regulated by law.
• Insert the legend “information under judicial discussion” into the database once notified by the competent authority about judicial proceedings related to the quality of personal data.
• Refrain from circulating information that is being disputed by the Owner and whose blocking has been ordered by the Superintendency of Industry and Commerce.
• Allow access to information only to people who can access it.
• Inform the Superintendency of Industry and Commerce when security code violations occur and risks exist in the management of the Data Subjects' information.
• Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
• Safeguard databases containing personal data.
• Maintain confidentiality regarding the processing of personal data.
5. PROCESSING OF PERSONAL DATA
5.1 Principles for the processing of personal data The following principles will be taken into account by the Soratama Hotel in the process of managing personal data.
5.1.1 Legality regarding data processing Data processing must be subject to the provisions contained in Law 1581 of 2012 and any regulations that develop or regulate such provisions.
5.1.2 Purpose and processing The processing of data and the purpose of the information in the Hotel Soratama databases are based on the provision of the service, the contractual relationship, commercial and/or advertising purposes. Hotel Soratama may transmit the information to third parties, suppliers and authorities.
5.1.3 Freedom. Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial order that waives consent.
5.1.4 Truthfulness or quality The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.
5.1.5 Transparency In the processing, the right of the Owner of the information collected by HOTEL SORATAMA must be guaranteed to obtain from the data controller or the data processor, at any time and without restrictions, information about the existence of data that concerns him/her.
5.1.6 Restricted access and circulation. Processing is subject to the limits derived from the nature of the personal data, the provisions of Law 1581 of 2012, and the Constitution. In this regard, processing may only be carried out by persons authorized by the Data Controller and/or by the persons provided for by law.
5.1.7 Security The information subject to processing by the controller or processor must be handled by taking reasonable technical, human and administrative measures to ensure the security of the records, seeking to prevent their adulteration, loss, consultation, use or unauthorized or fraudulent access.
5.1.8 Confidentiality All persons involved in the processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in said procedure has ended, and may only provide or communicate personal data when this corresponds to the development of the activities authorized by the Law and under the terms thereof.
5.2 Special categories of data
5.2.1 Sensitive data: These are data that affect the privacy of the Owner or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
5.2.1.1 The processing of sensitive data is prohibited, except when:
• The Data Subject has given explicit authorization for such processing, except in cases where the granting of such authorization is not required by law.
• The processing is necessary to safeguard the vital interests of the Data Subject and the Data Subject is physically or legally incapacitated. In these cases, the Data Subject's legal representatives must provide their authorization.
• The processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association, or any other non-profit organization whose purpose is political, philosophical, religious, or trade union, provided that it refers exclusively to its members or to individuals with whom it maintains regular contact due to its purpose. In these cases, the data may not be provided to third parties without the Data Controller's authorization.
• Processing refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
• The processing is for historical, statistical, or scientific purposes. In this event, measures must be taken to erase the identity of the Data Subjects.
• In the processing of sensitive personal data, when such processing is possible in accordance with the exceptions cited above contained in Article 6 of Law 1581 of 2012, the following obligations must be met:
• Inform the Owner that since the data is sensitive, he or she is not required to authorize its processing.
• Inform the Data Subject explicitly and in advance, in addition to the general requirements for authorization to collect any type of personal data, which of the data to be processed is sensitive and the purpose of the processing, as well as obtain their express consent.
5.3 Data on children and adolescents
• Treatment will ensure respect for the prevailing rights of children and adolescents.
• The processing of personal data of children and adolescents is prohibited, except for data that is public in nature.
6. CONDITIONS FOR DATA PROCESSING
6.1 Authorization In accordance with the principles of purpose and freedom, the collection of data by HOTEL SORATAMA., must be limited to those personal data that are relevant and adequate for the purpose for which they are collected or required in accordance with current regulations, except in cases expressly provided for by law.
6.2 Data Subject Authorization. For HOTEL SORATAMA to carry out any personal data processing, the prior and informed authorization of the Data Subject is required. This authorization must be obtained by any means that can be subsequently consulted. These mechanisms may be predetermined through technical means that facilitate the Data Subject's automated declaration, or they may be in writing or orally.
6.3 Authorization of the Owner HOTEL SORATAMA, requests authorization for the processing of information from all its owners, as long as said collection implies the processing of information by HOTEL SORATAMA., or third parties (prior authorization), this request for authorization is made at the time of generating commercial relations with clients and hiring personnel to perform the tasks inherent to the organization.
6.4 Provision of Information. The information requested from the Owner will be provided to HOTEL SORATAMA by any means, including electronic means, as requested by the Owner. The information must be easy to read, without technical barriers impeding access, and must fully correspond to the information stored in the database.
6.5 Duty to inform the Owner HOTEL SORATAMA, when requesting authorization from the Owner, must inform him clearly and expressly of the following:
• The processing to which your personal data will be subjected and the purpose thereof.
• The optional nature of the response to questions asked when these concern sensitive data or the data of girls, boys, and adolescents.
• The rights that you have as the Owner.
• The identification, physical or electronic address and telephone number of the data controller.
6.6 Persons to whom the information may be provided Information about personal data that has been subject to processing by HOTEL SORATAMA may be provided to the following persons:
• To the Holders or their legal representatives.
• To public or administrative entities in the exercise of their legal functions or by court order.
• To third parties authorized by the Owner or by law.
7. RIGHTS OF THE OWNER
7.1 Revocation of authorization and/or deletion of data:
• Data Subjects may at any time request that HOTEL SORATAMA delete their personal data and/or revoke the authorization granted for the processing of such data by submitting a complaint, in accordance with the provisions of Article 15 of Law 1581 of 2012.
• The request for deletion of information and the revocation of authorization WILL NOT PROCEED WHEN THE OWNER HAS A LEGAL OR CONTRACTUAL DUTY TO REMAIN IN THE HOTEL SORATAMA DATABASE.
• The procedure for filing claims will be as established in this document.
7.2 The Owner may consult his/her personal data free of charge:
• At least once (1) every calendar month.
• Whenever there are substantial modifications to the Information Processing Policies, which motivate new consultations.
• For inquiries whose frequency is greater than one (1) per calendar month, HOTEL SORATAMA will only charge the costs of shipping, reproduction and, where applicable, certification of documents. Reproduction costs may not exceed the costs of recovering the corresponding material.
7.3 Response to queries
• For the purposes of responding to inquiries, HOTEL SORATAMA has a period of ten (10) business days from the date of receipt thereof. However, when it is not possible to respond to the inquiry within this period, the interested party will be informed, stating the reasons for the delay and indicating the date on which their inquiry will be responded to, which in no case may exceed five (5) business days following the expiration of the first term.
8. HOTEL SORATAMA'S DUTIES IN DATA PROCESSING
• Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.
• Request and retain, under the conditions provided by law, a copy of the respective authorization granted by the Owner.
• Properly inform the Owner about the purpose of the collection and the rights to which he or she is entitled by virtue of the authorization granted.
• Take measures to keep information secure to prevent its alteration, loss, unauthorized or fraudulent access, use, or consultation.
• Ensure that the information provided to the data controller is truthful, complete, accurate, up-to-date, verifiable and understandable.
• Update the information, promptly communicating to the data controller any new developments regarding the data previously provided and adopting other necessary measures to ensure the information provided remains up-to-date.
• Rectify information when it is incorrect and notify the data controller as appropriate.
• Provide the data controller, as the case may be, only with data whose processing has been previously authorized in accordance with the provisions of the Law.
• Demand that the data controller respect the security and privacy conditions of the Data Subject's information at all times.
• Process queries and complaints made in accordance with the terms established by law.
• Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, to address inquiries and complaints.
• Inform the data controller when certain information is being disputed by the Data Subject, once the claim has been filed and the respective process has not been completed.
• Inform the Owner, upon request, about the use given to their data.
• Inform the data protection authority when security code violations occur and there are risks in the management of Data Subjects' information.
• Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
9. SECURITY MEASURES HOTEL SORATAMA takes all reasonable precautions and technical, administrative, and organizational measures to guarantee the security of the Data Subjects' personal data, primarily those intended to prevent its alteration, loss, and unauthorized processing or access. Security measures apply to both files and processing. The purpose of these security measures is to ensure the preservation, confidentiality, integrity, and availability of the data.
10. MODIFICATIONS HOTEL SORATAMA reserves the right to modify these Information Processing Policies, in whole or in part. In the event of substantial changes to the Processing Policies regarding HOTEL SORATAMA's identification and the purpose of processing personal data, which may affect the content of the authorization, HOTEL SORATAMA will communicate these changes to the data subject no later than the time the new policies are implemented.
11. FORMATS USED:
• Authorization format for query and reporting to risk centers.
• Information management authorization format.
• Authorization form for notification of inclusion of negative report to credit bureaus.
12. Law 1581 of 2012, Protection of Personal Data. For more information on the processing of your personal data, please consult the Personal Data Processing Policy published at www.hotelesoratama.com - 606 3358650.
MARTHA CECILIA MONTOYA GUTIERREZ LEGAL REPRESENTATIVE
Law 1581 of 2012 and Regulatory Decree 1377 of 2013
DATA CONTROLLER
• NAME: HOTEL SORATAMA SA
• NIT: 800.156.522-5
• ADDRESS: CARRERA 7 NUMBER 19-20 PEREIRA, RISARALDA
• EMAIL: administracion@hotelsoratama.com
• WEBSITE: www.hotelsansimon.com
• PHONE: 57 (1) 3358650
1. OBJECTIVE: To establish and disseminate the Information Processing and Personal Data Protection Policies implemented by HOTEL SORATAMA, in order to guarantee adequate compliance with Law 1581 of 2012 and Decree 1377 of 2013 and other regulations that modify or complement them, which aim to develop the constitutional right of all persons to know, update and rectify the information collected in databases or files, and other constitutional rights, freedoms and guarantees referred to in Article 15 of the Political Constitution "Habeas Data"; as well as the right to information enshrined in Article 20 thereof.
2. SCOPE: This document applies to personal data recorded in any database managed by the company and which makes them susceptible to processing.
3. DEFINITIONS:
3.1 Authorization: Prior, express and informed consent used by the Soratama Hotel of the owner to carry out the confirmation of the processing of their personal data.
3.2 Database: organized set of personal data that is the object of processing by HOTEL SORATAMA
3.3 Inquiries: Request for the Holder's personal information stored in any database, for which Hotel Soratama is obliged to provide the Holder with all information contained in the individual record or that is linked to the Holder's identification.
3.4 Personal data: Any information linked to or that can be associated with one or more specific or determinable natural or legal persons.
3.5 Sensitive data: Personal data that reveals racial or ethnic origin, political opinions, religious or moral beliefs, union membership, information concerning health or sexual life, or any other data that, due to its nature or context, may lead to discriminatory treatment of the data subject. This data is specially protected.
3.6 Habeas data: It is the fundamental right that allows to know, update and rectify the information stored about people in databases and in files of public and private entities.
4. GENERAL GUIDELINES
4.1 The policies set forth in this document are binding on Hotel Soratama, as the source and data processor.
4.2 Both the controller and those in charge must safeguard databases containing personal data and maintain confidentiality regarding the processing.
4.3 This policy applies to the general public, whether natural or legal persons who provide their personal data to Hotel Soratama and are the legal owners of the information, or persons who provide their personal data by any means. Therefore, the provisions of this policy will apply to personal data recorded in any of our databases that make it susceptible to the established processing. Hotel Soratama is responsible for and in charge of information sources.
4.4 WHY IS HOTEL SORATAMA THE SOURCE AND CONTROLLER OF THE INFORMATION? Hotel Soratama is an organization responsible for collecting personal and third-party information through the receipt of documentation, as well as the processing of said information, modifying it as requested by the owner and/or their representatives through any physical or technological means that allows the inclusion or modification of personal data.
4.5 DUTIES OF HOTEL SORATAMA AS A SOURCE OF INFORMATION The sources of information must comply with the following obligations, without prejudice to compliance with the other provisions set forth in this law and in others that govern their activity:
• Ensure that the information provided to database operators or users is truthful, complete, accurate, up-to-date and verifiable.
• Report, periodically and in a timely manner, to the operator all developments regarding the data previously provided and adopt other necessary measures to ensure that the information provided to the operator remains up-to-date.
• Rectify information when it is incorrect and inform operators accordingly.
• Design and implement effective mechanisms to report information to the operator in a timely manner.
• Request, where appropriate, and retain a copy or evidence of the respective authorization granted by the information holders, and ensure that operators are not provided with any data whose provision has not been previously authorized, when such authorization is necessary, in accordance with the provisions of this law.
• Certify, on a semi-annual basis, to the operator that the information provided is authorized in accordance with the provisions of this law.
• Resolve the claims and requests of the owner in the manner regulated by this law.
• Inform the operator that certain information is being disputed by its owner, when a request for rectification or update has been submitted, so that the operator can include a note to that effect in the database until the process is completed.
• Comply with the instructions issued by the supervisory authority in relation to compliance with this law.
4.6 DUTIES OF HOTEL SORATAMA AS DATA PROCESSOR
• Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.
• Take measures to preserve information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent access, use, or consultation.
• Promptly update, rectify, or delete data in accordance with this law.
• Update the information reported by those responsible for the treatment within five (5) business days from its receipt.
• Process queries and complaints made by the Owners in accordance with the terms set forth in the Law.
• Adopt a document that guarantees proper compliance with the Law and, in particular, for the handling of queries and complaints from Owners.
• Record the legend “claim in process” in the database in the manner regulated by law.
• Insert the legend “information under judicial discussion” into the database once notified by the competent authority about judicial proceedings related to the quality of personal data.
• Refrain from circulating information that is being disputed by the Owner and whose blocking has been ordered by the Superintendency of Industry and Commerce.
• Allow access to information only to people who can access it.
• Inform the Superintendency of Industry and Commerce when security code violations occur and risks exist in the management of the Data Subjects' information.
• Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
• Safeguard databases containing personal data.
• Maintain confidentiality regarding the processing of personal data.
5. PROCESSING OF PERSONAL DATA
5.1 Principles for the processing of personal data The following principles will be taken into account by the Soratama Hotel in the process of managing personal data.
5.1.1 Legality regarding data processing Data processing must be subject to the provisions contained in Law 1581 of 2012 and any regulations that develop or regulate such provisions.
5.1.2 Purpose and processing The processing of data and the purpose of the information in the Hotel Soratama databases are based on the provision of the service, the contractual relationship, commercial and/or advertising purposes. Hotel Soratama may transmit the information to third parties, suppliers and authorities.
5.1.3 Freedom. Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial order that waives consent.
5.1.4 Truthfulness or quality The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.
5.1.5 Transparency In the processing, the right of the Owner of the information collected by HOTEL SORATAMA must be guaranteed to obtain from the data controller or the data processor, at any time and without restrictions, information about the existence of data that concerns him/her.
5.1.6 Restricted access and circulation. Processing is subject to the limits derived from the nature of the personal data, the provisions of Law 1581 of 2012, and the Constitution. In this regard, processing may only be carried out by persons authorized by the Data Controller and/or by the persons provided for by law.
5.1.7 Security The information subject to processing by the controller or processor must be handled by taking reasonable technical, human and administrative measures to ensure the security of the records, seeking to prevent their adulteration, loss, consultation, use or unauthorized or fraudulent access.
5.1.8 Confidentiality All persons involved in the processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in said procedure has ended, and may only provide or communicate personal data when this corresponds to the development of the activities authorized by the Law and under the terms thereof.
5.2 Special categories of data
5.2.1 Sensitive data: These are data that affect the privacy of the Owner or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
5.2.1.1 The processing of sensitive data is prohibited, except when:
• The Data Subject has given explicit authorization for such processing, except in cases where the granting of such authorization is not required by law.
• The processing is necessary to safeguard the vital interests of the Data Subject and the Data Subject is physically or legally incapacitated. In these cases, the Data Subject's legal representatives must provide their authorization.
• The processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association, or any other non-profit organization whose purpose is political, philosophical, religious, or trade union, provided that it refers exclusively to its members or to individuals with whom it maintains regular contact due to its purpose. In these cases, the data may not be provided to third parties without the Data Controller's authorization.
• Processing refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
• The processing is for historical, statistical, or scientific purposes. In this event, measures must be taken to erase the identity of the Data Subjects.
• In the processing of sensitive personal data, when such processing is possible in accordance with the exceptions cited above contained in Article 6 of Law 1581 of 2012, the following obligations must be met:
• Inform the Owner that since the data is sensitive, he or she is not required to authorize its processing.
• Inform the Data Subject explicitly and in advance, in addition to the general requirements for authorization to collect any type of personal data, which of the data to be processed is sensitive and the purpose of the processing, as well as obtain their express consent.
5.3 Data on children and adolescents
• Treatment will ensure respect for the prevailing rights of children and adolescents.
• The processing of personal data of children and adolescents is prohibited, except for data that is public in nature.
6. CONDITIONS FOR DATA PROCESSING
6.1 Authorization In accordance with the principles of purpose and freedom, the collection of data by HOTEL SORATAMA., must be limited to those personal data that are relevant and adequate for the purpose for which they are collected or required in accordance with current regulations, except in cases expressly provided for by law.
6.2 Data Subject Authorization. For HOTEL SORATAMA to carry out any personal data processing, the prior and informed authorization of the Data Subject is required. This authorization must be obtained by any means that can be subsequently consulted. These mechanisms may be predetermined through technical means that facilitate the Data Subject's automated declaration, or they may be in writing or orally.
6.3 Authorization of the Owner HOTEL SORATAMA, requests authorization for the processing of information from all its owners, as long as said collection implies the processing of information by HOTEL SORATAMA., or third parties (prior authorization), this request for authorization is made at the time of generating commercial relations with clients and hiring personnel to perform the tasks inherent to the organization.
6.4 Provision of Information. The information requested from the Owner will be provided to HOTEL SORATAMA by any means, including electronic means, as requested by the Owner. The information must be easy to read, without technical barriers impeding access, and must fully correspond to the information stored in the database.
6.5 Duty to inform the Owner HOTEL SORATAMA, when requesting authorization from the Owner, must inform him clearly and expressly of the following:
• The processing to which your personal data will be subjected and the purpose thereof.
• The optional nature of the response to questions asked when these concern sensitive data or the data of girls, boys, and adolescents.
• The rights that you have as the Owner.
• The identification, physical or electronic address and telephone number of the data controller.
6.6 Persons to whom the information may be provided Information about personal data that has been subject to processing by HOTEL SORATAMA may be provided to the following persons:
• To the Holders or their legal representatives.
• To public or administrative entities in the exercise of their legal functions or by court order.
• To third parties authorized by the Owner or by law.
7. RIGHTS OF THE OWNER
7.1 Revocation of authorization and/or deletion of data:
• Data Subjects may at any time request that HOTEL SORATAMA delete their personal data and/or revoke the authorization granted for the processing of such data by submitting a complaint, in accordance with the provisions of Article 15 of Law 1581 of 2012.
• The request for deletion of information and the revocation of authorization WILL NOT PROCEED WHEN THE OWNER HAS A LEGAL OR CONTRACTUAL DUTY TO REMAIN IN THE HOTEL SORATAMA DATABASE.
• The procedure for filing claims will be as established in this document.
7.2 The Owner may consult his/her personal data free of charge:
• At least once (1) every calendar month.
• Whenever there are substantial modifications to the Information Processing Policies, which motivate new consultations.
• For inquiries whose frequency is greater than one (1) per calendar month, HOTEL SORATAMA will only charge the costs of shipping, reproduction and, where applicable, certification of documents. Reproduction costs may not exceed the costs of recovering the corresponding material.
7.3 Response to queries
• For the purposes of responding to inquiries, HOTEL SORATAMA has a period of ten (10) business days from the date of receipt thereof. However, when it is not possible to respond to the inquiry within this period, the interested party will be informed, stating the reasons for the delay and indicating the date on which their inquiry will be responded to, which in no case may exceed five (5) business days following the expiration of the first term.
8. HOTEL SORATAMA'S DUTIES IN DATA PROCESSING
• Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.
• Request and retain, under the conditions provided by law, a copy of the respective authorization granted by the Owner.
• Properly inform the Owner about the purpose of the collection and the rights to which he or she is entitled by virtue of the authorization granted.
• Take measures to keep information secure to prevent its alteration, loss, unauthorized or fraudulent access, use, or consultation.
• Ensure that the information provided to the data controller is truthful, complete, accurate, up-to-date, verifiable and understandable.
• Update the information, promptly communicating to the data controller any new developments regarding the data previously provided and adopting other necessary measures to ensure the information provided remains up-to-date.
• Rectify information when it is incorrect and notify the data controller as appropriate.
• Provide the data controller, as the case may be, only with data whose processing has been previously authorized in accordance with the provisions of the Law.
• Demand that the data controller respect the security and privacy conditions of the Data Subject's information at all times.
• Process queries and complaints made in accordance with the terms established by law.
• Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, to address inquiries and complaints.
• Inform the data controller when certain information is being disputed by the Data Subject, once the claim has been filed and the respective process has not been completed.
• Inform the Owner, upon request, about the use given to their data.
• Inform the data protection authority when security code violations occur and there are risks in the management of Data Subjects' information.
• Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
9. SECURITY MEASURES HOTEL SORATAMA takes all reasonable precautions and technical, administrative, and organizational measures to guarantee the security of the Data Subjects' personal data, primarily those intended to prevent its alteration, loss, and unauthorized processing or access. Security measures apply to both files and processing. The purpose of these security measures is to ensure the preservation, confidentiality, integrity, and availability of the data.
10. MODIFICATIONS HOTEL SORATAMA reserves the right to modify these Information Processing Policies, in whole or in part. In the event of substantial changes to the Processing Policies regarding HOTEL SORATAMA's identification and the purpose of processing personal data, which may affect the content of the authorization, HOTEL SORATAMA will communicate these changes to the data subject no later than the time the new policies are implemented.
11. FORMATS USED:
• Authorization format for query and reporting to risk centers.
• Information management authorization format.
• Authorization form for notification of inclusion of negative report to credit bureaus.
12. Law 1581 of 2012, Protection of Personal Data. For more information on the processing of your personal data, please consult the Personal Data Processing Policy published at www.hotelesoratama.com - 606 3358650.
MARTHA CECILIA MONTOYA GUTIERREZ LEGAL REPRESENTATIVE
