The data controller responsible for your information is Grupo Posadas, S.A.B. de CV and its affiliates and / or subsidiaries (collectively, as Posadas), 1015 Prolongación Paseo de la Reforma, 9th Floor, Col. Santa Fe de Cuajimalpa, Delegación Cuajimalpa, CP 05348, Mexico City, which you can contact online at: email@example.com
The privacy notice outlined here applies to the following Posadas websites.
B. Personal Data
Personal data obtained by Posadas through these means includes:
1. Contact Information: your name, address, phone number, marital status, signature, email address, gender, age, date of birth, username and password.
2. Payment Method: Name on card, card number and expiration date.
3. Billing Data: name or business name, tax registration number and tax domicile
4. Preference Data: details relating to your room, service and travel preferences.
C. Sensitive Personal Data
Personal data is classified as sensitive when touching on the most private areas of the data owner’s life, or whose misuse might lead to discrimination or involve a serious risk for said data owner. In particular sensitive data is considered that which may reveal items such as race, religion, politics, sex life or health. When you stay in one of our hotels, and you provide any information concerning your health or any disabilities, this data will only be used to serve you better and to meet your specific needs.
D. Purposes of the data processing
Events when personal data is legally required in order for Posadas to provide a service:
1. Posadas uses the personal information provided by you in order to perform or deliver the services you requested, or they are part of a program for which you registered. These events include making reservations, buying vacation packages, becoming a vacation club member, becoming a member of Posadas loyalty programs or referral programs, attending events or social gatherings, or purchasing goods and / or tour and travel-related services.
2. Posadas may use the personal data you provide to better serve you and, where appropriate, identify your preferences during your stay, in order to make it more enjoyable.
Events when personal data is not required for Posadas to provide a service:
1. Posadas may also use your information to offer you promotions, tourism and consumer products, special services, newsletters, surveys, giveaways and online contests.
E. Options to limit the Use or Disclosure of Personal Data
At any time you may request that your personal information not be used for purposes other than those purposes that are legally required for Posadas to provide you with a service. You must submit this request by email at firstname.lastname@example.org.
F. Rights of Data Owners
You are able to exercise your rights of access, rectification, cancellation and objection to the information you provided to Posadas, under Federal Law on Protection of Personal Data Held by Private Parties. You may do so by delivering the request on the following address: 1015 Prolongación Paseo de la Reforma, 9th Floor, Col. Santa Fe de Cuajimalpa, Delegación Cuajimalpa, CP 05348, Mexico City or by email at: email@example.com.
Any such requests must include at least the following items: (i) The data owner’s name and address or other means to notify him of the response to this request; (ii) Documents establishing the identity or, where appropriate, legal representation of the data owner; (iii) A clear and precise description of the personal data with regard to which the data owner seeks to exercise any of the abovementioned rights; (iv) Any other item or document that facilitates locating the personal data. If the request is missing any of these requirements, the Department of Personal Data may respond within 5 days of your request and ask that you provide the required information or documents. In this event, you will have 10 days to submit the needed information or documents. If you do not respond with the missing items in that timeframe, no further action will be taken and no changes will be made to your personal data or their usage.
Posadas wil notify the data owner, within a maximum of 20 days counted from the date of receipt of the request, of the determination made, so that, where apppropiate, same will become effective within 15 days from the date on which the notice is provided.
G. Control and Security of Personal Data
Posadas agrees to take necessary precautions to protect the data it has collected, utilizing security technologies and procedures to restrict access, use, or disclosure of personal data without consent. For example, the personal data you provide will be stored on computer servers in secure data centers with restricted access. For online transactions, Posadas also uses security technologies to protect data that is transmitted electronically, such as the use of a secure server on the Secure Socket Layer (SSL).
However, no security system or data transmission devices over which Posadas does not retain absolute control or is dependent on the Internet can be guaranteed to be totally secure.
H. Electronic Media and Cookies
In the event that you visit any of our websites, cookies will be generated and stored on your computer in order to provide you with a better experience. Cookies are small pieces of information that are transferred to your browsers by websites.
I. Transfer of Personal Data
Posadas only transfers personal data in the cases established in the article 37 of the Federal Law on Protection of Personal Data Held by Private Parties.
J. Changes to this Privacy Notice
Posadas may update this privacy notice at any time. In the event that substantial changes are made to our notice, we will notify you on the websites listed in the footer “Privacy Notice”. We also recommend that you visit this statement periodically in order to be aware of any updates.
I agree and accept the terms of Privacy Notice, and otherwise I will get in contact with Posadas as indicated in the subsections E and F of this Privacy Notice.
In case of any grievance or complaint about the treatment of your personal data, you can contact the Nacional Institute for Transparency, Access to Information and Data Protection.
Date of last revision: May 22, 2018.