PRIVACY NOTICE

This document constitutes the Privacy Notice for the purposes of the provisions contained in the Federal Act for Protection of Personal Data in Possession of Private Persons and the provisions emanating therefrom or relating thereto. This Privacy Notice applies to personal Owner information collected by OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., as the Responsible Person. This Privacy Notice has the following terms and conditions:

  1. DEFINED TERMS

    For the purposes of this Notice and in accordance with the Federal Act for Protection of Personal Data in Possession of Private Persons, the following terms will have the meanings that follow each:

    • Privacy Notice: Is a hard copy or an electronic file generated by the responsible person and made available to the owner, prior managing of his/her personal data
    • Personal Data: Any information that relates to an identified or identifiable individual
    • Sensitive Personal Data: Is Personal data affecting owner’s most intimate sphere of being, undue use of which may result in discrimination or may pose a serious risk thereto.
    • ARCO Rights: An acronym for Access, Rectification, Cancelation and Opposition which every Owner is entitled to exercise in accordance with the provisions contained in the Federal Act for Protection of Personal Data in Possession of Private Persons and subject to exceptions therein established and contained in this Privacy Notice, in relation to Personal Data collected by Responsible Person and/or Persons in Charge related to the former, as describe below:
    • Access Right: Is the Owner’s right to access to know about Personal Data in relation to himself/herself that is in possession of Responsible Person in question or Persons in Charge related to the former, and with whom has such Personal Data been shared and the purpose thereof.
    • Rectification Right: Every Owner is entitled to rectification of Personal Data when inaccurate or incomplete.
    • Cancellation Right: Every Owner is entitled to request at any time the elimination of his/her
    • Personal Data:, which will occur following blocking period. Blocking implies identification and maintaining of Personal Data, upon completion of the purpose to which they were collected, the purpose of which is to determine potential liability in relation with management thereof, up to the legal prescription term or contractual term thereof. Within such period, Personal Data will not be object of any management and upon completion of the period; such Personal Data will be eliminated from the pertinent database or file. Upon elimination of the pertinent Personal Data, the Responsible Person will deliver Owner pertinent notice. In the event Personal Data had been transferred prior the date of rectification or cancellation and such third parties continue managing the Personal Data, Responsible Person will communicate the third party in question, such rectification or cancellation request, so that such third party may proceed to give compliance thereto.
    • Right of Opposition: The Owner is entitled at all times to request, provided under lawful cause, to have Responsible Person sees managing his/her Personal Data.
    • Responsible Person: Means the individual or legal entity controlling the management of Owner’s Personal Data, and in this case is OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V.
    • Person in Charge: Means the individual or legal entity managing Personal Data in name of Responsible Person, individually or jointly with third parties.
    • Owner: Is the individual owner of Personal Data, or person authorized to deliver Personal Data of a third party in terms with applicable laws, making available such Personal Data to Responsible Person.
  2. OWNER’S CONSENT

    For the purposes of the provisions contained in article 17 of the Federal Act for Protection of Personal Data in Possession of Private Persons, Owner recites:

    1. that this Privacy Notice has been made known thereto by Responsible Person,
    2. having read, understood and agreed terms contained in this Privacy Notice, consenting regarding managing of Personal Data for the purposes of Federal Act for Protection of Personal Data in Possession of Private Persons and all other applicable laws. In the event Personal Data collected include sensitive or financial Personal Data, by signing pertinent agreement in hard copy or by electronic means and following pertinent process for establishment of consent such as, without limitation, delivery of Personal Data through dialogue screens or viewing and going through the page containing terms and conditions and acts constituting Owner’s express consent in terms of paragraph two article 8 of the Federal Act for Protection of Personal Data in Possession of Private Persons and all other applicable laws and
    3. consenting OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., or Persons in Charge under OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. control, transfer Personal Data to domestic or foreign third parties, in the understanding that management by such third parties of own Personal Data must adhere to the provision contained in this Privacy Notice.

    In the event Owner does not opposed to the terms contained in this Privacy Notice within 48 hours following the time this Privacy Notice was made available thereto, contents will be deemed as agreed and consented, in terms of paragraph three article 8 of the Federal Act for Protection of Personal Data in Possession of Private Persons. Owner’s consent may be revoked at any time by Owner himself/herself without retroactive effects in terms and in accordance with procedure establish below to such effect hereunder.

    Regardless any provision contained in this Privacy Notice, Owner acknowledges that his/her consent will be not be required for managing Personal Data by Responsible Person or by third parties in any of the cases identified under Article 10 of the Federal Act for Protection of Personal Data in Possession of Private Persons.

  3. PURPOSE OF THIS PRIVACY NOTICE; END OF PERSONAL DATA

    The purpose of this Privacy Notice is the establishment of terms and conditions by virtue of which OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., (or the Person in Charge appointed by OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. (i) will receive and protect Owner’s Personal Data, to the effect of protecting privacy thereof and Owner’s right to information self-determination, in adherence to the provisions contained in the Federal Act for Protection of Personal Data in Possession of Private Persons; (ii) will use Owner’s Personal Data, and (iii) as applicable will perform Personal Data transfer to third parties.

    The Responsible Person will collect and manage Owners’ Personal Data, that is, information that may reasonably identify Owner, through reception of documents, in hard copy and/or digital format. Examples being, without limitation, information Responsible Person may collect: name and last name; date of birth; age, civil status, nationality, domicile, whether home address, work address or tax address; e-mail, own or at worksite; telephone number, own or at worksite; cell phone number; credit card number, debit card number or any bank account number; Federal Taxpayer Registry Code (Registro Federal de Contribuyente -RFC); Sole Population Registration Code (Clave Unica de Registro de Poblacion-CURP); Instituto Mexicano del Seguro Social membership number; and any other similar information. Personal Data collection may occur upon Owner visiting Responsible Person’s points of sale, upon establishing telephone communication with Responsible Person or with Persons in Charge (including the area of clients support), or else, by directly delivering to Responsible Person or by using e-mail or Responsible Person websites, voluntarily of information through dialogue windows enable at sites, or by using automatic data entry tools. Such tools allow collection of information send by your browser to such websites, such as the kind of browser you use, user’s language, access times, IP address of websites used to access Responsible Person or Persons in Charge sites. Included as documents that may be collected by OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., to verify Personal Data Owner identity is voters card; if a foreign Migratory Form (FM2 or FM-3) release Mexican military service identity card, Federal Taxpayer Registry ID Card; Sole Population Registry ID Card; as proof of domicile: water bill, real estate tax bill, electric power bill; a special credit report issued by a Credit Bureau. For potential employees or employees, the latter may include certificate of birth; graduation certificates; an account statement issued by the retirement Fund Administrator (Afore); tax withholding return, medical checkup, psychometric and socioeconomic studies report by OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. Also included are Personal Data of relatives, dependents or beneficiaries, such as name and last name, date of birth, domicile and phone number and applicable supporting documents, such as birth certificate and/or marriage certificate.

    Responsible Person may also collect Personal Data from public access sources and other sources available in the market where Owner could have consented to the sharing of own personal information or where owner provided anonymous demographic information associated to a certain geographic area.

    Owner’s Personal Data are collected and managed by Responsible Person or Persons in Charge thereof in order to allow Owner, the performance of following activities in relation to Responsible Person:

    1. Request, contract, change or cancel services;
    2. Make online payments;
    3. Request digital invoice or documentary support;
    4. Request a services quotation or information;
    5. Make online reservations through the webpage
    6. Make phone reservations
    7. Make reservations directly at the Hotel sites
    8. Contact Client Support Service Area;
    9. Receive printed advertising or electronic advertising, including online marketing, telemarketing on products and services;
    10. Take part in surveys;
    11. Use the several services from their pertinent websites, including content and format downloading;
    12. Notify Responsible Person about any issues with website;
    13. Participate in trivia, raffles, games and competition;
    14. Make comments or suggestions about products and services;
    15. Payment processing, and
    16. Any other activity similar to those described in the above paragraphs.

    Also, Responsible Person, directly or through the Persons in Charge, may use Personal Data to the following ends:

    1. Send advertising notices, hotel news to Owner through telephone, printed, electronic and personal means;
    2. Manage lodging reservation service processing
    3. Manage service quality, guest complaints and attention processing;

    When about potential employees and actual employees of OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., the following activities will be performed:

    1. Complete recruiting, selecting and contracting of personnel process;
    2. Manage of tax assessment, obligation, invoice, any receipt for fees and consideration and personnel taxes and contributions payment process;
    3. Manage personnel obligation and benefit process:
    4. Manage consideration and personnel tax and contribution payment process;
    5. Manage actual and logical access monitoring and control to company facilities and assets process;
    6. Maintain personnel database updated;

    Regarding OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. providers, the following activities will be completed:

    1. Updated provider database manage
    2. Provider payment process

    OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., requires sharing Personal Data with database administration and management service providers; Personal Data automated management and storage service providers; e-mail authentication and validation service providers; personnel contracting; auditing services and other services similar to those described.

    Collection of data when browsing OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. webpage and websites. Included as automatic collection tools of data used by OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., at its websites and webpage are cookies, web beacons, and e-mail links.

    The use of Cookies

    Appropriate operation of OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V.’s sites and those of OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V.’s providers require enabling “cookies” in your web browser. "Cookies" are small data files transferred by website into your computer’s hard drive when you browse through the site. Cookies may be per session or permanent. Session cookies do not remain in your computer after you close your browsing session, permanent cookies however remain in computers until eliminated or expired. Most browsers automatically accept cookies by virtue of predetermined configuration, you may adjust your browser’s preferences to accept or reject cookies. Cookie deactivation may inhibit several OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. websites or may not allow to seeing it properly. Should you eliminate cookie information sent by OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., you may eliminate files at the end of each browser session. Any pertinent information may be consulted at main Internet browser websites.

    Use of Web beacons (also known as Internet tax, pixel tax and clear GIFs).- OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. may use at its websites and HTML e-mails Web beacons, individually or jointly with cookies, to collect information regarding website use and interaction with e-mail. Web beacon is an electronic image, called of a single pixel (1x1) or GIF that is able to recognize information processed in your computer such as cookies, time and date you where in the site and the different sections.

    Link between OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. mails. E-mails including links allowing OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. knowing whether you activated the link and visited the destination webpage, with capacity to include such information into your profile. Should you prefer OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. ceases to collect information about your interaction with such links, you may elect to modify OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. communication format, (for example, have the message be delivered as text only and not in HTML format) or you may ignore the link and without access in its contents. OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. may include links designed to direct you to pertinent sections in websites, or redirecting you through OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. servers. Redirecting allows OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. to modify URLs of such links if needed, also allow OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. to determine efficiency of online marketing campaigns. Personal Data obtained by OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. from commercial sources may be used jointly with Personal Data collected through its website. For example, OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. may share geographical dissociated information obtained from commercial sources under the IP address collected by automatic data collection tools in order to provide you with information or relevant promotions of your geographical area. Minor Protection: OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., encourages parents and/or tutors to actively take part in their children online activities. Should OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V, deem that Personal Data had been provided by a minor contravening this Privacy Notice, OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., will proceed to eliminate such Personal Data as soon as possible. Should you become aware that such Personal Data had been provided by a minor having less than 18 years old, please e-mail to the following address: datospersonales@park-royalhotels.com.

  4. DATA TRANSFER

    Once read, understood and agreed the terms contained in this Privacy Notice, the Owner gives a consent to Responsible Person or any Person in Charge to make Personal Data transfers to domestic or foreign third parties, in the understanding that managing by such third parties to Owner’s Personal Data must adhere to the provisions contained in this Privacy Notice.

    For the purposes contained in this Section 4, but subject to the provisions of its last paragraph, Responsible Person informs Owner that in order to be able to deliver products, services and solutions to its clients, consumers, employees, providers and all other users of its services, Responsible Person and/or Persons in Charge have executed or will execute a number of business agreements with product suppliers and service providers, both in domestic territory as well as abroad, to deliver, among other: e-mail; database management and administration; Personal Data automated managing and storage; client support call center; Authentication and validation of email; telemarketing; credit card terminal; electronic invoicing; marketing; payroll and social security benefit management; personnel contracting; auditing services and other similar services. Owner’s authorization granted hereunder will entitle Responsible Person and/or Persons in Charge to transfer Owner’s Personal Data through such providers, in the understanding that such providers are bound, by virtue of pertinent contract to maintain confidentiality of Personal Data delivered thereto by Responsible Person and/or Persons in Charge and to adhere to the terms contained in this Privacy Notice. Responsible Person and/or Persons in Charge may transfer Personal Data collected from Owner to any other company within the same business group to which Responsible Person belongs operating with the same internal processes and policy, whether in domestic territory or abroad for management with the same purpose and ends described in this Privacy Notice. Responsible Person and/or Persons in Charge may transfer your Personal Data to third parties supporting Responsible Person and/or Persons in Charge to perform with any contracts or legal relations with Owner.

    Your personal information may be transferred, stored and processed in a country other than where delivered. If we transfer information we will do it in accordance with applicable information protection laws. We take measures to protect personal information regardless the country where it is stored or where it is transferred to. We have implemented prompt procedures and controls to achieve such protection.

    We reserve ourselves the right to transfer your Personal Data in the event the entirety or part of our business or assets is sold or transferred. In the event of such sale or transfer we will exercise our best effort to urge the following owner to make use of Personal Data in adherence to this Notice. If you wish your Personal Data not be managed following transfer thereof, you must then contact the new owner.

    Regardless the provisions contained in this Section 4 or anywhere else in this Privacy Notice, the Owner acknowledges and agrees that Responsible Person requires no authorization or confirmation from such Owner to transfer domestic or international Personal Data in the cases foreseen under Article 37 of the Federal Act for Protection of Personal Data in Possession of Private Persons or in any other exception case foreseen therein or in all other applicable laws.

  5. SAFEKEEPING AND SAFETY OF PERSONAL DATA

    Responsible Person and/or Persons in Charge thereof will maintain Owner’s Personal Data as long as require for processing information, product and/or service request, and to maintain accounting, financial and auditing records in terms of the Federal Act for Protection of Personal Data in Possession of Private Persons and any commercial, tax and administrative law in force. Owner’s Personal Data collected by Responsible Person and/or Persons in Charge thereof will find theme protected by administrative, technical and physical appropriate safety measures against, harm, loss, mismanagement, destruction or use, unauthorized use or management, in accordance with the provisions contained in the Federal Act for Protection of Personal Data in Possession of Private Persons and any administrative regulation deriving therefrom. Regardless the above, OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V. does not guarantee that unauthorized third parties have no access to actual or logical systems of Owners or Responsible Person or electronic documents and files store in its systems. Therefore OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., will under no event be responsible for harm and damage deriving from such unauthorized access.

  6. PERSONAL DATA DEPARTMENT

    Should you have any question, comment or require any further information in relation to our Privacy Notice, please contact our Personal Data Department:

    OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V.
    Boulevard Kukulkan km 12.5, lote 18
    Zona hotelera, Cancun, Quintana Roo
    C.P. 77500
    E-mail: datospersonales@park-royalhotels.com

    For the purposes contained in fraction I Article 16 of the Federal Act for Protection of Personal Data in Possession of Private Persons, the Responsible Person domiciled is that established under Section 6 of this Privacy Notice.

  7. PROCEDURE TO EXERCISE ARCO RIGHTS

    In order to exercise ARCO Rights, the Owner or Owner’s representative may file an access, rectification, cancellation or opposition request containing the following and documents:

    1. Name of Owner and domicile and any other means to communicate the reply to Owner’s request;
    2. Documents evidencing identity (hard simple copy or electronic copy of voters card, passport or FM-2 or FM-3) or, as applicable, that of Owner’s legal representative (hard simple copy or electronic file of proxy bearing the Owner’s autograph signature, the name of representative and their respective official IDs –(voters card, passport, FM-2 or FM-3);
    3. Accurate and clear description of Personal Data regarding which Owner is seeking to exercise any ARCO Rights, and
    4. Any other element or document facilitating the location of Owner’s Personal Data.

    In the event of Personal Data rectification request, pertinent Owner must also indicate the modifications to be made and contribute documents supporting Owner’s request.

    For reception, registration and service to request to exercise access, rectification, cancellation and opposition right regarding Owner’s Personal Data, and to limit use or disclosure of data and all other rights foreseen under the Federal Act for Protection of Personal Data in Possession of Private Persons contact to:

    E-mail: datospersonales@park-royalhotels.com

    To access the request formats and documents available to you go to www.park-royalhotels.com.

    Responsible Person or Persons in Charge will reply Owner within twenty business days as from the date access, rectification, cancellation or opposition request was received, the resolution adopted to the effect that if applicable, the same will enter into effect within fifteen days following the date Owner receives the reply. When about access request to Personal Data, Responsible Person or Persons in Charge will proceed to the delivery prior crediting of requesting parties identity or that of requesting party’s representative, as applicable. Above referred to terms may be extended only in terms of the Federal Act for Protection of Personal Data in Possession of Private Persons.

    Delivery of Personal Data will be gratuitous, on you will only pay supported expenses of shipping or copy reproduction or any other format. Should Owner make a second request within a term shorter than twelve months, must pay pertinent cost equivalent to 1.5 days of Current Minimum Wage that is paid in the Federal District, in terms of the Federal Act for Protection of Personal Data in Possession of Private Persons, unless substantial amendments in the Privacy Notice motivate new queries.

    For the purposes of Personal Data cancellation request, in addition to the provisions contained in this Privacy Notice, the provisions of Article 26 of the Federal Act for Protection of Personal Data in Possession of Private Persons, including Personal Data cancellation exception cases must be followed.

    The filing of a request opposing to the use of Personal Data by Owner thereof, will entitle Responsible Person to oppose the use of Personal Data delivered by Owner to the other party.

  8. CHANGES TO PRIVACY NOTICE

    OPERACION Y SUPERVISION DE HOTELES, S.A. DE C.V., reserves itself the right to periodically update this Notice reflecting changes in our information management practice. Owner must periodically review the contents of Privacy Notice at www.park-royalhotels.com. Responsible Person, will understand that Owner’s failure to express otherwise, will be understood as Owner have been read, understood and agreed the terms published, constituting Owner’s consent to changes containing such updates regarding management of Owner’s Personal Data for the purposes of Federal Act for Protection of Personal Data in Possession of Private Persons and all other applicable laws.




Procedimiento para el ejercicio de los derechos ARCO