I. OBJECTIVE OF THE TREATMENT POLICY

INVERSIONES NEGOCIOS Y SERVICIOS SAS, (hereinafter “INVERSIONES NEGOCIOS Y SERVICIOS SAS”, or the “Company”), committed to the security of the personal information of its users, customers, suppliers, contractors, employees and the public in general and with the purpose of giving strict compliance to the current regulations on the protection of Personal Data, especially by what is established in Law 1581 of 2012, Decree 1377 of 2013 and in the other provisions that modify, add or complement it, it is allowed to present the Policies of Treatment in matters of protection of Personal Data (hereinafter the “Policy”) of the Company, in relation to the collection, storage, use, circulation and suppression of the same, by virtue of the authorization that is granted by the Holders of information.

In this Policy, the Company details I) the general corporate guidelines that are taken into account in order to protect the Personal Data of the Holders, II) the purpose of the collection of the information, III) the rights of the Holders, IV) the area responsible for dealing with complaints and claims, and V) the procedures that must be exhausted by the Owner to know, update, rectify and delete the information subject to processing.

The Company, in compliance with the constitutional right to Habeas Data, only collects Personal Data, when it has been previously authorized by its Holder, implementing for this purpose, clear measures on confidentiality and privacy of Personal Data.

 

II. DEFINITIONS FOR EFFECTS OF THE TREATMENT POLICY

For the purposes of this Policy, the definitions outlined below will be taken into account:

a) Owner: Natural or legal person whose Personal Data is subject to Treatment.

b) Responsible for or in charge of the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data. In this case the Company.

c) Personal Data: Any information linked to or associated with one or several natural persons determined or determinable.

d) Public Data: It is the data that is not semi-private, private or sensitive. They are considered public data, among others, the data relative to the civil status of the people, to their profession or trade and to their quality of merchant or public servant. By its nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins and court decisions.

e) Sensitive Data: Those that affect the privacy of the Owner or whose improper use can generate discrimination.

f) Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression.

g) Treatment Policies regarding the protection of Personal Data: Refers to this document.

 

III. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

In accordance with article 4 of Law 1581 of 2012, the principles that govern the Treatment of Personal Data are:

a) Principle of legality in the matter of Data Processing: The Treatment referred to in Law 1581 is a regulated activity that must be subject to what is established in it and in the other provisions that develop it, as well as the provisions of this Politics.

b) Principle of purpose: The Treatment must obey the legitimate purposes that are enshrined in this Policy, which must be informed to the Holder.
c) Principle of freedom: The Treatment can only be exercised with the prior, express and informed consent of the Holder. The Personal Data will not be obtained or disclosed without prior authorization, unless there is a legal or judicial mandate that relieves the consent.

d) Principle of truthfulness or quality: The information subject to Treatment must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

e) Principle of transparency: In the Treatment the right of the Holder to obtain from the Responsible or the Manager, at any time and without restrictions, information about the existence of data that concerns him will be guaranteed.

f) Principle of access and restricted circulation: The Treatment will be subject to the limits that derive from the nature of the Personal Data. In this sense, the Treatment can only be done by persons authorized by the Holder and / or by the persons provided for in the Law.

g) Principle of security: The information subject to Treatment by the Responsible and / or Responsible for the Treatment, will be handled with the technical, human and administrative measures that are necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

h) Principle of confidentiality: All persons involved in the Processing of Personal Data are obliged to guarantee the reservation of information, even after the end of their relationship with any of the tasks involved in the Treatment, being able to only supply or communicate Personal Data when it corresponds to the development of the authorized activities in the Law.

IV. AUTHORIZATION

Bearing in mind that the databases of the Company have been collected since 2017 and have many Holders, to guarantee access to all of them to this Policy and to enforce the exercise of the right to Habeas Data by them, the Company implemented the following measures to inform the Owners of the Treatment of their Personal Data and the conditions under which such Treatment takes place and made the following arrangements:

a) “Privacy Notice” was published on the Company’s website and on its premises.

b) A link was published from the corporate portal www.alkohotel.com, where users can view the content of this Policy. The portal can be visualized in 100% of the national territory and from all the explorers.

c) Notice was published in the company’s facilities, in which the content of this Policy is stated.

From the date, the Company, at the time of the collection of Personal Data, will request authorization from the Holders, informed about the specific purposes of the Treatment for which said consent is obtained.

The authorization of the Holders may be manifested by any of the following means: (i) written, (ii) orally or (iii) by unequivocal conduct that allows to reasonably conclude that the authorization was granted.

The Company will keep proof of those authorizations in an appropriate manner, respecting the principles of confidentiality and privacy of the information.

In accordance with the provisions of Article 10 of Law 1581 of 2012, this authorization will not be necessary in the case of: (i) Information required by a public or administrative entity in the exercise of its legal functions or by court order; (ii) Public Data; (iii) Medical or sanitary emergency cases;

(iv) Treatment of information authorized by law for historical, statistical or scientific purposes; and (v) Data related to the Civil Registry of Persons.

 

V. PURPOSE OF THE TREATMENT

The Personal Data of the Holders are collected, stored, used, and exceptionally, put into circulation by the Company in the development of its corporate purpose, with the purpose of:

a) Provide your products and / or services.

b) Inform about changes to your products and / or services.

c) Achieve efficient communication related to their products, services, offers, alliances, studies, contests, content, as well as those of their related companies, and facilitate general access to their information.

d) Evaluate the quality of your products and / or services.

e) Carry out marketing campaigns to offer discounts or promotions of own or third-party products or services.
f) Prepare market studies.
g) Prepare statistical studies.

h) Advance commercial agreements, events or institutional programs, directly or in association with third parties.

i) Verify the data through consultation with public or central risk databases.

j) Send information about activities developed by the Company or send information that is considered of interest through different means.

k) Comply with the legal obligations of information to administrative entities, as well as the competent authorities that require it.

l) Share with third parties that collaborate with the Company and that, in order to comply with their duties, must have access to the information to some extent.

m) Support the Company’s audit processes.

n) Guarantee the correct performance of the contract that has been entered into with the Personal Data Holder.

o) Comply with the obligations contracted with its customers, suppliers and employees.
p) Give correct execution to the corporate purpose of the Company.

Any other purpose that may result in the development of the contract or commercial or labor relationship between the Company and the Holder.

The information provided by the Holder, will only be used for the purposes indicated here and once the need for the Processing of Personal Data ceases, they should be removed from the Company’s databases, unless by legal provision they should be preserved. , or filed in safe terms for the purpose of being disclosed only when the Law so requires.

The Company, within its corporate purpose and in order to develop the aforementioned activities, collects information from its Holders regarding their Personal Data, such as: Name, address, telephone, identity document, email, labor data, data of your family nucleus, data of academic formation, medical data, financial data, among others. The above is justified because INVERSIONES NEGOCIOS Y SERVICIOS SAS, is a company whose main corporate purpose is to develop business and commercial activities, oriented to the hotel, tourism and services, with the purpose of strengthening the shareholders’ social patrimony, promoting through of its activities and / or businesses, the generation of employment, formal and informal, offer services.

 

VI. PROCEDURES FOR THE PROCESSING OF PERSONAL DATA

The Company performs the collection of Personal Data through the documents required for linking suppliers, risk centers; for employees resumes, labor references and necessary documents for social security links, among others.

The Personal Data collected by the Company, are stored through duly licensed software, which is provided by specialized suppliers in the matter, with whom confidentiality agreements are signed for the adequate protection of the information.

1. Procedure to know the information

In order to protect and maintain the confidentiality of the Personal Data of the Holders, the Company determines that the procedure for knowing the information that the Holder has in its databases is as follows:

Who wants to know the information that the Company stores in their databases, should send a communication to the address: Cra. 101 No. 15-27, CALI – VALLE DEL CAUCA or email protecciondedatos@alkohotel.com, in which state your intention to know the information about the Owner in the Company’s databases and report an address or email where you can be answered.

This communication must be signed by (i) the Holder, who must prove his identity sufficiently; (ii) the holders of the Holder, who must prove such quality; (iii) the representative and / or agent of the Holder, after proof of representation or empowerment; or (iv) by stipulation in favor of another or for another (hereinafter and collectively the “Stakeholders”).

The Responsible Area will respond to the Holder or the Interested Party, within a maximum term of ten (10) business days from the date of receipt of the same, to the email address or physical address that has been specified in the request. When it is not possible to attend the consultation within said term, the Holder or the Interested Party will be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, in which case the response time will be extended by five. additional business days.

The consultation of the information by the Holder or Interested Party will be free, as long as it is (i) maximum once each calendar month, or (ii) it is carried out due to a substantial modification of this Policy. In the event that the query is made with a frequency greater than that established, the Company may charge the Holder or Interested Party the costs of shipping, reproduction and, where appropriate, certification of documents, in which it has incurred for that purpose.

2. Procedure to update, rectify and suppress the information – Claims attention.

The Holders of the Personal Data or other Interested Parties may, at any time, request the Company to update, rectify or delete their data and / or revoke the authorization for the Company to treat them, by submitting a complaint to the address, Cra. 101 No. 15-27, Cali – Valle del Cauca or email protecciondedatos@alkohotel.com, in which the facts that give rise to the claim, the physical address or email are indicated in the one that should be answered, and the documents that you want to assert.

If the claim is incomplete, the applicant will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it shall be understood that the claim has been abandoned.

In the event that the person who receives the claim is not competent to resolve it, it will notify the corresponding party within a maximum period of two (2) business days and inform the applicant of the situation.

Once the complete claim has been received, a legend that says “claim in process” and the reason for it will be included in the database, in a term not exceeding two (2) business days. This legend must be maintained until the claim is resolved.

The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to attend the claim within said term, the applicant will be informed of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first finished.

It is essential to note that the request to suppress the information and the revocation of the authorization will not proceed when the Holder has a legal or contractual duty with the Company.

 

VII. INFORMATION AND MECHANISMS PROVIDED BY INVERSIONES NEGOCIOS Y SERVICIOS S.A.S. AS RESPONSIBLE FOR THE TREATMENT

Business Name INVERSIONES NEGOCIOS Y SERVICIOS S.A.S.
NIT 901.041.100-2
Domicile Cali – Valle del Cauca.
Adress Cra. 101 No. 15-27
Phone (2) 485 6185
Areas in charge ADMINISTRATIVA Y CONTABLE.
e-mail protecciondedatos@alkohotel.com,
Website www.alkohotel.com

 

VIII. RESPONSIBLE AREA FOR THE PROCESSING OF PERSONAL DATA

The Administrative and Accounting areas will be responsible for receiving the requests, complaints or claims of the Personal Data Holders or other Interested Parties. This area will be in charge of carrying out the internal management that is necessary in order to guarantee a clear, efficient and timely response to the Data Owner or the other Interested Parties.

At all times the Owner or the Interested Parties can contact these areas to exercise their rights to know, update, rectify and delete the data and revoke the authorization.

 

IX. RIGHTS OF THE PERSONAL DATA HOLDER

In accordance with art. 8 of the Law 1581 of 2012, the Holder of the Personal Data will have the following rights:

a) Know, update and rectify your personal data in front of the Responsible and / or Managers of the Treatment. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized.

b) Request proof of the authorization granted to the Treatment Manager, except when this requirement for the Treatment is expressly excepted, in accordance with the provisions of this Policy and Article 10 of Law 1581 of 2012.

c) To be informed by the Responsible and / or Responsible for the Treatment, upon request, regarding the use that has been given to their personal data.

d) Submit complaints to the Superintendency of Industry and Commerce for infractions of the provisions of current regulations;
e) Revoke the authorization and / or request the deletion of the data;

f) Access free of charge to your personal data that have been processed.

The aforementioned rights may be exercised by the Holder, any of the Interested Parties.
 

X. DUTIES OF THE RESPONSIBLE OF THE TREATMENT

In accordance with art. 17 of the Law 1581 of 2012, the Responsible of the Treatment will have the following duties:

a) Guarantee the Holder, at all times, the full and effective exercise of the Habeas Data right.

b) Request and keep, in the conditions set forth in this Policy and in the Law, a copy of the respective authorization granted by the Holder.

c) Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

e) Ensure that the information provided to the Treatment Manager is true, complete, accurate, updated, verifiable and understandable.

f) Update the information, communicating in a timely manner to the Person in Charge of Processing, all the news regarding the data previously provided to it and adopt the other necessary measures so that the information provided to it is kept updated.

g) Rectify the information when it is incorrect and communicate the pertinent to the Person in Charge of the Treatment.

h) Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized.

i) To demand from the Person in charge of the Treatment at all times, respect for the security and privacy conditions of the Holder’s information.
j) Process inquiries and claims of the Holder or Interested Parties.

k) Inform the Person in Charge of the Treatment when certain information is under discussion by the Holder, once the claim has been filed and the respective procedure has not been completed.

l) Inform the Holder or Interested Parties, upon request, about the use given to their data.

m) Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.

n) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

 

VALIDITY OF THE TREATMENT POLICY AND DATABASES

This Policy of Treatment of Personal Data of INVERSIONES NEGOCIOS Y SERVICIOS SAS, governs as of January 2018, also the Processing of Personal Data by the Company will be carried out while the contractual, commercial or labor relations with the Holder remain in force. , including the term required to execute all the activities aimed at fulfilling the purposes of the Treatment.

Notwithstanding the foregoing, personal data must be retained when required for the fulfillment of a legal or contractual obligation.

 

XII. OTHER PROVISIONS

a) The Company, for the Treatment of Sensitive Data, will inform the Holders of the information: (i) because it is this type of data, it is not obliged to authorize its Treatment and (ii) it will inform which data are Sensitive and the purpose of your Treatment.

b) For purposes of the Treatment of Personal Data of children and adolescents, the Company will respond and respect the best interests of these and, in addition, ensure respect for their fundamental rights. Additionally, the Company will request authorization from the representative of the child or adolescent for the purpose of processing their Personal Data.

c) The Company will collect, store, use or circulate the Personal Data about which it has the proper authorization, for the term that is reasonable and necessary.

This policy applies as of January 2018.

INVERSIONES NEGOCIOS Y SERVICIOS S.A.S.

NIT. 901.041.100-2

Cra. 101 No. 15-27, Cali – Valle – Colombia.

Tel. +57 (2) Telephone 485 6185

How do we share your personal information with third parties?

  • Booking.com: We have teamed up with Booking.com B.V., located at Herengracht 597, 1017 CE Amsterdam, The Netherlands (www.booking.com) (hereafter Booking.com) to offer you our online reservation services. While we provide the content to this website and you make a reservation directly with us, the reservations are processed through Booking.com. The information you enter into this website will therefore also be shared with Booking.com and its affiliates. This information may include personal data such as your name, your contact details, your payment details, the names of guests traveling with you and any preferences you specified when making a booking. To find out more about the Booking.com corporate family, visit About Booking.com.
  • Booking.com will send you a confirmation email, a pre-arrival email and provide you with information about the area and our accommodation. Booking.com will also provide you with international customer service 24/7 from its local offices in more than 20 languages. Sharing your details with Booking.com’s global customer service staff allows them to respond when you need assistance. Booking.com may use your data for technical, analytical and marketing purposes as further described in the Booking.com Privacy Policy. This includes that your data might also be shared with other members of the Booking Holdings Inc. group of companies for analysis to provide you with travel-related offers that may be of interest to you and to offer you customised service. If needed under applicable law, Booking.com will first ask your consent. If your data is transferred to a country outside the European Economic Area, Booking.com will make contractual arrangements to ensure that your personal data is still protected in line with European standards. If you have questions about the processing of your personal data by Booking.com, please contact dataprotectionoffice@booking.com.
  • BookingSuite: Your personal data may be shared with BookingSuite B.V. located at Herengracht 597, 1017 CE Amsterdam, the Netherlands, the company which operates this website and the website suite.booking.com.