Personal Data Protection Policy
1. INTRODUCTION
ECOLUCERNA LODGE, is a company in the tourism sector dedicated to the sale of tourist services nationwide through service intermediation, which includes: sale of transportation tickets, private transfers, lodging and food services, tourist packages, full days, travel advice, tourism marketing advice, guiding service in different regions of Peru, sale of foreign currency and others related to the field. Having as its fiscal address and customer service office at 284 Garcilaso Street in the city of Cusco, in addition to generating sales through digital means. ECOLUCERNA LODGE. is obliged to comply with current Peruvian legislation on the protection of personal data, Law No. 29733 Protection of Personal Data and its complementary provisions.
So ECOLUCERNA LODGE. undertakes:
- The collection and use of personal information. • Ensure the quality and security of the information.
- Respect people’s rights regarding information about themselves.
ECOLUCERNA LODGE. is committed to the protection, management and adequate treatment of the personal data to which it has access in the regular operation of its businesses. This commitment includes the review and continuous improvement of the organization’s processes in order to guarantee adequate protection of said personal data and the guidelines established by ECOLUCERNA LODGE, for the collection and processing of personal data in order to ensure respect for rights. of its owners and compliance with the current regulatory framework. The Policy may be complemented with additional procedures, regulations and/or guidelines that develop what is established in this document as long as they are aligned with its guiding principles.
2.- OBJECTIVE
The objective of this document is to establish principles, uniform practices and responsibilities regarding the processing of personal data in which ECOLUCERNA LODGE is involved.
3.- SCOPE
This document is applicable to all ECOLUCERNA LODGE processes that will use personal data of clients intended to be contained in the different ECOLUCERNA LODGE databases and to their processing.
The Policy will be known and fully complied with by all ECOLUCERNA LODGE workers and suppliers. For the purposes of interpreting this Policy, the definitions contained in the Law and especially those included below are applicable.
4.- DEFINITIONS
Personal data: Any information that identifies a natural person or that can be identified through reasonably used means. For example, ID, physical address, full name. Sensitive data: Personal data consisting of biometric data that by themselves can identify the owner; data referring to racial and ethnic origin; economic income, political, religious, philosophical or moral opinions or convictions; union membership; and health-related information.
Processing of personal data: Any technical operation or procedure, automated or not, that allows the collection, registration, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, deletion, communication by transfer or dissemination or any another form of processing that facilitates access, correlation or interconnection of personal data. In summary, the processing of personal data regulates all possible forms of use and processing of personal data within the organization from its entry to its eventual elimination or conservation.
Consent: Prior, free, unequivocal and express authorization that the individual must grant to authorize the processing of their personal data.
- Previous: Must be obtained before collection.
- Free: It should not be forced or conditioned.
- unequivocal and express: There must be no doubt about its manifestation and it must be recorded in some tangible medium. Personal data bank: Organized set of personal data, automated or not, regardless of the support, whether physical, magnetic, digital, optical or others that are created, whatever the form or modality of its creation, formation, storage, organization and access.
Owner of the personal data bank: Natural person, legal entity under private law or public entity that determines the purpose and content of the personal data bank, its processing and security measures. Person in charge of the personal data bank: Any natural person, legal entity under private law or public entity that alone or acting jointly with another carries out the processing of personal data on behalf of the owner of the personal data bank. Anonymization procedure: Processing of personal data that prevents identification or does not make the owner of the personal data identifiable. The procedure is irreversible. Dissociation procedure: Processing of personal data that prevents identification or does not make the owner of the personal data identifiable. The procedure is reversible.
5.- RESPONSIBLE FOR COMPLIANCE
ECOLUCERNA LODGE will assign and communicate the corresponding responsibilities to all staff and suppliers, for compliance with this Policy.
The area responsible for annually reviewing this Policy and making the respective adjustments within ECOLUCERNA LODGE will be the General Management. Likewise, said Management will be responsible for answering any queries related to the application and scope of this Policy.
Without prejudice to this, all ECOLUCERNA LODGE employees as well as all suppliers and third parties with whom ECOLUCERNA LODGE is linked in the regular exercise of its business and have access to or process personal data are subject to compliance with the Policy. Finally, no employee of ECOLUCERNA LODGE shall perform on behalf of the Company. actions or incur omissions that constitute a breach of the Law.
6.- CONFIDENTIALITY
This Policy will be for internal and exclusive use of ECOLUCERNA LODGE and therefore, is confidential. Any use other than that indicated is prohibited and must be expressly authorized in writing by the General Management.
The personal data to which both ECOLUCERNA LODGE workers and related third parties have access or participate in its processing may not be processed or used in any way without the prior consent of the owner of the personal data even after the termination of their relationship with ECOLUCERNA LODGE, except for the exceptions regulated by Law.
In the case of workers who, due to the nature of their functions, have access to confidential and sensitive personal information, ECOLUCERNA LODGE will seek to develop specific training and awareness-raising actions. Persons involved in the processing of personal data are obliged to maintain professional secrecy and maintain confidentiality regarding the same. This obligation will continue even after your relationship with ECOLUCERNA LODGE ends.
7.- PRINCIPLES
All ECOLUCERNA LODGE employees must permanently comply with the principles established in the Law in the exercise of their duties, which we detail below:
- Legality. The processing of personal data carried out by ECOLUCERNA LODGE will be carried out in accordance with the provisions of the Law. The collection of personal data by fraudulent, unfair or illicit means is prohibited.
- Consent. ECOLUCERNA LODGE may not process personal data that does not have the prior, express, unequivocal and free consent of its owner as necessary, except for the exceptions provided for by Law.
- Purpose ECOLUCERNA LODGE will collect personal data, clearly indicating the purpose for which said collection is carried out, which must be determined, explicit and lawful. The personal data being processed may not be used for purposes different from or incompatible with those for which they were obtained, unless the owner consents. In this sense, ECOLUCERNA LODGE will comply with implementing measures that guarantee:
- The collection, storage and conservation of personal data comply with the principles of proportionality and purpose.
- The adequate protection of personal data, complying with appropriate technical and legal security measures. It should be noted that ECOLUCERNA LODGE may not reveal personal data unless it is ordered by a reasoned order of the judge or with the authorization of its owner, with the guarantees provided by law. Likewise, ECOLUCERNA LODGE may not refuse to deliver to a public entity information that contains personal data provided that said requirement is made for strict compliance with the powers of said entities assigned by current legislation.
Proportionality. All personal data processing carried out by ECOLUCERNA LODGE must be adequate, relevant and not excessive to the purpose for which they were collected.
- Quality. The personal data that will be processed by ECOLUCERNA LODGE must be true, accurate and, to the extent possible, updated, necessary, relevant and appropriate with respect to the purpose for which they were collected. They must be kept in a way that guarantees their security and only for the time necessary to fulfill the purpose of the treatment, respecting the legal terms for the conservation of applicable documents and information.
- Security. ECOLUCERNA LODGE and the third parties to whom it entrusts the processing of personal data must adopt the necessary and appropriate technical, organizational and legal measures to guarantee the security of personal data against different risks, such as accidental loss or destruction due to an accident, access unauthorized use, covert use or infection of malware or computer viruses. These measures will be established, communicated and, if applicable, updated by ECOLUCERNA LODGE.
- Adequate protection level. If ECOLUCERNA LODGE carries out international transfers of personal data, it must guarantee a sufficient level of protection for the personal data to be processed or, at least, comparable to that provided by the Law.
Rights of holders of personal data. ECOLUCERNA LODGE will have a simple and free procedure to address the rights of holders of personal data contemplated in the Law:
(i) information
(ii) access
(iii) update
(iv) inclusion
(v) rectification
(vi) deletion
(vii) prevent the supply
(viii) opposition
(ix) objective treatment.
Therefore ECOLUCERNA LODGE:
- It will take the necessary measures to inform the owner of the personal data about the rights conferred by the Law.
- It will adopt measures that allow the owner of the personal data to keep it updated.
- It will comply with responding in a timely manner and within the legal deadlines to the requirements and requests related to the rights of the aforementioned personal data holders; In the processes of attention to the rights of holders of personal data, the following guidelines will apply.
- The deletion or rectification of personal data will not proceed when it affects the rights or legitimate interests of Inversiones Turísticas Costa del Sur S.A.C., its shareholders, employees or directors or third parties or when there is a legal obligation to preserve personal data.
- Inversiones Turísticas Costa del Sur S.A.C. may reject certain requirements when the disclosure of personal data may compromise or hinder judicial or administrative proceedings in progress.
8.- TRANSFERS OF PERSONAL DATA
The personal data processed by ECOLUCERNA LODGE may only be assigned or transferred to third parties for the fulfillment of purposes related to the legitimate interest of the assignor and the assignee and with the prior, express, free, unequivocal and informed consent of the owner of the data. personal information. Said consent will not be required in the cases permitted by Law.
9.- COLLECTION OF SENSITIVE DATA
ECOLUCERNA LODGE will only collect personal data and/or sensitive data when strictly necessary and in compliance with the principles of purpose and proportionality. When the collection and processing of said data is derived from compliance with a legal obligation, ECOLUCERNA LODGE will inform the owner of the data of such situation prior to its collection.
10.- DISCLOSURE OF PERSONAL DATA
ECOLUCERNA LODGE will not disclose personal data to third parties except when:
a) It is necessary for the purpose for which the personal data was collected; as in the provision of services through third parties and suppliers.
b) The owner of the personal data is informed before disclosure or at the time of collection of the personal data.
c) The owner of the personal data gives his or her prior and express consent.
d) Consent is not required by Law.
e) Personal data are required by public entities within the scope of their legal powers and powers.
f) The personal data is necessary to satisfy legitimate requirements of a company interested in acquiring any of the operations of ECOLUCERNA LODGE, with the prior consent of its owner.
g) Access to personal data is by auditors and lawyers and other professionals obliged to maintain professional secrecy.
11.- ELIMINATION OF PERSONAL DATA
Once the processing of personal data has been completed and the principle of purpose has been complied with, and provided that there is no legal mandate or reason that justifies the conservation of personal data, ECOLUCERNA LODGE will proceed to delete them from its records. Alternatively, ECOLUCERNA LODGE may apply dissociation processes, or equivalent processes when for some commercial, statistical or market analysis reason justifying the convenience of retaining such data. ECOLUCERNA LODGE will promptly define the respective procedures that are necessary for the elimination of personal data.
The employee who commits any violation of the provisions established in this Policy will be considered a serious offense and subject to sanction. ECOLUCERNA LODGE will take the disciplinary measures it deems appropriate in cases of non-compliance with the obligations stipulated here by employees.
13.- DISSEMINATION AND COMPLIANCE WITH THE POLICY
ECOLUCERNA LODGE will ensure:
- that the provisions of this Policy are complied with;
- make each employee aware of, observe and respect this Policy
- publish this Policy in easily accessible places
- subscribe to confidentiality obligations with employees, users, contractors and third parties who access the personal data included in the data banks.