Puerto Velero - Barranquilla, COL
Privacy Policy
Address: Km 88 via al mar from Barranquilla to Cartagena, Puerto Velero Beaches
PERSONAL DATA PROCESSING POLICY
LEGAL REGULATIONS AND SCOPE OF APPLICATION: This Personal Data Processing Policy is prepared in accordance with the provisions of the Political Constitution, Law 1581 of 2012, Regulatory Decree 1377 of 2013, and other complementary provisions, and will be applied by the company.
1. Regarding the collection, storage, use, circulation, deletion, and all other activities that constitute the processing of personal data.
2. DEFINITIONS: For the purposes of implementing this policy and in accordance with legal regulations, the following definitions shall apply: a.) Authorization: Prior, express, and informed consent of the data subject to process personal data; b.) Privacy Notice: A physical, electronic, or any other format document generated by the Controller that is made available to the Data Subject for the processing of their personal data. The Privacy Notice provides the Data Subject with information regarding the existence of the information processing policies applicable to them, how to access them, and the intended purpose of processing their personal data; c.) Database: An organized set of personal data that is the subject of processing; d.) Personal Data: Any information linked to or that can be associated with one or more specific or determinable natural persons; e.) Public Data: Data classified as such according to the mandates of the law or the Political Constitution, and that which is not semi-private, private, or sensitive. Public data includes, among others, data relating to a person's marital status, profession or occupation, status as a merchant or public servant, and data that can be obtained without reservation. By its nature, public data may be contained in, among others, public records, public documents, gazettes, and official bulletins; f.) Private data: Data that, due to its intimate or reserved nature, is only relevant to the data subject; g.) Sensitive data: Sensitive data is understood to be data that affects the privacy of the Data Subject or whose misuse may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data; h.) Data Processor: Natural or legal person, public or private, who, by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller; i.) Data Controller: Natural or legal person, public or private, who, by itself or in association with others, decides on the database and/or the Processing of the data; j.) Data Subject: Natural person whose personal data are the subject of Processing; k.) Processing: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion of such data.
PURPOSE FOR WHICH PERSONAL DATA IS COLLECTED AND PROCESSED:
THE COMPANY may use personal data to: a.) Execute the existing contractual relationship with its clients, suppliers and employees, including the payment of contractual obligations; b.) Provide the services and/or products required by its users; c.) Inform about new products, promotions or services and/or changes thereto; d.) Evaluate the quality of the service; e.) Conduct internal studies on consumer habits; f.) Send commercial, advertising or promotional information about products and/or services, events and/or promotions, whether commercial or non-commercial, to physical or electronic mail, cell phone or mobile device, via text messages (SMS and/or MMS) or through any other analogous and/or digital means of communication created or to be created, in order to promote, invite, direct, execute, inform and, in general, carry out campaigns, promotions or contests of a commercial or advertising nature, advanced by THE COMPANY and/or third parties; g.) Develop the selection, evaluation, and employment placement process; h.) Support internal or external audit processes; i.) Record information on employees and/or retirees (active and inactive) in THE COMPANY's databases; j.) Provide, share, send, or deliver your personal data to subsidiaries, affiliates, or subordinate companies of THE COMPANY located in the country, in the event that said companies require the information for the purposes indicated herein.
Regarding the data: ▪ Collected directly at security checkpoints, ▪ Taken from documents provided by people to security personnel and ▪ Obtained from video recordings made inside or outside THE COMPANY facilities, these will be used for the security purposes of people, property and facilities of THE COMPANY and may be used as evidence in any type of process. If personal data is provided, said information will be used only for the purposes indicated herein, and therefore, THE COMPANY will not proceed to sell, license, transmit, or disclose it, unless: ▪ There is express authorization to do so; ▪ It is necessary to allow contractors or agents to provide the commissioned services; ▪ It is necessary in order to provide our services and/or products; ▪ It is necessary to disclose it to entities that provide marketing services on behalf of THE COMPANY or to other entities with which it has joint marketing agreements; ▪ The information is related to a merger, consolidation, acquisition, divestiture, or other corporate restructuring process; ▪ It is required or permitted by law. THE COMPANY may subcontract certain functions or information to third parties. When the processing of personal information is effectively subcontracted to third parties or personal information is provided to third-party service providers, THE COMPANY warns said third parties about the need to protect said personal information with appropriate security measures, prohibits the use of the information for their own purposes, and requests that they not disclose the personal information to others.
PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA:
The processing of personal data by THE COMPANY shall be governed by the following principles: a.) Principle of purpose: The processing of personal data collected must be for a legitimate purpose, of which the data subject must be informed; b.) Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the data subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial order that waives consent; c.) Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Partial, incomplete, fragmented, or misleading data shall not be processed; d.) Principle of transparency: The processing must guarantee the right of the data subject to obtain from THE COMPANY, at any time and without restrictions, information about the existence of data concerning him or her; e.) Principle of restricted access and circulation: The Processing is subject to the limits derived from the nature of the personal data, the provisions of this law and the Constitution. Personal data, except for public information, and as provided in the authorization granted by the data owner, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Owners or authorized third parties; f.) Security principle: The information subject to processing by THE COMPANY must be protected through the use of the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access; g.) Confidentiality principle: All persons involved in the processing of personal data are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks that comprise the Processing has ended. FIRST PARAGRAPH: In the event that sensitive personal data is collected, the Owner may refuse to authorize its processing.
3. RIGHTS OF THE OWNERS OF PERSONAL DATA PROCESSED BY THE COMPANY: The owners of personal data, either themselves or through their representative and/or attorney-in-fact or their successor in title, may exercise the following rights with respect to the personal data that is processed by THE COMPANY: a.) Right of access: By virtue of which they may access the personal data that is under the control of THE COMPANY in order to consult it free of charge at least once every calendar month, and every time there are substantial modifications to the Information Processing Policies that motivate new consultations; b.) Right to update, rectification and deletion: By virtue of which they may request the update, rectification and/or deletion of the personal data that is being processed, in such a way that the purposes of the processing are satisfied; c.) Right to request proof of authorization: Except in events in which, according to current legal regulations, authorization is not required to carry out the processing; d.) Right to be informed: Regarding the use of personal data; e.) Right to file complaints with the Superintendency of Industry and Commerce: For violations of the provisions of current regulations on the processing of personal data; f.) Right to demand compliance: Of each and every one of the orders issued by the Superintendency of Industry and Commerce. FIRST PARAGRAPH: For the purposes of exercising the rights described above, both the owner and the person representing them must prove their identity and, if applicable, the capacity in which they represent the owner. SECOND PARAGRAPH: The rights of minors will be exercised through the persons authorized to represent them.
4. DUTIES OF THE COMPANY: All those required to comply with this policy must keep in mind that THE COMPANY is obliged to comply with the duties imposed by law in this regard. Consequently, the following obligations must be fulfilled: a.) Duties when acting as controller: ▪ Request and retain, under the conditions set forth in this policy, a copy of the respective authorization granted by the owner. ▪ Clearly and sufficiently inform the owner about the purpose of the collection and the rights they have by virtue of the authorization granted. ▪ Inform the owner, upon request, about the use given to their personal data. ▪ Process queries and complaints made in the terms indicated in this policy. ▪ Ensure that the principles of truthfulness, quality, security, and confidentiality are met in the terms established in the following policy. ▪ Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use, or unauthorized or fraudulent access. ▪ Update the information when necessary. ▪ Rectify personal data when appropriate. b.) Duties when acting as the Data Processor of personal data. If you process data on behalf of another entity or organization (Data Controller), you must comply with the following duties: ▪ Establish that the Data Controller is authorized to provide the personal data that will be processed as the Data Processor. ▪ Guarantee the data subject, at all times, the full and effective exercise of the right to habeas data. ▪ Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use, or unauthorized or fraudulent access. ▪ Promptly update, rectify, or delete the data. ▪ Update the information reported by the Data Controllers within five (5) business days from receipt. ▪ Process queries and complaints made by data subjects under the terms set forth in this policy. ▪ Record the legend "claim in process" in the database in the manner established in this policy. ▪ Insert the legend "information under judicial dispute" into the database once notified by the competent authority about judicial proceedings related to the quality of personal data. ▪ Refrain from circulating information that is being disputed by the data subject and whose blocking has been ordered by the Superintendency of Industry and Commerce. ▪ Allow access to the information only to persons authorized by the data subject or empowered by law to do so. ▪ Inform the Superintendency of Industry and Commerce when security code violations occur and risks exist in the management of data subjects' information. ▪ Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. c.) Duties when processing data through a Data Processor: ▪ Provide the Data Processor only with personal data whose processing has been previously authorized. For the purposes of national data transmission, a personal data transmission contract must be signed or contractual clauses must be agreed upon as established in Article 25 of Decree 1377 of 2013. ▪ Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable. ▪ Promptly communicate to the Data Processor any developments regarding the data previously provided and adopt other necessary measures to ensure that the information provided to the Data Processor remains up-to-date. ▪ Promptly inform the Data Processor of any corrections made to personal data so that the Data Processor can make the relevant adjustments. ▪ Require the Data Processor, at all times, to respect the security and privacy conditions of the owner's information. ▪ Inform the Data Processor when certain information is being disputed by the data subject, once the claim has been filed and the respective process has not been completed. d.) Duties regarding the Superintendency of Industry and Commerce: ▪ Inform it of any potential violations of security codes and the existence of risks in the management of the data subjects' information. ▪ Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
5. REQUEST FOR AUTHORIZATION FROM THE PERSONAL DATA HOLDER: In advance and/or at the time of collecting personal data, THE COMPANY will request the data subject's authorization to collect and process the data, indicating the purpose for which the data is requested, using automated technical means, written or oral, for these purposes, which allow for the preservation of proof of the authorization and/or the unequivocal conduct described in article 7 of Decree 1377 of 2013. Said authorization will be requested for as long as is reasonable and necessary to satisfy the needs that gave rise to the data request and, in any case, in compliance with the legal provisions governing the matter.
6. PRIVACY NOTICE: In the event that THE COMPANY cannot make this information processing policy available to the owner of the personal data, it will publish the privacy notice attached to this document, the text of which will be kept for later consultation by the owner of the data and/or the Superintendency of Industry and Commerce.
7. TEMPORARY LIMITATIONS ON THE PROCESSING OF PERSONAL DATA: THE COMPANY. It may only collect, store, use, or circulate personal data for as long as is reasonable and necessary, in accordance with the purposes justifying the processing, in compliance with the provisions applicable to the subject matter in question and the administrative, accounting, tax, legal, and historical aspects of the information. Once the purpose(s) of the processing have been fulfilled, and without prejudice to any legal provisions that provide otherwise, it will delete the personal data in its possession. Notwithstanding the foregoing, personal data must be retained when required to comply with a legal or contractual obligation.
AREA RESPONSIBLE AND PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF THE OWNERS OF PERSONAL DATA: THE COMPANY. It will be responsible for addressing requests, complaints and claims made by the data owner in exercise of the rights contemplated in section 5 of this policy, with the exception of the one described in its literal e). For such purposes, the owner of the personal data or whoever exercises his representation may send his request, complaint or claim from Monday to Friday from 8:00 a.m. to 5:00 p.m. to THE COMPANY's email. The request, complaint or claim must contain the identification of the Owner, the description of the facts that give rise to the claim, the address, and be accompanied by the documents that they wish to attach. If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the deficiencies. After two (2) months from the date of the request, if the applicant does not present the required information, it will be understood that he has withdrawn the claim. In the event that the person receiving the claim is not competent to resolve it, they will forward it to the appropriate person within a maximum period of two (2) business days and inform the interested party of the situation. Once the complete claim has been received, a legend stating "claim in process" and the reason for it will be included in the database, within a period of no more than two (2) business days. This legend must be maintained until the claim is decided. The maximum term for addressing the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to address the claim within this period, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
8. DATA COLLECTED BEFORE THE ISSUANCE OF DECREE 1377 OF 2013: In accordance with the provisions of Section 3 of Article 10 of Regulatory Decree 1377 of 2013, THE COMPANY will publish a notice at its headquarters addressed to the owners of personal data to inform them of this information processing policy and how to exercise their rights as owners of personal data stored in THE COMPANY's databases.
9. SAFETY MEASURES: In accordance with the security principle established in Law 1581 of 2012, THE COMPANY will adopt the necessary technical, human, and administrative measures to ensure the security of records, preventing their alteration, loss, unauthorized or fraudulent access, use, or consultation. The personnel processing personal data will follow established protocols to guarantee the security of the information.
10. EFFECTIVE DATE: This Personal Data Policy was created on August 20, 2021, and is effective as of August 23, 2021. Any changes to this policy will be reported by posting them at the company's facilities.
Accommodation : +(57) 313 860 1184 / +(57) 311 548 1772
The Marina: +(57) 301 5633546 / +(57) 321 5633546
www.marinapuertovelero.co - Marina Puerto Velero @ All Right Reserved 2025 - Designed by 360Webmasters.com