FOUR SEASONS HOTELS BOGOTÁ PERSONAL DATA TREATMENT POLICY HOTELES CHARLESTON BOGOTÁ S.A.S.

Similar documents
GENERAL DATA LIVING HOTELS

INFORMATION PROCESSING POLICIES INSIGHT CRIME DATABASES Preliminary Provisions

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

The NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS

Decade of the Persons with Disabilities in Peru Year of Peru s economic and social consolidation

Gaceta Oficial Digital, miércoles 08 de febrero de 2017

The Privacy Policy links to the following Objective contained within the City Plan

Port Glasgow St Andrew s Data Protection Policy

Data Protection Policy

Selection procedure at the European Ombudsman's Secretariat

QRME Australian Privacy Principles (APP) Policy

Brussels, 16 May 2006 (Case ) 1. Procedure

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

REGULATION (EC) No 767/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 9 July 2008

Information Privacy Act 2000

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

Telekom Austria Group Standard Data Processing Agreement

COHASSET RULES AND REGULATIONS GOVERNING ALCOHOLIC BEVERAGES

PE-CONS 71/1/15 REV 1 EN

Data Protection Policy. Malta Gaming Authority

Mobile Money Guyana Inc. Registered Customer Terms & Conditions

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

Personal Data Protection Law

SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY

THE FREEDOM OF INFORMATION LAW, 2007 (LAW 10 OF 2007) THE FREEDOM OF INFORMATION (GENERAL) REGULATIONS, 2008

JW PLASTIC SURGERY. Terms of Service

Relying Party Agreement. 1. Definitions

PURCHASE ORDER GOODS AND SERVICES CONDITIONS

Electronic Transactions Act, Act, Act 772 ARRANGEMENT OF SECTIONS. Object and scope of the Act

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

Terms of Use Terminated-Vested Cashout Website

Annex 1: Standard Contractual Clauses (processors)

The Act on Processing of Personal Data

the Notices section below.

Client Service Agreement

REGULATION ON INTERNAL COMPLAINTS HANDLING PROCESS

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

Policies and Procedures

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

SSLI \6.0 v1.0

Terms of Business

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

DRAFT ENFORCEMENT RULES OF THE PERSONAL DATA PROTECTION ACT

NC General Statutes - Chapter 36F 1

Identity Cards Bill EXPLANATORY NOTES. Explanatory notes to the Bill, prepared by the Home Office, are published separately as Bill 9 EN.

LANEAXIS AXIS TOKEN SALE TERMS

GENERAL CONDITIONS OF ITINERA SPA SUPPLIERS REGISTER

RENDIA, INC. SOFTWARE LICENSE AGREEMENT

LAB-on-line License Terms and Service Agreement

Website Standard Terms and Conditions of Use

REVISOR PMM/NB A

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

ARRANGEMENT OF SECTIONS PART I PRELIMINARY

COMPLAINTS ABOUT THE JUDICIARY (SCOTLAND) RULES 2017

ARTICLE 29 DATA PROTECTION WORKING PARTY

PANAMA MARITIME AUTHORITY GENERAL DIRECTORATE OF SEAFARER MERCHANT MARINE CIRCULAR MMC-322

Personal Data Protection Act

MEASURES AGAINST MONEY LAUNDERING ACT

CHAPTER 308B ELECTRONIC TRANSACTIONS

FORM OF CLASS LICENSE FOR VALUE ADDED SERVICES INTENDED TO BE GRANTED BY THE TELECOMMUNICATIONS REGULATORY AUTHORITY

THE FREEDOM OF INFORMATION ACT, Arrangement of Sections PART I PRELIMINARY

Website Development Agreement

A combined file and information system description and information document regarding the Data System for Administrative Matters

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

GUIDELINE FOR PROTECTION OF PERSONAL INFORMATION

Form for granting proxy and voting instructions to Istifid S.p.A. pursuant to Article 135 of Legislative Decree No. 58/1998

REGISTRY AGREEMENT ARTICLE 1. DELEGATION AND OPERATION OF TOP LEVEL DOMAIN; REPRESENTATIONS AND WARRANTIES

Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Commission regarding the database ARDOS

Fragomen Privacy Notice

REGISTRY AGREEMENT ARTICLE 1. DELEGATION AND OPERATION OF TOP LEVEL DOMAIN; REPRESENTATIONS AND WARRANTIES

AWORKER WORK TOKEN PURCHASE AGREEMENT

Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000

TENNESSEE. Jurisdiction Impact Analysis Real ID Act

LICENSE TO USE THIS SITE

How we use Personal Information

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

Policy To Protect Personal Information

FREEDOM OF INFORMATION

Aviation Security Identification Card (ASIC) Application Form S002

DECISION no. 52 of 31 st May 2012 on the processing of personal data using video surveillance means

ARTICLE 29 DATA PROTECTION WORKING PARTY

2.16 Freedom of Information and Protection of Privacy Act

University of Wollongong

TERMS OF SERVICE FOR SUPPORT NETWORK COMMUNITY HEART AND STROKE REGISTRY SITE Last Updated: December 2016

WITNESSETH: 2.1 NAME (Print Provider Name)

CASH MANAGEMENT SERVICES MASTER AGREEMENT

CANDIDATE APPLICATION FORM

Football Association of Ireland

This unofficial translation is provided for information purposes only and has no legal force. Data Protection Act.

Terms of Use. 1. Right to Use and Access SaaS Applications

THE LAW OF MONGOLIA ON INFORMATION TRANSPARENCY AND FREEDOM OF INFORMATION CHAPTER ONE. Preamble

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

GENERAL CONDITIONS OF USE OF THE SUPPLIER PORTAL

Part B Personal Information

TRAVEL DOCUMENTS ACT, official consolidated version, (ZPLD-1-UPB3)

Aviation Security Identification Card (ASIC) Application Form S002

Electronic Document and Electronic Signature Act Published SG 34/6 April 2001, effective 7 October 2001, amended SG 112/29 December 2001, effective 5

TERMS AND CONDITION OF SUPPLIER REGISTRATION

JSE DATA AGREEMENT (JDA) GENERAL TERMS AND CONDITIONS

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

Transcription:

FOUR SEASONS HOTELS BOGOTÁ PERSONAL DATA TREATMENT POLICY HOTELES CHARLESTON BOGOTÁ S.A.S. 1. Introduction: According to Law 1581, 2012 and Decree 1377, 2013 and other applicable norms in relation to protection of personal data, this document defines the requirements for the management and protection of processed personal information or under custody of Hoteles Charleston Bogotá S.A.S (from now on Hoteles Charleston Bogotá SAS or the company ). This policy is applicable to all databases of Hoteles Charleston Bogotá SAS and must be followed by the company s personnel and/or contractors that manage personal data on behalf of the company. 2. Identification of the responsible of the management: Hoteles Charleston Bogotá S.A.S. is a company duly constituted according to the Colombian Law, identified with NIT 900798269-3, with address Calle 69A # 6-21 of the city of Bogotá and with phone number 325 7900. 3. Basic Concepts: For an adequate comprehension of this policy, some definitions must be considered: a. Authorization: Previous consent expressed and informed by the holder to process personal data; b. Data Base: Organized set of personal information to be treated; c. Personal Data: any information related to or that can be associated to one or several certain legal persons or ascertainable persons; d. Private Data: Information that due to its private or reserved nature is relevant to the holder; e. Public Data: Is the information that is not semi-private, private or sensible. Among others, public data is considered: information related to people s civil state, profession or occupation and the type of merchant or public server. By its nature, public data may be contained among others in public registries, public documents, gazettes, public newsletters, court rulings, duly enforced that are not subject of reserve; f. Sensible Data: Those that affect the privacy of the holder due to inappropriate use that may cause discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical convictions, affiliation to unions, social organizations, or human rights organizations that promote interests of any political party or that guarantee the rights and warranties of opposition parties, and also information related to health, sexual life and biometric data; g. Treatment Officer: Legal, judicial, public or private person that individually or in association with others treats personal data for the data treatment person; h. Treatment Responsible person: Legal, judicial, public of private person that individually or in association with others decides about the database and/or the treatment of the information;

i. Transmission: treatment of personal data that implies the communication of the same in or out of the territory of the Republic of Colombia, when the object of such is the performance of a treatment by the treatment officer in behalf of the responsible person; j. Transfer: Data transfer occurs when the responsible person or the treatment officer, located in Colombia, sends the information of personal data to a receiver, whom at the same time, is responsible for the treatment, and is located in or out of the country; k. Treatment: Any operation or set of operations about personal data, such as recollection, storage, use, circulation, or suppression; l. Holder: person whose personal data is being treated; 4. Principles for the Treatment of Personal Data: Personal data to be treated by Hoteles Charleston Bogotá SAS should always comply with the following principles: a. Freedom Principle: Unless there is a contrary legal norm, the recollection of data can only be made with prior authorization, written consent and informed by the holder. Personal data can t be obtained or disclosed without previous consent by the holder, or without a legal or judicial order that relieves the consent. No misleading or fraudulent means to recollect or treat personal data can be used. b. Principle of Limitation of Recollection: Only strictly necessary personal data should be recollected for the compliance of the treatment purpose; in such a way that the data registry or the disclosure not closely related to the objective is prohibited. c. Purpose Principle: Treatment must obey a legitimate purpose in accordance to the Constitution and the Law, which must be informed to the holder. This information must be prior, clear and sufficient about the purpose of the information offered and therefore data without a specific purpose must not be collected. d. Temporariness Principle: Personal data will be stored only for the reasonable and necessary time to comply with the treatment purpose and the legal requirements of monitoring and control authorities or other competent authorities. Data will be stored when necessary for the compliance of a legal or contractual obligation. To define the treatment term, applicable norms for each purpose will be considered as well as the administrative, accounting, tax, legal and historical information. Once the purposes have been met, data will be deleted, and this should be done in such a way that it cannot be retrieved or copied through other means. e. Principle of No Discrimination: Any act of discrimination is prohibited through the information collected in the database or files. f. Principle of Truthfulness of Quality: The information to be treated must be truthful, complete, verifiable, and comprehensible. Partial, incomplete, fractioned or misleading information is prohibited for treatment. g. Principle of Safety: Every person related to the company must comply with the technical, human, and administrative norms established by the entity to grant safety to personal data, avoiding data adulteration, loss, consultation, not authorized or fraudulent use or access. h. Transparency Principle: In the treatment, the holder s right to obtain at any time and with no restriction information of his personal data must be guaranteed. i. Restricted access Principle: Access to personal data will be allowed only to the following:

- Data holder: - Authorized people by data holder; - Authorized staff within the company; - Authorized people through legal or judicial order to know the information about the data holder. j. Principle of restricted circulation: Personal data can only be sent to the following people: - Data holder: - Authorized people by data holder; - Authorized staff within the company; - Authorized people through legal or judicial order to know the information about the data holder. k. Confidentiality Principle: Everybody involved in personal data treatment is obliged to guarantee confidentiality and secrecy of information, even after finalizing the relationship with the work related to the treatment, being able only to release or communicate personal data when this corresponds to the activities authorized by law. 5. Personal Data that can be recollected: Hoteles Charleston Bogota SAS may collect personal data belonging to the following categories: a. ID general personal data such as: names, surnames, ID, ID number, civil state, sex. b. Specific personal ID data such as: signature, nationality, family information, electronic signature, other id documents, place and date of birth, age. c. Financial, credit and/or socio-economic data. d. Biometric Data such as: image, digital fingerprint. e. Location information related to professional or private activity such as: address, phone number, email, f. Health related personal data and affiliations to Social Security Integral System. g. Data related to work history, educational level, and/or judicial and/or disciplinary history. 6. Purposes and reach of treatment Hoteles Charleston Bogotá SAS can perform personal data treatment with the following purposes: CATEGORY CANDIDATES PURPOSES - Obtaining financial, accounting, statistic, and/or historic records. - Decision making on personnel recruiting and selection. - To keep individual dossiers of the candidates - Academic, labor and personal reference verification. - Compliance of legal requirements by competent authorities in exercise of their legal functions. - Security and access controls to the company s facilities. - Completion of technical, technological, judiciary, etc. audits - Search of disciplinary or judicial history.

CUSTOMERS EMPLOYEES SUPPLIERS - Monitoring and management of contractual and commercial relations. - Performing reports and assessments. - Obtaining financial, accounting, statistic, and/or historic registries - Keeping an individual dossier of the CUSTOMER - Compliance of legal requirements by competent authorities in exercise of their legal functions. - To perform satisfaction surveys. - Security and access controls to the company facilities. - Mailing information about services and products of the company. - Completion of technical, technological, judiciary, etc. audits - Monitoring and handling of labor relationships - Compliance of legal labor obligations - Completion of performance evaluations and reports - Obtaining financial, accounting, statistic, and/or historic registries - Keeping individual dossiers of employees - Verification of academic, labor and personal references. - Completion of reports for control and vigilance authorities and the adoption of measures intended to prevent illegal activities. - Compliance of legal requirements by competent authorities in exercise of their legal functions - Security and access controls to the company facilities. - Completion of technical, technological, judiciary, etc. audits. - Search of disciplinary or judicial history. - Complete labor wellbeing programs. - Monitoring and handling of contractual and commercial relations. - Completing performance reports and assessments. - Obtaining financial, accounting, statistic, and/or historic records - Keeping and individual dossier on suppliers - Completion of reports for control and vigilance authorities and the adoption of measures intended to prevent illegal activities. -To validate supplier or contractor s financial soundness and experience. - Compliance of legal requirements by competent authorities in exercise of their functions. - To perform satisfaction surveys. - Security and access controls to the company facilities. - Completion of technical, technological, judiciary, etc. audits - Enquiries in restrictive lists. In all cases, Hoteles Charleston Bogota SAS can perform personal data treatments for the execution of commercial transactions that involve the company such as sales, integrations, fusions, reorganizations, joint ventures, liquidations, etc. According to the purposes afore mentioned the company can: a. Know, store, and process all information offered by holders in one or several databases, in the most convenient format for the company. b. Verify, corroborate, prove, validate, research, compare the information submitted by the holders with any legitimate information available.

c. Send the collected information to be treated by Hoteles Charleston Bogota SAS affiliates, its headquarters, and/or any entity that the company contracts for its services. Transmissions can be national or international, independently of any country and the protection regulations schemes of personal data in each jurisdiction. In all cases, the third party involved is responsible of guaranteeing the compliance of the principles of treatment, including security and confidentiality of the information. d. Transfer collected data to be treated by Hoteles Charleston Bogotá SAS affiliated entities, its headquarters, and/or any entity that the company requires. Transmissions can be national or international, independently of any country and the protection regulations schemes of personal data en each jurisdiction. In all cases, the company will observe the requirements set by the Colombian Law for personal data international transfers. 7. Sensible personal data treatment: Hoteles Charleston Bogotá SAS makes an effort in avoiding the treatment of sensible personal data. Nevertheless, if in the developing its social object would need personal data belonging to such category, the holders are not obliged to offer such information. For the treatment of sensible personal data, Hoteles Charleston Bogotá SAS will always require a prior, expressed, and informed authorization from the holders. 8. Holder s rights and procedures In accordance to Law 1581, 2012 the holders have the following rights: a. To know, update and rectify their personal data. This right can be exercised, among others in front of partial, inexact, incomplete, fractioned data that mislead, or those in which treatment is expressly prohibited or has not been authorized. b. Request proof of granted authorization, unless it is expressly exceptional as requisite for the treatment, according to the applicable legislation. c. To be informed, previous request, regarding the use of the personal data. d. To complain to the Superintendencia de Industria y Comercio for infringements of the current legislation. e. To revoke authorization and/or request the removal of data, according to the law. f. To access free of charge to the personal data that has been object of treatment. Holder, successor and/or guardians can exercise the rights afore mentioned by means of a consultation and/or claim, under the following terms: a. Consultation: Holders can consult free of charge their personal data once a month and every time there are substantial modifications to this policy. Holders should send a request to the attention channel to be defined ahead with the following information: (i) name and address of holder (or whomever is entitled to do it) or any other mean to receive a reply to the request, (ii) documents crediting holder s identity, of whoever is entitled; and (iii) description and purpose of the consultation. Hoteles Charleston Bogotá SAS

should answer within ten (10) working days after the request has been received. Additionally, it should be informed if there is any cost for the request. In case that Hoteles Charleston Bogotá SAS can t give a reply to the request in the term afore mentioned, Hoteles Charleston Bogotá SAS must inform the petitioner the reason for the delay and indicate a new term for the reply, a term that cannot exceed five (5) additional working days from the expiration of the first term. b. Claims: Holders can present a claim for the non-compliance of this policy and/or legislation, or can request a correction, update or deletion of their personal data. Holders should send a request to the attention channel defined ahead with the following information: (i) name and address of holder (or whomever is entitled to do it) or any other mean to receive answer to the request, (ii) documents crediting holder s identity of whomever is entitled; and (iii) description and purpose of the consultation; (iv) if it is the case, other documents or elements that are intended to be taken into account. If the claim is not complete, Hoteles Charleston Bogotá SAS must answer within the next fifteen (15) working days of the reception of the request. In case of not being able to answer the claim within the afore mentioned term, the company must inform about the reasons for the delay and should indicate a new term to issue the reply, which cannot exceed eight (8) additional working days from the expiration of the first term. If the company is not able to meet the claim, it will be transferred to whom ever corresponds in a maximum term of two (2) working days and you will be informed of such situation. Additionally, for the defense of the rights, the holders can contact Superintendencia de Industria y Comercio ( SIC ) at Carrera 13 No. 27-00 Bogotá, to telephone number 018000 910165 and through the email contactenos@sic.gov.co 9. Responsible area for the implementation and vigilance of this policy Hoteles Charleston Bogotá SAS designed a privacy committee to handle this policy implementation and vigilance. To contact the privacy committee, to present consultations or claims refer to email: CUSTOMERs and Hosts alejandro.gonzalez@fourseasons.com, Employees and Candidates gina.reina@fourseasons.com and Suppliers: adrian.galindo@fourseasons.com 10. Security and confidentiality of personal data Hoteles Charleston Bogotá SAS in strict application of the principle of security will offer all technical, human and administrative measurements that are necessary to grant the security of the records to avoid tampering, loss, consultation, non-authorized or fraudulent use or access. In the same way, the company will demand from the suppliers of services that it hires, the adoption and compliance of the adequate technical, human, and administrative measures for the protection of the personal data with which these suppliers act as administrators. 11. Duration This policy is in force since June 1, 2017. Hoteles Charleston Bogotá SAS will previously notify about substantial changes to this policy.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback