top of page

DATA PROCESSING POLICY

Privacy Policy and Protection of Personal Data of users of the HOTELSTEVEN website

Under the regulatory framework of the Constitution and Law 1581 of 2012, HOTEL STEVEN makes its Privacy Policy and Personal Data Protection Policy available to users and information holders, under the following terms:

 

 

Data Processing Policy / Click to download

Last updated date: [Include last updated date]

  • Facebook
  • Black Instagram Icon
  • WhatsApp

  • HOTEL STEVEN, hereinafter referred to as "the Data Controller," recognizes the importance of protecting the privacy and rights of Personal Data Holders, in compliance with Law 1581 of 2012, Decree 1377 of 2013 and other applicable regulations. This Policy establishes the guidelines and principles under which the Processing of Personal Data will be carried out.

  • This policy applies to all Personal Data that is subject to Processing by HOTEL STEVEN, whether of clients, employees, suppliers, or any natural person whose data is collected and processed in the development of the hotel's activities.

  • This Policy is mandatory and strict compliance by the following people:

     

    • Legal representatives of HOTEL STEVEN.

    • STEVEN HOTEL workers.

    • Contractors and third parties who act on behalf of HOTEL STEVEN or who provide their services to it, under any type of contractual modality, under which there is Processing of Personal Data.

    • Shareholders and tax auditors.

    • Other people established by law

     

    Failure to comply with this Policy will give rise to labor, criminal or civil sanctions, depending on the case.

  • In accordance with current legislation on the matter, the following definitions are adopted:

     

    • Owner: natural person whose Personal Data is the subject of Processing.

    • Authorization: Prior, express and informed consent of the Owner to carry out the Processing of Personal Data.

    • Database: Organized set of Personal Data that is subject to Treatment.

    • Personal data: Any information linked or that can be associated with one or several specific or determinable natural persons.

    • Public data: It is data that is not semi-private, private or sensitive. Among others, data relating to the marital status of people, their profession or trade and their status as a merchant or public servant are considered public data. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality.

    • Sensitive Data:  Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, of human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data.

    • Semi-private data: It is data that is neither intimate, reserved, nor public and whose knowledge or disclosure may be of interest not only to its Owner but to a certain sector or group of people or society in general, such as: Databases that contain Information financial, credit, commercial, services and that from third countries.

    • Private data: It is personal data that, due to its intimate or reserved nature, is only of interest to its owner and for its processing requires your prior, informed and express authorization. Databases containing data such as personal telephone numbers and emails; employment data, on administrative or criminal infractions, administered by tax administrations, financial entities and managing entities and common Social Security services, databases on asset or credit solvency, databases with sufficient information to evaluate the personality of the owner, databases of those responsible for operators that provide electronic communication services.

    • Data Processor: Natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller.

    • Responsible for the Treatment: Natural or legal person, public or private, who alone or in association with others, decides on the Database and/or the Processing of Personal Data.

    • Responsible for managing databases: Collaborator in charge of controlling and coordinating the proper application of data processing policies once stored in a specific database; as well as to put into practice the guidelines issued by the Data Controller and the Data Protection Officer.

    • Data Protection Officer: This is the natural person who assumes the function of coordinating the implementation of the legal framework for the protection of personal data, who will process the requests of the Owners, for the exercise of the rights referred to in Law 1581. of 2012.

    • Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.

    • Transfer: The transfer of Personal Data takes place when the Controller and/or Person in Charge of the Processing of Personal Data, located in Colombia, sends the information or Personal Data to a recipient, who in turn is Responsible for the Treatment and is located within or outside the country.

    • Transmission:  Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Controller.

    • Privacy Notice: Verbal or written communication generated by the Data Controller, addressed to the Owner for the Processing of their Personal Data, through which they are informed about the existence of the information processing policies that will be applicable to them, the form to access them and the purposes of the Treatment that is intended to be given to the Personal Data.

  • In accordance with current legislation on the matter, the following principles are adopted:

     

    • Principle of Legality regarding the Processing of Personal Data: The Processing of Personal Data in Colombia is a regulated activity and therefore the business processes and recipients of the regulation must be subject to its provisions.

    • Principle of Freedom: Treatment can only be carried out with the prior, express and informed consent of the Owner. Personal Data may not be obtained, processed or disclosed without prior Authorization, or in the absence of a legal or judicial mandate that requires consent.

    • Principle of Purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner in a concrete, precise and prior manner so that he or she expresses his or her informed consent.

    • Principle of Truthfulness or Quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of Personal Data that is partial, incomplete, divided or misleading is prohibited.

    • Principle of Transparency: In the Treatment, the right of the Owner to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.

    • Principle of Access and Restricted Circulation: Treatment is subject to the limits derived from the nature of the Personal Data, the provisions of the law and the Constitution. In this sense, the Treatment can only be carried out by people authorized by the Owner and/or by the people provided for by law.

    • Personal Data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide knowledge restricted only to the Owners or authorized third parties in accordance with the provisions herein.

    • Security Principle: The information subject to Treatment by the Data Controller or Data Processor referred to in the law must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss. , unauthorized or fraudulent consultation, use or access.

    • Principle of Confidentiality: All persons involved in the Processing of Personal Data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the Processing has ended, and may only supply or communicate Personal Data when this corresponds to the development of activities authorized by law and in the terms thereof.

  • In accordance with article 9 of the LEPD, the authorization of the Owner is required for the processing of personal data, except in the cases expressly indicated in the rules that regulate the protection of personal data. In advance and/or at the time of collecting the personal data, HOTEL STEVEN will request the Data Owner's authorization to carry out its collection and processing, indicating the purpose for which the data is requested, using automated technical means for these purposes. , written or oral, that allow preserving proof of the authorization and/or the unequivocal conduct described in article 2.2.2.25.2.2. section 2 of chapter 25 of Decree 1074 of 2015.

     

    The authorization of the Owner will not be necessary when it comes to:

     

    – Information required by a public or administrative entity in the exercise of its legal functions or by court order.

    – Data of public nature.

    – Medical or health emergency cases.

    – Processing of information authorized by law for historical, statistical or scientific purposes.

    – Data related to the Civil Registry of people.

  • Authorization for the use and/or processing of data will be managed by HOTEL STEVEN, through mechanisms that guarantee subsequent consultation and the expression of the Owner's will through the following means:

     

    - Written.

    - Oral form.

    – Through automated channels.

    – Through unequivocal conduct of the owner that allows it to be reasonably concluded that the authorization was granted.

     

    HOTEL STEVEN, in advance and/or at the time of collecting personal data, will clearly and expressly inform the Owner of the following:

     

    a) The Treatment to which your personal data will be subjected and the purpose thereof;

    b) The optional nature of the response to the questions asked, when they relate to sensitive data or the data of children and adolescents;

    c) The rights that assist you as Owner;

    d) The identification, physical or electronic address and telephone number of the STEVEN HOTEL.

  • The duties of the recipients of this Policy are those set out below, without prejudice to any additional duties imposed by Law 1581 of 2012 and Decree 1377 of 2013:

    8.1 WHEN THEY ARE RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA

    • Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data, that is, to know, update or rectify their Personal Data.

    • Request and keep, under the conditions provided in this Policy, a copy of the respective Authorization granted by the Owner.

    • Inform the Owner of the Personal Data in a clear, sufficient and prior manner about the purpose of the information provided.

    • Only collect Personal Data that is relevant and appropriate for the purpose for which it is collected.

    • Process queries and claims formulated in the terms indicated in this Policy.

    • Observe the principles established in this Policy.

    • Maintain the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

    • Update the information, communicating in a timely manner to the Data Processor, all the news regarding the Personal Data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated.

    • Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.

    • Provide the Data Processor, as the case may be, only Personal Data whose Processing is previously authorized.

    • Demand that the Data Processor at all times respect the security and privacy conditions of the Owner's information.

    • Process queries and claims formulated in the terms indicated in this Policy.

    • Adopt an internal manual of policies and procedures to guarantee the adequate Treatment of Personal Data in accordance with the provisions applicable to the matter in question, as well as the instructions issued in this regard by the Superintendence of Industry and Commerce.

    • Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed.

    • Inform, at the request of the Owner, about the use given to their Personal Data.

    • Inform the Personal Data Protection Authority when violations of security codes occur and there are risks in the administration of the Owners' information.

    • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

     

    8.2 WHEN THE RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA

    • Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.

    • Maintain the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

    • Timely update, rectify or delete Personal Data under the terms of this law.

    • Update the information reported by the Data Controllers within five (5) business days from receipt.

    • Process queries and claims made by the Owners.

    • Adopt an internal manual of policies and procedures to guarantee the adequate Treatment of Personal Data in accordance with the provisions applicable to the matter in question, as well as the instructions issued in this regard by the Superintendence of Industry and Commerce.

    • Register in the Database the legend "claim in process" in the manner in which it is regulated by law.

    • Insert in the Database the legend "information under judicial discussion" once notified by the competent authority about judicial processes related to the quality of the Personal Data.

    • Refrain from circulating information that is being controversial by the Owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.

    • Allow access to information only to people who can have access to it.

    • Inform the Superintendency of Industry and Commerce when violations of security codes occur and there are risks in the administration of the Owners' information.

    • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

    • Know, update and rectify your Personal Data in front of the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Processing is expressly prohibited or has not been authorized.

    • Request proof of the Authorization granted to the Data Controller except when it is expressly excepted as a requirement for the Treatment (cases in which Authorization is not necessary).

    • Be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been given to your Personal Data.

    • Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of this law and other regulations that modify, add or complement it.

    • Revoke the Authorization and/or request the deletion of Personal Data when the Processing does not respect constitutional and legal principles, rights and guarantees.

    • Free access to your Personal Data that has been processed.

  • HOTEL STEVEN, in accordance with article 7 of Law 1581 of 2012, carries out processing of personal data of children and adolescents within the framework of the criteria indicated in article 2.2.2.25.2.9 section 2 of chapter 25 of the Decree 1074 of 2015 (Article 12 of Decree 1377 of 2013), with observance of the following parameters and requirements:

     

    1. That the use of data responds to and respects the best interests of children and adolescents.

    2. That in the use of the data, respect for the minor's fundamental rights is ensured.

     

    Once the above requirements have been met, HOTEL STEVEN will request the legal representative of the child or adolescent for authorization prior to the minor's exercise of his or her right to be heard, an opinion that will be valued taking into account maturity, autonomy and ability to understand the matter. As Responsible and/or Manager, you will ensure the appropriate use of the data of children and adolescents, applying the principles and obligations established in Law 1581 of 2012 and regulatory standards. Likewise, it will identify the sensitive data collected or stored in order to increase the security and processing of the information.

  • The rights of the Owners may be exercised by the following people:

     

    • By the Owner, who must sufficiently prove his or her identity by the different means made available to him by the Data Controller.

    • By their successors, who must prove such quality.

    • By the representative and/or attorney-in-fact of the Owner, prior accreditation of the representation or power of attorney.

    • By stipulation in favor of another or for another.

    • The rights of children and adolescents will be exercised by the people empowered to represent them.

    • To the Owners, their successors or their legal representatives.

    • To public or administrative entities in the exercise of their legal functions or by court order;

    • To third parties authorized by the Owner or by law.

  • El HOTEL STEVEN en el desarrollo de su actividad empresarial, lleva a cabo el tratamiento de datos personales relativos a personas naturales que están contenidos y son tratados en bases de datos destinadas a finalidades legítimas, cumpliendo con la Constitución y la Ley. El tratamiento al cual serán sometidos los datos personales incluye recolección, almacenamiento, uso, circulación o supresión. El tratamiento de los datos estará sujeto a las finalidades autorizadas por el Titular, a las obligaciones contractuales entre las partes, así como, a los casos en los cuales existan obligaciones legales que deba cumplir.

     

    El HOTEL STEVEN realizará el Tratamiento de los Datos Personales para las siguientes finalidades:

     

    4.1. Procesamiento de reservas y estancias de los huéspedes en el hotel.

     

    4.2. Ejecución y desarrollo de contratos de hospedaje, banquetes, y otros servicios relacionados con la experiencia de viaje.

     

    4.3. Control y prevención de fraude, lavado de activos y financiación del terrorismo.

     

    4.4. Elaboración de estudios de mercado y estadísticas.

     

    4.5. Envío de información, ofertas y comunicaciones comerciales o de servicio.

     

    4.6. Realización de encuestas de satisfacción para mejorar la calidad de los servicios prestados.

     

    4.7. Operación del programa de fidelización (si aplica), con finalidades específicas detalladas en este documento.

     

    La transferencia de Datos Personales a terceros se realizará únicamente con el consentimiento expreso del Titular, salvo excepciones contempladas en la ley.

     

    A su vez en cumplimiento del Principio de Finalidad, el Tratamiento de Datos Personales por parte del HOTEL STEVEN, en calidad de Responsable o Encargado del mismo, se regirá por los siguientes parámetros:

     

    13.1 DATOS PERSONALES RELACIONADOS CON LA GESTIÓN DEL RECURSO HUMANO.

    • Antes de la relación contractual.

    HOTEL STEVEN. recolecta, almacena, consulta, usa y procesa la información y Datos Personales de los candidatos a empleados, informándoles de manera anticipada las reglas aplicables al Tratamiento de Datos Personales que suministren. En todo caso, la finalidad de la entrega de los Datos Personales se limita a su participación en el proceso de selección y posterior trazabilidad, por lo que su uso para fines diferentes está prohibido.

     

    La información suministrada por los candidatos a un cargo vacante en el HOTEL STEVEN, permanecerá almacenada hasta por el término de cinco (5) años contados a partir de la fecha del último Tratamiento, para atender las disposiciones aplicables en materia administrativa, contable, fiscal, jurídica e histórica de la información y cualquier otra obligación legal.

     

    Los Datos Personales e información obtenida del proceso de selección respecto de los trabajadores o contratistas seleccionados, serán almacenados por el HOTEL STEVEN. bajo estrictas medidas de seguridad.

     

    • Durante y posterior a la terminación de la relación contractual.

    HOTEL STEVEN recolecta, almacena, consulta, usa, comparte, intercambia, transmite, transfiere, circula y procesa la información personal que sus empleados le hayan suministrado con la finalidad de ejecutar y desarrollar el contrato de trabajo, así como dar aplicación a la legislación, jurisprudencia y reglamentos en materia laboral, seguridad social, riesgos laborales, otorgar beneficios al empleado y sus beneficiarios y toda otra finalidad que sea necesaria para la debida realización de la relación empleado – empleador.

     

    HOTEL STEVEN igualmente almacena, usa, comparte intercambia transmite, transfiere, circula y procesa la información y Datos Personales de los empleados retirados, pensionados, jubilados, terceros vinculados, grupo familiar, beneficiarios y demás personas que tengan o hayan tenido un contrato de trabajo con el HOTEL STEVEN

     

    HOTEL STEVEN. almacenará los Datos Personales de sus empleados en una carpeta identificada con el nombre de cada uno de ellos. El acceso a esta carpeta está limitado al Área de Gestión Humana y al Área Legal del HOTEL STEVEN, con la única finalidad de gestionar la relación contractual.

     

    La información permanecerá almacenada físicamente o en medios electrónicos, siguiendo lo establecido por el artículo 264 del Código Sustantivo del Trabajo, o almacenada por el término máximo necesario para dar cumplimiento a las obligaciones legales y/o contractuales a nuestro cargo especialmente en materia contable, contractual, fiscal y tributaria.

     

    13.2 DATOS PERSONALES DE PROVEEDORES

    HOTEL STEVEN recolecta, almacena, consulta, usa, comparte intercambia, transmite, transfiere, circula y procesa la información personal que sus proveedores le hayan suministrado como parte del proceso de adquisición de los bienes o servicios suministrados al HOTEL STEVEN, antes, durante y con posterioridad a la relación contractual.

     

    HOTEL STEVEN recolectará los Datos Personales de los empleados del proveedor, cuando quiera que estos sean necesarios por motivos de seguridad de acuerdo a la naturaleza del servicio contratado.

     

    13.3 DATOS PERSONALES DE LOS CLIENTES

    HOTEL STEVEN recolecta, compila, almacena, consulta, usa comparte, intercambia, transmite, transfiere y circula los Datos Personales de sus clientes antes, durante y con posterioridad a la relación contractual, pero no más allá del plazo razonable que exija la finalidad que fue informada al Titular, y aunque no se llegare a formalizar una relación contractual, para llevar a cabo las finalidades enumeradas a continuación:

     

    • Procesamiento y rectificación de información necesaria para procesar las reservas en el HOTEL STEVEN

    • Actualización o corrección de información durante la estadía en el HOTEL STEVEN.

    • Ofrecimiento, celebración y ejecución de contratos de hospedaje y cualquier otro servicio relacionado con la experiencia de viaje del huésped en el HOTEL STEVEN.

    • Ofrecimiento, celebración y ejecución de contratos de banquetes y alquiler de salones dentro de las instalaciones del HOTEL STEVEN.

    • Control y prevención del fraude, lavado de activos y financiación del terrorismo.

    • Elaboración de estudios de mercado y estadísticos.

    • Envío de información u ofrecimiento de los servicios asociados al objeto social del HOTEL STEVEN.

    • Envío de ofertas y/o comunicaciones comerciales o de servicio a la dirección física o de correo electrónico indicada en los formatos de registro de datos que ha llenado el huésped.

    • Contacto con el huésped telefónicamente, para notificación de ofertas y/o comunicaciones comerciales o de servicio

    • Envío de encuestas de satisfacción para conocer la calidad de los servicios prestados por el HOTEL STEVEN.

    • Para el caso de los datos recolectados en virtud del programa de fidelización LOBBY PMS, los Datos Personales de los socios serán tratados adicionalmente con las siguientes finalidades:

    • Operar el programa LOBBY PMS.

    • Identificar al socio y poder mantener comunicación con el mismo, incluyendo y sin limitarse al envío de información sobre transacciones de acumulación y/o redenciones realizadas en su cuenta y envío de otra correspondencia física o electrónica.

    • Acreditar los puntos del programa LOBBY PMS a la cuenta del socio.

    • Permitir que el socio redima sus puntos por noches en los hoteles participantes en el programa.

    • Lograr que el socio pueda recibir los beneficios redimidos con sus puntos.

    • Mantener el saldo de la cuenta de puntos actualizado y respaldado.

    • Envío de ofertas y/o comunicación al socio en base a sus gustos y preferencias o comportamiento anterior.

    • Subcontratar a terceros en calidad de Encargados de los Datos Personales para que procesen la información de los socios y/o para que realicen cualquier otra actividad requerida por LOBBY PMS y/o los aliados del HOTEL STEVEN en relación con el programa LOBBY PMS.

     

    El Titular de los Datos Personales y/o sensibles autoriza al HOTEL STEVEN. a transferir su información personal a sus matrices, subsidiarias y filiales, así como a cualquier otra compañía o aliados del HOTEL STEVEN.

     

    13.4 DATOS PERSONALES DE LA COMUNIDAD EN GENERAL

    La recolección de Datos Personales de personas naturales que el HOTEL STEVEN realice en desarrollo de su objeto social se sujetará a lo dispuesto en la presente Política.

  • Transfer of Personal Data to countries that do not provide adequate levels of Personal Data protection is prohibited. Safe countries are understood to be those that comply with the standards set by the Superintendency of Industry and Commerce. Notwithstanding the above, exceptionally the Transfer is permitted when:

     

    • The Owner of the Personal Data has authorized it expressly and unequivocally.

    • Bank or stock transfers, in accordance with the applicable legislation.

    • Transfers agreed within the framework of international treaties to which Colombia is a party, based on the principle of reciprocity.

    • Exchange of medical data, when the treatment of the Owner requires it for reasons of health or public hygiene.

    • Transfers necessary for the execution of a contract between the Owner and the Data Controller.

    • Transfers legally required to safeguard the public interest or for the recognition, exercise or defense of a right in a judicial process.

     

    It should be taken into account that, in cases not contemplated as an exception, it will be up to the Superintendency of Industry and Commerce to issue the declaration of conformity regarding the international transfer of personal data.

    International transmissions of personal data that are carried out between HOTEL STEVEN and a person in charge to allow the person in charge to carry out the processing on behalf of the person responsible, will not require being informed to the Owner or having his consent, as long as there is a data transmission contract. personal.

  • The biometric data stored in the databases are collected and processed for strictly security reasons, to verify personal identity and perform access control for employees, clients and visitors. Biometric identification mechanisms capture, process and store information related to, among others, people's physical features (fingerprints, voice recognition and facial aspects), in order to

    establish or “authenticate” the identity of each subject.

     

    The administration of biometric databases is carried out with technical security measures that guarantee due compliance with the principles and obligations derived from the Statutory Law on Data Protection, also ensuring the confidentiality and confidentiality of the information of the owners.

  • The term for registering the databases in the RNBD will be the one established legally. Likewise, in accordance with article 12 of Decree 886 of 2014, the Data Controllers must register their databases in the National Registry of Databases on the date on which the Superintendency of Industry and Commerce enables said

    registration, in accordance with the instructions given by that entity for this purpose. Databases created after that period must be registered within the following two (2) months, counted from their creation.

  • THE Managerial and/or Administrative area will ensure compliance with this Policy within the STEVEN HOTEL and will process the requests of the Owners,  who can be contacted by emailcustomerservice@hotelsteven.com for the exercise of the rights referred to in Law 1581 of 2012, Decree 1377 of 2013 and this Policy.

  • The permanence of the Personal Data in the information systems of HOTEL STEVEN will be determined by the purpose of the Treatment. The purpose exhausted, the STEVEN HOTEL. will proceed to its destruction or return, unless the law imposes an obligation to preserve it for a longer period, for this purpose the Document Retention Table of the area responsible for processing the data will be taken into account, in accordance with the document management policy xxxxx.

  • In the management of information, the guarantees and confidentiality imposed by the Political Constitution of Colombia, the regulations on the protection of personal data and other concordant and complementary regulations will be maintained.  For these purposes, HOTEL STEVEN has adopted the legally required levels of security for the protection of personal data, installing the necessary technical and organizational measures to prevent loss, misuse, adulteration, unauthorized or fraudulent consultation, use or access, and theft of the data provided.

     

    Compliance with the regulatory framework on Personal Data Protection, the security, reservation and/or confidentiality of the information stored in the databases is of vital importance for HOTEL STEVEN, therefore, we have established policies, guidelines and procedures and security standards. of the information, which may change at any time adjusting to new standards and needs of HOTEL STEVEN whose objective is to protect and preserve the integrity, confidentiality and availability of information and personal data.

     

    Likewise, we guarantee that in the collection, storage, use and/or treatment, destruction or elimination of the information provided, we rely on security technological tools and implement security practices that include: transmission and storage of sensitive information through secure mechanisms , use of secure protocols, assurance of technological components, restriction of access to information only to authorized personnel, information backup, secure software development practices, among others.

     

    If it is necessary to provide information to a third party due to the existence of a contractual link, we sign a transmission contract to guarantee the reservation and confidentiality of the information, as well as compliance with this Data Processing Policy, the policies and information security manuals and the protocols for attention to the owners established at the STEVEN HOTEL. In any case, we adopt commitments for the protection, care, security and preservation of the confidentiality, integrity and privacy of the stored data.

     

    HOTEL STEVEN is not responsible for any consequences derived from the improper entry of third parties to its web pages, or for any technical failure in its operation. Likewise, it does not assume responsibility for any inaccurate data or typographical errors that the contents uploaded to the network by the portal administrator may contain.

  • Documents that contain personal data must be easily recoverable, which is why the place where each of the physical and digital documents rests must be documented, inspections must be made to these storage routes frequently, their safety must be guaranteed. conservation, leaving it defined on what support and under what conditions this conservation will be carried out, taking into account environmental conditions, storage places, risks to which they are exposed, among others, the retention time of the documents is determined based on the requirements legal if applicable, otherwise each organization defines it according to its needs, and must also be clear about its final disposition, identifying whether it is recycled, reused, conserved, digitized, among others.

     

    Documents that have to do with the protection of personal data must be prepared by personnel or an entity competent to do so. Likewise, the organization must be the one who reviews and approves all documents and leaves it recorded in the document approval box.

     

    In order to be easily traceable, the documents must be coded, they will be updated and modified by the responsible personnel, this modification will be made whenever and when necessary, for the elimination of a document there must be the justification for it described in the history. which is found at the bottom of all documents.

     

    Both physical and digital documents that contain personal data must be protected by external or internal agents that may alter their content, following the guidelines described in the Internal Security Policies.

     

    The distribution of documents containing personal data will be carried out by the person responsible for the treatment, who will document the evidence of said distribution, where, among others, it is specified; the type of document and the identification of the person to whom the information was given.

     

    A person responsible for guaranteeing the confidentiality of the personal data of the owners must be designated. This person will be the one who guards documents, guarantees their physical and digital protection, avoids alterations of the information, and will also guarantee that the documents that leave their custody are identified. and easily traceable.

  • When a public or administrative entity in the exercise of its legal functions or by court order requests HOTEL STEVEN to access and/or deliver personal data contained in any of its databases, the legality of the request will be verified, relevance of the requested data in relation to the purpose expressed by the authority, and a record of the delivery of the requested personal information will be signed, specifying the obligation to guarantee the rights of the Owner, both to the official who makes the request and to the person who receives it. , as well as the requesting entity.

  • The User of the information provided may exercise at any time the rights granted by Article 8 of Law 1581 of 2012, among which is requesting information; know, update, rectify and request the deletion of your personal data; and request proof of the authorization granted and revoke it. Notwithstanding the above, personal data must be preserved when required to comply with a legal or contractual obligation, in accordance with Law 1581 of 2012, its regulatory decrees and other regulations that complement or modify it.

     

    The User who does not wish to be contacted after the delivery of their information or personal data must:

     

    1. State such decision when filling out the data collection forms.

    2. When you receive information via email, you can unsubscribe from the contact list by clicking on the secure subscription link, which will be clearly marked.

    3. Expressly request your decision not to receive more information by contacting the emailcustomerservice@hotelsteven.com with the subject "unsubscribe".

     

    The area in charge of channeling requests regarding data protection at HOTEL STEVEN is the Customer Service area, which will be responsible for providing personalized attention to all Users and Information Holders.

  • Name: HOTEL STEVEN

    Nit: 900.XXX.XXX -1,

    Address: Cr 4 #4-42 Brr. Buenaventura Valle del Cauca Center. Cabbage

    Email:customerservice@hotelsteven.com

Last updated date: [Include last updated date]

bottom of page