Home » PRIVACY POLICY

PRIVACY POLICY

Effective date: September 25, 2023
Last update: November 8, 2023

CONTENT

1. INTRODUCTION

For AUEN POSADA ANDINA, the conservation, protection, integrity and confidentiality of the Personal Data of its guests, visitors, clients in general, suppliers, contractors, employees and others, is very important. Due to this, we have designed a policy for the storage and processing of Personal Data, committing ourselves to the protection and adequate management of the same, in accordance with the legal regime for the protection of Personal Data applicable in Colombian territory.

AUEN POSADA ANDINA guarantees the protection of rights such as Habeas Data, privacy, intimacy, good name and image, for this purpose all actions will be governed by principles of good faith, legality, self-determination, freedom and transparency.

2. LEGAL BASIS FOR PROCESSING

Article 15 of the Political Constitution of Colombia establishes that any person has the right to know, update and rectify the personal data that exists about them in databases or files of public or private entities. Likewise, it orders those who have personal data of third parties to respect the rights and guarantees provided for in the Constitution when this type of information is collected, processed and circulated.

Statutory Law 1581 of October 17, 2012 establishes the minimum conditions to carry out the legitimate processing of personal data of clients, employees and any other natural person. Literal k) of article 17 of this law obliges those responsible for the processing of personal data to “adopt an internal manual of policies and procedures to guarantee adequate compliance with the law and, in particular, to respond to queries and complaints.”

Article 25 of the same law establishes that data processing policies bind those responsible for them and, additionally, indicates that said policies cannot guarantee a level of treatment lower than that established in law 1581 of 2012.

AUEN POSADA ANDINA is committed to respecting and guaranteeing the rights of its clients, employees, suppliers and third parties in general. For this reason, AUEN POSADA ANDINA adopts the following manual of information processing policies and procedures, which must be applied in all activities that involve, in whole or in part, the collection, storage, use, circulation and transfer of that information.

These policies are mandatory and strict compliance for AUEN POSADA ANDINA, as responsible, as well as all third parties acting on its behalf, or who, without acting on behalf of AUEN POSADA ANDINA, process personal data at its disposal as processors.

Both the person in charge and people responsible, that is, employees, contractors and third parties, must observe and respect these policies in the fulfillment of their functions and/or activities even after legal, commercial, labor or any kind of relationship has ended. Likewise, they undertake to maintain strict confidentiality in relation to the data processed.

Any breach of the obligations and, in general, of the policies contained in this document must be reported to info@auen.com.co.

3. INFORMATION OF THE ENTITY RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA

The company responsible for processing personal data:

Business name: Auen Posada Andina
Address: Finca Auen, La Magdalena, Guadalajara de Buga, Valle del Cauca, Colombia
NIT: 700412545
E-mail: info@auen.com.co
Website: www.auen.com.co
Phone: +57 320 308 26 65

4. DEFINITIONS

For the purposes of applying the rules contained in this policy, and, in accordance with the provisions of article 3 of Law 1581 of 2012, it is understood as:

Personal data: all the information associated with a person and that allows their identification. For example, identity document, place of birth, marital status, age, place of residence, academic, work, or professional history. There is also more sensitive information such as health status, physical characteristics, political ideology, sexual life, among other aspects.

Authorization: prior, express and informed consent of the Holder to carry out the Processing of personal data. It will be understood that the Authorization meets these requirements when it is stated in writing, orally or through unequivocal conduct of the Holder that allows it to be reasonably concluded that the authorization was granted. In no case can silence be assimilated to unequivocal conduct.

Notice of Privacy: verbal or written communication generated by the Responsible addressed to the Holder for the processing of their personal data, through which they are informed about the existence of the Privacy Policies that will be applicable to them, the way to access them and the purposes of the Treatment that is intended to be given to personal data.

Databases: organized set of personal data that is subject to Processing.

Private data: data that, due to its intimate or reserved nature, is only relevant to the Titular.

Public data: data that is not private or sensitive. Public data are considered, among others, data relating to the marital status of people, their profession or trade and their status as a merchant or public servant. Due to its nature, public data may be contained, among others, in public records, public documents, official newsletters, and duly executed judicial rulings that are not subject to confidentiality.

Sensitive data: those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promotes the interests of any political party or guarantees the rights of opposition political parties, as well as data related to health, sexual life and biometric data.

Treatment: any operation or set of operations on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available otherwise, alignment or combination, restriction, erasure or destruction.

Treatment Manager: natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of personal data on behalf of the Responsible for the Treatment.

Responsible for the Treatment: natural or legal person, public or private, who alone or in association with others, decides on the database and/or the Processing of the data.

Holder: natural or legal person whose personal data is the subject of Processing.

Third party: natural or legal person, public authority, agency or other than the Holder, Responsible, Manager and persons who, under the direct authority of the Responsible or Manager, are authorized to process personal data.

Transfer: the transfer of data takes place when the Responsible and/or Manager of the processing of personal data, located in Colombia, sends the Personal Data to a recipient, who in turn is Responsible for the processing and is located inside or outside the country.

Transmission: Processing of Personal Data that involves the communication of these within or outside Colombian territory when its purpose is to carry out processing by the Processor on behalf of the Responsible.

Profiling: automated processing of personal data to analyze or predict aspects of a group of people with the same characteristics, such as nationality, age, interests, socioeconomic situation, gender, etc.

Consent: any free, specific, informed and unequivocal manifestation of the will of the Holder by which they, by means of a declaration or a clear affirmative action, express their agreement with the processing of personal data that concerns them.

Consultations: request for the personal information of the Holder that resides in any database used by AUEN POSADA ANDINA on which it has the obligation to provide the Holder or their successors, all the information contained in the individual record or that is linked to the identification of the Holder.

Claims: request for correction, updating or deletion of the information contained in the database used by AUEN POSADA ANDINA, or request for alleged non-compliance with any of the duties contained in Law 1581 of 2012, made by the Holder or their successors in title.

5. COLLECTION OF DATA AND GENERAL INFORMATION

AUEN POSADA ANDINA may collect data through its website www.auen.com.co, as well as by other means, whether in person, by email or by telephone.

The website www.auen.com.co collects a series of general data and information when a data subject or an automated system accesses the website. This general data and information is stored in the server log files. Data that may be collected (1) browser types and versions used, (2) operating system used by the access system, (3) website from which an access system reaches our website, (4) sub-websites, (5) date and time of access to the site, (6) Internet Protocol address (IP address), (7) Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, www.auen.com.co does not draw any conclusions about the interested party. Rather, this information is necessary to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term viability of our information technology systems and technology of the website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. Therefore, www.auen.com.co statistically analyzes the data and information collected anonymously, with the aim of increasing the protection and security of our company’s data, and ensuring an optimal level of data protection. Anonymous data from the server log files are stored separately from all personal data provided by the data subject.

6. PRINCIPLES

The principles established below constitute the general parameters that will be followed by AUEN POSADA ANDINA in the personal data processing processes:

Legality regarding data processing: the Treatment referred to in Law 1581 of 2012 is a regulated activity that must be subject to what is established in it and in the other provisions that develop it.

Purpose and Treatment: the Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder. The Treatment and Purpose of the information in the AUEN POSADA ANDINA databases are related solely and exclusively to commercial purposes (commercial proposals, account statements, invoices). The additional information provided by the Client and/or Supplier to AUEN POSADA ANDINA, by virtue of the commercial relationship that links them, will be kept in our Database.

Freedom: the Treatment can only be carried out with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that requires consent.

Veracity or quality: the information subject to Treatment must be true, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited.

Transparency: in the Treatment, the right of the Holder to obtain from AUEN POSADA ANDINA, or the Data Manager, at any time and without restrictions, information about the existence of data that concerns them must be guaranteed.

Restricted access and circulation: the Treatment is subject to the limits derived from the nature of the personal data, the provisions of Law 1581 of 2012 and the Constitution. In this sense, the Treatment may only be carried out by persons authorized by the Holder and/or by the persons provided for in the Law. Personal data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide knowledge restricted only to the Holders or authorized third parties in accordance with the Law.

Security: the information subject to Treatment by the Data Manager or Data Responsible must be handled taking reasonable technical, human and administrative measures to provide security to the records, trying to avoid their adulteration, loss, consultation, unauthorized or fraudulent use or access.

Confidentiality: all persons involved in the Processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the Processing has ended, and may only supply or communicate personal data when this corresponds to the development of the activities authorized in the Law and in the terms of the same.

Collaboration with national or foreign authorities: in addition to what is established in the law, the Authorization of the Holder will include the possibility of supplying authorities, national or foreign, with the purpose of collaborating with the prevention, detection and mitigation of the risks of tax evasion, national or foreign corruption, money laundering, terrorist financing and/or similar, as well as to carry out the necessary activities to mitigate the effects of this type of situation if it occurs.

7. SCOPE OF APPLICATION

This policy will be applicable to the Personal Data registered and to be registered in the different databases managed by AUEN POSADA ANDINA, that is, to the databases of guests, visitors, clients in general, suppliers, contractors, shareholders, investors, employees and others, who provide their data for commercial, legal, contractual, or labor purposes, as applicable.

The information collected by AUEN POSADA ANDINA may include, in whole or in part depending on the needs of each product and/or service, among others, the following data:

Names and surnames
Type and identification number
Nationality and country of residence
Date of birth and gender
Marital status and/or relationship in relation to minors or disabled people requesting our services
Landlines and contact cell phones (personal and/or work)
Postal and electronic addresses (personal and/or work)
Profession or occupation
Company and position
Origin and destination
Reason for the trip
Credit card(s) information (number, bank, expiration date)
Personal data of the cardholder (names and surnames, type and identification number)
Information about the address where the cardholder receives their bank statements

These data may be stored and/or processed on servers located in computer centers, whether owned or contracted with third-party suppliers and/or contractors who are in turn obliged to abide by this policy as Managers of the processing of personal data, under confidentiality clauses.

8. VERACITY OF THE INFORMATION

Our guests, visitors, clients in general, suppliers, contractors, shareholders, investors, employees and others, must provide truthful information about their Personal Data for the purposes of establishing an adequate relationship with AUEN POSADA ANDINA, whether for the provision of services, or for compliance with its legal and/or contractual obligations.

AUEN POSADA ANDINA presumes the veracity of the information provided and does not verify, nor assumes the obligation to verify, the identity of guests, visitors, clients in general, suppliers, contractors, shareholders, investors, employees and others, nor the veracity, validity, sufficiency and authenticity of the data that each of them provides. Therefore, AUEN POSADA ANDINA does not assume responsibility for damages and/or losses of any nature that may arise from the lack of veracity, validity, sufficiency or authenticity of the information, including damages that may be due to homonyms or impersonation.

9. TREATMENT TO WHICH THE DATA WILL BE SUBJECTED AND ITS PURPOSE

The processing of personal data will be contained in the Privacy Policy and Use of personal information of each of the owners of the information for which AUEN POSADA ANDINA will be responsible. The treatment that will be applied to the information will be:

Personal data will be collected, stored, used and circulated only for as long as is necessary and reasonable in accordance with the purposes for which authorization is requested.

Communications with commercial content will never expose email information for all customers.

Our database will not be shared or used with third parties for commercial purposes.

The Personal Data of guests, visitors and clients in general are collected for the purpose of processing, confirming, fulfilling and providing the services and/or products purchased, directly and/or with the participation of third-party contractors and/or suppliers of products or services, as well as to promote and advertise our activities, products and services, carry out transactions, make reports to the different national or international administrative control and surveillance authorities, police authorities or judicial authorities, banking entities and/or insurance companies, for purposes internal and/or commercial administrative tasks such as market research, audits, accounting reports, statistical analysis, billing, and offering our services.

The Personal Data of suppliers, contractors, shareholders, investors, employees and others are collected for the purpose of complying with the legal and/or contractual obligations assumed with respect to each one, making payments, making reports to the different administrative control authorities and national or international surveillance, police authorities or judicial authorities, banking entities and/or insurance companies, for internal administrative purposes such as market research, audits, accounting reports, statistical analysis, billing, and offering our services.

By accepting the processing of personal data, our guests, visitors, clients in general, suppliers, contractors, shareholders, investors, employees and others, in their capacity as owners of the data collected, authorize AUEN POSADA ANDINA to apply this policy and carry out the processing of personal data, partially or totally, including the collection, storage, recording, use, circulation, processing, deletion, for the execution of activities related to the services and products purchased, such as, realization of reservations, modifications, cancellations and changes thereof, refunds, attention to queries, complaints and claims, payment of compensation and indemnities, accounting records, correspondence, processing and verification of credit cards, debit cards and other payment instruments, identification of fraud and prevention of money laundering and other criminal activities and/or for the functioning of the purposes indicated in this document.

The foregoing, without prejudice to other purposes that have been informed in this document and in the terms and conditions of each of the products and services of each of our business units.

These activities may involve third-party suppliers and/or contractors who are in turn obliged to comply with this policy as Data Managers, under confidentiality clauses, such as reservation system providers, travel agencies, reservation centers, banking entities, insurance companies and others.

Additionally, our guests, clients and users, in their capacity as Holders of the data collected, by accepting this policy authorize us to:

Use the information received from them, for marketing purposes of their products and services, and the products and services of third parties with which AUEN POSADA ANDINA maintains a business relationship.

Provide the Personal Data to the police or judicial control and surveillance authorities, pursuant to a legal or regulatory requirement and/or use or disclose this information and Personal Data in defense of their rights and/or assets, while this defense is related to the products and/or services contracted by its guests, clients and users.

Allow access to information and Personal Data to auditors or third parties hired to carry out internal or external audit processes specific to the commercial activity we carry out.

Consult and update personal data, at any time, in order to keep the information updated.

Contract with third parties the storage and/or processing of information and Personal Data for the correct execution of the contracts entered into with us, under the security and confidentiality standards to which we are obliged.

10. AUTHORIZATION

The collection, storage, use, circulation or deletion of Personal Data by AUEN POSADA ANDINA requires the free, prior, express and informed consent of the Holder. It will be understood that the authorization meets these requirements when it is expressed in writing, orally or through unequivocal conduct of the Holder that allows it to be reasonably concluded that the authorization was granted. In no case can silence be assimilated to unequivocal conduct.

AUEN POSADA ANDINA, in its capacity as responsible for the processing of Personal Data, has provided the necessary mechanisms to obtain the Authorization of the Holders, guaranteeing in all cases that it is possible to verify the granting of said authorization.

With the aforementioned Authorization, the Holder accepts the policies and conditions established in this document.

The Holder’s Authorization will not be necessary in the following events:

Personal Data is required by a public or administrative entity in the exercise of its legal functions or by court order.
It is data of a public nature.
In cases of medical or health emergency.
The processing of Personal Data is authorized by law for historical, statistical or scientific purposes.
It involves data related to the civil registry of people.

11. MECHANISMS TO GRANT AUTHORIZATION

The Authorization of the Holder of the information will appear in each of the channels and data collection mechanisms of AUEN POSADA ANDINA.

Thus, it may be recorded in a physical, electronic document or in any other format that guarantees its subsequent consultation. The Authorization will be issued by the Holder prior to the processing of their personal data, in accordance with the provisions of Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014, incorporated in Sole Decree 1074 of 2015, and other regulations that expand, modify or replace the regulations on the matter.

With the consented Authorization procedure, it is guaranteed that the Holder of the personal data has been made aware of both the fact that their personal information will be collected and used for certain and known purposes, and that they have the option of knowing any variation and specific use that has been given to them. The foregoing in order for the Holder to make informed decisions in relation to their Personal Data and control the use of their personal information.

The Authorization may also be granted by the Holder through unequivocal conduct of the Holder that allows it to be reasonably concluded that he granted the Authorization, such as his entry and stay in the facilities in buildings with video surveillance recording systems, and with records of entries and exits.

12. INFORMATION OF CHILDREN AND ADOLESCENTS

In accordance with the law, AUEN POSADA ANDINA will not process the Personal Data of children and adolescents, except for those data that are public in nature. AUEN POSADA ANDINA will ensure the appropriate use of the data of children and adolescents, guaranteeing that their best interests and fundamental rights are respected in the processing of their data and, as far as possible, taking into account their opinion, as Holders of their personal data.

13. RIGHTS OF THE HOLDERS

In accordance with the provisions of article 8 of Law 1581 of 2012, the Holder of the Personal Data has the following rights:

Know, update and rectify their personal to AUEN POSADA ANDINA, in its capacity as Responsible of the Treatment.

Request proof of the Authorization granted to AUEN POSADA ANDINA, in its capacity as Responsible of the Treatment, except when expressly excepted as a requirement for the treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.

Be informed by AUEN POSADA ANDINA, upon request, regarding the use that has been given to their personal data.

Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012, once the consultation or claim process has been exhausted before the Responsible of the Treatment.

Except for legal exceptions, revoke the authorization and/or request the deletion of the data when the treatment does not respect constitutional and legal principles, rights and guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the processing the Responsible or Manager has engaged in conduct contrary to Law 1581 of 2012 and the Constitution.

Access free of charge to their personal data that has been processed.

14. EXERCISE OF RIGHTS

14.1. Right of access

The power of disposition or decision that the Holder has over the information that concerns them necessarily entails the right to access and know if their personal information is being processed, as well as the scope, conditions and generalities of said treatment. In this way, AUEN POSADA ANDINA guarantees the Holder their right of access in three ways:

The first implies that the Holder can know the effective existence of the processing to which their personal data is subjected.

The second, that the Holder can have access to their personal data that is in the possession of the person responsible.

The third involves the right to know the essential circumstances of the treatment, which translates into the duty of AUEN POSADA ANDINA to inform the Holder about the type of personal data processed and each and every one of the purposes that justify the treatment.

AUEN POSADA ANDINA guarantees the right of access when, after accreditation of the identity of the Holder or personality of their representative, the details of the personal data are made available to them free of charge through electronic means.

14.2. Consultations

AUEN POSADA ANDINA guarantees the right of consultation, providing the people who act in the exercise of this right with all the information contained in the individual record or that is linked to the identification of the Holder.

In accordance with this Policy, clients and users can exercise their rights to know, update, rectify and delete their personal data by sending their request to:

The E-mail info@auen.com.co.
The website auen.com.co in the Contact section.
Through telephone or Whatsapp at (57) 320 308 26 65.

14.3. Claims

AUEN POSADA ANDINA guarantees the right to claim for the correction, update or deletion of data, or when the alleged breach of any of the duties contained in Law 1581 of 2012 and other applicable regulations is noted.

The claim will be processed under the following rules:

If the claim received does not have complete information that allows it to be processed, such as the identification of the Holder, the description of the facts that give rise to the claim, and documents that support the claim, the interested party will be notified so that they can complement it. If two (2) months have elapsed from the date of the notification without the applicant presenting the required information, it will be understood that they have withdrawn the claim.

If for any reason AUEN POSADA ANDINA receives a claim that is not part of its jurisdiction, it will be transfer to whomever corresponds and inform the interested party of the situation.

Once the complete claim is received, it will be included in the AUEN POSADA ANDINA database. Said claim will be valid until it is processed.

The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend to it within such period, the interested party will be informed, before the expiration of the period, of the reasons for the delay and the date on which their claim will be attended to.

14.4. Implementation of procedures to guarantee the right to file claims

The request for rectification, update or deletion must be submitted through the means enabled by AUEN POSADA ANDINA indicated in the privacy notice and in this document, and contain, at a minimum, the following information:

Information and means of contact to receive the response such as name, telephone number, e-mail and residence address of the Holder.
Documents that prove the identity of the Holder or their representative.
Clear and precise description of the personal data with respect to which the Holder seeks to exercise any of the rights.
If necessary, other elements or documents that facilitate the location of personal data.

14.5. Rectification and updating of data

AUEN POSADA ANDINA has the obligation to rectify and update, at the request of the Holder, the information about them that turns out to be incomplete or inaccurate, in accordance with the procedure and terms indicated above. In this regard, the following will be taken into account: AUEN POSADA ANDINA has complete freedom to enable mechanisms that facilitate the exercise of this right.

14.6. Data deletion

The Holder has the right, at all times, to request AUEN POSADA ANDINA to delete their personal data when:

Consider that they are not being treated in accordance with the principles, duties and obligations provided for in Law 1581 of 2012.
They have ceased to be necessary or relevant for the purpose for which they were collected.
The period necessary to fulfill the purposes for which they were collected has been exceeded.
When it deems appropriate.

This deletion implies the total or partial elimination of personal information in accordance with what is requested by the owner in the records, files, databases or treatments carried out by AUEN POSADA ANDINA. It is important to keep in mind that the right of cancellation is not absolute and the person responsible may deny its exercise when:

The request for deletion of information will not proceed when the Holder has a legal or contractual duty to remain in the database.

The deletion of data hinders judicial or administrative actions linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

The data is necessary to protect the legally protected interests of the Holder; to carry out an action based on the public interest, or to comply with an obligation legally acquired by the Holder.

If the cancellation of personal data is appropriate, AUEN POSADA ANDINA must operationally carry out the deletion in such a way that the deletion does not allow the recovery of the information.

14.7. Revoke of authorization

The Holders of personal data may revoke consent to the processing of their personal data at any time, as long as this is not prevented by a legal provision.

There will be two (2) modalities in which the revocation of consent can occur. The first, regarding all of the consented purposes, that is, that AUEN POSADA ANDINA must completely stop processing the Holder’s data; the second can cover certain types of processing, such as for market studies.

Due to the above, it will be necessary for the Holder, when submitting the request to revoke consent to AUEN POSADA ANDINA, to indicate whether the revocation they intend to make is total or partial. In the partial revocation, it must be indicated which treatment the Holder does not agree with.

There will be cases in which consent, due to its necessary nature in the relationship between the Holder and person responsible for the fulfillment of a contract, cannot be revoked by legal provision.

14.8. Complaints procedure before the Superintendency of Industry and Commerce

The Holder or successor in title may only file a complaint with the Superintendence of Industry and Commerce once the consultation or claim process has been exhausted before AUEN POSADA ANDINA, in accordance with the aforementioned procedure.

15. DUTIES IN RELATION TO THE PROCESSING OF PERSONAL DATA

AUEN POSADA ANDINA will keep in mind, at all times, that personal data is the property of the people to whom it refers and that only they can decide about it. In this sense, their use will be only for those purposes for which they are duly authorized, and in all cases respecting Law 1581 of 2012 on the protection of personal data.

In accordance with the provisions of article 17 of Law 1581 of 2012, AUEN POSADA ANDINA undertakes to permanently comply with the following duties:

15.1. Duties regarding the data Holder

Request and keep, under the conditions provided in this policy, a copy of the respective authorization granted by the Holder.
Inform the Holder clearly and sufficiently about the purpose of the collection and the rights granted to them by virtue of the authorization granted.
Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data, that is, knowing, updating or rectifying their personal data.
Inform at the request of the Holder about the use given to their personal data.
Process queries and claims made in the terms indicated in this policy.

15.2. Duties regarding the quality, security and confidentiality of personal data

Observe the principles of truthfulness, quality, security and confidentiality in the terms established in Colombian legislation.
Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Update information when necessary.
Rectify personal data when appropriate.

15.3. Duties when the treatment is carried out through a Data Manager

Provide the Data Manager only with the personal data that you are authorized to provide to third parties.
Guarantee that the information provided to the Data Manager is true, complete, accurate, updated, verifiable and understandable.
Communicate in a timely manner to the Data Manager all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided remains updated.
Inform the Data Manager in a timely manner of the rectifications made to the personal data so that they can proceed to make the pertinent adjustments.
Demand that the Data Manager, at all times, respect the security and privacy conditions of the Holder’s information.
Inform the Data Manager when certain information is under discussion by the Holder, once the claim has been submitted and the respective process has not been completed.

15.4. Duties with the Superintendency of Industry and Commerce

Inform them of possible violations of security codes and the existence of risks in the administration of the Holders’ information.
Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

15.5. Duties when working as a Personal Data Manager

If AUEN POSADA ANDINA carries out data processing on behalf of another entity or organization (Responsible of Treatment), it must comply with the following duties:

Establish that the Responsible of Treatment is authorized to provide AUEN POSADA ANDINA with the personal data that it will process as Manager.
Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.
Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Timely update, rectify or delete data.
Update the information reported by those responsible for the treatment.
Process queries and claims made by the Holders in the terms indicated in this policy.
Refrain from circulating information that is being controversial by the Holder and whose blocking has been ordered by the Superintendence of Industry and Commerce.
Allow access to the information only to people authorized by the Holder or empowered by law for this purpose.
Inform the Superintendency of Industry and Commerce when violations of security codes occur and there are risks in the administration of the Holders’ information.
Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

16. INFORMATION SECURITY

In development of the security principle established in Law 1581 of 2012, AUEN POSADA ANDINA has adopted the technical, human and administrative measures that are necessary to provide security to the records, preventing their adulteration, loss, consultation, unauthorized or fraudulent use or access.

However, the client assumes the risks that arise from delivering this information in a medium such as the Internet, which is subject to various variables – attacks from third parties, technical or technological failures, among others. AUEN POSADA ANDINA will make its best technological effort to guarantee the security of the personal information of all its clients and/or users, using reasonable and current security methods to prevent unauthorized access, to maintain the accuracy of the data and guarantee the correct use of information.

17. INTERNATIONAL TRANSFER OF PERSONAL DATA

When data is sent or transferred to another country, it will be necessary to have the authorization of the Holder of the information that is being transferred. Unless the law states otherwise, the existence of said authorization is a necessary presupposition to carry out the international circulation of data. In this sense, before sending personal data to another country, those obliged to comply with this policy must verify that they have the prior, express and unequivocal authorization of the Holder that allows their personal data to be transmitted.

Such transfer of personal data is carried out only to third parties with whom AUEN POSADA ANDINA has a contractual, commercial and/or legal relationship.

18. POSSIBILITY OF CONTACT THROUGH THE WEBSITE

The website www.auen.com.co contains information that allows quick electronic contact with our company, as well as direct communication with us. If an interested party contacts AUEN POSADA ANDINA by means of an email or a contact form, the personal data transmitted by the interested party will be stored automatically. These personal data voluntarily transmitted by the interested party to AUEN POSADA ANDINA are stored for the purpose of processing them or contacting the interested party. There is no transfer of this personal data to third parties.

19. COOKIES

The website www.auen.com.co uses cookies. Cookies are text files that are stored on a computer system through an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by the unique cookie ID.

Using a cookie, the information and services of the website can be optimized with the user in mind. Cookies also allow website users to be recognized. The purpose of this recognition is to make it easier for users to use the website. The user of the website that uses cookies does not need to enter their access data each time they enter the website, since these are taken by the website, so the cookie is stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart using a cookie.

The interested party may prevent the installation of cookies through www.auen.com.co at any time by means of the corresponding configuration of the Internet browser used and, therefore, may permanently deny the installation of cookies. Furthermore, already installed cookies can be deleted at any time from the Internet browser or other software programs. If the user deactivates the setting of cookies in the Internet browser used, some functions of www.auen.com.co may not be accessible.

20. DATA COLLECTION THROUGH APPLICATIONS OR PLUGINS INTEGRATED INTO THE WEBSITE

The website www.auen.com.co has integrated other applications or plugins to be able to offer its services and facilitate the user experience of this website.

Each application operates under its own privacy policies, which will be presented below:

20.1. Instagram

Instagram is an application and social network owned by the American company Meta Platforms, Inc., recognized as Meta and formerly called Facebook, Inc.. Instagram allows users to create profiles to share photos and videos, among other functions.

AUEN POSADA ANDINA makes use of this application, which it has integrated into its website www.auen.com.co to display its most recent Instagram publications and connect to its users through it.

When the website www.auen.com.co is accessed, the web browser on the user’s computer system automatically downloads the display of the Instagram component. During the course of this technical procedure, Meta Platforms, Inc. becomes aware of which specific subsite of www.auen.com.co was visited by the user.

If the user is connected to their Instagram profile while visiting www.auen.com.co, Instagram will detect the specific subsite that was visited by the interested party. This information will be collected through the Instagram component and will be associated with the user’s respective Instagram account. If the user clicks on one of the Instagram buttons integrated into www.auen.com.co, such as the “Like” button, or sends a comment, Instagram will associate this information with the user’s Instagram account and store this data. If such transmission of information to Instagram is not desired by the user, they can prevent it by logging out of their Instagram account before accessing the website www.auen.com.co.

Instagram‘s privacy policy, which is available at https://privacycenter.instagram.com/policy, provides information about the collection, processing and use of personal data by Instagram. In addition, it explains what configuration options Instagram offers to protect user privacy.

20.2. LobbyPMS

Lobby is a PMS (Property Management System) software owned by the Colombian company Lobbypms S.A.S., which operates in the design of computer systems and other services related to this sector.

LobbyPMS is a hotel management software that works on the web, designed to facilitate some operational, administration and control tasks, such as reservation management, payments made by guests, accounting, among other functions.

This software can collect two types of data and information:

Non-personal, anonymous and non-identifiable information. LobbyPMS does not know the identity of the user who first enters the application without logging in or registering, but may collect technical and behavioral information such as: operating system type, browser type, screen resolution, keyboard and browser language, IP address, links that the user uses while browsing the application, entry date, time the page is accessed, duration of the page visit, among others.

Personal or individually identifiable information. It is the information that identifies the user and its privacy. The personal information collected by LobbyPMS consists of the personal data voluntarily entered by the user on the platform at the time of creating their profile, such as: name, surname, telephone number, email address and a password.

The LobbyPMS privacy policy can be consulted at https://lobbypms.com/politicas-lobbypms/.

20.3. Google Maps

The website www.auen.com.co incorporates the Google Maps link from its Google Business Account to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors.

To learn more information about data processing by Google LLC and its privacy policies, visit: https://policies.google.com/terms?hl=en-US.

20.4. Google reCAPTCHA

This site is protected by Google reCAPTCHA, a system that allows web servers to distinguish between human and automated access to websites.

To learn more about the terms and conditions of this service, please visit: https://policies.google.com/terms. Find more information about Google LLC‘s privacy policies at: https://policies.google.com/privacy.

20.5. CookieYes GDPR Cookie Consent

CookieYes GDPR Cookie Consent is a plugin that facilitates compliance with the GDPR (General Data Protection Regulation) through a banner integrated into the website.

To learn more about the terms and conditions of this service, please visit: https://www.cookieyes.com/privacy-policy/.

21. RESPONSIBILITY FOR CONTENT

The contents displayed on www.auen.com.co were created with great care. However, AUEN POSADA ANDINA is not responsible for third party information that may be transmitted or stored without their consent; nor is it under any obligation to investigate circumstances that indicate illegal activity. Obligations to delete or block the use of information under general laws remain unaffected. However, liability in this regard is only possible from the moment there is knowledge of a specific violation of the law. As soon as AUEN POSADA ANDINA becomes aware of any violation of the law, it will remove that content immediately.

22. LIABILITY FOR LINKS

The website www.auen.com.co contains links to external third-party websites, over whose content AUEN POSADA ANDINA has no influence. Therefore, AUEN POSADA ANDINA does not assume any responsibility for this external content. The respective provider or operator of the linked websites is responsible for their content. In the event that any of these links are related to operations or content that goes against the law, and that AUEN POSADA ANDINA has knowledge or is notified of these legal violations, said links will be immediately removed.

23. COPYRIGHT

The contents created by AUEN POSADA ANDINA and published on its website auen.com.co are subject to Colombian copyright law (Law 23 of 1982 and Andean Decision 351 of 1993).

Duplication, editing, distribution and/or any type of exploitation of the content published on auen.com.co requires the written consent of the respective author or creator (in this case, AUEN POSADA ANDINA). Any use without this express written consent is penalized by law and will be prosecuted by AUEN POSADA ANDINA.

Downloads and copies of the website auen.com.co are only permitted for private and non-commercial use.

The contents displayed on the website auen.com.co that have not been authored by AUEN POSADA ANDINA, will have their respective authorship recognized. However, if you are aware of any copyright infringement in what is published on the website www.auen.com.co, we request your direct notification to AUEN POSADA ANDINA. As soon as legal violations become known, such content will be removed immediately.

24. MODIFICATION AND/OR UPDATE OF THE PERSONAL DATA PROTECTION AND INFORMATION MANAGEMENT POLICY

AUEN POSADA ANDINA reserves the right to make modifications or updates to this Policy at any time, to address legislative developments, internal policies or new requirements for the provision or offering of its services or products.