Web Policy Manual

POLICIES FOR THE PROCESSING OF PERSONAL DATA (WEB PAGE)

CONTENT




  1. LEGAL BASIS AND SCOPE OF APPLICATION

  2. DEFINITIONS

  3. AUTHORIZATION OF THE TREATMENT POLICY

  4. RESPONSIBLE FOR THE TREATMENT

  5. TREATMENT AND PURPOSES OF DATABASES

  6. NAVIGATION DATA

  7. COOKIES OR WEB BUGS

  8. RIGHTS OF THE HOLDERS

  9. ATTENTION TO DATA HOLDERS

  10. PROCEDURES TO EXERCISE THE RIGHTS OF THE HOLDER

  11. SECURITY MEASURES

  12. TRANSFER OF DATA TO THIRD COUNTRIES

  13. VALIDITY



1. LEGAL BASIS AND SCOPE OF APPLICATION

The information treatment policy is developed in compliance with articles 15 and 20 of the Political Constitution; of articles 17 letter k) and 18 letter f) of Statutory Law 1581 of 2012, by which general provisions for the Protection of Personal Data (LEPD) are issued; and of article 13 of Decree 1377 of 2.013, by which the previous Law is partially regulated.

This policy will be applicable to all personal data registered in databases that are subject to treatment by the data controller.

2. DEFINITIONS

Established in article 3 of the Statutory Law 1581 of 2012 and article 3 of Decree 1377 of 2013.




  • Authorization: Prior, express and informed consent of the Holder to carry out the processing of personal data.

  • Privacy notice: Verbal or written communication generated by the person in charge, directed to the Owner for the treatment of their personal data, by means of which they are informed about the existence of the information treatment policies that will be applicable to them, the way to access to them and the purposes of the treatment that is intended to give personal data.

  • Database: Organized set of personal data that is subject to treatment.

  • Personal data: Any information linked to or associated with one or several natural persons determined or determinable.

  • Public data : It is the data that is not semi-private, private or sensitive. They are considered public data, among others, the data relative to the civil status of the people, to their profession or trade and to their quality of merchant or public servant. By its nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins and judicial sentences duly executed that are not subject to reservation.

  • Sensitive data: Sensitive data are those that affect the privacy of the Holder or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or those that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

  • Responsible for the treatment: Natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the controller.

  • Responsible for the treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data.

  • Owner: Natural person whose personal data are subject to treatment.

  • Transfer: The transfer of data takes place when the person in charge and / or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the treatment and is inside or outside from the country.

  • Transmission: Processing of personal data that involves the communication of the same inside or outside the territory of the Republic of Colombia when it has for its object the performance of a treatment by the person in charge on behalf of the person in charge.

  • Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.



3. AUTHORIZATION OF THE TREATMENT POLICY

According to article 9 of the LEPD, for the processing of personal data, the prior and informed authorization of the Holder is required. By accepting this policy, any Owner who provides information regarding their personal data is consenting to the treatment of their data by DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO in the terms and conditions contained therein.

The authorization of the Holder will not be necessary in the case of:




  • Information required by a public or administrative entity in the exercise of its legal functions or by court order.

  • Data of public nature.

  • Cases of medical or sanitary emergency.

  • Treatment of information authorized by law for historical, statistical or scientific purposes. Data related to the Civil Registry of persons.



4. RESPONSIBLE FOR THE TREATMENT

The person in charge of the treatment of the databases object of this policy is:

DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO, whose contact information is as follows:

Address: Kilometer 3.5 via Quisqueya - Vereda Brisas de Upin, Restrepo - Meta., HOTEL WYNDHAM GARDEN VILLAVICENCIO

Email: protecciondedatos@hotelwyndhamgolf.com

5. TREATMENT AND PURPOSES OF DATABASES

DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO, in the development of its business activity, carries out the processing of personal data relating to natural persons that are contained and are treated in databases destined for legitimate purposes, complying with the Constitution and the Law.

In the "Annex 1. Data Bases Information" is presented the different databases that manage the company, the information and characteristics of each one of them.

6. NAVIGATION DATA

The navigation system and the software necessary for the operation of this website collect some personal data, whose transmission is implicit in the use of Internet communication protocols.

By its very nature, the information collected could allow the identification of users through its association with data from third parties even if it is not obtained for that purpose. In this category of data are the IP address or the domain name of the equipment used by the user to access the web page, the URL, the date and time and other parameters related to the user's operating system.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website or monitor its proper technical operation, and are canceled immediately after being verified.

7. COOKIES OR WEB BUGS

This website does not use cookies or web bugs to collect personal data of the user, but its use is limited to providing the user with access to the website. The use of session cookies, not permanently stored in the user's computer and that disappear when the browser closes, are limited to collecting technical information to identify the session in order to facilitate secure and efficient access to the website . If you do not wish to allow the use of cookies, you can reject them or delete the existing ones by configuring your browser, and disabling the Java Script code of the browser in the security settings.

8. RIGHTS OF THE HOLDERS

In accordance with article 8 of the LEPD and articles 21 and 22 of Decree 1377 of 2.013, the Holders of the data may exercise a series of rights in relation to the processing of their personal data. These rights may be exercised by the following persons.




  1. By the Holder, who must prove his identity sufficiently by the different means put at the disposal of the person in charge.

  2. For their successors, who must prove that quality.

  3. By the representative and / or agent of the Holder, prior accreditation of representation or empowerment.

  4. By stipulation in favor of another and for another.



The rights of children or adolescents will be exercised by the persons who are authorized to represent them.

The Rights of the Holder are the following:

Right of access or consultation: This is the right of the Owner to be informed by the data controller, upon request, regarding the origin, use and purpose that they have given to their personal data.

Rights of complaints and claims: The Law distinguishes four types of claims:

Correction claim: It is the right of the Owner to update, rectify or modify those partial, inaccurate, incomplete, fractioned, misleading, or those whose treatment is expressly prohibited or has not been authorized.

Claim of suppression: It is the right of the Holder to delete the data that are inadequate, excessive or that do not respect the principles, rights and constitutional and legal guarantees.

Revocation claim: It is the right of the Holder to revoke the authorization previously provided for the processing of their personal data.

Claim of infringement: It is the right of the Owner to request that the breach of the regulations on Data Protection be remedied.

Right to request proof of the authorization granted to the data controller: Except when expressly excepted as a requirement for processing in accordance with the provisions of article 10 of the LEPD.

Right to file complaints with the Superintendency of Industry and Commerce for infractions: The Holder or his successor can only raise this complaint once he has exhausted the process of consultation or claim with the person responsible for the treatment or in charge of the treatment.

9. ATTENTION TO DATA HOLDERS

The Data Protection Officer of DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO will be in charge of the attention of requests, queries and claims before which the Holder of the data can exercise their rights, in accordance with the "Annex 3. Roles and Responsibilities".

Email: protecciondedatos@hotelwyndhamgolf.com

10. PROCEDURES TO EXERCISE THE RIGHTS OF THE HOLDER

10.1. Right of Access or Consultation

According to article 21 of Decree 1377 of 2.013, the Holder may consult his personal data free of charge in two cases:




  1. At least once each calendar month.

  2. Whenever there are substantial modifications of the information treatment policies that motivate new consultations.



For inquiries whose periodicity is greater than one for each calendar month, DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO may only charge the Owner the costs of shipping, reproduction and, where appropriate, certification of documents. The costs of reproduction may not be greater than the costs of recovering the corresponding material. For this purpose, the responsible party must demonstrate to the Superintendence of Industry and Commerce, when it so requires, the support of said expenses.

The owner of the data can exercise the right of access or consultation of their data by writing to DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO sent, by email to: protecciondedatos@hotelwyndhamgolf.com indicating in the subject "Exercise of the right of access or consultation" , or through postal mail sent to Kilometer 3.5 via Quisqueya - Vereda Brisas de Upin, Restrepo - Meta., HOTEL WYNDHAM GARDEN VILLAVICENCIO

The request must contain the following information:




  • Name and surname of the principal.

  • Photocopy of the Certificate of Citizenship of the Holder and, where appropriate, of the person who represents it, as well as of the document accrediting such representation.

  • Petition in which the access request is specified or

  • Query. Address for notifications, date and signature of the applicant.

  • Documents accrediting the request made, when appropriate.



The Holder may choose one of the following ways of consulting the database to receive the requested information:




  • On screen display.

  • In writing, with a copy or photocopy sent by certified mail or not.

  • Telecopy.

  • Email or other electronic means.

  • Another suitable system to the configuration of the database or to the nature of the treatment, offered by DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO.



Once the application has been received, DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO will resolve the request for consultation within a maximum period of ten (10) business days from the date of receipt of the request. When it is not possible to attend the consultation within said term, the interested party will be informed, stating the reasons for the delay and stating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term. These deadlines are set in Article 14 of the LEPD.

Once the consultation procedure has been exhausted, the Holder or successor may file a complaint with the Superintendence of Industry and Commerce.

10.2. Rights of Complaints and Claims

The owner of the data can exercise the rights of claim on their data by writing to DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO. Sent, by email protecciondedatos@hotelwyndhamgolf.com indicating in the subject "Exercise of the right of access or consultation", or via postal mail sent to Kilometer 3.5 via Quisqueya - Vereda Brisas de Upin, Restrepo - Meta., HOTEL WYNDHAM GARDEN VILLAVICENCIO

The request must contain the following information:




  • Name and surname of the principal.

  • Photocopy of the Certificate of Citizenship of the Holder and, where appropriate, of the person who represents it, as well as of the document accrediting such representation.

  • Description of the facts and request that specifies the request for correction, deletion, revocation or inflation.

  • Address for notifications, date and signature of the applicant.

  • Documents accrediting the request made that they want to assert, when appropriate.



If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it shall be understood that the claim has been abandoned.

Once the complete claim has been received, a legend that says "claim in process" and the reason thereof will be included in the database, in a term not exceeding two (2) business days. This legend must be maintained until the claim is decided.

DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO will resolve the request for consultation within a maximum period of fifteen (15) business days from the date of receipt of the same. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first finished.

Once the claim process has been exhausted, the Holder or successor may file a complaint with the Superintendence of Industry and Commerce.

11. SECURITY MEASURES

DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO, in order to comply with the principle of security enshrined in Article 4 paragraph g) of the LEPD, has implemented technical, human and administrative measures necessary to ensure the security of the records avoiding their adulteration, loss, consultation , unauthorized or fraudulent use or access.

On the other hand, DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO, through the signing of the corresponding transmission contracts, has required the treatment managers with whom it works to implement the necessary security measures to guarantee the security and confidentiality of the information in the treatment of personal data.

Below are the security measures implemented by DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO, which are collected and developed in its Internal Security Manual for the Processing of Personal Data (I, II, III, IV).

TABLE I: Common security measures for all types of data

(Public, semi-private, private, sensitive) and databases (automated, not automated)




  • TABLE 1 https://cdn1.buuteeq.com/upload/21173/tabla-1.PNG "/>



TABLE II: Common security measures for all types of data

(Public, semi-private, private, sensitive) according to the type of databases




  • TABLE 2 https://cdn1.buuteeq.com/upload/21173/tabla-2.PNG "/>



TABLE III: Security measures for private data according to the type of databases




  • TABLE 3 https://cdn1.buuteeq.com/upload/21173/tabla-3.PNG "/>




  • TABLE 4 https://cdn1.buuteeq.com/upload/21173/tabla-4.PNG "/>




  • TABLE 5 https://cdn1.buuteeq.com/upload/21173/tabla-5.PNG "/>



TABLE IV: Security measures for sensitive data according to the type of databases




  • TABLE5 https://cdn1.buuteeq.com/upload/21173/tabla5.PNG "/>



12. TRANSFER OF DATA TO THIRD COUNTRIES

In accordance with Title VIII of the LEPD, the transfer of personal data to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendency of Industry and Commerce on the subject, which in no case may be lower than those required by this law to its recipients. This prohibition will not apply when dealing with:

• Information regarding which the Holder has granted his express and unequivocal authorization for the transfer.

• Exchange of data of a medical nature, when required by the Holder's treatment for reasons of health or public hygiene.

• Bank or stock transfers, according to the legislation that is applicable to them.

• Transfers agreed upon in the framework of international treaties in which the Republic of Colombia is a party, based on the principle of reciprocity.

• Transfers necessary for the execution of a contract between the Holder and the controller, or for the execution of pre-contractual measures, provided that the Holder has authorization.

• Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.

In cases not contemplated as an exception, the Superintendence of Industry and Commerce shall issue the declaration of conformity regarding the international transfer of personal data. The Superintendent is authorized to request information and advance the diligences aimed at establishing compliance with the budgets required by the viability of the operation.

The international transmissions of personal data that are made between a responsible and a manager to allow the manager to perform the treatment on behalf of the person in charge, will not require to be informed to the Owner or to have their consent, provided that there is a contract of transmission of personal data .

13. VALIDITY

The databases that are the responsibility of DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO will be processed for as long as is reasonable and necessary for the purpose for which the data is collected. Once the purpose or purposes of the treatment have been fulfilled, and without prejudice to legal regulations that stipulate otherwise. DIPLOMAT WYNDHAM GARDEN VILLAVICENCIO, will proceed to the suppression of the personal data in your possession unless there is a legal or contractual obligation that requires its conservation. For all these reasons, said database has been created without a defined period of validity.

This treatment policy remains in force since 2016-11-01

Base Document Prepared by: Protecdata Colombia