Privacy policies

PRIVACY POLICY AND DATA PROCESSING ROYAL SAS


1. OBJECTIVE
Promote by ROYAL SAS, identified with NIT 800.133.553-4, adequate management in the protection of Personal Data in compliance with the provisions of Law 1581 of 2012 “By which general provisions are issued for the protection of personal data ” and Decree 1377 of 2013, “By which Law 1581 of 2012 is partially regulated.”
In consideration of the above, ROYAL SAS formulates the following Personal Data Processing Policy, which is mandatory for its recipients.

2. REACH
This Policy will apply to the Processing of Personal Data carried out in Colombian territory, or when the rule is applicable to the person responsible and/or in charge of the Treatment located outside Colombian territory, by virtue of international treaties, contractual relationships, etc.
The principles and provisions contained in this Policy will apply to Databases that contain personal information and that are under the custody of ROYAL SAS, either as responsible party and/or as person in charge of the Processing of Personal Data.
All ROYAL SAS organizational processes that involve the Processing of Personal Data must be subject to the provisions of this document.

3. POLICY RESPONSIBLE
This Policy is mandatory and strict compliance by the following people:


-Legal representatives of ROYAL SAS
-ROYAL SAS workers
-Contractors and third parties acting on behalf of ROYAL SAS or providing their services to it, under any type of contractual modality, under which there is Processing of Personal Data.
– Shareholders and tax auditors.
-Other people established by law.


Failure to comply with this Policy will give rise to labor, criminal or civil sanctions, depending on the case.

4. DEFINITIONS
In accordance with current legislation on the matter, the following definitions are adopted:
Owner: natural person whose Personal Data is the subject of Processing.
Authorization: Prior, express and informed consent of the Owner to carry out the Processing of Personal Data.
Database: Organized set of Personal Data that is subject to Treatment.
Personal data : Any information linked or that can be associated with one or several specific or determinable natural persons.
Public data : It is data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of people, their profession or trade, and their status as a merchant or public servant. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality.
Sensitive Data : Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data.
Data Processor: Natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of Personal Data on behalf of the person responsible for the Processing of Personal Data.
Responsible for the Treatment: Natural or legal person, public or private, who alone or in association with others, decides on the Database and/or the Processing of Personal Data.
Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
Transfer: The transfer of Personal Data takes place when the person responsible and/or in charge of the Processing of Personal Data, located in Colombia, sends the information or Personal Data to a recipient, who in turn is Responsible for the Treatment and is located within or outside the country.
Transmission: Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the person responsible.
Privacy Notice: Verbal or written communication generated by the person responsible for the Treatment, addressed to the Owner for the Treatment of their Personal Data, through which they are informed about the existence of the information Treatment policies that will be applicable to them, the form to access them and the purposes of the Treatment that is intended to be given to the Personal Data.

5. PRINCIPLES
In accordance with current legislation on the matter, the following principles are adopted:
• Principle of Legality regarding the Processing of Personal Data: The Processing of Personal Data in Colombia is a regulated activity and therefore the business processes and recipients of the standard must be subject to its provisions.
• Principle of Freedom: Treatment can only be carried out with the prior, express and informed consent of the Owner. Personal Data may not be obtained, processed or disclosed without prior Authorization, or in the absence of a legal or judicial mandate that requires consent.
• Principle of Purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner in a concrete, precise and prior manner so that he or she expresses his or her informed consent.
•Principle of Truth or Quality: The information subject to Treatment must be true, complete, exact, updated, verifiable and understandable. The Processing of Personal Data that is partial, incomplete, divided or misleading is prohibited.
• Principle of Transparency: In the Treatment, the right of the Owner to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.
• Principle of Access and Restricted Circulation: Treatment is subject to the limits derived from the nature of the Personal Data, the provisions of the law and the Constitution. In this sense, the Treatment can only be carried out by people authorized by the Owner and/or by the people provided for by law.
• Personal Data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide knowledge restricted only to the Owners or authorized third parties in accordance with the provisions herein. .
• Security Principle: The information subject to Treatment by the Data Controller or Data Processor referred to in the law must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration. unauthorized or fraudulent loss, consultation, use or access.
• Principle of Confidentiality: All persons involved in the Processing of Personal Data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the Processing has ended, and may only supply or communicate Personal Data when this corresponds to the development of activities authorized by law and in its terms.


6.DUTIES OF THE POLICY RECIPIENTS
The duties of the recipients of this Policy are those set forth below, without prejudice to any additional duties imposed by Law 1581 of 2012 and Decree 1377 of 2013:


6.1 WHEN THEY ARE RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
– Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data, that is, knowing, updating or rectifying their Personal Data.
– Request and keep, under the conditions provided in this Policy, a copy of the respective Authorization granted by the Owner.
– Inform the Owner of the Personal Data in a clear, sufficient and prior manner about the purpose of the information provided.
– Collect only Personal Data that is relevant and appropriate for the purpose for which it is collected.
– Process queries and claims formulated in the terms indicated in this Policy.
– Observe the principles established in this Policy.
– Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
– Update the information, communicating in a timely manner to the Data Processor, all the news regarding the Personal Data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated.
– Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.
– Provide the Data Processor, as the case may be, only Personal Data whose Processing is previously authorized.
– Demand that the Data Processor at all times respect the security and privacy conditions of the Owner's information.
– Process queries and claims formulated in the terms indicated in this Policy.
– Adopt an internal manual of policies and procedures to guarantee the adequate Treatment of Personal Data in accordance with the provisions applicable to the matter in question, as well as the instructions issued in this regard by the Superintendence of Industry and Commerce.
– Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed.
– Inform at the request of the Owner about the use given to their Personal Data.
– Inform the Personal Data Protection Authority when violations of security codes occur and there are risks in the administration of the Owners' information.
– Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
6.2 WHEN THE RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
– Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.
– Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
– Timely update, rectify or delete Personal Data in the terms of this law.
– Update the information reported by those responsible for the Treatment within five (5) business days from receipt.
– Process queries and claims made by the Owners.
– Adopt an internal manual of policies and procedures to guarantee the adequate Treatment of Personal Data in accordance with the provisions applicable to the matter in question, as well as the instructions issued in this regard by the Superintendence of Industry and Commerce.
– Register in the Database the legend “claim in process” in the manner in which it is regulated by law.
– Insert in the Database the legend “information under judicial discussion” once notified by the competent authority about judicial processes related to the quality of the Personal Data.
– Refrain from circulating information that is being controversial by the Owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.
– Allow access to information only to people who can have access to it.
– Inform the Superintendency of Industry and Commerce when violations of security codes occur and there are risks in the administration of the Owners' information.
– Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

7. THAT ASSIST THE HOLDERS OF PERSONAL DATA:
to. Know, update and rectify your Personal Data before those responsible for the Treatment or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Processing is expressly prohibited or has not been authorized.
b. Request proof of the Authorization granted to the person responsible for the Treatment except when it is expressly excepted as a requirement for the Treatment (cases in which Authorization is not necessary).
c. Be informed by the person responsible for the Treatment or the Processor, upon request, regarding the use that has been given to your Personal Data.
d. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of this law and other regulations that modify, add or complement it.
and. Revoke the Authorization and/or request the deletion of Personal Data when the Processing does not respect constitutional and legal principles, rights and guarantees.
F. Free access to your Personal Data that has been processed.

8. LEGITIMATION FOR THE EXERCISE OF THE RIGHTS OF THE OWNER
The rights of the Owners may be exercised by the following people:
to. By the Owner, who must sufficiently prove his or her identity by the different means made available by the person responsible for the Treatment.
b. By their successors, who must prove such quality.
c. By the representative and/or attorney-in-fact of the Owner, prior accreditation of the representation or power of attorney.
d. By stipulation in favor of another or for another.
and. The rights of children and adolescents will be exercised by the people authorized to represent them.

9. PEOPLE TO WHOM THE PERSONAL DATA OF THE OWNER CAN BE PROVIDED
to. To the Owners, their successors or their legal representatives.
b. To public or administrative entities in the exercise of their legal functions or by court order;
c. To third parties authorized by the Owner or by law.

10. PURPOSES OF THE TREATMENT
In compliance with the Principle of Purpose, the Processing of Personal Data by ROYAL SAS, as responsible or in charge thereof, will be governed by the following parameters:

10.1. PERSONAL DATA RELATED TO HUMAN RESOURCE MANAGEMENT
to. Before the contractual relationship.
ROYAL SAS collects, stores, consults, uses and processes the information and Personal Data of employee candidates, informing them in advance of the rules applicable to the Processing of Personal Data that they provide. In any case, the purpose of the delivery of Personal Data is limited to your participation in the selection process and subsequent traceability, so its use for other purposes is prohibited.
The information provided by candidates for a vacant position at ROYAL SAS will remain stored for up to five (5) years from the date of the last Treatment, to comply with the applicable provisions in administrative, accounting, tax, and legal matters. and historical information and any other legal obligation.
The Personal Data and information obtained from the selection process regarding the selected workers or contractors will be stored by ROYAL SAS under strict security measures.
b. During and after the termination of the contractual relationship.
ROYAL SAS collects, stores, consults, uses, shares, exchanges, transmits, transfers, circulates and processes the personal information that its employees have provided to it for the purpose of executing and developing the employment contract, as well as applying the legislation, jurisprudence and regulations on labor matters, social security, occupational risks, granting benefits to the employee and his beneficiaries and any other purpose that is necessary for the proper fulfillment of the employee-employer relationship.
ROYAL SAS also stores, uses, shares, exchanges, transmits, transfers, circulates and processes the information and Personal Data of retired employees, pensioners, retirees, related third parties, family groups, beneficiaries and other people who have or have had an employment contract with ROYAL SAS
ROYAL SAS will store the Personal Data of its employees in a folder identified with the name of each of them. Access to this folder is limited to the Human Management Area and the Legal Area of ​​ROYAL SAS, with the sole purpose of managing the contractual relationship.
The information will remain stored physically or in electronic media, following the provisions of article 264 of the Substantive Labor Code, or stored for the maximum term necessary to comply with the legal and/or contractual obligations under our charge, especially in accounting and contractual matters. , fiscal and tax.
10.2. PERSONAL DATA OF SUPPLIERS
ROYAL SAS collects, stores, consults, uses, shares, exchanges, transmits, transfers, circulates and processes the personal information that its suppliers have provided to it as part of the process of acquiring the goods or services supplied to ROYAL SAS, before, during and after the contractual relationship.
ROYAL SAS will collect the Personal Data of the supplier's employees, whenever this is necessary for security reasons according to the nature of the contracted service.
10.3. PERSONAL DATA OF CUSTOMERS
ROYAL SAS collects, compiles, stores, consults, uses, shares, exchanges, transmits, transfers and circulates the Personal Data of its clients before, during and after the contractual relationship, but not beyond the reasonable period required by the purpose for which it was informed to the Owner, and even if a contractual relationship is not formalized, to carry out the purposes listed below:
to. Processing and rectification of information necessary to process reservations at the SOUNDBAY HOUSE.
b. Update or correction of information during your stay at the SOUNDBAY HOUSE. c. Offer, celebration and execution of lodging contracts and any other service related to the guest's travel experience at the SOUNDBAY HOUSE.
d. Offer, celebration and execution of rental contracts for events at the SOUNDBAY HOUSE.
and. Control and prevention of fraud, money laundering and terrorist financing.
F. Preparation of market and statistical studies.
g. Sending information or offering services associated with the corporate purpose of ROYAL SAS
h. Sending offers and/or commercial or service communications to the physical or email address indicated in the data registration forms completed by the guest.
Yo. Contact with the guest by telephone, for notification of offers and/or commercial or service communications
j. Sending satisfaction surveys to know the quality of the services provided by ROYAL SAS
10.4. PERSONAL DATA OF THE COMMUNITY IN GENERAL.
The collection of Personal Data of natural persons that ROYAL SAS carries out in the development of its corporate purpose will be subject to the provisions of this Policy.

11. INTERNATIONAL TRANSFER OF PERSONAL DATA
Transfer of Personal Data to countries that do not provide adequate levels of Personal Data protection is prohibited. Safe countries are understood to be those that comply with the standards set by the Superintendency of Industry and Commerce. However, the above, exceptionally the Transfer is allowed when:

• The Owner of the Personal Data has authorized it expressly and unequivocally.
• Bank or stock transfers, in accordance with the applicable legislation.
• Transfers agreed within the framework of international treaties to which Colombia is a party, based on the principle of reciprocity.
• Transfers necessary for the execution of a contract between the Owner and the person responsible for the Treatment.
• Transfers legally required to safeguard the public interest or for the recognition, exercise or defense of a right in a judicial process.

12. PERSON OR AREA RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA
The Administrative Vice Presidency and Income Optimization will ensure compliance with this Policy within ROYAL SAS and will process the requests of the Owners, who can be contacted at info@soundbayhouse.com to exercise the rights to which they are granted. refers to Law 1581 of 2012, Decree 1377 of 2013 and this Policy.

13. TEMPORALITY OF PERSONAL DATA
The permanence of the Personal Data in the ROYAL SAS information systems will be determined by the purpose of the Treatment. Once the purpose has been exhausted, ROYAL SAS will proceed to destroy or return it, unless the law imposes an obligation to preserve it for a longer period. To do so, the Document Retention Table of the area responsible for processing the data will be taken into account, in accordance with the policy. document management agreement-006-2014.

14. INFORMATION SECURITY
In the management of information, the guarantees and confidentiality imposed by the Political Constitution of Colombia, the regulations on the protection of personal data and other concordant and complementary regulations will be maintained. For these purposes, ROYAL SAS has adopted the legally required levels of security for the protection of personal data, installing the necessary technical and organizational measures to prevent loss, misuse, adulteration, unauthorized or fraudulent consultation, use or access, and theft. of the data provided.

ROYAL SAS is not responsible for any consequences derived from the improper entry of third parties to its web pages, or for any technical failure in its operation. Likewise, it does not assume responsibility for any inaccurate data or typographical errors that the contents uploaded to the network by the portal administrator may contain.

15. ATTENTION OF CONSULTATIONS
The User of the information provided may exercise at any time the rights granted by Article 8 of Law 1581 of 2012, among which is requesting information; know, update, rectify and request the deletion of your personal data; and request proof of the authorization granted and revoke it. Notwithstanding the above, personal data must be preserved when required to comply with a legal or contractual obligation, in accordance with Law 1581 of 2012, its regulatory decrees and other regulations that complement or modify it.
The User who does not wish to be contacted after the delivery of their information or personal data must:
1. State such decision when filling out the data collection forms.
2. When you receive information via email, you can unsubscribe from the contact list by clicking on the secure subscription link, which will be clearly marked.
3. Expressly request your decision not to receive further information by contacting the email info@soundbayhouse.com with the subject “unsubscribe”.
The area in charge of channeling requests regarding data protection at ROYAL SAS is the Customer Service area, which will be responsible for providing personalized attention to all Users and Information Holders.

16. DATA OF THE CONTROLLER OF PERSONAL DATA PROCESSING
Name: ROYAL SAS
NIT: 800.133.553-4
Address: Calle 10 # 53-59 Of 302N, Edificio Country, Cali.
Email: info@soundbayhouse.com