Dann Hotels Personal Data Protection Treatment Policy

Name of the Society:

  • Administradora Hotelera Dann S.A.S.
  • Comercial Hotelera de Ibagué S.A.S
  • Promotora Apartamentos Dann S.A.S
  • Promotora Inmobiliaria Dann Cartagena S.A.S.
  • Inversiones Spiwak S.A.S.

(hereinafter DANN HOTELS and DANN CARLTON HOTELS or jointly DANN HOTELS).
Home:94 Street No. 19-71 of Bogotá DC
Email: [email protected]
Telephone:+57 (1) 633 8555

WEBSITE CONSENT CLAUSE

In accordance with Statutory Law 1581 of 2012 on Data Protection and with Decree 1377 of 2013, the user is informed that once they give their authorization, the data recorded on our platform will be incorporated into a database that will be under the responsibility of Dann and Dann Carlton Hotels. Our clients can exercise the rights of access, correction, deletion, revocation or claim for infringement of the data addressing [email protected]

AUTHORIZATION:prior, express and informed consent of the owner to carry out the processing of personal data.
DATABASE: organized set of personal data that is subject to treatment. The “database” will have such a condition regardless of the medium in which they are contained, which may be physical, electronic, manual, automated, computer tools, etc.
PERSONAL DATA: any information linked or that can be associated with one or more natural persons.
DATA OWNER: natural person whose personal data is being processed.
TREATMENT: any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
PRIVACY NOTICE: Verbal or written communication generated by the person in charge, addressed to the owner for the treatment of their personal data, through which they are informed about the existence of the information treatment policies that will be applicable, the way to access them and the purposes of the treatment that is intended to give personal data.
PUBLIC DATA: it is the data that is not semi-private, private or sensitive. Data related to the marital status, their profession and their quality as a merchant or public servant is considered public data.
SENSITIVE DATA:Sensitive data is understood as those that affect the privacy of the owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, of human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
TRANSFER: The transfer of data takes place when the person in charge of the treatment of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the treatment and is located inside or outside the country.
TRANSMISSION:treatment of personal data that implies the communication of the same inside or outside the territory of the Republic of Colombia when its purpose is to carry out a treatment by the person in charge on behalf of a single person in charge.

In the development, interpretation and application of Law 1581 of 2012, the following guiding principles will be applied in a harmonious and comprehensive manner:

PURPOSE PRINCIPLE: the treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the owner.
FREEDOM PRINCIPLE: the treatment can only be exercised with prior, express, and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
TRUTH OR QUALITY PRINCIPLE: the information subject to treatment must be truthful, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fragmented or misleading data is prohibited.
TRANSPARENCY PRINCIPLE: in the treatment, the right of the owner to obtain from the person in charge, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.
ACCESS AND RESTRICTED CIRCULATION PRINCIPLE: the treatment is subject to the limits derived from the nature of personal data, the provisions of the law and the Constitution. Therefore, the treatment can only be done by persons authorized by the owner and/or by the persons provided for by law.
Personal data, except for public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to authorized owners or third parties.
SECURITY PRINCIPLE: the information subject to treatment by HOTELES DANN must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
CONFIDENTIALITY PRINCIPLE: HOTELES DANN is obliged to guarantee the confidentiality of the information, even after the end of its relationship with any of the tasks that the treatment includes, and may only supply or communicate personal data when this corresponds to the development of authorized activities.

a. The owner of the personal data will have the following rights: a. Know, update and rectify your personal data against HOTELES DANN in its capacity as data controller. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose treatment is expressly prohibited or has not been authorized.
b. Request proof of the authorization granted to HOTELES DANN except when expressly excepted as a requirement for treatment (cases in which authorization is not necessary).
c. Be informed by HOTELES DANN, upon request, regarding the use that has been given to your personal data.
d. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it.
and.
e. Revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the treatment.
f. Free access to his/her personal data that has been processed.

By virtue of this personal data treatment and protection policy, HOTELES DANN is responsible for the following:
a. Guarantee the owner, at all times, the full and effective exercise of the right of habeas data.
b. Request and keep a copy of the respective authorization granted by the owner.
c. Duly inform the owner about the purpose of the collection and his/her rights in virtue of the authorization granted.
d. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. Rectify the information when it is incorrect and communicate such rectification if pertinent.
F. Process queries and claims made by the owners.
g. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the holders.
h. Comply with the requirements and instructions issued by the Superintendency of Industry and Commerce on the particular subject.
i. Inform at the request of the owner about the use given to their data.
J. Guarantee that the information is true, complete, accurate, updated, verifiable and understandable.
k. Update the information, thus attending to all the news regarding the owner’s data. Additionally, all necessary measures must be implemented so that the information is kept up to date.
l. Respect the security and privacy conditions of the owner’s information.
m. Identify when certain information is under discussion by the owner.
n. Use only data whose treatment is previously authorized in accordance with the provisions of Law 1581 of 2012.

The authorization of the owner of the information will not be necessary in the case of:
a. Information required by a public or administrative entity in the exercise of its legal functions or by court order.
b. Data of a public nature.
c. Cases of medical or health emergency.
d. Treatment of information authorized by law for historical, statistical or scientific purposes.
e. Data related to the Civil Registry of people.

The rights of the owners may be exercised by the following persons:
a. By the holder, who must sufficiently prove his identity by the different means made available by HOTELES DANN.
b. By the successors in title of the owner (in cases where the latter is absent due to death or incapacity), who must prove such quality.
c. By the representative and/or proxy of the holder, prior accreditation of the corresponding representation or power of attorney.
d. By stipulation in favor of another or for another.
e. The rights of children and adolescents will be exercised by the persons empowered to represent them.

The information collected is used to process, confirm, fulfill and provide the services and/or products purchased, directly and/or with the participation of third-party providers of products or services, as well as to promote and advertise our activities, products and services, carry out transactions, make reports to the different national or international administrative control and surveillance authorities, police authorities or judicial authorities, banking entities and/or insurance companies, for internal administrative and/or commercial purposes such as market research, audits, reports accounting, statistical analysis, billing, and offering and/or recognition of benefits of our loyalty programs.
By accepting this PERSONAL DATA PROTECTION TREATMENT POLICY, our guests, visitors, clients, users and suppliers, in their capacity as holders of the data collected, authorize HOTELES DANN to carry out the treatment of the same, partially or totally, including the collection , storage, recording, use, circulation, processing, deletion, for the execution of activities related to the services and products purchased, such as, making reservations, modifications, cancellations and changes of the same, refunds, attention to queries, complaints and claims, payment of compensation and indemnities, accounting records, correspondence, processing and verification of credit cards, debit cards and other payment instruments,identification of fraud and prevention of money laundering and other criminal activities and/or for the operation of loyalty programs and other purposes indicated in this document.
The foregoing, without prejudice to other purposes that have been informed in this document and in the terms and conditions of each of the products and services of each of our business units.
We warn that third-party providers may be involved in these activities, such as reservation system providers, travel agencies, call centers, banks, insurance companies, etc.
Additionally, our travellers, customers and users, in their capacity as holders of the data collected, by accepting this privacy policy, authorize us to:
a. Use the information received from them, for marketing purposes of their products and services, and the products and services of third parties with whom HOTELES DANN maintains a business relationship.
b. Provide personal data to the control and surveillance authorities of
police or judicial, by virtue of a legal or regulatory requirement and/or use or disclose this information and personal data in defense of their rights and/or their assets insofar as said defense is related to the products and/or services contracted by their travelers , customers and users.
c. Allow access to information and personal data to auditors or third parties hired to carry out internal or external audit processes of the commercial activity that we develop.
d. Consult and update personal data, at any time, in order to keep said information updated.
e. Contract with third parties the storage and/or processing of information and personal data for the correct execution of the contracts entered into with us, under the security and confidentiality standards to which we are bound.

The processing of personal data of children and adolescents is prohibited except in the case of data of a public nature, and when said processing complies with the following parameters and/or requirements:
a) that respond to and respect the best interests of children and adolescents.
b) to ensure respect for their fundamental rights.
c) that there is authorization from the parent or guardian of the child or adolescent.

The information that meets the conditions established by law may be provided to the following persons:
a. To the owners, their successors in title (when those are missing) or their legal representatives.
b. To public or administrative entities in the exercise of their legal functions or by court order.
c. To third parties authorized by the owner or by law.

The collection, storage, use, circulation or deletion of personal data by HOTELES DANN requires free, prior, express and informed consent of the owner thereof. HOTELES DANN, in its capacity as the person responsible for the processing of personal data, has made the necessary mechanisms to obtain the authorization of the owners available, guaranteeing that it is possible to verify the granting of said authorization in any case.
With the aforementioned authorization, the client accepts the policies and conditions established in this document.

The authorization of the owner of the information will appear in each of the data collection channels and mechanisms of HOTELES DANN. Thus, it may be recorded in a physical, electronic document or in any other format that guarantees its subsequent consultation. The authorization will be issued by the owner prior to the processing of his personal data, in accordance with the provisions of Law 1581 of 2102.
With the consented authorization procedure, it is guaranteed that the owner of the personal data has been made aware of both the fact that his personal information will be collected and used for certain and known purposes, and that he has the option of knowing any alteration to them. and the specific use that has been made of them. The foregoing in order for the owner to make informed decisions regarding his personal data and control the use of his personal information.

HOTELES DANN will adopt adequate and sufficient technical and administrative measures that allow the care and conservation of the personal data of the holders, avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Similarly, the implementation of these measures will allow the conservation of the authorization granted by the holders of the personal data for the treatment of the same.
HOTELES DANN will adopt all the mechanisms to keep the confidentiality of the information and will refrain from using the information for purposes other than those expressly authorized by the owner.
Notwithstanding the foregoing, the client assumes the risks derived from delivering this information in a medium such as the Internet, which is subject to various variables – third-party attacks, technical or technological failures, among others. HOTELES DANN will make its best technological effort to guarantee the security of the personal information of all its clients and/or users, using reasonable and current security methods to prevent unauthorized access, to maintain the accuracy of the data and to guarantee its correct use. of the information.

For the event in which third parties unrelated to HOTELES DANN require to validate, rectify or confirm information corresponding to the personal data of the holders contained in the databases of HOTELES DANN, the prior and express authorization of the holder for the transfer to operate.
HOTELES DANN will refrain from using the information provided by the owners for marketing purposes other than their specific programs and services.

Owners may request DANN HOTELS to consult their personal data. This request must be made in writing addressed to the email:[email protected], specifying the type of data to be consulted, name, surname, citizenship card, telephone and email to which the corresponding information will be sent.
HOTELES DANN will send the owner the information consulted, which will be made up of the list of all the information that is linked to the identification of the owner in the database. The query will be answered within a maximum term of fifteen (15) business days, following the date of receipt of the query. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be attended, which in no case may exceed eight (8) business days following the expiration of the first term. The query will be addressed in writing and will not generate cost for the holder.

The owners may at any time request HOTELES DANN to delete, correct or update their personal data and/or revoke the authorization granted for their treatment, by submitting a claim as follows:
a. The claim will be formulated through communication addressed to the email: [email protected] with the identification of the owner, the description of the facts that give rise to the request, the address and accompanied by the documents that support the request if applicable.
b. If the claim is incomplete, HOTELES DANN will require the owner within five (5) business days after receipt of the request to correct the faults. After two (2) months from the date of the request, without the holder submitting the required information, it will be understood that he has withdrawn the claim.
c. Once the complete claim is received, a legend will be included in the database that says “claim in process” and the reason for it, an activity that must be carried out in a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.
d. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.

The information provided by customers and users will remain stored for up to fifteen (15) years from the date of the last treatment, to allow us to comply with legal and/or contractual obligations, especially in accounting matters. tax and tax.

HOTELES DANN reserves the right to make changes or updates to this Privacy Policy at any time, in response to new legislation, internal policies or new requirements for the provision or offering of its services or products.