Legal Notice

Privacy Policy:

First: Generalities

We have a special interest in protecting and respecting your personal information and data, which is why we have designed these information treatment policies within the framework of Law 1581 of 2012 and regulatory decree 1377 of 2013.

1.1.- Introduction.

Andes Plaza Hotel Company may collect personal data from its users, guests, or visitors through various means intended for accessing the services provided by them. In any case, the collection will be done with the express authorization of the data owner, and the treatment of this data will be subject to what is established by the law.

The personal information subject to the considerations established here may be collected by Andes Plaza Hotel Company through the website www.emhotels.com, by visiting or acquiring services offered on the platform, or directly at hotels linked or associated with Andes Plaza Hotel Company.

The considerations established here will be deemed accepted by the Information Owner when they visit or use the website www.emhotels.com and/or when they enter personal data or information through the established functions, regardless of the purpose.

1.2- General Principles.

The collection and processing of personal data, as well as the use, treatment, processing, exchange, transfer, and transmission of such data by Andes Plaza Hotel Company or any of the hotel operating companies affiliated with Andes Plaza Hotel Company, shall always be guided by principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access, and restricted circulation.

1.3- Legal definitions.

In accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions will govern the policies for the treatment of personal information.

1.3.1- Data Processor: The data processor is a natural or legal person, public or private, who on its own or in association with others, processes personal data on behalf of the Data Controller;

1.3.2.- Data Controller: The data controller is a natural or legal person, public or private, who on its own or in association with others, decides on the database and/or the treatment of the data;

1.3.3.- Database: The organized set of personal data subject to Treatment;

1.3.4.- Personal data: Any information linked or that can be associated with one or more specific natural persons;

1.3.5.- Sensitive data: Those data that affect the privacy of the Owner, or whose misuse may lead to discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or promoting interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.

1.3.6.- Public data: Data that is not semi-private, private, or sensitive. Public data include, among others, data related to the marital status of individuals, their profession or occupation, and their status as a merchant or public servant. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court judgments that are not subject to reservation.

1.3.7.- Transfer: Data transfer occurs when the Data Controller and/or Data Processor, located in Colombia, sends information or personal data to a recipient, who in turn is the Data Controller and is located inside or outside the country.

1.3.8- Transmission: Processing of personal data involving the communication of such data within or outside the territory of the Republic of Colombia when the purpose is to carry out a Treatment by the Processor on behalf of the Controller.

Second: Owner’s Authorization

The data provided will be subject to authorized treatment, granted in advance, expressly and informed by the Owner of the same, directly to Andes Plaza Hotel Company, or through Andes Plaza Hotel Company hotels or the companies that operate them.

However, visiting, entering, or using the website www.emhotels.com constitutes prior, express, and informed authorization for the storage, collection, and treatment of information in accordance with the data treatment policy contained herein.

In any case, data collection will be limited to personal data that is relevant and appropriate for the intended purpose.

Third: Information Treatment

3.1- Data collected.

The collection of data for the development of the Treatment and purposes pursued by it will focus on the personal data received and stored by Andes Plaza Hotel Company and the affiliated or associated hotels and companies linked to Andes Plaza Hotel Company, and will include all information provided or provided during the visit to the website www.emhotels.com, as well as all information related to services or reservations made, and the accommodation data provided to Andes Plaza Hotel Company or any of the associated hotels.

Without prejudice to the fact that in some cases they are public data, the information collected will correspond to name, national identity card number, profession, nationality, date of birth, email address, preferences and personal interests, work or activity, consumption habits or travel habits, among others. If a reservation is made through the website www.emhotels.com, the information corresponding to the credit card provided for the purpose of the reservation and stay will be collected.

3.2- Treatment to which the data will be subjected and purpose of the same.

The data and information obtained and collected by Andes Plaza Hotel Company, by Andes Plaza Hotel Company hotels, or by the operating companies of such hotels, will be used in the normal course of their commercial activities only for the purpose established in these information treatment policies, in a way that allows for direct and effective communication with the client, leading to establishing a closer bond.

The treatment consists of sending digital information through different communication channels, with the intention of contacting the owner to send service surveys after each stay to allow the rating of the service provided, and to communicate invitations, offers, promotions, service portfolio information, or information from the Hotel or hotels that are part of Andes Plaza Hotel Company, without at any time their data being provided, transferred, or delivered to different or external persons or entities to the Hotel that collected the information, or to the hotels and activities linked to Andes Plaza Hotel Company and the activities they carry out. Additionally, through data collection, the aim is to: make, process, handle, and/or complete reservations or purchase of hotel nights or other services; conduct internal studies on tourism habits; evaluate the quality of our services; send surveys and questionnaires regarding the services provided; promptly address your requests, petitions, or needs; communicate invitations, offers, promotions, and general information about the service portfolio offered by natural or legal persons directly linked to the hotel operation and specifically to the services provided by Andes Plaza Hotel Company and the companies and hotels that operate them.

The information or data provided that are collected, or stored in accordance with these policies, may be shared, transmitted, updated, and/or deleted among Andes Plaza Hotel Company, Andes Plaza Hotel Company hotels, and their operating companies for the purpose defined in these policies, to be used in the manner established here. By accessing the website www.emhotels.com, you authorize your information and data to be shared with the tourism providers to whom your reservations and/or requests are managed.

It is assumed that all information or data provided or deposited through the www.emhotels.com website is true, accurate, and complete and may be withdrawn at any time if it is considered harmful or detrimental to your interests or the interests of a third party.

The data and, in general, the information received when accessing the website www.emhotels.com may be yours or of the device from which you are accessing. In order to optimize and make your experience visiting the www.emhotels.com website more efficient, cookies and/or web beacons may be used, and information from visited web pages, your IP address, the operating system of the device you are accessing from, may be obtained and stored through a process of recognition and tracking to identify your preferences and identify you when you visit the website again and store certain records based on your IP address. The IP address is not associated or linked to your name or personal data.

3.3.- Sensitive data and data corresponding to children and adolescents.

Neither Andes Plaza Hotel Company nor the hotel operating companies of Andes Plaza Hotel Company will process data considered sensitive, nor is the data collection intended to collect sensitive information.

The collection of data corresponding to children and adolescents under the age of majority, and the respective authorization, must always be given through their legal representative, after the minor’s exercise of their right to be heard. The processing of data corresponding to children and adolescents must respond to and respect the best interests of children and adolescents, and their fundamental rights. In the event that for any reason a question may lead to a response concerning sensitive data or data relating to girls, boys, and adolescents, the response to such question will be optional.

3.4.- Duties of the information controller.

The information controllers, and/or the responsible parties and processors of personal data, undertake to: a) Ensure the Owner, at all times, the full and effective exercise of the right to habeas data; b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Owner; c) Properly inform the Owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted; d) Keep the information in the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access; e) Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable; f) Update the information by timely informing the Data Processor of any developments regarding the data previously provided and take all necessary measures to ensure that the information provided remains up-to-date; g) Rectify the information when it is incorrect and communicate the relevant information to the Data Processor; h) Provide the Data Processor, as the case may be, only with data whose processing has been previously authorized in accordance with the provisions of this law; i) Demand from the Data Processor at all times respect for the security and privacy conditions of the Owner’s information; j) Handle queries and claims filed as indicated in the law; k) Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been filed and the respective process has not been completed; l) Inform, at the request of the Owner, about the use given to his data; m) Inform the data protection authority when there are breaches of security codes and risks in the administration of Owner information. n) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

Fourth: Owner’s Rights and Powers

4.1.- Owner’s Rights.

Once the authorization is granted by the Owner for the corresponding treatment, the Owner has the right to: a) Know, update, and rectify their personal data. This right can be exercised in relation to partial, inaccurate, incomplete, fractioned data, leading to errors, or those whose Processing is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, unless expressly exempted as a requirement for Processing, in accordance with the provisions of Article 10 of Law 1581 of 2012; c) Be informed by the Controller and/or Processor of personal data, upon request, of the use that has been made of their personal data; d) Lodge complaints with the Superintendence of Industry and Commerce for breaches of the law; e) Revoke the authorization and/or request the deletion of the data when the Principles, rights, and constitutional and legal guarantees are not respected in the Processing. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that the Processing has involved conduct contrary to this law and the Constitution; f) Request at any time from the Controller or Processor the deletion of their personal data and/or revoke the authorization granted for their Processing, through the presentation of a claim, which shall not apply when the Owner has a legal or contractual duty to remain in the database. g) Access for free to their personal data that have been processed: (i) at least once every calendar month, and (ii) whenever there are substantial modifications to the Information Treatment Policies that warrant new queries. In the case of requests with a frequency greater than one per calendar month, the Controller and/or Processor may charge the Owner for the costs of sending, reproduction, and, if applicable, certification of documents.

4.2.- Legitimation for the exercise of the Owner’s rights.

The following persons are also legitimized to exercise the rights of the information Owner: a). The Owner themselves, who must prove their identity sufficiently by the means made available by the Controller; b). Their heirs, who must prove such status; c). The representative and/or attorney of the Owner, upon accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another; e). The rights of children, girls, or adolescents will be exercised by the persons authorized to represent them, upon prior accreditation of the power of representation.

4.3.- Area responsible for attending and accompanying the Owner.

The attention and response to inquiries, requests, and complaints from the Owners regarding any aspect of the treatment will be handled by the legal area. The Owner of the information who wishes to know, update, rectify, request proof of the authorization granted; be informed of the use of their personal data; revoke the authorization and/or request the deletion of the data and/or access for free to their personal data that have been processed must request it in writing directly to the email address andesvirtual@hotelandesplaza.co or send the communication to Avenida 15 Calle 100 Chicó norte, Bogotá (Colombia). In either case, the following must be indicated: a) full name; b) identification document; c) physical address and email; d) contact telephone number; e) Brief description of the information and data to which it refers explicitly stating the scope and content of the request; and, f) attach the documents that are believed to support the request.

4.4.- Procedure to exercise the rights to know, update, rectify, or delete information and revoke authorization.

The procedures for access, update, deletion, and rectification of personal data, and for revocation of authorization, may be carried out through queries or claims, directed to the email address andesvirtual@hotelandesplaza.co or to the address Avenida 15 Calle 100 Chicó norte, Bogotá (Colombia), according to the purpose they pursue, establishing at least the legitimacy to make the request and clearly and specifically explaining what is intended.

All requests, suggestions, and recommendations related to information treatment must be sent to the email address andesvirtual@hotelandesplaza.co. The information Owner or the authorized person must accompany their written request with proof of the quality in which they act and provide the necessary data and documents to account for their identity and status.

The reason or purpose of the communication should be specified in the email, and it will be sufficient to indicate in the text that the right to know, update, rectify, delete, or revoke the authorization granted is being exercised.

4.5.- Procedure for correcting, updating, or deleting data and submitting complaints and claims. Anyone authorized by law and who believes that the information contained should be corrected, updated, or deleted; or when they believe that the treatment of personal data violates legal norms, can submit, in accordance with Article 15 of Law 1581 of 2012, complaints to the email address andesvirtual@hotelandesplaza.co.

Complaints and claims will be processed under the following rules:

4.5.1.- The claim will be made through a request addressed to the Treatment Controller or the Data Processor, with the identification of the Owner, the description of the facts that give rise to the claim, and the address, accompanying the documents to be relied on. If the claim is incomplete, the interested party will be required within five (5) business days from receipt of the claim to remedy the deficiencies. After two (2) months from the date of the request without the applicant providing the requested information, it will be understood that the claim has been waived. If the recipient of the claim is not competent to resolve it, it will be forwarded to the appropriate party within a maximum of two (2) business days and the situation will be reported to the interested party.

4.5.2.- Once the complete claim is received, a legend reading “claim in process” and the reason for it will be included in the database within a maximum of two (2) business days. This legend must be maintained until the claim is resolved.

4.5.3.- The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. If it is not possible to address the claim within this term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days after the expiry of the initial term.

4.6.- Inquiry and access to information. Inquiries regarding personal data contained in the database of Compañía Hotelera Andes Plaza will be addressed through a written request sent to the email andesvirtual@hotelandesplaza.co. Inquiries will be answered within a maximum period of ten (10) business days from the date of receipt. If it is not possible to respond within this time frame, the requester will be informed before the expiration of the ten (10) business days, stating the reasons for the delay and indicating the date by which the inquiry will be addressed, which in no case can exceed five (5) business days after the expiration of the initial term.

Fifth: Security

5.1.- Security in the handling of information.

The collected data will always be processed within a framework of confidentiality, and will not be shared, transferred, or given to individuals who are not part of the Hotel, Compañía Hotelera Andes Plaza, or affiliated operating companies, or those who have legitimate authorization to do so.

5.2.- Transfer and transmission of data.

In the event a contract is signed with a third-party professional with experience in handling and using databases, the responsible party will sign the personal data transmission contract referred to in Article 25 of Decree 1377 of 2013.

Sixth: Dissemination and validity

6.1.- Means of dissemination of the information treatment policies and privacy notice.

This document, which establishes the information treatment policies for personal data collected, will be permanently published at the link URL of information treatment. so that it can be accessed by anyone interested. When requesting the express authorization of the data subject for data processing, the specific purposes for which consent is obtained will be indicated, and the Treatment Policy and the rights of the data subject will be communicated.

6.2.- Entry into force of the information treatment policies.

The collection, storage, use, and circulation of personal data, in accordance with the considerations established here, will be carried out and maintained as long as there is a direct communication need with the customer and no more efficient means exist to do so, in accordance with the purposes set out by the Treatment. In the event that the purpose cannot be achieved through the Treatment of personal data, the data will be permanently removed from the database. This document enters into force on February 22, 2016.

6.3.- Procedure for events of modification of the policies.

If changes are made to the personal data treatment policies outlined here, they will be notified and communicated through this same website, prior to the entry into force of the new policies.

6.4.- Incorporation of the terms of use for the website www.emhotels.com.

In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and conditions of use of the website www.emhotels.com.

6.5.- Responsible for the information.

The company Compañía Hotelera Andes Plaza, with NIT 830.012.169-9, is the responsible party and data processor, along with each of the affiliated operating companies that have collected the information. When the information has been received or collected by any of its affiliated companies, with express authorization for transfer, Compañía Hotelera Andes Plaza will be responsible for processing the data.

Any communication may be addressed to Avenida 15 Calle 100 Chico Norte, Bogotá (Colombia), or to the email andesvirtual@hotelandesplaza.com.