Legal Notice - Hotel Cartagena Plaza

Hotel Cartagena Plaza

Information handling policies

FIRST: GENERALITIES

We have a special interest in protecting and respecting your personal information and data, which is why we have designed these information processing policies within the framework of Law 1581 of 2012 and regulatory decree 1377 of 2013.
  • 1.1.- Introduction. Compañía Hotelera Cartagena Plaza may collect personal data from its users, guests, or visitors through various means intended for accessing the services provided by them. In any case, collection will be done under the express authorization of the data subject, and the processing of these data will be subject to what is established by law. The personal information considered here may be collected by Compañía Hotelera Cartagena Plaza through the website https://www.hotelcartagenaplaza.co, via visit or acquisition of services offered on the platform, or directly at hotels linked or associated with Compañía Hotelera Cartagena Plaza. The considerations established here will be deemed accepted by the Data Subject when they visit or use the website https://www.hotelcartagenaplaza.co and/or when entering personal data or information through the functions established for it, regardless of the purpose.
  • 1.2- General principles. The obtaining and collection of personal data, as well as their use, processing, processing, exchange, transfer, and transmission by Compañía Hotelera Cartagena Plaza or any of the hotel operating companies of Compañía Hotelera Cartagena Plaza, will always be guided by principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access, and restricted circulation.
  • 1.3- Legal definitions. In accordance with Law 1581 of 2012 and decree 1377 of 2013, the following definitions will govern the policies of personal information processing.
    • 1.3.1.- Processor (Encargado del Tratamiento): The natural or legal person, public or private, which, on its own or in association with others, carries out the Processing of personal data on behalf of the Data Controller;
    • 1.3.2.- Controller (Responsable del Tratamiento): The natural or legal person, public or private, that independently or together with others, decides on the database and/or the Processing of the data;
    • 1.3.3.- Database: The organized set of personal data that is subject to Processing;
    • 1.3.4.- Personal data: Any information linked or that can be associated with one or several determined or determinable natural persons;
    • 1.3.5.- Sensitive data: Data that affect the privacy of the Data Subject or whose improper use can lead to discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, union membership, social organizations, human rights organizations, or those promoting interests of any political party, as well as data concerning health, sexual life, and biometric data.
    • 1.3.6.- Public data: Data that is not semi-private, private, or sensitive. Public data includes, among others, data related to the civil status of people, their profession or occupation, and their status as a merchant or public servant. By nature, public data may be contained, among others, in public records, public documents, gazettes, and official bulletins, and duly executed judicial sentences that are not subject to being reserved.
    • 1.3.7.- Transfer: The transfer of data occurs when the Data Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who is also a Data Controller and is located inside or outside the country.
    • 1.3.8- Transmission: Processing of personal data that involves the communication of them within or outside the territory of the Republic of Colombia when it is aimed at carrying out Processing by the Processor on behalf of the Controller.

SECOND: AUTHORIZATION OF THE DATA SUBJECT:

The data provided will be subject to authorized processing, granted previously, expressly, and informed by the Data Subject directly to Compañía Hotelera Cartagena Plaza, or through the hotels of Compañía Hotelera Cartagena Plaza or the companies that operate them. However, the visit, entry, or use of the website https://www.hotelcartagenaplaza.co constitutes, in itself, prior, express, and informed authorization for the storage, collection, and processing of information in accordance with the data processing policy contained herein. In any case, data collection will be limited to those personal data that are pertinent and suitable for the purpose pursued with this.

THIRD: PROCESSING OF THE INFORMATION:

  • 3.1- Collected data. The collection of data for the development of Processing and its intended purposes will fall on the personal data received and stored by Compañía Hotelera Cartagena Plaza and the related or associated companies and hotels, and will include all the information provided during the visit to the website https://www.hotelcartagenaplaza.co, as well as all related to the services or bookings made, and the accommodation and lodging data provided to Compañía Hotelera Cartagena Plaza or any of the hotels associated with it. Notwithstanding that in some cases it concerns public data, the information collected will correspond to the name, nationality ID number, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, consumption or travel habits, among others If a booking is made through the website https://www.hotelcartagenaplaza.co, the credit card information provided for the booking and stay will be collected.
  • 3.2- Processing to which the data will be subjected and its purpose. The data and information obtained and collected by Compañía Hotelera Cartagena Plaza, by the hotels of Compañía Hotelera Cartagena Plaza, or by their operating companies, will be used in the normal course of their commercial activities only for the purposes established in these information processing policies, in such a way that a direct and effective communication with the client can be created, leading to establishing a closer bond. The processing consists of sending digital information through different communication channels, intending to contact the data subject to send them surveys of services after each stay; allowing the evaluation of the service provided, and conveying invitations, offers, promotions, service portfolio, or information about the Hotel or hotels that are part of Compañía Hotelera Cartagena Plaza, without at any time their data being provided, assigned, or delivered to persons not part of the Hotel that collected the information, or to the hotels and activities linked to Compañía Hotelera Cartagena Plaza and its activities. Additionally, data collection aims to: carry out, process, handle and/or complete bookings or purchase of hotel nights or other services; conduct internal studies on tourism habits; assess the quality of our services; send surveys and questionnaires regarding the services provided; properly attend to your requests, petitions, or needs; communicate invitations, offers, promotions, and general information about the service portfolio offered by natural or legal persons directly linked to hotel operations and specifically with the services provided by Compañía Hotelera Cartagena Plaza and the companies and hotels that operate them. The information or data supplied and collected, stored, or maintained in accordance with these policies may be shared, transmitted, updated, and/or deleted among Compañía Hotelera Cartagena Plaza and the hotels, operating companies associated with Compañía Hotelera Cartagena Plaza for the purpose defined in these policies, to be used in the manner established here. By accessing the website https://www.hotelcartagenaplaza.co, you authorize your information and data to be shared with the tourism providers to whom they refer and to whom your bookings and/or requests are processed. It is assumed that all the information or data provided or deposited through the website https://www.hotelcartagenaplaza.co is truthful, accurate, and complete and can be withdrawn at any time if considered harmful or detrimental to your interests or those of a third party. The data and, in general, the information received when entering the website https://www.hotelcartagenaplaza.co may be yours as well as from the device you are entering from. With the aim of optimizing and making your experience visiting the site more efficient, cookies and/or web beacons may be used, and information may be obtained and stored about the websites visited, your IP address, the operating system of the device from which you are entering, through a recognition and tracking process that allows to identify your preferences and identify you when you visit the page again and store certain records from your IP address. The IP address is not associated or linked with your name or your personal data. 3.3.- Sensitive data and data related to children and adolescents. Neither Compañía Hotelera Cartagena Plaza nor the operating companies of Compañía Hotelera Cartagena Plaza hotels will process data considered sensitive, nor is the data collection aimed at collecting sensitive information. The collection of data related to children and adolescents under the age of majority, and the respective authorization, must always be provided by their legal representative, after the minor exercises their right to be heard. The processing of data related to children and adolescents must respond and respect the superior interest of children and adolescents, and their fundamental rights. In the event that, for some reason, a question may lead to a response that deals with sensitive data or data of girls, boys, and adolescents, the answer to such a question will be optional.
  • 3.4.- Duties of the data processing controller. The data controllers and/or processors are obligated to: a) Guarantee the Data Subject, at all times, the full and effective exercise of habeas data; b) Request and retain, under the conditions stipulated by law, a copy of the respective authorization granted by the Data Subject; c) Properly inform the Data Subject about the purpose of collection and the rights that assist them by virtue of the granted authorization; d) Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, unauthorized, or fraudulent use or access; e) Ensure that the information provided to the Data Processor is true, complete, accurate, updated, verifiable, and comprehensible; f) Update the information, timely communicating to the Data Processor, all developments regarding the data that have been previously provided and adopting the other necessary measures to keep the information provided to this up-to-date; g) Rectify the information when it is incorrect and communicate the relevant matters to the Data Processor; h) Provide the Data Processor, for the case exclusively, only data whose Processing is previously authorized in accordance with the provisions of this law; i) Require the Data Processor at all times, to respect the security and privacy conditions of the Data Subject’s information; j) Process inquiries and claims submitted in the terms set forth by law; k) Inform the Data Processor when certain information is being disputed by the Data Subject, once a claim has been submitted, and the respective process is unresolved; l) Inform the Data Subject about the use of their data upon request; m) Inform the data protection authority when there are violations to the security codes and risks in the management of the Data Subject’s information; n) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

FOURTH: RIGHTS AND AUTHORITIES OF THE DATA SUBJECT:

  • 4.1.- Rights of the data subject. Once authorization has been granted by the Data Subject for the corresponding processing, they have the right to: a) Know, update, and rectify their personal data. This right may be exercised against partial, inaccurate, incomplete, split data that induces error or those whose Processing is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, unless expressly exempted as a requirement for Processing, following article 10 of Law 1581 of 2012; c) Be informed by the controller and/or processor of personal data, upon request, about the use their data has been put to; d) Present complaints to the Superintendence of Industry and Commerce for violations of the provisions of the law; e) Revoke the authorization and/or request the deletion of the data when the processing is not respectful of the principles, rights, and constitutional and legal guarantees. Revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that the Processing has incurred conduct contrary to this law and the Constitution; f) Request, at any time, the controller or processor, the deletion of their personal data and/or revoke the authorization granted for their Processing, by submitting a claim. These will not proceed when the Data Subject has a legal or contractual duty to remain in the database; g) Access, for free, their personal data that have been subject to Processing: (i) at least once every calendar month, and (ii) whenever there are substantial modifications to the Information Processing Policies that motivate further inquiries. In case of requests exceeding one for each calendar month, the controller and/or processor may charge the Data Subject shipping, reproduction, and, where appropriate, document certification costs.
  • 4.2.- Legal standing to exercise data subject’s rights.The following persons are entitled to exercise the rights that assist the data subject: a). The data subject themselves, who must sufficiently establish their identity through the means provided by the controller; b). Their successors, who must establish such status; c). The data subject’s representative and/or agent, after establishing representation or agency; d). By stipulation in favor of another or for another; e). The rights of children and adolescents will be exercised by those persons empowered to represent them, upon establishing the power of representation.
  • 4.3.- Area responsible for the attention and support of the data subject. The attention and response to consultations, requests, and claims of the Data Subjects concerning any aspect of processing will be the responsibility of the legal department. The Data Subject who wishes to know, update, rectify, request proof of the authorization granted; be informed about the use of their personal data; revoke the authorization and/or request the deletion of data and/or access for free their personal data that have been the object of Processing, must request it in writing directly to the email cartagenaplaza@hotelcartagenaplaza.co or send the communication to Bocagrande, Carrera 1 6-154 Cartagena de Indias (Colombia). In either case, must be indicated: a) full name; b) identity document; c) physical address and email; d) contact phone number; e) brief description of the data and information referred to, expressly indicating the scope and content of the request; and, f) include the documents considered to support their request.
  • 4.4.- Procedure to exercise rights to know, update, rectify, or delete information and revoke authorization.The procedures for accessing, updating, deleting, and rectifying personal data, and revoking the authorization, may be carried out through consultations or claims, directed to the email cartagenaplaza@hotelcartagenaplaza.co or the address Bocagrande, Carrera 1 6-154 Cartagena de Indias (Colombia), depending on their purpose, establishing at least, the legitimacy they have to make the request and clearly and concretely exposing what is meant. All requests, suggestions, and recommendations related to the information processing must be sent to the email cartagenaplaza@hotelcartagenaplaza.co. The data subject or the entitled person must attach to their writing the quality proof in which they act and must provide the data and documents necessary to account for their identity and quality. In the email, the reason or purpose of the communication must be specified, and for this, it will be enough to indicate in the text that the right to know, update, rectify, delete, or revoke the granted authorization is being exercised.
  • 4.5.- Procedure for the correction, updating, or deletion of data and for filing complaints and claims. Those empowered by law who consider that the contained information requires correction, updating, or deletion, or when they consider that the data processing violates legal norms, can submit, in accordance with article 15 of Law 1581 of 2012, claims to the email cartagenaplaza@hotelcartagenaplaza.co. Complaints and claims will be processed under the following rules:
    • 4.5.1.- The claim will be made through a request addressed to the Data Controller or the Processor, with the Data Subject’s identification, a description of the facts giving rise to the claim, and the address, attaching documents intended to be asserted. If the claim is incomplete, the interested party will be required to remedy the failures within five (5) business days following the receipt of the claim. Two (2) months after the date of the request, without the applicant presenting the required information, it will be understood that they have withdrawn the claim. If the recipient of the claim is not competent to resolve it, it will be transferred to the competent party within a maximum term of two (2) working days and the interested party will be informed of the situation.
    • 4.5.2.- Once the complete claim is received, a legend stating “claim in process” and the reason for it will be included in the database, within a maximum period of two (2) working days. This legend must be maintained until the claim is decided.
    • 4.5.3.- The maximum term to address the claim is fifteen (15) business days from the day following the date of receipt. If it is not possible to address the claim within this period, the delay must be explained to the interested party and the date on which the claim will be addressed, which in no case may exceed eight (8) working days following the end of the first period.
    • 4.6.- Consultation and access to information. Personal data queries contained in the Compañía Hotelera Cartagena Plaza database will be addressed through a written request via the email cartagenaplaza@hotelcartagenaplaza.co. Queries will be responded to within a maximum term of ten (10) business days from the date of receipt. If it is not possible to respond to the query within this period, the reasons for the delay and the date on which the query will be addressed will be informed to the interested party, which in no case may exceed five (5) business days following the end of the first term.

FIFTH: SECURITY.

  • 5.1.- Security in information management. The collected data will always be handled within a framework of confidentiality, thus not facilitated, assigned, or delivered to persons other than or external to the Hotel, Compañía Hotelera Cartagena Plaza, or operator companies of Compañía Hotelera Cartagena Plaza, or anyone with legitimate authorization for it.
  • 5.2.- Data transfer and transmission. In the event that a contract is signed with a third professional person with experience in the management and use of databases, the controller will sign the data transmission contract referred to in article 25 of decree 1377 of 2013.

SIXTH: DISSEMINATION AND VALIDITY.

  • 6.1.- Means of dissemination of the information processing and privacy policy. This document, which establishes the policies for processing personal data collected, will be permanently published through the link _URL of information processing_ for consultation by those interested. At the time of requesting the express authorization of the Data Subject for data processing, the specific purposes for which consent is sought and the Processing Policy and the rights assisting them as a Data Subject will be disclosed to them.
  • 6.2.- Effective date of information processing policies. The collection, storage, use, and circulation of personal data, under the considerations established here, will be carried out and maintained as long as there is a need for direct communication with the client and no more efficient forms of it exist, in accordance with the purposes proposed by the Processing. If the purpose cannot be achieved through the Processing of personal data, these will be permanently deleted from the database. This document takes effect on February 22, 2016.
  • 6.3.- Procedure for modifications to the policies. In the event that modifications are made to the personal data processing policies contained herein, they will be notified and communicated through this same website, prior to their entry into force.
  • 6.4.- Inclusion of the usage conditions of the website https://www.hotelcartagenaplaza.co. In accordance with applicable regulations, the information processing policy is an integral part of the terms and conditions of use of the website https://www.hotelcartagenaplaza.co.
  • 6.5.- Information controller. The company Compañía Hotelera Cartagena Plaza, with NIT 800.116.562-9, holds the status of data controller and processor, along with each of the related operator companies that may have collected the information. When information has been received or collected by any of its related companies, with express authorization for transfer, Compañía Hotelera Cartagena Plaza will be responsible for processing. Any communication can be directed to Bocagrande, Carrera 1 6-154 Cartagena de Indias (Colombia), or to the email cartagenaplaza@hotelcartagenaplaza.co.