Reservar

Ofertas

Tour360

Ver Reserva

DATA PROTECTION POLICIES FOR TREATMENT OF PERSONAL INFORMATION OF GUESTS, CLIENTS AND USERS. CHAPTER 1. GENERAL INFORMATION At HOTELES 23 SAS We are committed to the preservation, protection, integrity and confidentiality of the personal data of our guests, clients, users and suppliers. For this, we design a policy for the storage and treatment of the information that said interest groups provide through the different channels of commercialization of services and products (Website, Hotel Registration Card, PBX and different technological applications available for the service of the HOTELES 23 SAS guests, visitors and suppliers All of the above in accordance with the framework of law 1581 of 2012 and regulatory decree 1377 of 2013. The considerations established here by the Information Holder will be understood to be accepted, when he subscribes the Hotel Registration Card with respect to the information contained therein, when he visits or makes use of the website www.23hotel.co or any technological application available for guests , visitors or suppliers and / or when you enter data or personal information through the functions established for it, regardless of the purpose. GENERAL PRINCIPLES The obtaining and collection of personal data, as well as the use, treatment, processing, exchange, transfer and transmission of these, will always be guided by principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access and restricted circulation. LEGAL DEFINITIONS In accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions will govern the policies for the treatment of personal information. Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data. Database: Organized set of personal data that is subject to Treatment; Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons; Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of personal data on behalf of the Responsible for Treatment; Natural or legal person, public or private, that by itself or in association with others, decide on the database and / or the treatment of the data. Sensitive data: Those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, rights human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data. Public data: It is the data that is not semi-private, private or sensitive. Public data, among others, are data relating to the marital status of individuals, their profession or trade and their status as a merchant or public servant. By its nature, public data may be contained, among others, in public registers, public documents, gazettes and official gazettes and duly executed judicial decisions that are not subject to reserve. Owner: Natural or legal person to whom the information that rests in a data bank refers and whose personal data is subject to Treatment. Transfer: The transfer of data takes place when the Responsible and / or Person in Charge of the Treatment of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is inside or outside from the country. Transmission: Treatment of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible. Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion. CHAPTER 2. AUTHORIZATION OF THE HOLDER The data provided will be subject to authorized treatment, previously granted, expressly and informed by the Holder thereof. The collection, storage, use, circulation or deletion of data from HOTELES 23 SAS requires the free, prior, express and informed consent of the owner thereof. With the aforementioned authorization, the client accepts the policies and conditions established in this document. By providing your data when entering the hotel to fill out the Hotel Registration Card, or when completing a reservation through the hotel's website, the Holder is authorizing the treatment in the terms and conditions established in this policy. Data collection will be limited to those personal data that are relevant and adequate for the intended purpose. CHAPTER 3. INFORMATION PROCESSING Data collected The collection of data for the development of the Treatment and the purposes pursued by it, will fall on the personal data received and stored on the occasion of the completion of the Hotel Registration Card, of the information that we provide our guests, customers, Visitors and will understand all the information that is supplied or provided when visiting the website www.23hotel.co, as well as all that related to the services or reservations made, and the accommodation and lodging data provided physically or virtually. Without prejudice to the fact that in some cases it is public data, the information collected and object of treatment will be the one corresponding to the name, identification document number, be it citizenship card, passport or any other valid, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, consumption habits or travel habits. If a reservation is made through the website www.23hotel.co, The information corresponding to the credit card that is provided for the purposes of the reservation and stay will be collected. TREATMENT TO WHICH THE DATA WILL BE SUBMITTED AND THE PURPOSE OF THE SAME The data and information obtained will be used in the normal course of their commercial activities only for the purpose established in these information treatment policies, so that it is possible to create a direct and effective communication with the guest, client or user, which leads to establishing a closer link and consolidating a commercial relationship. The treatment consists of sending digital information through different communication channels, with the intention of contacting the owner to send service surveys after each stay that allow the qualification of the service provided, and communicate the invitations, offers, promotions, portfolio of services or information from Hoteles 23 SAS, without at any time your data being facilitated, transferred or given to people other than or outside those responsible or in charge of processing the information. Additionally, by means of data collection it is sought: to make, process, process and / or complete reservations or purchase of hotel nights or other services; conduct internal studies on tourism habits; evaluate the quality of our services; send surveys and questionnaires regarding the services provided; respond to requests, requests or needs in a timely manner; communicate invitations, offers, promotions, and information in general, on the portfolio of services offered by natural or legal persons that are directly linked to the hotel operation and specifically with the services provided. The authorization for the use of the information or data supplied that is collected, collected or stored in accordance with these policies expressly includes the authorization for the data and information to be shared, processed, transmitted, transferred, updated and / or deleted with the purpose defined in these policies, to be used in the established manner. By entering the website www.23hotel.co you authorize your information and data to be shared with the tourism providers to which they refer and with whom your reservations and / or requests are processed. It is assumed that all the information or data that are supplied or deposited on the Hotel Registration Card or through the www.23hotel.co page is true, precise and complete, and may be updated, ratified or withdrawn at any time during the event. in which it is considered harmful or detrimental to the interests of the Holder or the interests of a third party. The data and in general the information that is received when you enter the www.23hotel.co website can be from both the Owner and the computer from which you are entering. In order to optimize and make your experience more efficient by visiting the www.23hotel.co page, cookies and / or web beacons may be used, as well as the information on the internet pages visited, your IP address, and the operating system of the computer from which you are logging in, through a process of recognition and tracking that allows to identify the preferences of the Holder and identify him when he visits the page again and store certain records, based on the IP address. The IP address is not associated or linked to the name of the Owner or their personal data. Sensitive data and data corresponding to children and adolescents In no event and under no circumstances will data considered as sensitive be treated, nor is the data collection aimed at collecting sensitive information. The collection of data corresponding to underage children and adolescents, and the respective authorization, must always be given through their legal representative, after the minor's exercise of their right to be heard. The processing of data corresponding to children and adolescents must respond to and respect the best interests of children and adolescents, and their fundamental rights. In the event that for any reason any question may lead to the answer being about sensitive data or data of girls, boys and adolescents, the answer to such question will be optional. DUTIES OF THE RESPONSIBLE FOR THE TREATMENT OF THE INFORMATION The Responsible for the processing of personal data, undertakes to: a) Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data; b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Holder; c) Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted; d) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access; e) Guarantee that the information provided to the Treatment Manager is truthful, complete, exact, updated, verifiable and understandable; f) Update the information, communicating in a timely manner to the Person in Charge of Treatment, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept updated; g) Rectify the information when it is incorrect and communicate the pertinent to the Person in Charge of Treatment; h) Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this law; i) Require the Treatment Manager, at all times, to respect the security and privacy conditions of the Owner's information; j) To process the queries and claims made in the terms indicated in the law; k) Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and especially, for the attention of queries and complaints; l) Inform the Treatment Manager when certain information is under discussion by the Holder, once the claim has been submitted and the respective procedure has not been completed; m) Inform at the request of the Owner about the use given to their data; n) Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders. o) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. DUTIES OF THOSE IN CHARGE OF INFORMATION PROCESSING Those in charge of processing personal data are obliged to: a) Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data; b) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access; c) Timely update, rectify or delete the data under the terms of this law; d) Update the information reported by the Data Controllers within five (5) business days from receipt; e) Process the queries and claims made by the Holders in the terms indicated in this law; f) Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, for the attention of queries and claims by the Holders; g) Register in the database the legend "claim in process" in the manner in which it is regulated in this law; h) Insert in the database the legend "information in judicial discussion" once notified by the competent authority about judicial processes related to the quality of personal data; i) Refrain from circulating information that is being controversial by the Holder and whose blocking has been ordered by the Superintendency of Industry and Commerce; j) Allow access to information only to people who can have access to it; k) Inform the Superintendency of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Holders; l) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. CHAPTER 4. RIGHTS AND POWERS OF THE HOLDER 4.1.- Rights of the holder. Once authorization has been granted by the Holder for the corresponding treatment, he has the right to: a) Know, update and rectify his personal data. This right may be exercised against partial data, inaccurate, incomplete, fractioned, misleading, or those whose Treatment is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012; c) Be informed by the person in charge and / or person in charge of personal data, upon request, of the use that has been given to their personal data; d) Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of the law; e) Revoke the authorization and / or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and / or deletion will proceed when the Superintendency of Industry and Commerce has determined that the Treatment has incurred in conduct contrary to this law and the Constitution; f) Request, at any time to the person in charge or in charge, the deletion of their personal data and / or revoke the authorization granted for the Treatment thereof, by submitting a claim, they will not proceed when the Holder has a legal or contractual duty to remain in the database. g) Free access to your personal data that have been subject to Treatment. 4.2.- Legitimation for the exercise of the rights of the holder. The following persons are also entitled to exercise the rights of the owner of the information: a). The owner himself, that you must sufficiently prove your identity by the means made available to you by the person in charge; b). His successors in title, who must prove such quality; c). The representative and / or attorney-in-fact of the Holder, prior accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another; and). The rights of children or adolescents shall be exercised by the persons who are empowered to represent them, after accreditation of the power of representation. 4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the email who must prove such quality; c). The representative and / or attorney-in-fact of the Holder, prior accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another; and). The rights of children or adolescents shall be exercised by the persons who are empowered to represent them, after accreditation of the power of representation. 4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the email who must prove such quality; c). The representative and / or attorney-in-fact of the Holder, prior accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another; and). The rights of children or adolescents shall be exercised by the persons who are empowered to represent them, after accreditation of the power of representation. 4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the email By stipulation in favor of another or for another; and). The rights of children or adolescents shall be exercised by the persons who are empowered to represent them, after accreditation of the power of representation. 4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the email By stipulation in favor of another or for another; and). The rights of children or adolescents shall be exercised by the persons who are empowered to represent them, after accreditation of the power of representation. 4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the email rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the email rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the This email address is being protected from spambots. You need JavaScript enabled to view it. or to the address Carrera 34 # 5G-62, Medellín, Colombia, depending on the object they pursue, establishing, as a minimum, the legitimacy to make the request and stating clearly and specifically what is intended . All requests, suggestions and recommendations related to the treatment of information should be sent to the email This email address is being protected from spambots. You need JavaScript enabled to view it., and a response will be given no later than ten (10) business days following receipt. The owner of the information or the legitimated person, must accompany his writing the proof of the quality in which he acts, and must supply the data and documents that are necessary to account for his identity and his quality. In the email, the reason or object of the communication must be specified, and for this it will be enough that the text indicates that the right to know, update, rectify, delete or revoke the authorization granted is being exercised. 4.4.- Procedure for the correction, updating or deletion of data and for the presentation of complaints and claims. Whoever is legitimized by law, and considers that the information contained must be subject to correction, updating or deletion;This email address is being protected from spambots. You need JavaScript enabled to view it.. Complaints and claims will be processed under the following rules: 4.4.1.- The claim will be formulated by means of a request addressed to the Person in Charge of Treatment or the Person in Charge of Treatment, with the identification of the Holder, the description of the facts that give rise to the claim and the address, accompanying the documents that you want to enforce. If the claim is incomplete, the interested party will be required within five (5) business days after receiving the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. In the event that the person who receives the claim is not competent to resolve it, It will be transferred to the corresponding person within a maximum term of two (2) business days and the interested party will be informed of the situation. 4.4.2.- Once the complete claim has been received, a legend that says "claim in process" and the reason for it will be included in the database, within a term no longer than two (2) business days. Said legend must be kept until the claim is decided. 4.4.3.- The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished. 4.5. - Consultation and access to information. Inquiries of personal data will be answered by written request via This email address is being protected from spambots. You need JavaScript enabled to view it.. Queries will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the consultation within said term, the interested party will be informed before the expiration of ten (10) business days, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term. CHAPTER 5. SECURITY 5.1.- Security in the handling of information. The data collected will always be treated within a framework of confidentiality so they will not be provided, transferred or delivered to people other than or outside those responsible or in charge of the treatment. 5.2.- Transfer and transmission of data. In the event that a contract is signed with a third party professional and with experience in the management and use of databases, the person in charge will sign the contract for the transmission of personal data referred to in article 25 of decree 1377 of 2013. CHAPTER SIX DISSEMINATION AND VALIDITY 6.1.- Means of dissemination of the information treatment policies and the privacy notice. This document, which establishes the policies for the treatment of information on personal data collected, will be published permanently at the link www.23hotel.co so that it can be consulted by whoever is interested. At the time of requesting the express authorization of the Holder for data processing, You will be indicated the specific purposes for which consent is obtained and you will be informed of the Treatment Policy and the rights that assist you as the Owner. 6.2.- Entry into force of the information treatment policies. The collection, storage, use and circulation of personal data, in development of the considerations established here, will be carried out and maintained as long as the needs and purposes established and proposed by the Treatment remain in force. In the event that the purpose cannot be achieved through the Treatment given to personal data, they will be permanently deleted from the database. This document enters into force on April 1, 2020. 6.3.- Procedure for policy modification events. In the event that modifications are made to the personal data processing policies established here, they will be notified and communicated through this same website, prior to their entry into force. 6.4.- Incorporation of the conditions of use of the website www.23hotel.co. In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and conditions of use of the website www.23hotel.co 6.5. - Responsible and in charge of the information. HOTELES 23 SAS, commercial company identified with NIT. 901.376.261-8 is responsible for and in charge of the processing of personal data. Any communication may be directed to Carrera 34 # 5G-62, Medellín. Colombia, or email They will be notified and communicated through this same web page, prior to their entry into force. 6.4.- Incorporation of the conditions of use of the website www.23hotel.co. In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and conditions of use of the website www.23hotel.co 6.5. - Responsible and in charge of the information. HOTELES 23 SAS, commercial company identified with NIT. 901.376.261-8 is responsible for and in charge of the processing of personal data. Any communication may be directed to Carrera 34 # 5G-62, Medellín. Colombia, or email They will be notified and communicated through this same web page, prior to their entry into force. 6.4.- Incorporation of the conditions of use of the website www.23hotel.co. In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and conditions of use of the website www.23hotel.co 6.5. - Responsible and in charge of the information. HOTELES 23 SAS, commercial company identified with NIT. 901.376.261-8 is responsible for and in charge of the processing of personal data. Any communication may be directed to Carrera 34 # 5G-62, Medellín. Colombia, or email In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and conditions of use of the website www.23hotel.co 6.5. - Responsible and in charge of the information. HOTELES 23 SAS, commercial company identified with NIT. 901.376.261-8 is responsible for and in charge of the processing of personal data. Any communication may be directed to Carrera 34 # 5G-62, Medellín. Colombia, or email In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and conditions of use of the website www.23hotel.co 6.5. - Responsible and in charge of the information. HOTELES 23 SAS, commercial company identified with NIT. 901.376.261-8 is responsible for and in charge of the processing of personal data. Any communication may be directed to Carrera 34 # 5G-62, Medellín. Colombia, or email Any communication may be directed to Carrera 34 # 5G-62, Medellín. Colombia, or email Any communication may be directed to Carrera 34 # 5G-62, Medellín. Colombia, or This email address is being protected from spambots. You need JavaScript enabled to view it. FOR THE TREATMENT OF PERSONAL INFORMATION OF EMPLOYEES, OFFICIALS AND COLLABORATORS CHAPTER 1. GENERALITIES In the development of our labor and commercial relations, we have a special interest in protecting and respecting your information and personal data and because of this these treatment policies of the information, according to the framework of Law 1581 of 2012 and Regulatory Decree 1377 of 2013. 1.1.- Introduction. HOTELES 23 SAS will be responsible for the treatment of the information, they may collect personal data of their employees, officials and / or collaborators, regardless of the link and contractual nature. The collection will be done under the express authorization of the owner of the data and the treatment of these will be subject to the provisions of the law and this policy. Personal information will be collected directly from employees, officials and / or collaborators and will be related to the activity they carry out. 1.2- General principles. The collection and collection of personal data, as well as the use, treatment, processing, exchange, transfer and transmission of these, will always be guided by principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access and circulation. restricted. 1.3- Legal definitions. In accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions will govern the policies for the treatment of personal information. 1.3.1.- Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data. 1.3.2.- Database: Organized set of personal data that is subject to Treatment; 1.3.3.- Personal data: Any information linked to or that may be associated with one or more specific or determinable natural persons; 1.3.4.- Person in charge of the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of personal data on behalf of the Person Responsible for the Treatment; 1.3.5.- Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data; 1.3.6.- Sensitive data: Those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data . 1.3.7.- Public data: It is data that is not semi-private, private or sensitive. Public data, among others, are data relating to the marital status of individuals, their profession or trade and their status as a merchant or public servant. By its nature, public data may be contained, among others, in public registers, public documents, gazettes and official gazettes and duly executed judicial decisions that are not subject to reserve. 1.3.8.- Holder: Natural or legal person to whom the information that rests in a data bank refers and whose personal data is subject to Treatment. 1.3.9.- Transfer: The transfer of data takes place when the Responsible and / or Person in Charge of the Treatment of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and you are inside or outside the country. 1.3.10- Transmission: Processing of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible Party. 1.3.11.- Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or suppression. CHAPTER 2. AUTHORIZATION OF THE HOLDER The data provided will be subject to authorized treatment, previously granted, expressly and informed by the Holder thereof, in any case, the data collection will be limited to those personal data that are pertinent and adequate for the purpose pursued. CHAPTER 3. INFORMATION PROCESSING 3.1- Data collected. The collection of data for the development of the Treatment and the purposes pursued by it, will fall on the personal data received in the development or execution of the relationship between the parties. Without prejudice to the fact that in some cases it is public data, the information collected and object of treatment will be the one provided in the resume, name, number of citizenship card or passport, academic experience, professional experience, information related to the execution of the contractual relationship, that corresponding to the management of salary payments, remuneration fees, social security as the case may be, and that corresponding to basic health data such as RH or allergies in the cases in which such information is provided. 3.2- Treatment to which the data will be submitted and its purpose. The data and information obtained will be used only for the purpose established in these information treatment policies. The treatment that will be given to the data consists of the handling and disposition of the data to have the information that allows the activities, processes and procedures of human talent to be carried out; to establish payroll status; fees or any other remuneration, as the case may be; to manage the information corresponding to social security and family compensation funds; to meet the information requirements of government entities and comply with legal reporting obligations in fiscal, tax and any other nature; support internal or external audit processes; maintain efficient communication with employees, officials or collaborators; manage and report the changes that may occur in the development of the contractual relationship; conduct internal habit studies; allow employee access to computing resources. The authorization for the use of the information or data supplied that is collected, collected or stored in accordance with these policies expressly includes the authorization for data and information to be shared, processed, transmitted, transferred, updated and / or deleted for the purpose defined in these policies, to be used in the established manner. 3.3.- Sensitive data and data corresponding to children and adolescents. In no event and under no circumstances will data considered as sensitive or data corresponding to children or adolescents be processed. The collection of data from employees, officials or collaborators is not aimed at collecting information of a sensitive nature or information from children or adolescents. 3.4.- Duties of the person responsible for the treatment of the information. The person responsible for the processing of personal data, undertakes to: a) Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data; b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Holder; c) Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted; d) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access; e) Guarantee that the information provided to the Treatment Manager is truthful, complete, exact, updated, verifiable and understandable; f) Update the information, communicating in a timely manner to the Person in Charge of Treatment, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept updated; g) Rectify the information when it is incorrect and communicate the pertinent to the Person in Charge of Treatment; h) Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this law; i) Require the Treatment Manager, at all times, to respect the security and privacy conditions of the Owner's information; j) To process the queries and claims made in the terms indicated in the law; k) Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and especially, for the attention of inquiries and claims; l) Inform the Treatment Manager when certain information is under discussion by the Holder, once the claim has been submitted and the respective procedure has not been completed; m) Inform at the request of the Owner about the use given to their data; n) Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders. o) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. 3.5. - Duties of the person in charge of the treatment of the information. Those in charge of the treatment of personal data are obliged to: a) Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data; b) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access; c) Timely update, rectify or delete the data under the terms of this law; d) Update the information reported by the Data Controllers within five (5) business days from receipt; e) Process the queries and claims made by the Holders in the terms indicated in this law; f) Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, for the attention of queries and claims by the Holders; g) Register in the database the legend "claim in process" in the manner in which it is regulated in this law; h) Insert in the database the legend "information in judicial discussion" once notified by the competent authority about judicial processes related to the quality of personal data; i) Refrain from circulating information that is being controversial by the Holder and whose blocking has been ordered by the Superintendency of Industry and Commerce; j) Allow access to information only to people who can have access to it; k) Inform the Superintendency of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Holders; l) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce CHAPTER 4. RIGHTS AND POWERS OF THE HOLDER 4.1.- Rights of the holder. Once authorization has been granted by the Holder for the corresponding treatment, he has the right to: a) Know, update and rectify his personal data. This right may be exercised against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012; c) Be informed by the person in charge and / or person in charge of personal data, upon request, of the use that has been given to your personal data; d) Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of the law; e) Revoke the authorization and / or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and / or deletion will proceed when the Superintendency of Industry and Commerce has determined that the Treatment has incurred in conduct contrary to this law and the Constitution; f) Request, at any time to the person in charge or in charge, the deletion of their personal data and / or revoke the authorization granted for the Treatment thereof, by submitting a claim, they will not proceed when the Holder has a legal or contractual duty to remain in the database. g) Free access to your personal data that have been subject to Treatment: (i) at least once every calendar month, and (ii) each time there are substantial modifications to the Information Treatment Policies that motivate new inquiries . In the case of requests whose periodicity is greater than one for each calendar month, the person in charge and / or in charge, may charge the Holder the costs of shipping, reproduction and, where appropriate, document certification. 4.2.- Legitimation for the exercise of the rights of the holder. The following persons are also entitled to exercise the rights of the owner of the information: a). The owner himself, who must sufficiently prove his identity by the means made available to him by the person in charge; b). His successors in title, who must prove such quality; c). The representative and / or attorney-in-fact of the Holder, prior accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another. 4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for accessing, updating, deleting and rectifying personal data, and for revocation of authorization, may be carried out through inquiries or claims, addressed to the This email address is being protected from spambots. You need JavaScript enabled to view it. or to the address Carrera 34 # 5G-62, Medellín, Colombia. according to the object they pursue, establishing at least the legitimacy that is had to make the request and stating clearly and specifically, what is intended. All requests, suggestions and recommendations related to the treatment of information should be sent to the email This email address is being protected from spambots. You need JavaScript enabled to view it., and a response will be given no later than ten (10) business days following receipt. The owner of the information or the legitimated person, must accompany his writing the proof of the quality in which he acts, and must supply the data and documents that are necessary to account for his identity and his quality. In the email, the reason or object of the communication must be specified, and for this it will be enough that the text indicates that the right to know, update, rectify, delete or revoke the authorization granted is being exercised. 4.4.- Procedure for the correction, updating or deletion of data and for the presentation of complaints and claims. Whoever is legitimized by law, and considers that the information contained must be subject to correction, updating or deletion;This email address is being protected from spambots. You need JavaScript enabled to view it.. Complaints and claims will be processed under the following rules: 4.4.1.- The claim will be formulated by means of a request addressed to the Person in Charge of Treatment or the Person in Charge of Treatment, with the identification of the Holder, the description of the facts that give rise to the claim and the address, accompanying the documents that you want to enforce. If the claim is incomplete, the interested party will be required within five (5) business days after receiving the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. In the event that the person who receives the claim is not competent to resolve it, It will be transferred to the corresponding person within a maximum term of two (2) business days and the interested party will be informed of the situation. 4.4.2.- Once the complete claim has been received, a legend that says "claim in process" and the reason for it will be included in the database, within a term no longer than two (2) business days. Said legend must be kept until the claim is decided. 4.4.3.- The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished. 4.5. - Consultation and access to information. Queries of personal data contained in the database will be attended by written request via This email address is being protected from spambots. You need JavaScript enabled to view it. will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the consultation within said term, the interested party will be informed before the expiration of ten (10) business days, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term. CHAPTER 5. SECURITY 5.1.- Security in the handling of information. The data collected will always be treated within a framework of confidentiality so they will not be provided, transferred or delivered to people other than or outside those responsible or in charge of the treatment. 5.2.- Transfer and transmission of data. In the event that a contract is signed with a third party professional and with experience in the management and use of databases, the person in charge will sign the contract for the transmission of personal data referred to in article 25 of decree 1377 of 2013. CHAPTER 6. DISSEMINATION AND VALIDITY 6.1.- Means of dissemination of the information treatment policies and the privacy notice. This document, which establishes the policies for the treatment of information on personal data collected, will be permanently published on the website www.23hotel.co so that it can be consulted by anyone interested. At the time of requesting the express authorization of the Holder for data processing, You will be indicated the specific purposes for which consent is obtained and you will be informed of the Treatment Policy and the rights that assist you as the Owner. 6.2.- Entry into force of the information treatment policies. The collection, storage, use and circulation of personal data, in development of the considerations established here, will be carried out and maintained as long as the needs and purposes established and proposed by the Treatment remain in force. In the event that the purpose cannot be achieved through the Treatment given to personal data, they will be permanently deleted from the database. This document enters into force on April 1, 2020. 6.3.- Procedure for policy modification events. In the event that modifications are made to the personal data processing policies established here, they will be notified and communicated through this same website, prior to their entry into force. 6.4.- Incorporation of the conditions of use of the website www.23hotel.co In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and POLICIES OF TREATMENT OF THE SUPPLIERS PERSONAL INFORMATION CHAPTER 1. GENERAL In the development of our commercial relationships, we have a special interest in protecting and respecting your information and personal data and due to this, these information treatment policies have been designed, in accordance with the framework of Law 1581 of 2012 and regulatory decree 1377 2013. 1.1.- Introduction. HOTELES 23 SAS, may collect personal data from its suppliers, and in general whoever sells goods or services to them, in the development of the commercial relationship to facilitate its execution and ensure the greatest possible efficiency. The collection will be done under the express authorization of the owner of the data and the treatment of these will be subject to the provisions of the law and this policy. Personal information may be collected directly from suppliers or from the information contained in the certificate of existence and legal representation issued by the Chamber of Commerce, in the RUT, in contracts, quotes, proposals, invoices, purchase orders and in general in any document that corresponds to the commercial relationship. It will be understood that the Information Holder has accepted the terms and conditions of these policies when issuing the proposal or quote and / or when signing the corresponding contract or equivalent document. 1.2- General principles. The collection and collection of personal data, as well as the use, treatment, processing, exchange, transfer and transmission of these, will always be guided by principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access and circulation. restricted. 1.3- Legal definitions. In accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions will govern the policies for the treatment of personal information. 1.3.1.- Authorization: Prior consent, Express and informed of the Holder to carry out the Processing of personal data. 1.3.2.- Database: Organized set of personal data that is object of Treatment; 1.3.3.- Personal data: Any information linked to or that may be associated with one or more specific or determinable natural persons; 1.3.4.- Person in charge of the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of personal data on behalf of the Responsible for the Treatment; 1.3.5.- Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data; 1.3.6.- Sensitive data: Those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of political parties opposition, as well as data related to health, sexual life, and biometric data. 1.3.7.- Public data: It is data that is not semi-private, private or sensitive. Public data, among others, are data relating to the marital status of individuals, their profession or trade and their status as a merchant or public servant. By its nature, public data may be contained, among others, in public records, public documents, gazettes and official gazettes and duly executed judicial decisions that are not subject to reservation. 1.3.8.- Owner: Natural or legal person to whom refers the information that rests in a data bank and whose personal data are object of Treatment. 1.3.9.- Transfer: The transfer of data takes place when the Responsible and / or Person in Charge of Treatment of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is Responsible for the Treatment and is inside or outside the country. 1.3.10- Transmission: Processing of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible Party. 1.3.11.- Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion. CHAPTER 2. AUTHORIZATION OF THE HOLDER The data provided will be subject to authorized treatment, previously granted, expressly and informed by the Holder thereof. By providing your data for the conclusion of the legal business corresponding to the purchase of goods or services, you are authorizing the treatment under the terms and conditions established in this policy. In any case, data collection will be limited to those personal data that are pertinent and adequate for the intended purpose. CHAPTER 3. INFORMATION PROCESSING 3.1- Data collected. The collection of data for the development of the Treatment and purposes pursued by it, will fall on the personal data received in the development or execution of the commercial relationship between the parties and specifically those received regarding the purchase of goods or services. Without prejudice to the fact that in some cases it is public data, the information collected and object of treatment will be that corresponding to the name, identification number (NIT, citizenship card, passport) contact data such as telephone, physical address, email address electronic information, the information contained in the RUT, type of goods or services offered, category in which it is found, economic activity, commercial and personal references, bank references, bank account numbers for payments, and all the information that is necessary to comply with the obligations contractually assumed, with the legal obligations and with the correct execution and development of the commercial relationship between the parties. 3.2- Treatment to which the data will be submitted and its purpose. The data and information obtained will be used in the normal course of their commercial activities only for the purpose established in these information treatment policies, so that the commercial relationship and as such the acquisition of food and goods and the provision of the services that are contracted are executed and developed properly. The treatment that will be given to the data consists of the handling and disposition of the data to have the information that allows to advance the administrative and accounting management of the suppliers; control over the status of payments, balances, discounts; management of the inventory of acquired goods; the attention and fulfillment of the fiscal, tributary, legal requirements and of any other nature with entities of the national, district or municipal government; the categorization and classification of the supplier according to the goods or services offered, price, quality; support internal or external audit processes. The authorization for the use of the information or data supplied that is collected, collected or stored in accordance with these policies expressly includes the authorization for the data and information to be shared, processed, transmitted, transferred, updated and / or deleted with the purpose defined in these policies, to be used in the established manner. 3.3. - Sensitive data and data corresponding to children and adolescents. In no event and under no circumstances will data considered as sensitive or data corresponding to children or adolescents be processed. The collection of data from providers is not aimed at collecting sensitive information or information from children or adolescents. 3.4.- Duties of the person responsible for the treatment of the information. The person in charge of the processing of personal data, undertakes to: a) Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data; b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Holder; c) Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted; d) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access; e) Guarantee that the information provided to the Treatment Manager is truthful, complete, exact, updated, verifiable and understandable; f) Update the information, communicating in a timely manner to the Person in Charge of Treatment, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept updated; g) Rectify the information when it is incorrect and communicate the pertinent to the Person in Charge of Treatment; h) Provide the Treatment Manager, as the case may be, only data whose treatment is previously authorized in accordance with the provisions of this law; i) Require the Treatment Manager, at all times, to respect the security and privacy conditions of the Owner's information; j) To process the queries and claims made in the terms indicated in the law; k) Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and especially, for the attention of queries and complaints; l) Inform the Treatment Manager when certain information is under discussion by the Holder, once the claim has been submitted and the respective procedure has not been completed; ml) Inform at the request of the Owner about the use given to their data; nm) Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders. on) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. 3.5. - Duties of the person in charge of the treatment of the information. Those in charge of the treatment of personal data are obliged to: a) Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data; b) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access; c) Timely update, rectify or delete the data under the terms of this law; d) Update the information reported by the Data Controllers within five (5) business days from receipt; e) Process the queries and claims made by the Holders in the terms indicated in this law; f) Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, for the attention of inquiries and claims by the Holders; g) Register in the database the legend "claim in process" in the manner in which it is regulated in this law; h) Insert in the database the legend "information in judicial discussion" once notified by the competent authority about judicial processes related to the quality of personal data; i) Refrain from circulating information that is being controversial by the Holder and whose blocking has been ordered by the Superintendency of Industry and Commerce; j) Allow access to information only to people who can have access to it; k) Inform the Superintendency of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Holders; l) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. CHAPTER 4. RIGHTS AND POWERS OF THE HOLDER 4.1.- Rights of the holder. Once authorization has been granted by the Holder for the corresponding treatment, he has the right to: a) Know, update and rectify his personal data. This right may be exercised against partial data, inaccurate, incomplete, fractioned, misleading, or those whose Treatment is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012; c) Be informed by the person in charge and / or person in charge of personal data, upon request, of the use that has been given to their personal data; d) Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of the law; e) Revoke the authorization and / or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and / or deletion will proceed when the Superintendency of Industry and Commerce has determined that the Treatment has incurred in conduct contrary to this law and the Constitution; f) Request, at any time to the person in charge or in charge, the deletion of their personal data and / or revoke the authorization granted for the Treatment thereof, by submitting a claim, they will not proceed when the Holder has a legal or contractual duty to remain in the database. g) Free access to your personal data that have been subject to Treatment: (i) at least once every calendar month, and (ii) each time there are substantial modifications to the Information Treatment Policies that motivate new inquiries . In the case of requests whose periodicity is greater than one for each calendar month, The person in charge and / or in charge, may charge the Holder the costs of shipping, reproduction and, where appropriate, document certification. 4.2.- Legitimation for the exercise of the rights of the holder. The following persons are also entitled to exercise the rights of the owner of the information: a). The owner himself, who must sufficiently prove his identity by the means made available to him by the person in charge; b). His successors in title, who must prove such quality; c). The representative and / or attorney-in-fact of the Holder, prior accreditation of the representation or power of attorney; d). By stipulation in favor of another or for another. 4.3.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization. The procedures for access, updating,This email address is being protected from spambots. You need JavaScript enabled to view it. or to the address Carrera 34 # 5G-62, Medellín, Colombia, depending on the object they pursue, establishing, as a minimum, the legitimacy to make the request and stating clearly and specifically what is intended . All requests, suggestions and recommendations related to the treatment of information should be sent to the email This email address is being protected from spambots. You need JavaScript enabled to view it. a response will be given no later than ten (10) business days following receipt. The owner of the information or the legitimated person, must accompany his writing the proof of the quality in which he acts, and must supply the data and documents that are necessary to account for his identity and his quality. In the email, the reason or object of the communication must be specified, and for this it will be enough that the text indicates that the right to know, update, rectify, delete or revoke the authorization granted is being exercised. 4.4.- Procedure for the correction, updating or deletion of data and for the presentation of complaints and claims. Whoever is legitimized by law, and considers that the information contained must be subject to correction, updating or deletion;This email address is being protected from spambots. You need JavaScript enabled to view it.. Complaints and claims will be processed under the following rules: 4.4.1.- The claim will be formulated by means of a request addressed to the Person in Charge of Treatment or the Person in Charge of Treatment, with the identification of the Holder, the description of the facts that give rise to the claim and the address, accompanying the documents that you want to enforce. If the claim is incomplete, the interested party will be required within five (5) business days after receiving the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. In the event that the person who receives the claim is not competent to resolve it, It will be transferred to the corresponding person within a maximum term of two (2) business days and the interested party will be informed of the situation. 4.4.2.- Once the complete claim has been received, a legend that says "claim in process" and the reason for it will be included in the database, within a term no longer than two (2) business days. Said legend must be kept until the claim is decided. 4.4.3.- The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished. 4.5. - Consultation