1. GENERAL
We have a special interest in protecting and respecting your information and personal data and that is why we have designed these personal data processing policies, within the framework of Law 1581 of 2012, Regulatory Decree 1377 of 2013, Regulatory Decree 1074 of 2015 and other regulations that are modified and added.
1.1.- Introduction.
The company RESIDENCIAS JMCH S.A.S., responsible for processing the information, may collect personal data from its users, guests or visitors, collaborators and suppliers through the different means intended for access to the services provided by them. In any case, the collection will be done under the express authorization of the data owner and the processing of the data will be subject to what is established by law.
The personal information subject to the considerations established here may be collected directly from the information provided by the owners of the information (clients, guests, users, collaborators and suppliers) and that contained in the hotel registration card, through the page website www.hotelbenidorm.co, through visits, holding events at the hotel facilities or acquiring the services offered.
1.2- General principles
The obtaining and collection of personal data, as well as the use, treatment, processing, exchange, transfer and transmission of these, will always be guided by principles of legality, freedom, veracity, transparency, security, confidentiality, principle of access and circulation. restricted.
1.2.1.- Principle of purpose: The treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the owner.
Regarding the collection of personal data, The Company will limit itself to those data that are relevant and appropriate for the purpose for which they are collected or required; the Areas, Units, Centers, etc. They must inform the owner of the reason why the information is requested and the specific use that will be given to it.
1.2.2.- Principle of freedom: Treatment can only be carried out with the prior, express, and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that requires consent.
1.2.3.- Principle of Truthfulness or Quality: The information subject to processing must be truthful, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fragmented or misleading data is prohibited.
1.2.4.- Principle of Transparency: In the treatment, the right of the owner to obtain from the person responsible for the treatment or the person in charge of the treatment, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.
1.2.5.- Principle of Access and Restricted Circulation: Processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the treatment can only be carried out by people authorized by the owner and/or by the people provided for by law.
Personal data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide knowledge restricted only to the owners or authorized third parties.
1.2.6.- Security Principles: The information subject to treatment by the Company must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.
To ensure compliance with this principle, the Society's Rider Care Area will implement the relevant developments.
1.2.7.- Principle of Confidentiality: The Company is obliged to guarantee the confidentiality of the information, even after its relationship with any of the tasks included in the treatment has ended, and may only supply or communicate personal data when this corresponds to the development of the authorized activities. As by law.
1.3- Legal definitions.
In accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions will govern the personal information processing policies.
1.3.1.- Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data.
1.3.2.-Privacy Notice: Written communication generated by the Data Controller, addressed to the Owner of the information for the processing of their personal data, through which they are informed about the existence of the Personal Data Processing policies that will be applicable to them. the way to access them and the purposes of the treatment that is intended to be given to personal data.
1.3.3- Database: Organized set of personal data that is subject to Processing;
1.3.4.- Personal data: Any information linked or that can be associated with one or several specific or determinable natural persons;
1.3.5.-Public Data: It is data that is not semi-private, private or sensitive. Public data are considered to be, among others, data relating to the marital status of people, their profession or trade and their status as a merchant or public servant.
1.3.6.-Sensitive data: Those that affect the privacy of the Owner or whose improper use may generate discrimination.
1.3.7.- Data Processor: The data processor is the natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of personal data on behalf of the Data Controller;
1.3.8.- Personal Data Protection Officer (OPD): Natural or Legal Person, which by itself or in association with others, is responsible for ensuring the effective implementation of the policies and procedures adopted by it, to comply with the data protection standard. personal data, as well as good personal data management practices within the company.
1.3.9.- Responsible for the Treatment: The person responsible for the treatment is the natural or legal person, public or private, who, by themselves or in association with others, decides on the database and/or the Processing of the data;
1.3.10.-Biometric System: It is a security technology that is based on recognizing the physical and non-transferable characteristics of people. That is, it is an automated method through which an individual can be accurately recognized based on their physical or behavioral characteristics.
1.3.11.- Video-Surveillance System: The data processed through security cameras will be preserved in compliance with all legal provisions that guarantee their privacy. The purpose is solely to protect the security of the company, collaborators, users and visitors.
1.3.12.- Owner: Natural person whose personal data is the subject of Treatment.
1.3.13.- Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located inside or outside the country.
1.3.14- Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Controller.
1.3.15.- Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
2. AUTHORIZATION OF THE OWNER
The data provided will be subject to authorized processing, granted in advance, expressly and informed by the Owner thereof. In accordance with the provisions of Law 1581 of 2012, Regulatory Decree 1377 of 2013 and Regulatory Decree 1074 of 2015, the use, collection and storage of personal data by RESIDENCIAS JMCH S.A.S. (HOTEL BENIDORM) must have authorization stating the prior consent of the Owner, to carry out the processing of their personal data. Compared to the data collected before June 27, 2013 RESIDENCES JMCH S.A.S. (HOTEL BENIDORM) has chosen to use the mechanism provided for in article 2.2.2.25.2.7 of decree 1074 of 2015.
RESIDENCES JMCH S.A.S. (HOTEL BENIDORM) will put into operation all the appropriate mechanisms in order to allow the owners to grant their authorization for the processing of personal data.
In any case, data collection will be limited to those personal data that are relevant and appropriate for the purpose pursued, therefore, authorizations may be obtained in writing, through forms, contracts, registration sheets, purchase orders, among others; verbally and through unequivocal behavior such as the checkboxes contained on the website and chats.
3. INFORMATION PROCESSING:
3.1- Data collected.
The collection of data for the development of the Treatment and the purposes pursued by it will fall on the personal data received in the following way:
3.1.2 Guests and visitors: All information that is offered or provided when visiting the website and/or social networks, in reservation forms and at the time of Check-in. (Name, citizenship and immigration card number or passport, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, consumer habits or travel habits, among others).
3.1.3 Applicants and Collaborators: All information that is supplied or provided from home visits for selection processes, resumes, job boards or interviews and in the employment contract. (Name, citizenship card or passport number, academic experience, professional experience, information related to the execution of the contractual relationship, that corresponding to the management of salary payments, remuneration, social security as the case may be, that which corresponds to basic health data such as HR or allergies in cases in which such information is provided, data on minor children for membership issues, among others).
3.1.4 Contractors or Suppliers: All information received in the development or execution of the commercial/contractual relationship between the parties and specifically those received regarding the purchase of goods or services. (Name, identification number – NIT, citizenship card, passport), contact information such as telephone number, physical address, email address, the information contained in the RUT, type of goods or services offered, category in which they are located , economic activity, commercial and personal references, bank references, bank account numbers for payments and all the information that is necessary to comply with the contractually assumed obligations, with the legal obligations and with the correct execution and development of the commercial relationship between the companies.
3.2- Treatment to which the data will be subjected and its purpose.
The data and information obtained will be used in the normal course of its commercial activities only for the purpose established in these information processing policies, so as to create direct and effective communication with the owner of the information.
3.2.1 PURPOSES:
3.2.1.1 Guests and visitors: The treatment consists of sending digital information through different means of communication, with the intention of contacting the owner to send service surveys after each stay that allow the rating of the service provided, and communicating invitations. , offers, promotions, portfolio of services or information about the Hotel, without at any time your data being provided, transferred or delivered to people other than those responsible or in charge of processing the information. Additionally, through data collection we seek to: make, process, process and/or complete reservations or purchases of hotel nights or other services; carry out internal studies on tourism habits; evaluate the quality of our services; send surveys and questionnaires regarding the services provided; promptly respond to your requests, requests or needs; communicate invitations, offers, promotions, and information in general, about the portfolio of services offered by natural or legal persons that are directly linked to the hotel operation and specifically to the services provided.
The authorization for the use of the information or data provided that is collected, or stored in accordance with these policies expressly includes the authorization for the data and information to be shared, processed, transmitted, transferred, updated and/or deleted with the purpose defined in these policies, to be used in the established manner.
Other purposes may be:
- Keep them informed about products and/or services and changes and/or updates and/or expirations thereof that may interest them.
- Compliance with obligations contracted with clients, users, suppliers, allies, subsidiaries, distributors, contractors and other third parties directly and indirectly related to the company's corporate purpose.
- Management derived from contractual and/or extra-contractual relationships with any of the subjects belonging to the interest groups according to the classification carried out.
- Maintain permanent contact with clients and suppliers.
- Invite our clients to participate in all types of activities related to the fulfillment of our corporate purpose.
- Inform about specific promotions of our products and/or services.
- Carry out satisfaction surveys and evaluate the quality of our products and/or services, as well as respond to complaints and claims received from customers.
- Transfer to public or private entities, personal data for the processing of processes, in compliance with requests and for judicial investigations in which some type of requirement is presented, whether for judicial or extrajudicial portfolio collections or any other that the law so determines.
- For any other purpose derived from the legal nature of the Company.
3.2.1.1 Applicants and Collaborators: The treatment that will be given to the data consists of the management and disposition of the data to have the information that allows the activities, processes and procedures of human talent to be carried out; to establish payroll status; fees or any other remuneration, as the case may be; to manage the information corresponding to social security and family compensation funds; to meet the information requirements of government entities and comply with legal reporting obligations in fiscal, tax and any other nature; support internal or external audit processes; maintain efficient communication with employees, officials or collaborators; manage and report changes that may occur in the development of the contractual relationship; conduct internal studies on habits; Allow employee access to computing resources.
The authorization for the use of the information or data provided that is collected or stored in accordance with these policies expressly includes the authorization for the data and information to be shared, processed, transmitted, transferred, updated and/or deleted with the purpose defined in these policies, to be used in the established manner.
Other purposes may be:
- Carry out the beginning of the contractual relationship or link with the Company.
- Request personal and/or work references, in all cases with the authorization of the owner.
- Initiate disciplinary processes for workers directly linked to the Company.
- Issue labor certificates at the express request of the holder.
- Transfer personal data to third countries due to the various contractual, business and commercial relationships that the Company has with foreign nations.
- Provide references to companies, banking organizations, etc., with the authorization of the owner.
- Data update.
- Respond to requirements from control entities.
- To send information via email, text messages, or any other means of communication about information of interest and that derives from the legal nature of the hotel.
- For any other purpose derived from the legal nature of the Company.
3.2.1.1 Suppliers and Contractors: The data and information obtained will be used in the normal course of their commercial activities only for the purpose established in these information processing policies, so that the commercial relationship and as such the acquisition of food and goods and the provision of the contracted services is properly executed and developed.
The treatment that will be given to the data consists of the management and disposition of the data to have the information that allows the administrative and accounting management of the suppliers to be carried out; control over the status of payments, balances, discounts; managing the inventory of purchased goods; attention to and compliance with fiscal, tax, legal and any other requirements with national, district or municipal government entities; the categorization and classification of the supplier according to the goods or services offered, price, quality; support internal or external audit processes.
The authorization for the use of the information or data provided that is collected or stored in accordance with these policies expressly includes the authorization for the data and information to be shared, processed, transmitted, transferred, updated and/or deleted with the purpose defined in these policies, to be used in the established manner.
Other purposes may be:
- Carry out the beginning of the contractual relationship or link with the Company.
- Request commercial references, in all cases with the authorization of the owner.
- Transfer personal data to third countries due to the various contractual, business and commercial relationships that the Company has with foreign nations.
- Provide references to companies, banking organizations, etc., with the authorization of the owner.
- Update data of suppliers, service providers, natural and/or legal persons.
- Authorizations for access to the products and services offered by the Company.
- Respond to requirements from control entities.-
- To send information through email, text messages, or any other means of communication about the status, rights and duties of collaborators, suppliers, service providers, natural or legal persons.
- Evaluation of the quality of the products and services offered by the Company, which may be carried out by any of the means of contact informed by the owner.
- Evaluation of the quality indicators of the products and services provided to the Company.
- For any other purpose derived from the legal nature of the Company.
3.3.- Sensitive data and data corresponding to children and adolescents.
In no event and under any circumstances will data considered sensitive be processed, nor is data collection aimed at collecting sensitive information.
The collection of data corresponding to minor children and adolescents, and the respective authorization, must always be given through their legal representative, prior to the minor's exercise of his or her right to be heard. The processing of data corresponding to children and adolescents must respond to and respect the best interests of children and adolescents, and their fundamental rights.
In the event that for some reason a question may lead to the answer relating to sensitive data or data of children and adolescents, the answer to such question will be optional.
3.4.- Duties of the person responsible for processing the information.
Those responsible for the information, and/or responsible and in charge of the processing of personal data, are obliged to: a) Guarantee to the Owner, at all times, the full and effective exercise of the right of habeas data; b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Owner; c) Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted; d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access; e) Guarantee that the information provided to the Data Processor is true, complete, exact, updated, verifiable and understandable; f) Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated; g) Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor; h) Provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of this law; i) Demand that the Data Processor at all times respect the security and privacy conditions of the Owner's information; j) Process queries and claims made in the terms indicated in the law; k) Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed; l) Inform at the request of the Owner about the use given to their data; m) Inform the data protection authority when violations of security codes occur and there are risks in the Administration of the Owners' information. n) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
4. RIGHTS AND POWERS OF THE OWNER.
4.1.- Rights of the owner. Once authorization has been granted by the Owner for the corresponding treatment, they have the right too: a) Know, update and rectify their personal data. This right may be exercised against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Processing is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, except when it is expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of law 1581 of 2012; c) Be informed by the person responsible and/or in charge of personal data, upon request, of the use that has been given to your personal data; d) Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the law; e) Revoke the authorization and/or request the deletion of the data when the Treatment does not comply with the constitutional and legal principles, rights and guarantees. The revocation and/or suppression will proceed when the Superintendence of Industry and Commerce has determined that the Treatment has incurred conduct contrary to this law and the Constitution; f) Request, at all times, from the person responsible or in charge, the deletion of your personal data and/or revoke the authorization granted for the Treatment thereof, by submitting a claim, will not proceed when the Owner has a legal or contractual duty. to remain in the database. g) Access free of charge to your personal data that has been processed: (i) at least once every calendar month, and (ii) every time there are substantial modifications to the Information Processing Policies that motivate new queries. . In the case of requests whose frequency is greater than one for each calendar month, the person responsible and/or in charge may charge the Owner the costs of shipping, reproduction and, where appropriate, certification of documents.
4.2.- Legitimation for the exercise of the rights of the owner.
The following people are also entitled to exercise the rights that assist the owner of the information: a). The owner himself must prove his identity sufficiently by the means made available to him by the person responsible; b). Their successors, who must prove such quality; c). The representative and/or attorney-in-fact of the Owner, prior accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another; and). The rights of children or adolescents will be exercised by the people who are authorized to represent them, after accreditation of the power of representation.
4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization.
The procedures for accessing, updating, deleting and rectifying personal data, and revoking authorization, may be carried out through queries or complaints, directed to the following channels: Email: gsoto@hotelbenidorm.co
Physical address: Calle 44 No 20 - 20, Manizales, Caldas, Colombia.
The PQRS must have, at a minimum, the legitimacy that one has to make the request and clearly and concretely explain what is intended.
All requests, suggestions and recommendations related to the processing of information must be sent to the email gsoto@hotelbenidorm.co, and a response will be given no later than within ten (10) business days following receipt.
The owner of the information or the legitimate person must accompany his/her writing with proof of the quality in which he/she acts, and must provide the data and documents necessary to account for his/her identity and quality.
The email must specify the reason or object of the communication, and to do so it will be enough for the text to indicate that the right to know, update, rectify, delete or revoke the authorization granted is being exercised.
4.4.- Procedure for correcting, updating or deleting data and for submitting complaints and claims.
Whoever is legitimized by law, and considers that the information contained must be corrected, updated or deleted; or when you consider that the treatment given to personal data violates legal regulations, you may
present, in accordance with article 15 of Law 1581 of 2012, complaints to the email gsoto@hotelbenidorm.co.
Complaints and claims will be processed under the following rules:
4.4.1.- The claim will be formulated by means of a request addressed to the Data Controller or the Data Processor, with the identification of the Owner, the description of the facts that give rise to the claim and the address, accompanying the documents that you want to assert. If the claim is incomplete, the interested party will be required within five (5) business days following receipt of the claim to correct the deficiencies. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that the claim has been abandoned.
In the event that the person receiving the claim is not competent to resolve it, it will be transferred to the appropriate party within a maximum period of two (2) business days and the interested party will be informed of the situation.
4.4.2.- Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database within a period of no more than two (2) business days. Said legend must be maintained until the claim is decided.
4.4.3.- The maximum period to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend to the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be attended to, which in no case may exceed eight (8) business days following the expiration of the first term.
4.5.- Consultation and access to information.
Personal data queries will be answered by written request via email gsoto@hotelbenidorm.co.
Queries will be answered within a maximum period of ten (10) business days from the date of receipt. When it is not possible to attend to the query within said term, the interested party will be informed before the expiration of ten (10) business days, expressing the reasons for the delay and indicating the date on which the query will be attended to, which in no case may exceed five (5) business days following the expiration of the first term.
5. SECURITY.
5.1.- Security in the management of information.
The data collected will always be treated within a framework of confidentiality, so it will not be provided, transferred or delivered to persons other than or unrelated to those responsible or in charge of the treatment.
5.2.- Data transfer and transmission.
In the event that a contract is signed with a third party who is professional and experienced in the management and use of databases, the person responsible will sign the contract for the transmission of personal data referred to in article 25 of decree 1377 of 2013.
5.2.1 TRANSFER OF PERSONAL DATA
In the event in which third parties outside the company require to validate, rectify or confirm information corresponding to the personal data of the owners contained in the Company's databases, prior and express authorization will not be required for the provision of the information. of the owner to operate the transfer, since this power will be authorized by the owner of the information at the time of collection of the personal data. Likewise, the Company will implement the necessary measures to certify the security of the data transfer and the third parties who will have access to it.
The Company will refrain from using the information provided by the owners for marketing purposes other than its specific programs and services.
5.2.2 TRANSMISSION OF PERSONAL DATA
The Company, in consideration of the nature of its commercial and labor ties with other international companies, international government entities, and international cooperation agencies, etc. and exclusively within the purposes mentioned for the collection of information, it may transmit information corresponding to the personal data of the owners in order to strictly comply with its commercial, employment, extension purposes, etc. For the above, the express and prior authorization of the owner will be included in the corresponding format, text and/or document.
The Company has an extensive relationship with companies from other countries, for this reason it is essential that the authorization granted by the owner extends to delivering personal data to third countries, however, not all data will be provided, these will have specific purposes. and will be determined according to the activities that the Company develops.
6. DISSEMINATION AND VALIDITY.
6.1.- Means of dissemination of the information processing policies and the privacy notice.
This document, which establishes the policies for processing information on personal data collected, will be permanently published on the link www.hotelbenidorm.co so that it can be consulted by whoever is interested.
When requesting the Owner's express authorization for data processing, you will be informed of the specific purposes for which consent is obtained and you will be made aware of the Treatment Policy and the rights that assist you as the Owner.
6.2.- Entry into force of the information processing policies.
The collection, storage, use and circulation of personal data, in development of the considerations established here, will be carried out and maintained as long as the needs and purposes established and proposed by the Treatment remain in force. If the purpose cannot be achieved through the Processing of personal data, they will be permanently deleted from the database.
This document comes into effect on September 26, 2023.
6.3.- Procedure in the event of policy modification.
In the event that modifications are made to the personal data processing policies established here, they will be notified and communicated through this same website, prior to this coming into force.
6.4.- Incorporation of the conditions of use of the website www.hotelbenidorm.co.
In accordance with applicable regulations, the information processing policy is an integral part of the terms and conditions of use of the website www.hotelbenidorm.co
6.5. - Responsible for information.
The company RESIDENCIAS JMCH S.A.S., with NIT 900.359.696-2, is responsible and in charge of processing personal data. The company will be responsible for the information and personal data collected.
7. PROCEDURE FOR VIDEO AREAS – SURVEILLANCE (CCTV)
Video Surveillance systems involve the collection of images of people, that is, personal (sensitive) data in accordance with the redefinition contained in Law 1581 of 2012, and consequently the handling or processing of personal data must be observed under the principles of legality, purpose, freedom, quality, veracity, security, confidentiality, access, restricted circulation and transparency, contained in the Personal Data Protection Regime in Colombia.
For this reason, this policy allows the implementation of the procedures for collecting and processing personal data for the purposes of guaranteeing the control, parameterization and traceability of video surveillance monitoring systems. The Company intends to generate an organized scheme to safeguard the private, semi-private, public and sensitive data of its owners.
The data processed through Video Surveillance systems will be preserved in compliance with all legal provisions that guarantee their privacy. In this sense, the supply of these may be restricted or limited for the purposes of protecting privacy or for security reasons.
The specific purposes for the processing of data collected through Video Surveillance systems will be the following:
● Collection of video images from visitors, guests, third parties and employees.
● Have security measures to monitor incidents.
● Deter irregular conduct by third parties.
● Control the entry of users, visitors, guests and employees to the Company's facilities.
Each security camera that is installed in the hotel facilities has a privacy notice, which informs all users, visitors and employees that it is recording and monitoring for security purposes and the contents of this Policy. It is for this reason that the owners of the information give their authorization through unequivocal conduct, which allows those responsible to conclude that the authorization was granted, since the people who are going to enter an establishment are previously informed that their images will be be taken, preserved or used in a certain way and, knowing such situation, the owners enter the establishment.
8. INFORMATION AND TRAINING FOR EMPLOYEES AND SUPPLIERS
In order to comply with the provisions of Article 7 of Law 1581 of 2012 and its other provisions, the Company will provide training to employees and suppliers on the importance of collecting personal data of each one and the protection that will be given to them.
