Privacy Policy

FIRST CHAPTER
GENERAL DISPOSITION
1.1 Responsible for the Treatment

INVERSIONES HOTELERAS ROSALES SA, hereinafter ROSALES PLAZA HOTEL BOGOTA  , acting as Responsible for the Treatment of personal information, and, in compliance with the Personal Data Protection Law, 1581 of 2012, and its regulatory decrees, is identified through the following data: 


Corporate Name INVERSIONES HOTELERAS ROSALES SA

NIT 830.087.832-6

Address Av. Calle 72 No. 5-47, Bogotá.

Email financial@hotelrosalesplaza.com

Telephone (1) 3171100

Website www.hotelrosalesplaza.com 

 

1.2 Definitions

The following definitions are listed below for an adequate understanding of this policy:

  • Authorization: Prior, express and informed consent of the Holder to carry out the processing of personal data
  • Database: Organized set of personal data that is subject to Treatment;
  • Personal data: Any information linked to or associated with one or several natural persons determined or determinable;
  • Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the Treatment Manager;
  • Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data;
  • Owner: Natural person whose personal data are subject to Treatment;
  • Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
  • Transfer: The transfer of data takes place when the person in charge of the processing of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the treatment and is within or outside the country.
  • Transmission: Processing of personal data that involves the communication of them within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible

 

1.3 Objective and scope of the Policy 

The Personal Data Treatment Policy has the purpose of establishing the criteria under which the treatment of the personal information that rests in its databases and in physical and electronic files is carried out. The Personal Data Treatment Policy establishes the guidelines that HOTEL ROSALES PLAZA BOGOTA carries out for the processing of personal data, mechanisms for exercising the right of habeas data, as well as the purposes, security measures, and other aspects related to the Personal information protection.

 

1.4 Owners to whom the Policy is addressed

The present Personal Data Treatment Policy is directed to:

A. Guests

B. Employees

C. Customers

D. Suppliers

E. Contractors

F. Information Managers

G. Any owner of the information, either acting on its own behalf, or as a legal representative, that on occasion, to the activities it carries out, is linked to HOTEL ROSALES PLAZA BOGOTA, their personal information is required for the development thereof. .

 

1.5 Regulatory Compliance of the Personal Data Protection Regime

This Personal Data Processing Policy complies with the Personal Data Protection Regime in Colombia, in particular, articles 15 and 20 of the National Constitution, Law 1581 of 2012, Chapter 25 of Decree 1074 of 2015, and Sentence C-748 of 2011 and other norms that modify, complement or add it.

 

SECOND CHAPTER
PURPOSES OF THE PROCESSING OF PERSONAL DATA
2.1 Personal Databases

HOTEL ROSALES PLAZA, has different types of personal data bases, both physical and digital, and is grouped into different types of categories, such as, but not limited to: Guests, Customers, Human Resources, Suppliers, investors and Video Surveillance.

 

2.2 Purposes of the Collection of Personal Information

HOTEL ROSALES PLAZA collects personal data of a public, semi-private, sensitive nature and of Children and Adolescents. The purposes of the collection of personal information by HOTEL ROSALES PLAZA are the following:

Regarding the personal information of our guests and clients: 

  • Client management, execution of the reservation service, as well as modifications, cancellations, changes and the reimbursements associated with it, billing, payment method, provision of additional services offered by HOTEL ROSALES PLAZA.
  • Registration and management of guests, billing, relationship for the provision of services, accounting and periods of permanence, contact via telephone and messaging, sending of advertising information, opinion polls and compliance with legal obligations.
  • User management, for the diffusion and commercialization of services, as well as activities inside HOTEL ROSALES PLAZA.
  • To comply with obligations contracted by HOTEL ROSALES PLAZA with its clients when purchasing our services and products and, in particular, to manage the relative to their hotel registration and attention during the stay. 
  • Management of internal statistics, citizen / client service (PQR Management) Loyalty of clients, Sending of communications.
  • Send information on changes in the conditions of the services offered by HOTEL ROSALES PLAZA.
  • Send information about offers related to the services offered by HOTEL ROSALES PLAZA and its related companies.
  • Evaluate the quality of the service.
  • Manage information provided by third parties for the proper development of the commercial activity of HOTEL ROSALES PLAZA, such as the so-called hotel agencies and allies.
  • Respond to control agencies and other authorities that, under the applicable law, must receive the Personal Data.
  • Register your personal data in the information systems of HOTEL ROSALES PLAZA and its commercial and operational databases. 
  • Verify access to the facilities at the ROSALES PLAZA HOTEL and establish security measures, including video surveillance zones. 

Regarding the personal data of our employees, suppliers and contractors:

  • Management of financial, commercial, credit information, as well as treasury management, administrative aspects, management of suppliers and contractors, customers and in general information for the commercial management of HOTEL ROSALES PLAZA.
  • Administrative procedures, Information Systems Administration, key management, user administration, Operational development.
  • Payroll management, periods of entry and retirement of the company, training and education, health and safety at work, employee's resume and in general the administration of personnel.
  • Billing Management, Accounting Management, Management of suppliers and contractors, Economic and accounting management, Historical of commercial relations, Requirements by control bodies.
  • Time control, personnel training, personnel management, temporary work management, social benefits, occupational risk prevention, promotion and selection of personnel.
  • Accounting, fiscal and administrative management: requirements by control bodies, private and sensitive data, attention and monitoring of judicial or administrative authority requirements
  • HOTEL ROSALES PLAZA collects personal data through security cameras, to protect and control the entry and exit of its personnel and assets from its facilities.
  • Control access to the Company's offices and establish security measures, including the establishment of video surveillance zones
  • Manage and operate, directly or through third parties, personnel selection and linking processes, including the evaluation and qualification of participants and the verification of work and personal references, and the conduct of safety studies; 
  • Develop the activities of human resources management within the Company, such as payroll, affiliations to entities of the general social security system, occupational health and welfare activities, exercise of the sanctioning authority of the employer, among others; 
  • Coordinate the professional development of the employees, the access of the employees to the computer resources of the Employer and assist in their use;
  • Register contractors and suppliers in the Company's systems and process their payments; 

 

2.3 Collection

HOTEL ROSALES PLAZA collects personal information through different activities related to its corporate purpose, and the obligations it has as an employer. The information is requested directly to the owner.

The instruments used by HOTEL ROSALES PLAZA for information collection, have all the requirements established in the regulations on the protection of personal data, and obey the principles of freedom and purpose, so that in each of them, The authorization for the processing of personal data is incorporated. These instruments are:

  • Web forms
  • Physical forms
  • Emails
  • Internal systems for management of reserves and services
  • Income and exit control systems
  • Web page
  • Via telephone 
  • Video surveillance cameras

According to the classification of the National Registry of Personal Databases, the data categories that HOTEL ROSALES PLAZA has in its databases are the following:

  • General identification data.
  • Specific identification data.
  • Data specific to the nationality and country of residence
  • Data related to marital status and / or relationship in relation to minors
  • Data relative to the Company in which he works and charge
  • Biometric data.
  • Location data related to commercial activity.
  • Location data related to private activity
  • Data related to the person's health.
  • Financial and credit data (number, bank entity, expiration date)
  • Tax information data.
  • Data related to the economic activity of the person.
  • Data related to the work history of the person
  • Data related to the educational level, and / or academic record of the person.
  • General data related to affiliation and contributions to the integral social security system: EPS; IPS; ARL, income / withdrawal dates EPS, AFP, etc.
  • Judicial and / or disciplinary background data of the people
  • Personal data access to information systems: users, IP, passwords, profiles, etc.

 

2.4 Storage

The storage of personal information contained in the databases, is located in the servers inside and outside the country, and external servers of third parties, and has all physical, technical and administrative security measures, and has controls of access to information, guaranteeing the principle of access and restricted circulation.

Therefore, when you provide us with your personal data, you authorize the international transmission of your personal data to countries that are on the list of safe countries of the Superintendence of Industry and Commerce. 

Paragraph First: Regarding images and voice of the holders, which are captured through the security cameras, the storage duration is thirty (30) calendar days, at which time, said information is eliminated.

 

2.5 Circulation

As a general rule, HOTEL ROSALES PLAZA does not share the personal data it collects with third parties and internally it has arranged access controls for the entry of its employees into the company's information systems, exclusively the information that according to the role and / or position. You must know the employee.

HOTEL ROSALES PLAZA has contractually established contracts for the transmission of personal data and confidentiality agreements with those suppliers that, in virtue of the service provided, must know personal information contained in some of our databases.

PARAGRAPH FIRST: HOTEL ROSALES PLAZA in compliance with legal provisions, you must report the personal identification and contact information of the Guests, to the Ministry of Foreign Affairs, so that in case of being a foreign guest, you will be required a mandatory copy of the passport, in particular, in the register of entry to the country, as well as the biographical information. 

 

2.6 Suppression

The personal information that is requested in compliance with aspects: legal, contractual, tax, audit purposes, among others, will remain stored according to the maximum time established in Colombian law for retention.

The deletion of personal information collected in databases, whose endings are not mandatory by law, will be made once the purpose has been fulfilled, in accordance with authorizations, contracts and / or agreements that the owner of the information previously agreed with HOTEL ROSALES PLAZA, however, some information may be retained for auditing purposes.

 

2.7 Authorization for the processing of personal data

HOTEL ROSALES PLAZA requests free, prior, express and duly informed, the authorization by the owners of the data and for this has provided suitable mechanisms guaranteeing for each case that it is possible to verify the granting of such authorization. The same, may be recorded in any medium, be it a physical document, electronic or in any format that guarantees its subsequent consultation through technical tools, complying with the requirements established in the law.

 

2.8 Protective Measures

HOTEL ROSALES PLAZA has adopted technical, legal, human and administrative measures necessary to ensure the security of personal data protecting confidentiality, integrity, use, unauthorized access and / or fraudulent. Likewise, HOTEL ROSALES PLAZA internally has implemented mandatory compliance security protocols for all personnel with access to personal data and information systems.

The internal security policies under which the holder's information is kept to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access are the following: 

a. Personal Data Treatment Policies

b. User management policies for access to personal information

c. Procedures for assignment of responsibilities and authorizations in the processing of personal information

d. Confidentiality agreements for all personnel and external personnel who have access to personal information

and. Internal procedure manual for the processing of personal information

 

2.9 Obligations of Information Managers

The companies and / or persons external to HOTEL ROSALES PLAZA, that by virtue of a commercial relationship carry out the processing of personal data on behalf of HOTEL ROSALES PLAZA, must comply with the following obligations:

1. Guarantee the owner access, consultation, update, rectification of their personal data.

2. Request and keep a copy of the respective authorization for the processing of personal data informing the purpose of the collection, either at technical service points and / or electronic and / or digital media.

3. Keep the information under the security conditions that prevent adulteration, loss, consultation, use or unauthorized or fraudulent access.

4. Adopt an internal manual of policies and procedures that guarantee compliance with Law 1581 of 2012, regarding the protection of personal data.

5. Allow access to information only to people who may have access to it.

6. Comply with the obligations established in article 18 of Law 1581 of 2012, and their respective regulatory decrees, regarding the protection of personal data.

 

2.10 Cases in which HOTEL ROSALES PLAZA operates as Information Manager

In the event that HOTEL ROSALES PLAZA operates as responsible for the information, the Responsible for the information must request and retain the authorization of the owner of the information, for the treatment of personal data by HOTEL ROSALES PLAZA, for which HOTEL ROSALES PLAZA presumes that the Responsible for the information, has the prior and express authorizations of the owners with whom it has contact, to make use of their personal data and will provide a copy of such authorizations in case HOTEL ROSALES PLAZA requires it, for the purposes enshrined in the policy of processing personal data.

 

CHAPTER THIRD
RIGHTS THAT THE PERSONAL DATA HOLDERS HAVE
3.1 Rights that assists you as the owner of the data.

The Fundamental Right to Habeas Data empowers the owner of the data request access, update, rectification and deletion of their personal data that are in possession of a third party, in turn, may revoke the authorization granted for the treatment. If a personal data owner considers that HOTEL ROSALES PLAZA has access to his personal data, this person can at any time request the consultation of his data, or if he considers that HOTEL ROSALES PLAZA is making bad use of his data, he can make the respective one claim.

The owner is entitled to request:

A. Updating of your personal data in case of being fragmented, incomplete, among others.

B. Rectification and / or correction of your personal data in case they are wrong, partial or misleading.

C. Deletion of your personal data from the databases. The information will continue to be preserved for the purposes determined by law.

D. Revocation of the authorization of the processing of your personal data, as long as it does not generate breach by HOTEL ROSALES PLAZA with other legal obligations, regarding the permanence of the data.

 

3.2 Procedure for holders of information to exercise their rights

3.2.1 Consultation

Through the mechanism of the consultation, the owner of the data, may request HOTEL ROSALES PLAZA, access to your personal information that rests in the databases.

The consultation will be attended within a maximum term of ten (10) business days counted from the date of receipt of the same. If it is not possible to respond to the query within the referenced term, you will be informed of the reasons for the delay and will be answered, maximum five (5) business days after the expiration of the first term.

 

3.2.2 Claim

Through the complaint mechanism, the owner of the data, may complain to HOTEL ROSALES PLAZA, any disagreement that you have about the use that is being given to your data.

The claim will be handled within a maximum term of (15) fifteen working days from the day following the date of receipt. If it is not possible to meet the claim within said term, the reasons for the delay will be informed and a maximum response will be given (8) eight working days after the expiration of the first term.

In the event that the claim is incomplete, it will be required, within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without submitting the required information, it will be understood that you have withdrawn the claim.

In the event that HOTEL ROSALES PLAZA is not competent to resolve the claim, it will notify the corresponding party within a maximum period of two (2) business days and inform the owner of the situation.

 

3.3 Persons authorized to make a request or complaint

The persons authorized to request a consultation to HOTEL ROSALES PLAZA, are the following:

a. Employees, contractors, suppliers that have had some relationship with HOTEL ROSALES PLAZA

b. Guests and clients of any service.

c. To third parties authorized by the Holder or by Law.

d. In general, to any owner of the personal information that their data, rest in the databases of HOTEL ROSALES PLAZA.

These cases are merely exemplary and are not exclusive or exclusive.

3.3.1 Information that must be accredited by the owner of the data

For purposes of consultation and complaints, the data subject must prove his identification data such as:

a. Full names and surnames.

b. Type and identification number.

c. Home address.

d. Telephone contact.

e. Email.

F. Provide the necessary information to process your request

In case it is a claim, you must attach the documents you wish to validate, support or prove the request. If you are a minor, you must do so with the adult responsible for the request, without at any time being denied the exercise of your rights.

 

3.4 Channels authorized for the exercise of the Rights of Habeas Data

HOTEL ROSALES PLAZA has the following channels enabled for holders to exercise their right to Habeas Data:

A. ELECTRONIC CHANNELS

a. Email: financiera@hotelrosalesplaza.com

b. Website: www.hotelrosalesplaza.com

B. PHYSICAL CHANNELS:

a. Address: Calle 71 No. 5-34

These are the only channels that HOTEL ROSALES PLAZA has enabled for inquiries and claims for protection of personal data, therefore, the owner must keep them in mind.

If any area or person in charge of the information receives a query or complaint regarding the protection of personal data, it must inform the owner of the existing channels and in no case may leave the owner of the information unanswered.

The owner must accredit and provide the information referred to in point 3.3.1 of this policy.

 

3.5 Responsible for compliance with the Personal Data Protection Policy

The Financial Area of HOTEL ROSALES PLAZA, is responsible for the effective compliance with the Policy, as well as the queries and claims related to the protection of personal data of the holders.

In any case, another area of HOTEL ROSALES PLAZA may be required for the purpose of verifying compliance with the regulations regarding the protection of personal data.

In case of any doubt regarding this policy, you can write to: financia@hotelrosalesplaza.com

 

CHAPTER FOUR
FINAL PROVISIONS
4.1 Permanent measures

In the processing of personal data, HOTEL ROSALES PLAZA will permanently verify in its processes, protocols, procedures and policies, that the right of habeas data will be guaranteed to the holders of the information and that the requirements of the law, the authorization of the owner for the treatment of personal data. 

 

4.2 Linkage of the Policy

Any owner of the information that has any relationship with HOTEL ROSALES PLAZA, must abide by this policy.

The owners of the information, different from the end users, must comply with the internal manual of procedure and policies related to the protection of personal data, depending on each specific case.

 

4.3 Compliance with the principles for the Treatment of Personal Data

HOTEL ROSALES PLAZA guarantees the principles of legality, purpose, freedom, veracity or quality, transparency, access and restricted circulation, security and confidentiality on the data that rest in the databases that are in possession of HOTEL ROSALES PLAZA

 

4.4 Internal Manual of Policies and Procedures for the Processing of Personal Data

The present policy of treatment of personal data is articulated with the Internal Manual of Policies and Procedures for the treatment of personal data, which establishes the criteria, requirements and procedures for this policy to be effective.

 

4.5 Date of Approval of Policy and Entry into force 

The present policy, enters into force the Three (03) of August of the year 2018.