PERSONAL INFORMATION PROCESSING POLICIES: FIRST: GENERALITIES We have special interest in protecting and respecting your information and personal data and that is why we have designed these information processing policies, within the framework of law 1581 of 2012 and regulatory decree 1377 of 2013. 1.1.- Introduction. The HOTEL, the other GHL hotels, the companies that operate them and GHL LOGÍSTICA GHL may collect personal data from their users, guests or visitors, through the different means intended for access to the services provided by them. In any case, the collection will be done under the express authorization of the owner of the data and the processing of the data will be subject to what is established by law. The personal information subject to the considerations established here may be collected by the Hotel through the website https://www.latamhotelxela.com/, by visiting or acquiring services offered on the platform. The considerations established here by the Information Owner will be deemed accepted when they visit or use the website https://www.latamhotelxela.com/ and/or when they enter data or personal information through the functions established for This, no matter what the purpose is. 1.2- General principles. The obtaining and collection of personal data, as well as the use, treatment, processing, exchange, transfer and transmission of these by the HOTEL, the other GHL hotels, the companies that operate them or GHL LOGÍSTICA, will always be guided by principles of legality, freedom, veracity, transparency, security, confidentiality, principle of access and restricted circulation 1.3- Legal definitions. In accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions will govern the personal information processing policies. 1.3.1.- Data Processor: The data processor is the natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of personal data on behalf of the Data Controller; 1.3.2.- Responsible for the Treatment: The person responsible for the treatment is the natural or legal person, public or private, who, by themselves or in association with others, decides on the database and/or the Processing of the data. ; 1.3.3.- Database: Database is understood as the organized set of personal data that is the subject of Treatment; 1.3.4.- Personal data: Personal data means any information linked to or that can be associated with one or more specific or determinable natural persons; 1.3.5.- Sensitive data: Sensitive data is understood to mean data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data. . 1.3.6.- Public data: It is data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of people, their profession or trade, and their status as a merchant or public servant. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality. 1.3.7.- Transfer: The transfer of data takes place when the Controller and/or Person in Charge of the Processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located inside or outside the country. 1.3.8- Transmission: Processing of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Controller. SECOND: AUTHORIZATION OF THE OWNER: The data provided will be subject to authorized processing, granted in advance, expressly and informed by the Owner thereof, directly to the HOTEL or through other GHL hotels, the companies that operate them or GHL LOGÍSTICA However, the visit, entry or use made of the website https://www.latamhotelxela.com/, constitutes in itself prior, express and informed authorization of the storage, collection and processing of information in accordance with the data processing policy contained herein. In any case, data collection will be limited to those personal data that are relevant and appropriate for the purpose pursued. THIRD: INFORMATION PROCESSING: 3.1- Data collected. The collection of data for the development of the Treatment and the purposes pursued by it will fall on the personal data received and stored by the HOTEL, the other GHL hotels, the companies that operate them or GHL LOGÍSTICA, and will include all the information that is provided or provided when visiting the website https://www.latamhotelxela.com/, as well as anything related to the services or reservations made, and the accommodation and lodging data provided to the HOTEL or any of the GHL hotels. Without prejudice to the fact that in some cases it is public data, the information collected will correspond to the name, citizenship card number, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, consumption habits or travel habits, among others. If a reservation is made through the website https://www.latamhotelxela.com/, the information corresponding to the credit card provided for the purposes of the reservation and stay will be collected. 3.2- Treatment to which the data will be subjected and its purpose. The data and information obtained and collected will be used in the normal course of its commercial activities only for the purpose established in these information processing policies, so as to create direct and effective communication with the client, leading to to establish a closer bond. The treatment consists of sending digital information through different means of communication, with the intention of contacting the owner to send service surveys after each stay that allow the rating of the service provided, and communicating invitations, offers, promotions. , portfolio of services or information of the HOTEL or the other GHL hotels, without at any time their data being provided, transferred or delivered to persons other than or unrelated to the Hotel that collected the information, or to the hotels and activities linked to GHL and the activities it develops. Additionally, through data collection we seek to: make, process, process and/or complete reservations or purchases of hotel nights or other services; carry out internal studies on tourism habits; evaluate the quality of our services; send surveys and questionnaires regarding the services provided; promptly respond to your requests, requests or needs; communicate invitations, offers, promotions, and information in general, about the portfolio of services offered by natural or legal persons that are directly linked to the hotel operation and specifically with the services provided by GHL or GHL Hotels and the companies and hotels that they operate them. The information or data provided that is collected, collected or stored in accordance with these policies may be shared, transmitted, updated and/or deleted between the HOTEL, the other GHL hotels, the companies that operate them and GHL LOGÍSTICA for the purpose defined in these policies, to be used in the manner established here. By entering the website https://www.latamhotelxela.com/ you authorize your information and data to be shared with the tourism providers to whom you refer and with whom your reservations and/or requests are processed. It is assumed that all information or data provided or deposited through the page https://www.latamhotelxela.com/ is true, accurate and complete, and may be withdrawn at any time in the event in which it is considered harmful or detrimental to your interests or the interests of a third party. The data and in general the information received when you enter the website https://www.latamhotelxela.com/ may be both yours and the computer from which you are entering. In order to optimize and make your experience more efficient when visiting the page https://www.latamhotelxela.com/, cookies and/or web beacons may be used, as well as information on the Internet pages visited may be obtained and stored, your IP address, of the operating system of the computer from which you are entering, through a recognition and tracking process that allows you to identify your preferences and identify you when you visit the page again and store certain records, based on your IP address. The IP address is not associated or linked to your name or personal data. 3.3.- Sensitive data and data corresponding to children and adolescents. Neither the HOTEL, nor the other GHL hotels, nor the companies that operate them, nor GHL LOGÍSTICA will process data considered sensitive, nor is the data collection aimed at collecting sensitive information. The collection of data corresponding to minor children and adolescents, and the respective authorization, must always be given through their legal representative, prior to the minor's exercise of his or her right to be heard. The processing of data corresponding to children and adolescents must respond to and respect the best interests of children and adolescents, and their fundamental rights. In the event that for some reason a question may lead to the answer being about sensitive data or data of girls, boys and adolescents, the answer to such question will be optional. 3.4.- Duties of the person responsible for processing the information Those responsible for the information, and/or responsible and in charge of the processing of personal data, are obliged to: a) Guarantee to the Owner, at all times, the full and effective exercise of the right of habeas data; b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Owner; c) Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted; d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access; e) Guarantee that the information provided to the Data Processor is true, complete, exact, updated, verifiable and understandable; f) Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated; g) Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor; h) Provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of this law; i) Demand that the Data Processor at all times respect the security and privacy conditions of the Owner's information; j) Process queries and claims made in the terms indicated in the law; k) Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed; l) Inform at the request of the Owner about the use given to their data; m) Inform the data protection authority when violations of security codes occur and there are risks in the administration of the Owners' information. n) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. FOURTH: RIGHTS AND POWERS OF THE OWNER: 4.1.- Rights of the owner. Once authorization has been granted by the Owner for the corresponding treatment, he has the right to: a) Know, update and rectify his personal data. This right may be exercised against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Processing is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, except when it is expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of law 1581 of 2012; c) Be informed by the person responsible and/or in charge of personal data, upon request, of the use that has been given to your personal data; d) Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the law; e) Revoke the authorization and/or request the deletion of the data when the processing does not respect constitutional and legal principles, rights and guarantees. The revocation and/or suppression will proceed when the Superintendence of Industry and Commerce has determined that the Treatment has incurred conduct contrary to this law and the Constitution; f) Request, at all times, from the person responsible or in charge, the deletion of your personal data and/or revoke the authorization granted for the Treatment thereof, by submitting a claim, will not proceed when the Owner has a legal or contractual duty. to remain in the database. g) Access free of charge to your personal data that has been processed: (i) at least once every calendar month, and (ii) every time there are substantial modifications to the Information Processing Policies that motivate new queries. . In the case of requests whose frequency is greater than one for each calendar month, the person responsible and/or in charge may charge the Owner the costs of shipping, reproduction and, where appropriate, certification of documents. 4.2.- Legitimation for the exercise of the rights of the owner. The following people are also entitled to exercise the rights that assist the owner of the information: a). The owner himself, who must sufficiently prove his identity by the means made available to him by the person responsible; b). Their successors, who must prove such quality; c). The representative and/or attorney-in-fact of the Owner, prior accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another; and). The rights of children or adolescents will be exercised by the people who are authorized to represent them, after accreditation of the power of representation. 4.3.- Area responsible for the care and support of the holder. The attention and response to queries, requests and claims of the Owners regarding any aspect of the treatment will be in charge of the technology area. The Owner of the information that wishes to know, update, rectify, request proof of the authorization granted; be informed of the use that has been given to your personal data; revoke the authorization and/or request the deletion of the data(s) and/or access free of charge to your personal data that has been subject to Processing, you must request it in writing directly to the email firstname.lastname@example.org or send communication to Avenida Calle 72 No. 6 - 30 in Bogotá. In either case, the following must be indicated: a) full name; b) identity document; c) physical address and email; d) contact telephone number; e) Brief list of the information and data to which it refers, expressly indicating the scope and content of the request; and, f) attach the documents that you consider support your request. 4.4.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and revoking authorization, may be carried out through queries or complaints, addressed to the email address email@example.com or to the address Avenida Calle 72 No. 6 – 30, according to the object they pursue, establishing at least the legitimacy that one has to make the request and stating in a clear and concrete manner what is intended. The owner of the information or the legitimate person must accompany his/her writing with proof of the quality in which he/she acts, and must provide the data and documents necessary to account for his/her identity and quality. The email must specify the reason or object of the communication, and to do so it will be enough for the text to indicate that the right to know, update, rectify, delete or revoke the authorization granted is being exercised. 4.5.- Procedure for correcting, updating or deleting data and for submitting complaints and claims. Whoever is legitimized by law, and considers that the information contained must be corrected, updated or deleted; or when you consider that the treatment given to personal data violates legal regulations, you may submit, in accordance with article 15 of Law 1581 of 2012, complaints to the email firstname.lastname@example.org. Complaints and claims will be processed under the following rules: 4.5.1.- The claim will be formulated by means of a request addressed to the Data Controller or the Data Processor, with the identification of the Owner, the description of the facts that give rise to the claim and the address, accompanying the documents that you want to assert. . If the claim is incomplete, the interested party will be required within five (5) business days following receipt of the claim to correct the deficiencies. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that the claim has been abandoned. In the event that the person receiving the claim is not competent to resolve it, it will be transferred to the appropriate party within a maximum period of two (2) business days and the interested party will be informed of the situation. 4.5.2.- Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database, within a period of no more than two (2) business days. Said legend must be maintained until the claim is decided. 4.5.3.- The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term. 4.6.- Consultation and access to information. Queries regarding personal data contained in the HOTEL database will be answered by written request via email email@example.com. Queries will be answered within a maximum period of ten (10) business days from the date of receipt. When it is not possible to attend to the query within said term, the interested party will be informed before the expiration of ten (10) business days, expressing the reasons for the delay and indicating the date on which the query will be attended to, which in no case may exceed five (5) business days following the expiration of the first term. FIFTH: SECURITY. 5.1.- Security in the management of information. The data collected will always be treated within a framework of confidentiality, so it will not be provided, transferred or delivered to persons other than or unrelated to the Hotel, GHL or operating companies, or to anyone who has legitimate authorization to do so. 5.2.- Data transfer and transmission. In the event that a contract is signed with a third party who is professional and experienced in the management and use of databases, the person responsible will sign the contract for the transmission of personal data referred to in article 25 of decree 1377 of 2013. SIXTH: DISSEMINATION AND VALIDITY. 6.1.- Means of dissemination of the information processing policies and the privacy notice. This document, which establishes the policies for processing information on personal data collected, will be permanently published at the link https://www.latamhotelxela.com/ so that it can be consulted by whoever is interested. When requesting the Owner's express authorization for data processing, you will be informed of the specific purposes for which consent is obtained and you will be made aware of the Treatment Policy and the rights that assist you as the Owner. 6.2.- Entry into force of the information processing policies. The collection, storage, use and circulation of personal data, in development of the considerations established here, will be carried out and maintained as long as the need for direct communication with the client remains in force and there are no more efficient ways to do so, in accordance with the purposes proposed by the Treatment. If the purpose cannot be achieved through the Processing of personal data, they will be permanently deleted from the database. This document comes into force on February 1, 2016. 6.3.- Procedure for policy modification events. In the event that modifications are made to the personal data processing policies established here, they will be notified and communicated through this same website, prior to their entry into force. 6.4.- Incorporation of the conditions of use of the website https://www.latamhotelxela.com/. In accordance with applicable regulations, the information processing policy is an integral part of the terms and conditions of use of the website https://www.latamhotelxela.com/ .