Personal data treatment policy El Viajero Hostels S.A.S.
EL VIAJERO HOSTELS S.A.S. ("VIAJERO") offers accommodation services, food and beverages, recreation, tours, among others. In the development of its activity the VIAJERO knows personal information of its direct customers, users, employees, suppliers, contractors, former employees, former customers, former suppliers, former contractors. Likewise, the VIAJERO shall ensure that information of a sensitive nature, such as biometric data (photos) and health-related data, provided by guests, employees and users, is used exclusively for the intended purposes, so that third parties may only access it if authorized by law.
The biometric data that may be requested are intended to ensure the identity of the guest, customer, supplier and employee in front of VIAJERO, prevent situations of fraud by identity theft and ensure data protection of the holder. VIAJERO is respectful of the personal data of the Data Controllers, so it will seek to sufficiently inform people about the rights they have in their capacity as Holders of the information. Consequently, it will make available to the owners of the data the channels and means necessary for them to exercise their rights.
Right of Habeas Data: Article 15 of the Constitution establishes the right of all persons to know, update and rectify the information that has been collected about them in databases or files, both of public and private entities. Likewise, this right includes other powers such as those of authorizing the processing, including new data, excluding them or deleting them from a database or file. In 2008, Law 1266 of 2008 Special Law on Habeas Data was issued, which regulates what has been called "financial habeas data", i.e. the right of all individuals to know, update and rectify their personal, commercial, credit and financial information contained in public or private information centers, whose function is to collect, process and circulate such data in order to determine the level of financial risk of its owner. This law considers both natural and legal persons as holders of the information.
Subsequently, in October 2012, Law 1581, "General Law on Personal Data Protection" was issued, which develops the right of Habeas Data from a broader perspective than financial and credit. Thus, any holder of personal data has the right to control the information that has been collected about him/herself in any database or file, whether administered by private or public entities. Under this General Law, any natural person is a Data Subject and only in exceptional cases, as provided by the Constitutional Court in Ruling C - 748 of 2011, a legal person could become a Data Subject, if the rights of the natural persons that comprise them are affected. On June 27, 2013, Decree 1377 of 2013 was issued, which partially regulated Law 1581 of 2012.
In order for the recipients of this policy to have clarity on the terms used throughout this policy, the definitions provided in Law 1581 of 2012 are included below, as well as those referring to the classification of data in accordance with Law 1266 of 2008.
- Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of Personal Data.
- Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his Personal Data, by means of which he is informed about the existence of the Information Processing Policies that will be applicable to him, the way to access them and the purposes of the Processing that is intended to be given to the personal data.
- Data Base: Organized set of Personal Data that is subject to Processing.
- Clients: Natural or legal, public or private person with whom VIAJERO has a commercial relationship.
- Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons. Some examples of personal data are the following: name, citizenship card, address, e-mail, telephone number, marital status, health data, fingerprint, salary, assets, financial statements, etc.
- Public Data: Public data includes, among others, data relating to the civil status of individuals, their profession or trade, and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.
- Public Personal Data: Any personal information that is freely and openly available to the general public.
- Private Personal Data: All personal information that has a restricted knowledge, and in principle private for the general public, for identification purposes of customers, prospects, suppliers, employees, partners and other persons related to any of our services, and/or our organization, for security purposes of people and things, or for the security of the processes and the information itself.
- Sensitive data: Information that affects the privacy of the Data Subject or whose improper use may generate his/her discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, of human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data, among others, the capture of still or moving images, fingerprints, photographs, iris, voice, facial or palm recognition, etc.
- Data Processor: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of Personal Data on behalf of the Data Controller. In the events in which the Controller does not act as Data Processor, the Data Processor shall be expressly identified.
- Data Controller: Natural or legal person, public or private, that by itself or in association with others, decides on the Database and/or the Processing of the data.
- Claim: Request of the Data Subject or of the persons authorized by him/her or by the Law to correct, update or delete his/her personal data or to revoke the authorization in the cases established by the Law.
- Terms and Conditions: general framework governing the activities of visitors or users of the website.
- Data Subject: Natural person whose Personal Data is the object of Processing.
- Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.
- Transmission: Processing of Personal Data that involves the communication of such data within or outside the Colombian territory when its purpose is the performance of a Processing by the Processor on behalf of the Controller.
- Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
For the Processing of Personal Data, VIAJERO will apply the principles mentioned below, which constitute the rules to be followed in the collection, handling, use, processing, storage and exchange of personal data:
- Legality: The processing of personal data will be carried out in accordance with the applicable legal provisions (Statutory Law 1581 of 2012 and its regulatory decrees).
- Purpose: The personal data collected will be used for a specific and explicit purpose which must be informed to the Data Subject or allowed by Law. The Data Subject will be clearly, sufficiently and previously informed about the purpose of the information provided.
- Freedom: The collection of Personal Data may only be exercised with the prior, express and informed authorization of the Data Subject.
- Truthfulness or Quality: The information subject to the Processing of Personal Data must be truthful, complete, accurate, updated, verifiable and understandable.
- Transparency: In the Processing of Personal Data, the right of the Data Subject to obtain at any time and without restrictions, information about the existence of data concerning him/her is guaranteed.
- Restricted access and circulation: The processing of personal data may only be carried out by persons authorized by the Holder and/or by the persons provided for in the Law.
- Security: The Personal Data subject to Processing will be handled adopting all the necessary security measures to avoid its loss, adulteration, consultation, use or unauthorized or fraudulent access.
- Confidentiality: All employees working at VIAJERO are obliged to keep confidential all personal information to which they have access in the course of their work at VIAJERO.
TREATMENT AND PURPOSES TO WHICH THE PERSONAL DATA PROCESSED BY VIAJERO WILL BE SUBMITTED
VIAJERO, acting as Responsible for the Processing of Personal Data, for the proper development of its commercial activities, as well as for the strengthening of its relationships with third parties, collects, stores, uses, circulates and deletes Personal Data corresponding to natural persons with whom it has or has had a relationship, such as, without the enumeration meaning limitation, workers and their relatives, shareholders, consumers, customers, distributors, suppliers, creditors and debtors, for the following purposes or purposes:
Execute contracts or purchase orders
Processing and administration of your transactions.
|Workers / prospects|
Issuance of labor certificates requested by workers who have left the company.
|Sundry creditors (social security, parafiscal and other creditors) and other creditors)|
Processing and administration of your transactions.
General purposes for the processing of Personal Data
- To allow the participation of the Holders in marketing and promotional activities carried out by VIAJERO, to evaluate our hostels;
- VIAJERO uses the information for marketing purposes, such as to send you our newsletter or other promotional emails. You may opt out of receiving marketing emails from us by following the unsubscribe instructions included in these communications.
- WHATSAPP AND SMS MESSAGES (akia)
- Control access to VIAJERO offices and establish security measures, including the establishment of video-monitored areas;
- To respond to queries, petitions, complaints and claims made by the Data Controllers and control bodies and to transmit the Personal Data to other authorities that by virtue of the applicable law must receive the Personal Data;
- To eventually contact, via e-mail, or by any other means, natural persons with whom it has or has had a relationship, such as, but not limited to, employees and their relatives, shareholders, consumers, customers, clients, distributors, suppliers, creditors and debtors, for the aforementioned purposes.
- Transfer the information collected to different areas of VIAJERO and its related companies in Colombia and abroad when necessary for the development of its operations (portfolio collection and administrative collections, treasury, accounting, among others); (AKIA & CLOUDBEDS).
- For the attention of judicial or administrative requirements and compliance with judicial or legal mandates;
- Register your personal data in VIAJERO's information systems and in its commercial and operational databases;
- Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of VIAJERO.
RIGHTS OF THE HOLDERS OF PERSONAL DATA
The natural persons whose Personal Data are subject to Processing by VIAJERO, have the following rights, which may be exercised at any time:
- To know the Personal Data on which VIAJERO is processing. Similarly, the Holder may request at any time, that their data be updated or rectified, for example, if you find that your data is partial, inaccurate, incomplete, fractioned, misleading, or those whose treatment is expressly prohibited or has not been authorized.
- Request proof of the authorization granted to VIAJERO for the processing of your Personal Data.
- To be informed by VIAJERO, upon request, regarding the use that VIAJERO has given to their Personal Data.
- To file complaints before the Superintendence of Industry and Commerce for violations of the provisions of the Personal Data Protection Law.
- Request VIAJERO the deletion of their Personal Data and/or revoke the authorization granted for the Processing thereof, by filing a claim, in accordance with the procedures set forth in paragraph 13 of this Policy. However, the request for deletion of information and the revocation of the authorization will not proceed when the Holder of the information has a legal or contractual duty to remain in the Database and/or Files, nor while the relationship between the Holder and VIAJERO, by virtue of which their data were collected, is in force.
- Access free of charge to your Personal Data that has been subject to Processing.
- The rights of the Holders may be exercised by the following persons:
- By the Holder;
- By their successors in title, who must prove their status as such;
- By the representative and/or attorney-in-fact of the Holder, upon accreditation of the representation or power of attorney;
- By stipulation in favor of or for another (Customers)
DUTIES OF THE VIAJERO AS THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
VIAJERO is aware that Personal Data are the property of the persons to whom they refer and only they can decide on them. In that sense, VIAJERO will use the Personal Data collected only for the purposes for which it is duly authorized and respecting, in any case, the current regulations on the Protection of Personal Data.
VIAJERO will comply with the duties foreseen for the Data Controllers, contained in Article 17 of Law 1581 of 2012 and other rules that regulate, modify or replace it.
AREA RESPONSIBLE FOR IMPLEMENTATION AND ENFORCEMENT OF THIS POLICY
The Marketing area is responsible for the development, implementation, training and enforcement of this Policy. For this purpose, all officials who perform the Processing of Personal Data in different areas of VIAJERO, are obliged to report these databases to the Accounting and Finance area and to transfer to it immediately, all requests, complaints or claims received by the Owners of Personal Data.
The area of Revenue, has also been designated by VIAJERO as the area responsible for the attention of requests, queries, complaints and claims before which the Holder of the information may exercise their rights to know, update, rectify and delete the data and revoke the authorization. This area is located at the address: Calle 85 #15-36, in the city of Bogota D.C., Colombia, and can be contacted via e-mail: firstname.lastname@example.org
VIAJERO will request prior, express and informed authorization from the Owners of the Personal Data on which the Processing is required.
This manifestation of will of the Holder may be given through different mechanisms made available by VIAJERO, such as:
- In writing, by filling out an authorization form for the Processing of Personal Data determined by VIAJERO.
- Orally, through a telephone conversation or videoconference.
- Through unequivocal conduct that allows concluding that he/she granted his/her authorization, through his/her express acceptance to the Terms and Conditions of an activity within which the authorization of the participants is required for the Processing of his/her Personal Data. In no case shall VIAJERO assimilate the silence of the Holder to an unequivocal conduct.
SPECIAL PROVISIONS FOR THE PROCESSING OF PERSONAL DATA.
Processing of Sensitive Personal Data
The processing of Personal Data classified as sensitive is prohibited by law, except with the express, prior and informed authorization of the Data Subject, among other exceptions enshrined in Article 6 of Law 1581 of 2012.
In this case, in addition to complying with the requirements established for the authorization, VIAJERO will inform the Holder:
- That because it is sensitive data is not obliged to authorize its processing.
- Which of the data to be processed are sensitive and the purpose of the processing.
Additionally, VIAJERO will treat the sensitive data collected under security and confidentiality standards corresponding to its nature. For this purpose, VIAJERO has implemented administrative, technical and legal measures contained in its Policies and Procedures Manual, mandatory for its employees and, as applicable, to its suppliers, related companies and business partners.
Processing of Personal Data of Children and Adolescents
According to the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, VIAJERO will only process Personal Data corresponding to children and adolescents, provided that this Processing responds to and respects the best interests of children and adolescents and ensures respect for their fundamental rights.
Once the above requirements have been met, VIAJERO shall obtain the authorization of the legal representative of the child or adolescent, after the minor has exercised his or her right to be heard, an opinion that shall be assessed taking into account the maturity, autonomy and capacity to understand the matter.
PROCEDURE FOR EXERCISING YOUR RIGHTS AS A DATA SUBJECT
The rights of the Holders established in the Law may be exercised before VIAJERO by the following persons:
- By the Data Subject, who must provide VIAJERO with sufficient proof of his or her identity.
- By the successors of the Data Subject, who must prove such quality to VIAJERO.
- By the representative and/or attorney-in-fact of the Data Subject, upon accreditation before VIAJERO of the representation or power of attorney.
- By stipulation in favor of or for another.
In accordance with the provisions of the applicable legislation in force, for the exercise of any of the rights granted to the Data Owner, any of the mechanisms set forth below may be used before VIAJERO:
- The Holders or their successors in title may consult the personal information of the Holder contained in VIAJERO's databases.
- VIAJERO as Data Controller shall provide to the Data Subject or their assignees, all the information contained in the individual record or that is linked to the identification of the Data Subject.
- The consultation shall be made through the channels enabled by VIAJERO for such purpose, which are described in Section 3 of this chapter.
- The consultation will be attended by VIAJERO in a maximum term of ten (10) working days counted from the date of receipt thereof.
- When it is not possible for VIAJERO to attend the consultation within said term, it shall inform the interested party, stating the reasons for the delay and indicating the date on which it will attend the consultation, which in no case shall exceed five (5) business days following the expiration of the first term.
- The Data Owners or assignees who consider that the information contained in VIAJERO's databases should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law, may file a complaint with VIAJERO as Data Controller, which will be processed under the following rules:
- The claim shall be formulated through a written request addressed to VIAJERO, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents to be asserted.
- A photocopy of the data subject's identification document must be attached to the claim.
- The claim shall be formulated through the channels enabled by VIAJERO for such purpose, which are described in Section 3 of this chapter.
- If the claim is incomplete, VIAJERO will require the interested party within five (5) business days following receipt of the claim to correct the faults.
- After two (2) months from the date of the request made by VIAJERO, without the applicant submitting the required information, the Company shall understand that the claim has been withdrawn.
- In the event that the person who receives the claim is not competent to resolve it, he/she will transfer it to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation.
- Once VIAJERO receives the completed claim, it will include in the database a legend indicating: "claim in process" and the reason for this, within a period not exceeding two (2) business days. Such legend shall be maintained until the claim is decided.
- The maximum term to attend the claim by VIAJERO will be fifteen (15) working days from the day following the date of its receipt.
- When it is not possible for VIAJERO to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which the claim will be attended, which in no case may exceed eight (8) working days following the expiration of the first term.
The rights of the owners may be exercised by the aforementioned persons through the channels that have been enabled by VIAJERO for this purpose, which are available to them free of charge, as follows:
- Communication addressed to VIAJERO, located at Calle 85 #15-36, Bogota, Colombia
- Request submitted to e-mail: email@example.com
PASSIVELY COLLECTED INFORMATION - COOKIES-.
When using the services contained within the websites of VIAJERO, it may collect information passively through technologies for information management, such as "cookies", through which information is collected about the hardware and software of the computer, IP address, browser type, operating system, domain name, access time and the addresses of the websites of origin; through the use of these tools are not directly collected Personal Data of users. Information will also be collected about the pages that the person visits most frequently on these websites in order to know their browsing habits. However, the user of VIAJERO websites has the ability to configure the operation of cookies, according to the options of your Internet browser.
PERSONAL DATA SECURITY
VIAJERO, in strict application of the Principle of Security in the Processing of Personal Data, will provide the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. The obligation and responsibility of VIAJERO is limited to having the appropriate means for this purpose. VIAJERO does not guarantee the total security of your information and is not responsible for any consequences arising from technical failures or improper entry by third parties to the database or file in which the Personal Data under treatment by VIAJERO and its Agents. VIAJERO shall require the service providers it hires to adopt and comply with the appropriate technical, human and administrative measures for the protection of Personal Data in relation to which such providers act as Processors.
TRANSFER, TRANSMISSION AND DISCLOSURE OF PERSONAL DATA
VIAJERO may disclose to its related companies worldwide, the Personal Data on which it carries out the Processing, for its use and Processing in accordance with this Personal Data Protection Policy.
Likewise, VIAJERO may deliver the Personal Data to third parties not linked to VIAJERO when:
- They are contractors in the execution of contracts for the development of VIAJERO's activities;
- By transfer in any capacity of any line of business to which the information relates.
In any case, when VIAJERO wishes to send or transmit data to one or more Data Processors located within or outside the territory of the Republic of Colombia, it shall establish contractual clauses or enter into a contract for the transmission of personal data in which, among others, the following is agreed:
- The scope and purpose of the treatment.
- The activities that the Person in Charge will perform on behalf of VIAJERO.
- The obligations to be fulfilled by the Data Controller with respect to the Data Subject and VIAJERO.
- The duty of the Data Processor to process the data in accordance with the authorized purpose and observing the principles established in the Colombian Law and the present policy.
- The obligation of the Data Processor to adequately protect personal data and databases, as well as to keep confidentiality with respect to the processing of the transmitted data.
- A description of the specific security measures to be taken by both VIAJERO and the Data Controller at the destination.
VIAJERO will not request authorization when the international transfer of data is covered by any of the exceptions provided for in the Law and its Regulatory Decrees.
MODIFICATION OF THE TREATMENT POLICY
In case of substantial changes in the content of this Personal Data Processing Policy, they will be communicated before or at the latest at the time of the implementation of the new policies. In addition, when the change refers to the purpose of the Processing of Personal Data, VIAJERO must obtain a new authorization from the owners.
In any case, we invite you to regularly or periodically review our website https://viajerohostels.com/, through which you will be informed about the change and the latest version of this Policy or the mechanisms enabled by VIAJERO to obtain a copy of it will be made available to you.
This Personal Data Protection Policy, the Privacy Notice, and the Authorization Format Annex that is part of this Policy, are governed by the provisions of the current legislation on Personal Data Protection referred to in Article 15 of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013 and other regulations that modify, repeal or replace them.
This Personal Data Protection Policy is effective as of 01 of August of 2022.
The databases in which the personal data will be registered will be valid for the time in which the information is kept and used for the purposes described in this policy. Once these purposes are fulfilled and as long as there is no legal or contractual duty to keep your information, your data will be deleted from our databases.