fbpx

RÍO ESCONDIDO

PAGOS STRIPE

INTERNATIONAL PAYMENTS – ADULTS ONLY HOTEL.
SELECT THE LANGUAGE

DATA PROCESSING POLICY

1. LEGAL REGULATIONS AND SCOPE OF APPLICATION: This personal data processing policy is prepared in accordance with the provisions of the Political Constitution, Law 1581 of 2012, Regulatory Decree 1377 of 2013 and other complementary provisions and will be applied by IMPORWORLD SAS regarding the collection, storage, use, circulation, deletion and all those activities that constitute processing of personal data.

2. DEFINITIONS: For the purposes of executing this policy and in accordance with legal regulations, the following definitions will apply:

a) Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data; b) Privacy Notice: Physical, electronic or any other format document generated by the Responsible Party that is made available to the Owner for the processing of their personal data. In the Privacy Notice, the Owner is informed of the information regarding the existence of the information processing policies that will be applicable to him, the way to access them and the purpose of the treatment that is intended to be given to personal data; c) Database: Organized set of personal data that is subject to Treatment; d) Personal data: Any information linked or that can be associated with one or several determined or determinable natural persons; e) Public data: It is the data classified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. The data relating to the marital status of people, their profession or trade, their quality as a merchant or public servant and those that can be obtained without any reservation are public, among others. Due to its nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins; f) Private data: It is the data that, due to its intimate or reserved nature, is only relevant to the owner; g) Sensitive data: Sensitive data is understood to be those that affect the Owner’s privacy or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, life sexual and biometric data; h) Data Processor: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller; i) Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data; j) Holder: Natural person whose personal data is subject to Treatment; k) Treatment:

3. PURPOSE FOR WHICH THE COLLECTION OF PERSONAL DATA AND PROCESSING IS CARRIED OUT: IMPORWORLD SAS, may make use of personal data to: a) Execute the existing contractual relationship with its clients, suppliers and workers, including the payment of Contractual obligations; b) Provide the services and/or products required by its users; c) Inform about new products or services and/or about changes in them; d) Evaluate the quality of the service; e) Carry out internal studies on consumer habits; f) Send to physical mail, email, cell phone or mobile device, via text messages (SMS and/or MMS) or through any other analogous and/or digital means of communication created or to be created, commercial, advertising or promotional information about the products and/or services, events and / or promotions of a commercial or non-commercial nature, in order to promote, invite, direct, execute, inform and in general, carry out campaigns, promotions or contests of a commercial or advertising nature, advanced by IMPORWORLD SAS and / or by third parties; g) Develop the process of selection, evaluation, and employment relationship; h) Support internal or external audit processes; i) Register the information of employees and/or pensioners (active and inactive) in the IMPORWORLD SAS databases i) Those indicated in the authorization granted by the data owner or described in the respective privacy notice, as the case may be. ; . IMPORWORLD SAS may subcontract to third parties for the processing of certain functions or information.

4. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA: The processing of personal data at IMPORWORLD SAS will be governed by the following principles: a) Principle of purpose: The Processing of personal data collected must obey a legitimate purpose, which must be informed to the Owner; b) Principle of freedom: Treatment can only be carried out with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent; c) Principle of veracity or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, divided or misleading data will not be carried out; d) Principle of transparency: In the Treatment, the right of the Holder to obtain from IMPORWORLD SAS at any time and without restrictions, information about the existence of data that concerns him must be guaranteed; e) Principle of access and restricted circulation: The Treatment is subject to the limits that derive from the nature of the personal data, the provisions of this law and the Constitution. Personal data, except for public information, and the provisions of the authorization granted by the data owner, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties; f) Safety principle: The information subject to Treatment by IMPORWORLD SAS must be protected through the use of technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access; g) Principle of confidentiality: All persons involved in the Processing of personal data are obliged to guarantee the confidentiality of the information,

even after the end of their relationship with any of the tasks that comprise the Treatment. FIRST PARAGRAPH: In the event that sensitive personal data is collected, the Holder may refuse to authorize its Treatment.

5. RIGHTS OF THE HOLDERS OF PERSONAL DATA SUBJECT TO TREATMENT BY IMPORWORLD SAS: The holders of personal data by themselves or through their representative and/or proxy or successor in title may exercise the following rights, with respect to the personal data that are subject to treatment by IMPORWORLD SAS: a) Right of access: By virtue of which you can access the personal data that is under the control of IMPORWORLD SAS, for the purpose of consulting them free of charge at least once every calendar month, and whenever there are substantial modifications to the Information Treatment Policies that motivate new consultations; b) Right to update, rectify and delete: By virtue of which you may request the update, rectification and/or deletion of the personal data subject to treatment, in such a way that the purposes of the treatment are satisfied; c) Right to request proof of authorization: except in those events in which, according to current legal regulations, authorization is not required to carry out the treatment; d) Right to be informed regarding the use of personal data; e) Right to file complaints with the Superintendency of Industry and Commerce: for violations of the provisions of current regulations on the processing of personal data; f) Right to require compliance with the orders issued by the Superintendence of Industry and Commerce. according to current legal regulations, authorization is not required to carry out the treatment; d) Right to be informed regarding the use of personal data; e) Right to file complaints with the Superintendency of Industry and Commerce: for violations of the provisions of current regulations on the processing of personal data; f) Right to require compliance with the orders issued by the Superintendence of Industry and Commerce. according to current legal regulations, authorization is not required to carry out the treatment; d) Right to be informed regarding the use of personal data; e) Right to file complaints with the Superintendency of Industry and Commerce: for violations of the provisions of current regulations on the processing of personal data; f) Right to require compliance with the orders issued by the Superintendence of Industry and Commerce.

FIRST PARAGRAPH: For the purposes of exercising the rights described above, both the owner and the person representing him must demonstrate his identity and, if applicable, the capacity by virtue of which he represents the owner.

SECOND PARAGRAPH: The rights of minors will be exercised through the persons empowered to represent them.

6. DUTIES OF IMPORWORLD SAS: All those obliged to comply with this policy must bear in mind that IMPORWORLD SAS. is obliged to comply with the duties imposed in this regard by law. Consequently, the following obligations must be fulfilled: A. Duties when acting as responsible: (i) Request and keep, under the conditions provided in this policy, a copy of the respective authorization granted by the owner. (ii) Clearly and sufficiently inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted. (iii) Inform at the request of the owner about the use given to his personal data (iv) Process the queries and claims formulated in the terms indicated in this policy (v) Ensure that the principles of veracity, quality, security and confidentiality in the terms established in the following policy (vi)-Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. (vii) Update the information when necessary. (viii) Rectify personal data when appropriate. B. Duties when acting as Personal Data Processor. If you carry out the data processing on behalf of another entity or organization (Responsible for the treatment) you must comply with the following duties: (i) Establish that the Responsible for the treatment is authorized to supply the personal data that will be processed as Manager (ii) Guarantee the owner , at all times, the full and effective exercise of the right of habeas data.

unauthorized or fraudulent loss, consultation, use or access. (iv) Timely update, rectify or delete the data. (v) Update the information reported by the Treatment Managers within five (5) business days from its receipt. (vi) Process the queries and claims made by the owners in the terms indicated in this policy. (vii) Register in the database the legend “claim in process” in the manner established in this policy. (ix) Insert in the database the legend “information under judicial discussion” once notified by the competent authority about judicial processes related to the quality of personal data. (x) Refrain from circulating information that is being controversial by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce. (xi) Allow access to information only to persons authorized by the owner or empowered by law for that purpose. (xii) Inform the Superintendence of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the holders. (xiii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce. C. Duties when carrying out the treatment through a Manager (i) Provide to the Manager of the treatment only the personal data whose treatment is previously authorized. For the purposes of the national or international transmission of data, a personal data transmission contract must be signed or contractual clauses agreed upon as established in article 25 of Decree 1377 of 2013. (ii) Guarantee that the information provided to the Manager of the treatment is true, complete, exact, updated, verifiable and understandable. (iii) Communicate in a timely manner to the person in charge of the treatment all the news regarding the data that he has previously provided and adopt the other necessary measures so that the information provided to him is kept updated. (iv) Inform in a timely manner to the person in charge of the treatment the rectifications made on the personal data so that he can proceed to make the pertinent adjustments. (v) Demand from the person in charge of the treatment, at all times, respect for the security and privacy conditions of the owner’s information. (vi) Inform the person in charge of the treatment when certain information is under discussion by the owner, once the claim has been filed and the respective procedure has not been completed. D. Duties with respect to the Superintendence of Industry and Commerce (i) Inform it of possible violations of the security codes and the existence of risks in the administration of the information of the holders. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce. (vi) Inform the person in charge of the treatment when certain information is under discussion by the owner, once the claim has been filed and the respective procedure has not been completed. D. Duties with respect to the Superintendence of Industry and Commerce (i) Inform it of possible violations of the security codes and the existence of risks in the administration of the information of the holders. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce. (vi) Inform the person in charge of the treatment when certain information is under discussion by the owner, once the claim has been filed and the respective procedure has not been completed. D. Duties with respect to the Superintendence of Industry and Commerce (i) Inform it of possible violations of the security codes and the existence of risks in the administration of the information of the holders. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce. Duties with respect to the Superintendence of Industry and Commerce (i) Inform you of possible violations of security codes and the existence of risks in the administration of the information of the holders. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce. Duties with respect to the Superintendence of Industry and Commerce (i) Inform you of possible violations of security codes and the existence of risks in the administration of the information of the holders. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

7. REQUEST FOR AUTHORIZATION TO THE HOLDER OF THE PERSONAL DATA: In advance and/or at the time of collecting the personal data, IMPORWORLD SAS will request the owner of the data for his authorization to carry out its collection and treatment, indicating the purpose for which it is requested. the data, using for these purposes automated technical means, written or oral, that allow proof of the authorization and/or unequivocal conduct described in article 7 of Decree 1377 of 2013 to be preserved. Said authorization will be requested for as long as is reasonable and necessary to satisfy the needs that gave rise to the request for the data and, in any case, in compliance with the legal provisions that govern the matter.

8. PRIVACY NOTICE: In the event that IMPORWORLD SAS cannot make this information treatment policy available to the owner of the personal data, it will publish the notice

of privacy that is attached to this document, the text of which will be kept for later consultation by the owner of the data and/or the Superintendency of Industry and Commerce.

9. TEMPORARY LIMITATIONS ON THE PROCESSING OF PERSONAL DATA. IMPORWORLD SAS may only collect, store, use or circulate personal data during the time that is reasonable and necessary, in accordance with the purposes that justified the treatment, taking into account the provisions applicable to the matter in question and administrative aspects, accounting, tax, legal and historical information. Once the purpose or purposes of the treatment have been fulfilled and without prejudice to legal regulations that provide otherwise, it will proceed to the deletion of the personal data in its possession. Notwithstanding the foregoing, personal data must be kept when required to comply with a legal or contractual obligation.

10. RESPONSIBLE AREA AND PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF THE HOLDERS OF THE PERSONAL DATA: THE MANAGEMENT of IMPORWORLD SAS will be responsible for dealing with the requests, complaints and claims made by the owner of the data in exercise of the rights contemplated in the numeral 5 of this policy, except for the one described in its literal e). For such purposes, the owner of the personal data or whoever represents them may send their request, complaint or claim from Monday to Friday from 8:00 a.m. to 5:00 p.m. to the email imporworld@gmail.com, call the telephone line of IMPORWORLD SAS Envigado, telephone 271 04 50, or file it at the following address corresponding to our offices OFFICE ADDRESS: Calle 37B Sur 27 A 71 – Envigado, The petition, Complaint or claim must contain the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want to assert. If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim. In the event that the person receiving the claim is not competent to resolve it, they will transfer it to the appropriate person within a maximum term of two (2) business days and inform the interested party of the situation. Once the complete claim is received, a legend will be included in the database that says “claim in process” and the reason for it, within a term not exceeding two (2) business days. Said legend must be maintained until the claim is decided. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

11. SECURITY MEASURES: In development of the security principle established in Law 1581 of 2012, IMPORWORLD SAS will adopt the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or access unauthorized or fraudulent. The personnel that carry out the processing of personal data will execute the established protocols in order to guarantee the security of the information.

12. EFFECTIVE DATE: This Personal Data Policy was created on January 1, 2017 and becomes effective as of January 2, 2017.

Sincerely, IMPORWORLD SAS – EL RIO HOTEL.

Scroll to Top