Below you will find the official terms and conditions of Hotel Las Islas. If you need more information or assistance in making your reservations, contact us today.
Hotel Las Islas welcomes you to a unique and exclusive accommodation, located in front of the sea, inside the Islas del Rosario National Park. If you have any questions about the hotel or would like to receive more information, please do not hesitate to contact us.
GENERAL CONSIDERATIONS
Aware of the importance of the protection and proper handling of personal information provided by the owners of the information,
AVIA SOLUCIONES HOTELERAS, - hereinafter AVIANET, who acts as responsible for the information received, has designed this policy and procedures that together allow the proper use of your personal data.
In accordance with the provisions of Article 15 of the Political Constitution of Colombia, which develops the fundamental right to habeas data, referring to the right of all citizens to know, update, rectify the personal data that exist about it in databases and files in both public and private bases, which is inevitably related to the handling and processing of information that recipients of personal information must take into account. This right has been developed through the issuance of the Statutory Law 1581 of 2012 and the Regulatory Decree 1377 of 2013, based on which AVIANET as RESPONSIBLE for the personal data it receives, handles and treats the information and thus proceeds to issue this policy of treatment of personal data, which is made known to the public so that they know how AVIA treats their information. The provisions of this policy of treatment of personal data is mandatory compliance by AVIANET, its administrators, employees, contractors and third parties with whom AVIANET enters into relationships of any kind.
OBJECTIVE
With the implementation of this policy, it is intended to ensure the confidentiality of information and security on the treatment that will be given to all customers, suppliers, employees and third parties from whom AVIANET has legally obtained information and personal data in accordance with the guidelines established by the law regulating the right to Habeas Data. Likewise, through the issuance of this policy we comply with the provisions of paragraph K of article 17 of the aforementioned law.
DEFINITIONS
Authorization: Prior, express and informed consent of the data owner to carry out the processing. This may be written, verbal or through unequivocal conduct that allows the reasonable conclusion that the owner granted authorization.
Data Base: It is the organized set of Personal Data that are subject to processing, electronic or not, whatever the modality of its formation, storage, organization and access.
Consultation: Request of the owner of the data or of the persons authorized by the owner or by law to know the information about him/her in databases or files.
Personal data: Any information linked or that may be associated to one or several determined or determinable natural persons. These data are classified as sensitive, public, private and semi-private.
Sensitive personal data: Information that affects the privacy of the person or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data (fingerprints, among others).
For the purposes of this policy, AVIANET warns the optional nature of the holder of the personal data to provide this type of information in cases in which, eventually, may be requested.
Public personal data: It is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Public are, among others, the data contained in public documents, public records, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality, those relating to the marital status of individuals, their profession or trade and their status as merchants or public servants. The personal data existing in the commercial registry of the Chambers of Commerce are public (Article 26 of the Code of Commerce).
Likewise, public data are those which, by virtue of a decision of the owner or a legal mandate, are in files of free access and consultation. These data may be obtained and offered without any reservation and regardless of whether they refer to general, private or personal information.
Private personal data. This is data that, due to its intimate or reserved nature, is only relevant to the person who owns it. Examples: merchants' books, private documents, information extracted from the inspection of the domicile.
Semi-private personal data. Semi-private data is data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of persons or to society in general, such as, among others, data concerning the fulfillment or non-fulfillment of financial obligations or data relating to relations with social security entities.
Data Controller: Person who by himself or in association with others, decides on the database and/or the processing of data.
Data Processor: Person who carries out the data processing on behalf of the data controller.
To be "Authorized" is AVIANET and all persons under the responsibility of the same, who by virtue of the authorization and the Policy have legitimacy to submit to processing the personal data of the holder. The Authorized Party includes the gender of the Entitlees.
"Enabling" or being "Enabled", is the legitimacy expressly and in writing by contract or document that takes its place, granted by AVIANET to third parties, in compliance with applicable law, for the processing of personal data, making such third parties in charge of the processing of personal data provided or made available.
Claim: Request from the data owner or the persons authorized by the data owner or by law to correct, update or delete their personal data or when they notice that there is an alleged breach of the data protection regime, according to Article Art. 15 of Law 1581 of 2012.
Data subject: The natural person to whom the information refers.
Processing: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or deletion of that kind of information.
Transmission: Processing of personal data that involves the communication of such data within (national transmission) or outside Colombia (international transmission) and that has as its purpose the performance of a processing by the processor on behalf of the controller.
Transfer: The transfer of data takes place when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
Procedural requirement: The holder or assignee may only file a complaint with the Superintendence of Industry and Commerce once the consultation or complaint process has been exhausted before the data controller or data processor, according to Article 16 of Law 1581 of 2012.
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The processing of personal data must be carried out in compliance with the general and special rules on the subject and for activities permitted by law. Consequently, the following principles apply for the purposes of this policy:
Legality principle: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.
Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the Law.
Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves consent.
Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.
Principle of transparency: The right of the owner to obtain from the data controller, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the processing.
Principle of restricted access and circulation: Processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the owner and/or by the persons provided by law.
Principle of security: The information subject to processing by the Data Controller or Data Processor referred to in this law, must be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
Principle of confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only supply or communicate personal data when this corresponds to the development of the activities authorized in this law and under the terms of the same.
Any new project within the Organization that involves the Processing of Personal Data must be consulted with the Information Security Management, which is the person and unit in charge of the data protection function to ensure compliance with the policy and the necessary measures to maintain the confidentiality of personal data.
RIGHTS OF THE OWNERS OF THE DATA
In accordance with the legal provisions in force, the rights of the holders of personal information are the following:
Right to know, update, rectify, consult their personal data at any time before AVIANET regarding the data they consider partial, inaccurate, incomplete, fractioned and those that induce to error.
Right to request at any time a proof of the authorization granted to AVIANET except in those cases in which legally the responsible is released from having authorization to process the data of the holder.
Right to be informed by AVIANET upon request of the owner of the data, regarding the use given to them.
Right to file before the Superintendence of Industry and Commerce the complaints considered pertinent to enforce their right to Habeas Data.
Right to revoke the authorization and/or request the deletion of any data when you consider that AVIANET has not respected your rights and constitutional guarantees.
Right to access free of charge to the personal data that you voluntarily decide to share with AVIANET.
The information and/or personal data that we collect from you are the following:
Type of person:
Natural: first and last names, type of ID, ID number, gender, marital status and date of birth, email, financial data (bank accounts).
Legal: company name, NIT, address, telephone, cell phone, e-mail, country, city, financial data (bank accounts).
Information necessary to facilitate travel or other services, including preferences such as class of travel, passenger names and surnames (type of document, document number, date of birth, name, surname, gender, email, nationality, passport expiration date), contacts in case of accident or any other anomaly (names and surnames, telephone).
Cardholder data: type of document, document number, telephone, address, email, names, card number, expiration date and bank.
Quotation request: names, surnames, telephone, city and email.
Trip information: type of request, destination, departure date, duration, number of adults, number of children, hotel category, food, additional services, transportation service, budget per person.
Write to Jean Claude Bessudo: first name, last name, ID, address, telephone (landline or cellular), city and e-mail.
Chat "online help": name, e-mail, what is your question?
Evaluate our site: your opinion is very important for us to continuously improve our customer service channels: first name, last name, email, phone numbers and city.
Complaint request: names, last names, ID number, address, phone numbers, city, email and comments.
Report of technical problems: names, surnames, address, telephone numbers, city, email and comments.
Biometric data: images, video, audio, fingerprints that identify or make identifiable our customers, users or any person who enters or is or transits in any place that AVIANET has implemented devices to capture such information.
These data may be stored and/or processed in servers located in data processing centers, either our own or contracted with suppliers, located in different countries, which is authorized by our customers/users, by accepting this policy of treatment and protection of personal data.
AVIANET reserves the right to improve, update, modify, delete any type of information, content, domain or subdomain, which may appear on the website, without any obligation of prior notice, being understood as sufficient with the publication on the websites of Aviatur. For the solution of legal or internal requests and for the provision or offering of new services or products.
T TREATMENT, SCOPE AND PURPOSES
AVIANET informs the owners that the data collected from our customers, contractors and suppliers may be used for the following purposes. The treatment may be carried out by AVIANET directly or through its contractors, consultants, advisors and / or third parties responsible for the processing of personal data, to carry out any operation or set of operations such as the collection, storage, use, circulation, deletion, classification, transfer and transmission (the "Treatment") on all or part of their personal data:
The substantiation of the contractual relationship established with AVIANET.
The provision of services related to the products and services offered.
The performance of all activities related to the service or product, will be included in a mailing list for sending the newsletter.
Send information about changes in the conditions of services and products purchased, and notify you about new services or products.
Manage your requests, clarifications, and inquiries.
Elaborate studies and programs that are necessary to determine consumption habits.
The fine-tuning of security filters and business rules in commercial transactions; confirming, processing such transactions, with your financial institution, with our service providers and with yourself.
Conduct periodic evaluations of our products and services in order to improve their quality.
Sending, by traditional and electronic means, technical, operational and commercial information about products and services offered by AVIANET, its partners or suppliers, currently and in the future.
The request for satisfaction surveys, which is not obliged to answer.
To carry out the transmission and/or transfer of data to other companies, commercial alliances or third parties in order to fulfill the obligations acquired. The transmission and transfer may be made even to third countries that may have a different level of protection with respect to the Colombian, when necessary for the fulfillment of our obligations.
To comply with obligations undertaken by AVIANET with its customers at the time of acquiring our services and products.
To respond to inquiries, requests, complaints and claims that are made by control agencies and other authorities that under applicable law must receive personal data.
Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of AVIATUR.
Perform consultations in different databases and authorized sources (such as OFAC lists, UN, among others) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our risk prevention and management policies - SARLAFT.
The data collected from our workers:
To comply with the obligations contracted by AVIANET with the workers holders of the information, in relation to payment of salaries, social benefits, and others enshrined in the employment contract and labor regulations in force.
Inform the worker of any new developments that may arise in the development of the employment contract and until after its termination.
Evaluate the quality of the services we provide.
Conduct internal studies on the habits of the worker who is the owner of the information or request personal information for the development of programs or management systems.
Make payroll deductions authorized by the employee.
Manage your requests, administration of activities, clarifications and investigations.
Marketing and selling our products and services.
Sending, by traditional and electronic means, technical, operational and commercial information of products and services offered by associates or suppliers, currently and in the future.
To elaborate studies and programs that are necessary to determine consumption habits.
Carry out the transmission and/or transfer of data to other companies, commercial alliances or third parties in order to comply with the obligations acquired. The transmission and transfer may be made even to third countries that may have a different level of protection with respect to the Colombian, when necessary for the fulfillment of our obligations.
The request for surveys, which the employee is not obliged to answer.
To transfer, either by way of transmission or transfer, the information received to all judicial and/or administrative entities when it is necessary for the fulfillment of our duties as an employer in order to comply with the obligations of labor, social security, pensions, professional risks, family compensation funds (Integral Social Security System) and taxes.
To transfer the employer's personal information to third parties that legitimately have the power to access such information, which includes, but is not restricted to the companies of Grupo Empresarial Aviatur Ltda.
To deliver either by way of transmission or transfer the personal information of the employee to all the entities that are related to the fulfillment of the responsible party in its capacity as employer.
Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of AVIATUR and its labor obligations acquired by virtue of the conclusion of the employment contract or by operation of law.
Make inquiries in different databases and authorized sources (such as OFAC lists, UN, among others) necessary for the control and prevention of fraud or crimes related to money laundering, according to our policies of prevention and risk management - SARLAFT.
The processing of personal data will be carried out with the prior authorization of the owner of the data, except in the events in which the data is of a public nature. For this purpose, an authorization form has been implemented for the processing of data, which must be filled out by the owner of the information at the very moment he/she submits his/her personal information. This authorization explains the scope and purposes of the processing of personal data, alludes to the authorization by another, the data of minors and sensitive data, and also defines the channel of attention of the owners who wish to exercise their rights under the habeas data and indicates the place where this policy is hosted. For the purpose of processing the data, AVIANET employs all activities aimed at preserving the confidentiality of the information.
Authorization will be obtained through any means that may be subject to subsequent consultation, such as the web page, forms, formats, face-to-face activities or through social networks, etc. Authorization may also be obtained from unequivocal conduct of the data owner that allows us to reasonably conclude that he/she granted authorization for the processing of his/her information.
If you provide us with personal information about a person other than yourself, such as your spouse or a co-worker, we understand that you have the authorization of such person to provide us with your data; and we do not verify, nor assume the obligation to verify the identity of the user/customer, or veracity, validity, sufficiency and authenticity of the data of each of them, provide. In virtue of the above, we do not assume responsibility for damages or prejudices of any nature that could have origin in the lack of veracity, homonymy or the impersonation of the identity information.
Since AVIANET belongs to the Aviatur Business Group, your personal information may be shared by way of transfer or transmission with group companies, commercial partners and/or third-party suppliers involving (flight reservation systems, hotels, cars, validators). transactional security, banks, financial networks, tourist services), these processes can be carried out in different places from which the acquired tourist service or product is contracted, with the same purposes that have been indicated for the collection of personal data. These entities are required to comply with the corresponding confidentiality, transmission or transfer agreements.
The Personal Data collected will be subject to manual or automated processing and incorporated into the corresponding files or databases (hereinafter, the "File"), either in the capacity of data processor and data protection officer. To determine the term of treatment, the rules applicable to each purpose and the administrative, accounting, fiscal, legal and historical aspects of the information will be considered.
When at the time of providing the service the owner is accompanied by minors or people considered with disabilities, and in which the collection of their personal data occurs, AVIANET will always request the authorization of whoever has the legal representation of the minor. Now, if personal information of the population mentioned here is provided without being the legal representative, you declare that you have the authorization of the respective legal representative, directly assuming the responsibility that this entails. AVIANET will strive to ensure that their rights and their superior and prevailing interest are respected at all times. The representative must guarantee them the right to be heard and value their opinion of the treatment, taking into account the maturity, autonomy and capacity of the minors. Representatives are informed of the optional nature of answering questions about minors' data. The data of minors, included in a special protection category, will be processed in accordance with the applicable legislation on the matter and in accordance with the provisions of our personal data policy.
The companies of the Aviatur Business Group have adopted the security levels of protection of personal data legally required, and have installed all the means and technical measures at their disposal to prevent the loss, misuse, alteration, unauthorized access and illegitimate theft of data. the personal data provided to AVIANET, however, the owner must be aware that security measures on the Internet are not unbreakable.
If you choose to delete your information, to the extent permitted by law, we will retain certain personal information in our files for the purposes of identifying accounting and tax data on transactions carried out, preventing fraud, resolving disputes, investigating conflicts or incidents. , enforce our terms and conditions of use and comply with legal requirements.
However, at the time you decide to revoke your authorization, the hosted information will not be used for the purposes provided herein, only in the terms strictly necessary and defined in the previous paragraph.
Security Risks You Should Consider When Transacting Online:
It is possible that a user is deceived through emails or some trick of DNS servers, to visit a fake site that has the same design, but where the card data is loaded into the fake system, stealing card information. inhabitant Therefore, it is important to generate the culture that users must enter directly through known domains to carry out transactions to reduce risks.
It may be that the computer where the user is carrying out the transaction has installed, without prior knowledge, some spyware or malicious software that captures everything typed on the keyboard or captures information from input devices and is sent to some network or host in Internet. Therefore, it is recommended that the transaction be carried out on the home or office computer if possible.
Impersonation of the owner could occur if the owner denies having sent and/or received the transaction and it is used by a third party.
It is recommended that the computer where you carry out electronic transactions have an updated and active antivirus to mitigate the risks of fraud.
If personal information was collected or provided prior to July 30, 2013 and you did not express your opposition to your personal data being transferred, it will be understood that you have given your consent. In the event that you wish to ratify your consent or express your refusal, you can indicate it through the following email privacy@aviasolucioneshoteleras.com.
Like other websites, AVIANET uses certain technologies, such as cookies, and device fingerprinting, that allow us to make your visit to our site easier and more efficient, providing you with personalized service and recognizing you when you return to our site. For the purposes of this Privacy Notice, "cookies" will be identified as the information text files that a website transfers to the hard drive of the users' computer in order to store certain records and preferences.
Websites may allow advertising or third-party features that send "cookies" to the owners' computers.
Cookies are only associated with an anonymous user and their computer, and do not provide their name and surname; in many cases, you will be able to browse any of the AVIANET websites anonymously. When you access any AVIANET website, your IP address (the Internet address of your computer) is recorded, to give us an idea of which parts of the website you visit and how much time you spend in each section. We do not link your IP address to any of your personal information unless you have registered with us and logged in using your profile.
Therefore, it is possible that in certain AVIANET applications it recognizes users after they have registered for the first time, without them having to register each visit to access the areas and services or products reserved exclusively for them.
In other services, the use of certain access codes will be necessary, and even the use of a digital certificate, in the characteristics that are determined.
The cookies used cannot read cookie files created by other providers. AVIANET encrypts user identification data for greater security.
To use the AVIANET website, it is not necessary for the user to allow the installation of cookies sent by AVIANET, without prejudice to the fact that in such case it will be necessary for the user to register for each of the services whose provision requires prior registration. .
NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA
AVIANET may transfer data to other data controllers when authorized by the owner of the information or by law or by an administrative or judicial order.
INTERNATIONAL AND NATIONAL TRANSMISSION OF DATA TO PROCESSORS
AVIANET may send or transmit data to one or more processors located inside or outside the Republic of Colombia in the following cases: a) When it has authorization from the owner and b) when, without having the authorization, a contract exists between the controller and the processor. of data transmission.
DUTIES OF THE DATA CONTROLLER
Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the owner.
Duly inform the owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted.
Maintain the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Process queries and claims formulated in the terms indicated in this law.
Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, to respond to queries and complaints.
Inform at the request of the owner about the use given to his data.
Inform the data protection authority when violations of security codes occur and there are risks in the administration of the owners' information.
Comply with the instructions and requirements issued by the superintendence of industry and commerce.
DUTIES OF THE TREATMENT PROCESSORS
Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
Maintain the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Timely update, rectify or delete data under the terms of this law.
Update the information reported by those responsible for the treatment within five (5) business days from receipt.
Process queries and claims made by the owners in the terms indicated in this law.
Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, to respond to queries and complaints from the owners.
Refrain from circulating information that is being controversial by the owner and whose blocking has been ordered by the superintendence of industry and commerce.
Allow access to information only to people who can have access to it.
Inform the superintendence of industry and commerce when violations of security codes occur and there are risks in the administration of the owners' information.
Comply with the instructions and requirements issued by the superintendence of industry and commerce.
PETITIONS, COMPLAINTS AND CLAIMS
For the purposes of receiving requests, complaints and queries related to the handling and processing of personal data, AVIANET has designated the email privacy@aviasolucioneshoteleras.com to channel, study and respond to them. Therefore, you may send your requests to this address, which will be processed in accordance with Law 1581:
Queries: The owners or their successors may consult the personal information of the owner that resides in our database. AVIANET will provide them with all the information contained in the individual registration or that is linked to the identification of the owner. The query will be answered within a maximum period of ten (10) business days from the date of receipt. When it is not possible to attend to the query within said term, the interested party will be informed, and the date on which their query will be attended to will be indicated, which in no case may exceed five (5) business days following the expiration of the first term.
Claims: The owner or his successors who consider that the information contained in a database must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with AVIANET , which will be processed under the following rules:
The claim will be made through a request addressed to AVIANET with the identification of the owner, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want to assert. If the claim is incomplete, AVIANET will require the interested party within five (5) days following receipt of the claim to correct the deficiencies. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that he has withdrawn the claim.
Once the complete claim is received, a legend that says “claim in process” and the reason for it will be included in the database within a period of no more than two (2) business days. Said legend must be maintained until the claim is decided.
The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed and the date on which their claim will be addressed will be indicated, which in no case may exceed eight (8) business days following the expiration of the first term.
In any case, the owner or successor in title may only file a complaint with the Superintendency of Industry and Commerce once the consultation or claim process with AVIANET has been exhausted.
The area responsible for receiving and processing claims is the Information Security Management.
The request for deletion of information and revocation of authorization will not proceed when the owner has a legal or contractual duty to remain in the database.
DATA OF THE RESPONSIBLE FOR THE TREATMENT
Company name: Avia SAS Hotel Operator
Address: Andino Business Center, Carrera 11 # 82-01 Floor 4, Bogotá DC - Colombia
Email: privacy@aviasolucioneshoteleras.com
Telephone: (+57 1) 3817111
Website: www.aviasolucioneshoteleras.com
QUESTIONS OR SUGGESTIONS
If you have any questions or queries about the process of collecting, processing or transferring your personal information, or consider that the information contained in a database should be corrected, updated or deleted, please send us a message to the following account email: privacy@aviasolucioneshoteleras.com.
For more information about AVIATUR, its identity, address and contact information, you can consult it at the following address www.aviasolucioneshoteleras.com. This website has the terms and conditions applicable to the published services and products, which can be consulted at any time for more information.
VALIDITY
AVIANET reserves the right to modify this policy to adapt it to legislative or jurisprudential developments, as well as good practices in the tourism sector and other sectors of the economy that are part of the business group. In such cases, AVIANET will announce the changes introduced on this page with reasonable advance notice of their implementation.