PRIVACY POLICIES AND PROCESSING OF PERSONAL DATA
For BLUE SEA COTTAGE the conservation, protection, integrity and confidentiality of the personal data of its clients is very important. For this we have designed a policy of storage and processing of information that our customers provide through the various marketing channels of our products and services (such as websites, social networks, call centers, emails), and we are committed to the protection and proper management of them, according to the legal regime of protection of personal data applicable in each territory where we operate.
CHAPTER I GENERAL PROVISIONS
For purposes of the application of the rules contained in this manual and in accordance with the provisions of Article 3 of Law 1581 of 2012, it is understood as:
a) Authorization: Prior, express and informed consent of the Holder to carry out the processing of personal data. b) Privacy notice: Verbal or written communication generated by the Responsible Director addressed to the Owner for the processing of their personal data, through which you are informed about the existence of the information processing policies that will be applicable, the form of access to them and the purposes of the treatment that is intended to give personal data. c) Database: Organized set of personal data that is subject to processing. d) Personal data: Any information linked to or associated with one or several natural persons determined or determinable. e) Private Data: It is the data that by its intimate or reserved nature is only relevant for the owner. f) Sensitive data: Sensitive data is understood to be those that affect the privacy of the Owner or whose undue use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, belonging to unions, social organizations, human rights organizations or those that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data. g) Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the Treatment Manager. h) Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data. i) Owner: Natural person whose personal data are subject to Treatment. j) Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion of the same.
The purpose of this document is to regulate the procedures for the collection, handling and processing of personal data that BLUE SEA COTTAGE performs, in order to guarantee and protect the fundamental right of habeas data of its guests, visitors, customers, users and providers within the framework of the provisions of the law.
All the above in compliance with the provisions of subparagraph (k) of Article 17 of Law 1581 of 2012, which regulates the duties that assist those responsible for the processing of personal data, among which is to adopt a manual internal policies and procedures to ensure adequate compliance with the law and in particular, for the attention of inquiries and complaints.
AREA OF APPLICATION.
This manual will be applicable to the personal data registered and to be registered in the different databases managed by BLUE SEA COTTAGE, that is, to the databases of our guests, visitors, customers and suppliers, who provide us their data for purposes commercial.
The information collected by BLUE SEA COTTAGE, may include, in whole or in part according to the needs of each product and / or service, among others the following data:
Names and surnames
Type and identification number
Nationality and country of residence
Date of birth and gender
Marital status and / or relationship in relation to minors or disabled persons requesting our services
Fixed and mobile contact phones (personal and / or work)
Postal and electronic addresses (personal and / or labor)
Profession or office
Company where you work and charge
Origin and destiny
Reason for your trip
Information of credit card (s) (number, bank entity, expiration date)
Personal data of the cardholder (names and surnames, type and identification number)
Address information where the cardholder receives his bank statements.
VERACITY OF INFORMATION.
Our guests, visitors, customers, users and suppliers who are truthful about their personal data for the purposes of making possible the provision of services by BLUE SEA COTTAGE and under the condition that the required information is fulfilled.
BLUE SEA COTTAGE presumes the veracity of the information provided and does not verify, nor the obligation to verify, the identity of customers, customers, users and suppliers, nor the veracity, validity, sufficiency and authenticity of the data that Each one of them provides Therefore, we do not assume responsibility for damages and / or damages of all nature that you have that we have origin in the lack of veracity, validity, sufficiency or authenticity of the information, and damages that can be reduced to the homonymy or the impersonation of identity.
This manual was prepared taking into account the ordinances of the Law 1581 of 2012 “Whereby general provisions for the protection of personal data are issued” and the Decree number 1377 of 2013 “By which Part 1581 of 2012 is partially regulated”.
INFORMATION OF CHILDREN AND ADOLESCENTS UNDER AGE
BLUE SEA COTTAGE will ensure the proper use of personal data of children and adolescents under age, ensuring that in the treatment of their data respect their best interests, and their fundamental rights and, where possible, Taking into account your opinion, as holders of your personal data.
PURPOSES OF THE PROCESSING OF PERSONAL DATA
The information collected is used to process, confirm, fulfill and provide the services and / or products acquired, directly and / or with the participation of third party suppliers of products or services, as well as to promote and publicize our activities, products and services, perform transactions, make reports to the different administrative authorities of national or international control and surveillance, police authorities or judicial authorities, banking entities and / or insurance companies, for internal administrative and / or commercial purposes such as market research, audits, reports accounting, statistical analysis, billing, and offering and / or recognition of benefits of our loyalty programs.
By accepting this Privacy and Treatment Policy, our guests, visitors, customers, users and suppliers in their capacity as holders of the data collected, authorize BLUE SEA COTTAGE to perform the treatment of them, partially or totally, including the collection, storage, recording, use, circulation, processing, suppression, for the execution of the activities related to the services and products acquired, such as, making reservations, modifications, cancellations and changes of the same, refunds, attention to queries , complaints and claims, payment of compensations and indemnities, accounting records, correspondence, processing and verification of credit cards, debit and other payment instruments, identification of fraud and prevention of money laundering and other criminal activities and / or for the operation of the loyalty programs and other purposes indicated in this document.
The foregoing, without prejudice to other purposes that have been reported in this document and in the terms and conditions of each of the products and services of each of our business units.
We warn that third party suppliers (such as suppliers of booking systems, travel agencies, call centers, banks, insurers, etc.) may be involved in these activities.
Use the information received from them, for marketing purposes of their products and services, and the products and services of third parties with which BLUE SEA COTTAGE maintains a business relationship
Provide personal data to the police and judicial control and surveillance authorities, pursuant to a legal or regulatory requirement and / or use or disclose this information and personal data in defense of their rights and / or assets as soon as such defense has relationship with the products and / or services contracted by its travelers, customers and users
Allow access to information and personal data to auditors or third parties hired to carry out internal or external audit processes of the commercial activity that we develop
Consult and update personal data, at any time, in order to keep this information updated
Contract with third parties the storage and / or processing of information and personal data for the proper execution of contracts entered into with us, under the security and confidentiality standards to which we are obliged.
CHAPTER II AUTHORIZATION
The collection, storage, use, circulation or deletion of personal data by BLUE SEA COTTAGE requires the free, prior, express and informed consent of the owner thereof. BLUE SEA COTTAGE, as the person responsible for the processing of personal data, has provided the necessary mechanisms to obtain the authorization of the holders, guaranteeing in any case that it is possible to verify the granting of such authorization.
With the aforementioned authorization, the client accepts the policies and conditions established in this document.
FORM AND MECHANISMS TO GRANT AUTHORIZATION.
The authorization of the owner of the information will be included in each of the channels and data collection mechanisms of BLUE SEA COTTAGE.
Thus, it can be recorded in a physical, electronic document or in any other format that guarantees its subsequent consultation. The authorization will be issued by the owner prior to the processing of their personal data, in accordance with the provisions of Law 1581 of 2102.
With the consented authorization procedure it is guaranteed that the owner of the personal data has been informed, both the fact that your personal information will be collected and used for certain and known purposes, and that you have the option of knowing any alternation to them. and the specific use that has been given of them. The foregoing in order for the owner to make informed decisions regarding their personal data and control the use of their personal information.
CHAPTER III RIGHTS AND DUTIES
RIGHTS OF THE INFORMATION HOLDERS.
In accordance with the provisions of article 8 of Law 1581 of 2012 the owner of personal data has the following rights:
a) To know, update and rectify your personal data in front of BLUE SEA COTTAGE, in its condition of being responsible for the treatment.
b) Request proof of the authorization granted to BLUE SEA COTTAGE, in its capacity as Responsible for Treatment.
c) Be informed by BLUE SEA COTTAGE upon request, regarding the use you have given to your personal data.
d) Submit complaints to the Superintendency of Industry and Commerce for infractions of the provisions of Law 1581 of 2012, once the process of consultation or claim has been exhausted before the Person Responsible for Processing.
e) Revoke the authorization and / or request the deletion of the data when the Treatment does not respect the principles, rights and constitutional and legal guarantees.
f) Access free of charge to your personal data that have been processed.
DUTIES OF BLUE SEA COTTAGE IN RELATION TO THE PROCESSING OF PERSONAL DATA.
BLUE SEA COTTAGE will keep in mind, at all times, that the personal data are property of the people to whom they refer and that only they can decide on them. In this sense, it will use them only for those purposes for which it is duly empowered, and in all cases respecting Law 1581 of 2012 on the protection of personal data.
In accordance with the provisions of article 17 of Law 1581 of 2012, BLUE SEA COTTAGE DIVE CENTER undertakes to comply permanently with the following duties:
a) Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.
b) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
c) Perform timely, this is in the terms provided in articles 14 and 15 of Law 1581 of 2012, updating, rectification or deletion of data.
d) Process inquiries and claims made by the Holders in the terms set forth in article 14 of Law 1581 of 2012.
e) Insert in the database the legend “information in judicial discussion” once notified by the competent authority about judicial processes related to the quality or details of the personal data.
f) Refrain from circulating information that is being contested by the Holder and whose blockade has been ordered by the Superintendence of Industry and Commerce.
g) Allow access to information only to people who may have access to it.
h) Inform the Superintendence of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Owners.
i) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
CHAPTER IV ACCESS, CONSULTATION AND CLAIM PROCEDURES
RIGHT OF ACCESS:
The power of disposition or decision that the owner has over the information that concerns him, necessarily implies the right to access and know if his personal information is being treated, as well as the scope, conditions and generalities of said treatment.
BLUE SEA COTTAGE will guarantee the right of access when, after proof of the identity of the owner or his representative or proxy, he requests it according to the provisions of Law 1581 of 2012.
Customers and users can exercise their rights to know, update, rectify and delete their personal data by sending their request to the email address: email@example.com and by phone 317-8933513 and 304-3958471, in accordance with this Policy Of privacy.
You must include the following information in the application:
Names and surnames
RESPONSE TO CONSULTATIONS.
In any case, regardless of the mechanism implemented for the attention of requests for consultation, they will be attended within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the consultation within said term, the interested party will be informed before the expiration of the 10 days, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
In accordance with the provisions of Article 14 of Law 1581 of 2012, the Holder or his successors in title who consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may submit a claim to the Responsible for Treatment, which will be processed under the following rules:
1. The claim may be presented by the Holder in the formats provided for that purpose by BLUE SEA COTTAGE in its Hotel Registry. If the claim received does not have complete information that allows it to process it, that is, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents to be asserted, the interested within five (5) days after receipt to correct the faults. After two (2) months from the date of the request without the applicant submitting the required information, it shall be understood that the claim has been abandoned. If for any reason the Company receives a claim that should not be directed against it, it will notify the corresponding party within a maximum period of two (2) business days and inform the interested party of the situation.
2. Once the complete claim has been received, a legend will be included in the database maintained by BLUE SEA COTTAGE stating “claim in process” and the reason thereof, within a term not exceeding two (2) business days. . This legend must be maintained until the claim is decided.
3. The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend it within said term, the interested party will be informed before the expiration of said period of time of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first term.
IMPLEMENTATION OF PROCEDURES TO GUARANTEE THE RIGHT TO SUBMIT CLAIMS
At any time and for free, the owner or his representative may request BLUE SEA COTTAGE to rectify, update or delete their personal data, after proof of identity. The rights of rectification, updating or deletion may only be exercised by:
The owner or his successors in title, after proof of identity, or through electronic instruments that allow him to identify himself
Your representative, previous accreditation of the representation.
When the request is made by a person other than the owner and it is not proven that it acts on behalf of the former, it will be deemed not filed.
The request for rectification, updating or deletion must be submitted through the means provided by BLUE SEA COTTAGE indicated in the privacy notice and contain, as a minimum, the following information:
1. The name and address of the owner or any other means to receive the answer
2. Documents proving the identity or personality of your representative.
3. The clear and precise description of the personal data with respect to which the owner seeks to exercise any of the rights.
4. If necessary, other elements or documents that facilitate the location of personal data.
RECTIFICATION AND UPDATING OF DATA. BLUE SEA COTTAGE.
BLUE SEA COTTAGE has the obligation to rectify and update, at the request of the owner, the information of the latter that is incomplete or inaccurate, in accordance with the procedure and the terms indicated above. In this respect, the following will be taken into account: In the requests for rectification and updating of personal data, the owner must indicate the corrections to be made and provide the documentation that supports their request.
BLUE SEA COTTAGE has full freedom to enable mechanisms that facilitate the exercise of this right, as long as they benefit the owner. Consequently, electronic or other means may be enabled that you consider pertinent.
BLUE SEA COTTAGE may establish forms, systems and other simplified methods, which must be informed in the privacy notice and made available to those interested in the website.
BLUE SEA COTTAGE will use the service or customer service it has in operation, as long as the response times are not greater than those indicated by article 15 of Law 1581 of 2012.
Each time BLUE SEA COTTAGE makes available a new tool to facilitate the exercise of their rights by the holders of information or modify existing ones, they will inform it through their website.
The owner has the right, at all times, to request BLUE SEA COTTAGE the deletion (deletion) of their personal data when:
a.) Consider that they are not being treated in accordance with the principles, duties and obligations set forth in Law 1581 of 2012.
b.) They have ceased to be necessary or pertinent for the purpose for which they were collected.
c.) The period necessary to fulfill the purposes for which they were collected has been exceeded. This deletion implies the total or partial elimination of personal information in accordance with the request by the owner in the records, files, databases or treatments performed by BLUE SEA COTTAGE It is important to take into account that the right of cancellation is not absolute and the person in charge can deny the exercise of the same when:
The request for suppression of the information will not proceed when the holder has a legal or contractual duty to remain in the database
The elimination of data hinder judicial or administrative actions linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions
The data is necessary to protect the legally protected interests of the owner; to perform an action based on the public interest, or to comply with an obligation legally acquired by the owner.
If the cancellation of personal data is appropriate, BLUE SEA COTTAGE must perform the deletion operatively in such a way that the elimination does not allow the retrieval of the information.
The holders of personal data may revoke the consent to the processing of their personal data at any time, provided that it is not prevented by a legal provision. To do this, you must contact BLUE SEA COTTAGE, by email: firstname.lastname@example.org or by phone +57 317 893 3513 and +57 304 395 8471.
It should be borne in mind that there are two ways in which revocation of consent can occur. The first one can be about the totality of the consented purposes, that is, that BLUE SEA COTTAGE should stop treating the owner’s data completely; the second, can occur on certain types of treatment, such as for advertising or market research purposes. With the second modality, that is, the partial revocation of the consent, they are kept safe for other purposes of the treatments that the person in charge, in accordance with the granted authorization, can carry out and with whom the owner agrees.
Therefore, it will be necessary that the owner at the time submit the request for revocation of consent to BLUE SEA COTTAGE, indicate in this if the revocation that you intend to make is total or partial. In the second hypothesis, it should be indicated with which treatment the owner is not satisfied. There will be cases in which the consent, due to its necessary nature in the relationship between the owner and the person responsible for the fulfillment of a contract, by legal provision can not be revoked. The mechanisms or procedures that BLUE SEA COTTAGE establishes to respond to requests for revocation of consent may not exceed the deadlines established to address the claims as set forth in article 15 of Law 1581 of 2012.
CHAPTER V INFORMATION SECURITY
In development of the security principle established in Law 1581 of 2012, BLUE SEA COTTAGE has adopted the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized access or fraudulent.
Notwithstanding the foregoing, the customer assumes the risks that arise from delivering this information in a medium such as the Internet, which is subject to various variables – attacks by third parties, technical or technological failures, among others. BLUE SEA COTTAGE will make its best technological effort to guarantee the security of the personal information of all its clients and / or users, using reasonable and current security methods to prevent unauthorized access, to maintain the accuracy of the data and guarantee the correct use of information.
IMPLEMENTATION OF SECURITY MEASURES
BLUE SEA COTTAGE will maintain mandatory compliance protocols for personnel with access to personal data and information systems. The procedure must consider, at least, the following aspects:
a) Third parties hired by BLUE SEA COTTAGE DIVE CENTER, will be required to adhere to and comply with the security policies and manuals of the information, as well as the security protocols that we apply to all our processes.
b) Any BLUE SEA COTTAGE DIVE CENTER contract with third parties (contractors, external consultants, temporary collaborators, etc.) that involves the processing of information and personal data, will include a confidentiality agreement that details its commitments for protection, care, safety and preservation of the confidentiality, integrity and privacy of it.
c) Scope of application of the procedure with detailed specification of the protected resources.
d) Measures, rules, procedures, rules and standards aimed at guaranteeing the level of security required by Law 1581 of 2012.
e) Staff functions and obligations.
f) Structure of the personal data bases and description of the information systems that deal with them.
g) Procedure for notification, management and response to incidents.
h) Procedures for making backup copies and data recovery.
i) Periodic checks that must be carried out to verify compliance with the provisions of the security procedure that is implemented
j) Measures to be adopted when a support or document is to be transported, discarded or reused.
k) The procedure must be kept up-to-date at all times and must be reviewed whenever there are relevant changes in the information system or in the organization thereof.
l) The content of the procedure must be adapted at all times to the current provisions on the security of personal data.
CHAPTER VI FINAL PROVISIONS
VALIDITY OF THE PROCESSING OF INFORMATION AND PERSONAL DATA.
The information provided by customers and users will remain stored for up to fifteen (15) years from the date of the last treatment, to enable us to comply with legal and / or contractual obligations to their charge, especially in accounting matters, fiscal and tributary.