OFFICIAL GHL HOTELES WEBSITE

GHL Hotels Data protection Latinoamérica

A GHL experience
Free Wifi
Select a language:
Languages
GHL Hoteles - - {{pagina.nombre}}

GHL Hotels Data protection

Data protection Latinoamérica

**PERSONAL DATA HANDLING POLICY**

**I. INTRODUCTION**

Holding Hotelera GHL S.A.S, its subsidiary companies, affiliates, and the companies that comprise it (hereinafter "GHL"), recognize the importance of privacy and are committed to protecting the personal data of guests, clients, visitors, collaborators, suppliers, and in general, any third party that may be related to GHL.

This personal data handling policy (the "Policy") aims to inform the general public about how GHL handles the personal data of data subjects (as defined below) that are in its databases.

**II. OBJECTIVE**

To establish general guidelines for the effective management of personal data protection under which GHL carries out the processing thereof, to inform data subjects of their rights, and to provide the channels and mechanisms established by GHL for their exercise.

**III. SCOPE**

This Policy applies to all personal data of data subjects processed by GHL as the controller thereof.

**IV. DEFINITIONS**

For the purposes of this Policy, terms starting with capital letters and included throughout this document will have the meanings assigned below, whether used in the plural or singular.

Authorization: Means the prior, express, and informed consent of the data subject to carry out the Processing of their Personal Data.

Database: Is the organized set of Personal Data subject to Processing, whether electronic or not, regardless of the mode of its formation, storage, organization, and access.

Candidates: Refer to natural persons who have applied for a position at GHL.

Collaborators: Refer to natural persons who provide services to GHL under an employment contract.

Financial Data: Refers to all Personal Data related to the birth, execution, and termination of monetary obligations, regardless of the nature of the contract giving rise to them, whose Processing is governed by Applicable Regulations.

Personal Data: Refers to any information, linked or that can be associated with one or more specific natural or legal persons, including Financial Data and Sensitive Data.

Public Data: Refers to Personal Data classified as such according to Applicable Regulations, if any, and consequently, it is data that is not semi-private, private, or sensitive. Public data includes, among others, data related to the civil status of individuals, their profession or occupation, their status as a merchant or public servant, and those that can be obtained without any reservation. By its nature, public data may be contained, among others, in public records, public documents, gazettes, and official bulletins, judicial judgments duly executed that are not subject to reservation.

Sensitive Data: Refers to Personal Data that affects the privacy of the data subject or whose misuse could lead to their discrimination, such as data revealing union membership, racial or ethnic origin, political orientation, religious, moral or philosophical beliefs, membership in unions, social organizations, human rights organizations, or promoting interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Processor: Refers to the natural or legal person, public or private, who by themselves or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller. A processor includes any provider, ally, or third party who, on behalf of GHL, processes data.

Applicable Regulations: As defined in the annex corresponding to each country or jurisdiction included in this Policy.

Owners: Refer to the owners of the ownership rights of the properties where the hotels operated by GHL are located.

Suppliers: Refer to natural and/or legal persons who supply goods and/or services to GHL.

Data Controller: Refers to the natural or legal person, public or private, who, by themselves or in association with others, decides on the Database and/or the Processing of Personal Data.

Data Subject: Refers to the natural person whose Personal Data is subject to Processing, as a result of the relationship between the Data Subject and GHL. The Data Subject includes Candidates, clients, collaborators, suppliers, owners, shareholders, and any person in general who provides their data to GHL as the Data Controller.

Transfer: Occurs when the Data Controller and/or Processor of Personal Data, located in a specific jurisdiction, sends the information of personal data to a recipient, who in turn is responsible for the processing and is located inside or outside the country.

Processing: Refers to any operation or set of operations systematically carried out, whether automated or not, which allows the collection, storage, organization, storage, modification, relation, use, circulation, evaluation, blocking, destruction, and in general, the processing of Personal Data, as well as their Transfer and/or Transmission to third parties through communications, consultations, interconnections, assignments, data messages.

**V. PRINCIPLES**

In the course of its corporate purpose, GHL collects, uses, stores, transfers, and in general, processes the Personal Data of data subjects in accordance with the purposes established in this Policy. In all Processing of Personal Data carried out by GHL, the Controllers, Processors, and/or third parties to whom Personal Data is transferred must comply with the principles and rules established in the Applicable Regulations and in this Policy, in order to guarantee the right to habeas data of data subjects and to comply with the obligations established in the Applicable Regulations.

The principles governing this Policy are:

5.1. Demonstrated Accountability: GHL has appropriate measures to comply with and be able to demonstrate compliance with data protection legislation.

5.2. Legality: GHL processes personal data lawfully in accordance with current and applicable provisions.

5.3. Freedom: All Processing of Personal Data is carried out once the prior, express, and informed consent of the data subject has been obtained, unless Applicable Regulations establish an exception to this rule.

5.4. Authorized Purpose: All Processing activities of Personal Data must comply with the purposes mentioned in this Policy and the consent granted by the Data Subject of the Personal Data, or in specific documents regulating each type or process of Processing of Personal Data. The purpose of the specific Processing of Personal Data must be informed to the Data Subject at the time of obtaining their Authorization. Personal Data may not be processed outside the purposes informed and consented to by the Data Subjects of the Data.

5.5. Truthfulness and Quality of Personal Data: Personal Data subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. When GHL holds partial, incomplete, fragmented, or misleading Personal Data, it must refrain from Processing them, or request from the Data Subject the completeness or correction of the information.

5.6. Transparency: When requested by the Data Subject, GHL must provide information about the existence of Personal Data concerning the applicant.

5.7. Restricted Circulation: Personal Data may only be Processed by personnel authorized to do so, or those whose functions include the performance of such activities. Personal Data may not be provided to individuals who do not have Authorization or have not been enabled by GHL to carry out the Processing.

5.8. Temporality: GHL will not use the information of the Data Subject beyond a reasonable period required by the purpose informed to the Data Subject of the Personal Data.

5.9. Restricted Access / Security: Except for Personal Data expressly authorized, GHL may not make Personal Data available for access through the internet or other mass communication media, unless technical and security measures are established that allow controlling access and restricting it only to authorized persons.

5.10. Confidentiality: GHL must always carry out the Processing, disposing of the technical, human, and administrative measures necessary to maintain the confidentiality of Personal Data and to prevent it from being altered, modified, consulted, used, accessed, deleted, or known by unauthorized persons, or for the Personal Data to be lost. Any new project involving the Processing of Personal Data by GHL must refer to this Data Handling Policy to ensure compliance with this rule.

**VI. PROCESSING OF PERSONAL DATA**

Personal Data is collected, stored, organized, used, circulated, transferred, updated, rectified, suppressed, deleted, and managed according to the purpose or purposes of each type of Processing.

6.1. Types of Personal Data and Purposes of Processing:

- Personal Data Bank of Guest-Clients:
Processing purposes: 1. Management of reservations, guest and client registration. 2. Management of payments and billing for services. 3. Handling and management of requests, inquiries, and complaints. 4. Management of customer loyalty programs and personalized offers. 5. Sending information and advertising about promotions, events, and services. 6. Analysis of customer preferences and consumption habits to improve service quality. 7. Analysis of the effectiveness of marketing strategies and continuous improvement of services offered. 8. Protection of security and privacy. 9. Access control and security in facilities. 10. Management of contracted third-party services (e.g., transportation or tourist services). 11. Attention to medical emergencies and health risk situations. 12. Management of relationships with Processors (suppliers and external service providers). 13. Conducting market studies and competition analysis. 14. Conducting post-stay service surveys to rate the service provided. 15. Directly performing Processing or through a Processor, located in Colombia or any other country, to whom the personal data of the Client is provided, or carrying out the necessary international transfer as the case may be, to perform Processing on behalf of GHL. Processing System: Automated and non-automated. Procedure for collecting information: Source: From the Data Subject of the Personal Data or their representative. Support: Paper, magnetic/computer, telematic route. Procedure: Physical and/or virtual Registration Form and/or Registration Form, electronic transmission, telephone calls.

- Personal Data Bank of Candidates:
Processing purposes: 1. Receiving, and requesting and storing resume supports. 2. Communicating via email and/or telephone for information

requests and providing details of the job posting. 3. Including in a database to maintain a record and follow-up of the application. 4. Verifying compliance with requirements as part of the selection process. 5. Managing the summoning and application of tests and interviews, directly or through a provider. 6. Obtaining reports of the results of the information analysis and evaluation of tests as part of the selection process in its different filters. 7. Retaining the results of tests, in order to take them into account in future selection processes. 8. Registering attendance at tests and interviews. 9. Accessing and consulting personal data (private, semi-private, sensitive, or reserved) contained in databases or files of any public or private entity, whether national, international, or foreign. 10. Directly processing or through a Processor, located in Colombia or any other country, to whom the personal data of the Candidate is provided, or carrying out the necessary international transfer as the case may be, to perform Processing on behalf of GHL. 11. Providing, sharing, sending, or delivering the personal data of the candidate to its affiliated companies, subsidiaries, linked companies, and in general to any related party located in Colombia or any other country. 12. Use and Processing of my sensitive information obtained due to the selection process, as well as that related to minors and family data of persons included in the family group or dependent, which was provided for the purposes derived from interviews, tests, and information delivered. 13. Use and Processing of biometric data, such as fingerprints, video images, recordings, among others, for the necessary purposes of the employment contract. Processing System: Automated and non-automated. Procedure for collecting information: Source: From the Data Subject of the Personal Data. Support: Paper, magnetic/computer, telematic route. Procedure: Forms, physical/electronic transmission.

- Personal Data Bank of Collaborators:
Processing purposes: 1. Management and administration of Human Talent of the company. 2. Compliance with labor regulations. 3. Prevention of occupational hazards. 4. Attention to medical emergencies and health risk situations. 5. Access control and security in facilities. 6. All activities related to hiring, affiliations, and payroll payments. 7. Administering salaries and benefits. 8. Carrying out welfare activities. 9. Coordinating performance management, professional development, and career plan. 10. Directly processing or through a Processor, located in Colombia or any other country, to whom the personal data of the Collaborator is provided, or carrying out the necessary international transfer as the case may be, to perform Processing on behalf of GHL. Processing System: Automated and non-automated. Procedure for collecting information: Source: From the Data Subject of the Personal Data. Support: Paper, magnetic/computer, telematic route. Procedure: Forms, physical/electronic transmission.

**Personal Data Banks**

**1. Personal Data Bank of Suppliers**

Processing purposes:
1. Manage supplier information to monitor and compensate the services provided.
2. Supplier list management.
3. Access control and security in facilities.
4. Purchasing analysis.
5. Pre-evaluation and evaluation during the provision of service or product.
6. Access and consult Personal Data (private, semi-private, sensitive, or reserved) contained in databases or files of any public or private entity, whether national, international, or foreign.
7. Perform Processing directly or through a Processor, located in Colombia or any other country, to whom the Personal Data of the Supplier is provided, or carry out the necessary international transfer as applicable, to perform Processing on behalf of GHL.
Processing System: Automated and non-automated.
Procedure for collecting Information: Source: From the Data Subject of the Personal Data. Support: Electronic transmission.

**2. Personal Data Bank of Owners**

Processing purposes:
1. Manage hotel owners' information.
2. Payment management.
3. Access control and security in facilities.
Processing System: Automated and non-automated.
Procedure for collecting Information: Source: From the Data Subject of the Personal Data. Support: Electronic transmission.

**3. Personal Data Bank of CCTV Cameras**

Processing purposes:
1. Support security through video surveillance, control of entry and exit of people.
2. Incident verification and protection of company assets and resources through video surveillance elements.
3. Support compliance with workplace security measures.
4. If required by a competent authority, recordings can be provided to comply with a duly made request.
Processing System: Automated.
Procedure for obtaining: Source: From the Data Subject of the Personal Data. Support: Video. Procedure: Electronic transmission.

**4. Personal Data Bank of Guest-Clients**

- Identifying data: Full names, identity document number or passport, address, email address, telephone number, signature.
- Personal characteristics data: Date of birth, nationality, sex.
- Social data: Arrival and departure information, number of nights of the reservation, type of room, services to be used.
- Information associated with their profession or occupation.
- Financial Data: Credit card number and economic income.
- Sensitive Data: Information related to physical or mental health, affective or family life, biometric data, criminal and police records.

**5. Personal Data Bank of Candidates**

- Identifying data: Full names, identity document number, address, email address, telephone number, social networks, and image.
- Personal characteristics data: Date of birth, nationality, sex, marital status, profession, age, work experience, academic data, contact person data.
- Sensitive Data: Information related to physical or mental health, affective or family life, economic income, biometric data, blood type, criminal and police records.

**6. Personal Data Bank of Collaborators**

- Identifying data: Full names, identity document number, address, email address, telephone number, social networks, and image.
- Personal characteristics data: Date of birth, nationality, sex, marital status, profession, age, work experience, academic data, contact person data, and hobbies.
- Financial and insurance data: Banking details, insurance, pension/retirement plans.
- Sensitive Data: Information related to physical or mental health, affective or family life (including information about minors and dependent family members), economic data, biometric data, blood type, criminal and police records.

**7. Personal Data Bank of Suppliers**

- Identifying data: Full names, identity document number, Tax ID, tax information, address, email address, telephone number.
- Personal characteristics data: Position and contact information at the company where they work.

**8. Personal Data Bank of Owners**

- Identifying data: Full names, identity document number, Tax ID number, address, email address, telephone number.
- Personal characteristics data: Profession.
- Financial and insurance data: Banking details.

**9. Personal Data Bank of Video Surveillance**

- Identifying data: Image and, if applicable, voice.

**6.2. Denial to provide Personal Data by the Data Subject**

Considering that according to the services provided by GHL, identification data are required according to Applicable Regulations, in case a Data Subject refuses to provide them, GHL will not be able to provide the service or proceed with the contract.

**VII. Recipients to whom Personal Data is communicated**

In general, all personal data collected may be processed directly by the Hotel or by companies linked to the Hotel's operation and/or reporting activities. This way, we may share (Transmit or Transfer) your information with third parties. These third parties may include hotel owners, or counterparts in contracts related to hotel operations, including but not limited to, companies legally constituted in accordance with the laws of their domicile or trust vehicles, affiliated companies, or integrated entities in our organization, as well as other entities related to the hotel sector. The purpose of sharing this information is to ensure the proper provision of our services.

Some of these third parties may be located outside the territory in which we operate, including in countries that may not offer a level of data protection equivalent to the country where the operations reside. However, we will ensure that any data transfer complies with applicable laws and regulations to ensure the security and protection of information.

It is important to note that we will only share your information with third parties when necessary to fulfill our contractual obligations, protect our legitimate interests, or comply with legal obligations.

To facilitate travel, it may be necessary to disclose and process personal data for immigration, border control, security, and anti-terrorism purposes, or other purposes as appropriate by government authorities at departure and/or destination points. Some countries require passenger data to be provided in advance to allow travel. In compliance with the law or if legally authorized, we may share the minimum necessary personal data with other authorities.

**VIII. Rights of the Data Subject**

GHL is committed to ensuring the exercise of the data protection rights of Data Subjects applicable in the jurisdictions where we operate.

In that sense, here are some of the types of rights without limiting them, as we operate in different countries:

8.1. Right of Access: Data Subjects have the right to know what information about themselves has been stored at GHL; how and why it was collected; as well as transfers made or planned.

8.2. Right to Rectification: Data Subjects have the right to request the modification of Personal Data that was collected inaccurately, incompletely, inaccurately, outdated, or falsely, in a public or private database. It allows for the update and inclusion of new Personal Data.

8.3. Right to Erasure: Data Subjects have the right to cancellation or objection in the internet environment, specifically from search engines, and with their exercise limit the dissemination of information when it is outdated, irrelevant, or contrary to the norm.

8.4. Right to Cancellation: Any person may request the cancellation or deletion of their Personal Data when it no longer serves a purpose, when consent has been revoked, or the deadline for its treatment has expired. The request for deletion or cancellation may refer to all Personal Data of the Data Subject contained in a Personal Data Bank or only to some of them.

8.5. Right to Revoke: Data Subjects may at any time request the Responsible or Processor for the deletion of their personal data and/or revoke the authorization granted for their Processing. The request for deletion of information and the revocation of the authorization will not proceed when the Data Subject has a legal or contractual duty to remain in the database.

8.6. Right to Portability: The Data Subject's ability to receive their personal data from the data controller, in a compatible, updated, structured, common, and mechanical format.

**IX. Contacts for Requests, Queries, and Complaints**

GHL has channels for receiving and handling requests, complaints, claims, and queries of all kinds related to Personal Data so that, if applicable, Data Subjects can exercise their rights related to their personal data.

Through the following channels, our teams will receive the request and respond within the deadlines defined by the applicable law in your country.

8.1. Guests

- Customer Service: Hotel where you are staying
- Email: datospersonales@ghlhoteles.com or contactenos@ghlhoteles.com

8.2. Candidates, collaborators, and retired collaborators

- Phone: +57 31393333
- Email: th.oficinacentral@ghlhoteles.com or contactenos@ghlhoteles.com
- Correspondence: Av calle 72 No 6-30 floor 8 and 13, Bogotá, Colombia

8.3. Suppliers (Purchases)

- Email: datospersonales@ghlhoteles.com or contactenos@ghlhoteles.com
- In person: Av calle 72 No 6-30 floor 8 and 13, Bogotá, Colombia

8.4. Owners

- Email: datospersonales@ghlhoteles.com or contactenos@ghlhoteles.com

**X. Procedures to Exercise the Rights of Data Subjects**

GHL will provide mechanisms for the Data Subject, their heirs, their representatives and/or attorneys-in-fact, those to whom it has been stipulated for the benefit of another or for another, and/or the representatives of minor Data Subjects, to make inquiries regarding what Personal Data of the Data Subject are stored in GHL's databases.

GHL has set up channels that allow for a secure and rapid interaction with Data Subjects. GHL indicates that it will only attend to Data Subjects who demonstrate ownership of the personal data or legal representation to exercise any of the data protection rights.

For the exercise of Data Subjects' rights, a request must be submitted which must include at least the following data:

a. Full names and surnames of the Data Subject and identity number or passport (proof of the same, and in the

case of their representative).

b. Include a clear and precise description of the personal data regarding which one of the aforementioned rights is sought to be exercised.

c. Indicate the specific request that gives rise to the application and supporting documents, if applicable.

d. Include the right or rights to be exercised.

e. Address, or physical or electronic address, for the corresponding notifications.

f. Accompany the request with the documents proving the identity of the Data Subject or the legal representative.

g. Date and signature of the applicant (when it is a physical request).

**XI. Data of the Data Controller**

HOTELERA GHL SAS HOLDING

NIT: 901580112 2

Central Office: Calle 72 # 6-30, Bogotá - Colombia

Phone: +57 3139333

**XII. Validity and Changes**

This Policy is approved on May 22, 2024, from which date it is applicable.

This Policy may be amended by GHL when necessary without prior notice, provided that they are non-substantial amendments. Otherwise, they will be communicated to Data Subjects beforehand.

GHL reserves the right to implement the Policy at any time.

A GHL experience GOOD REASONS FOR YOU TO BOOK WITH US

Booking available 24h a day

Direct shopping, without intermediaries

 
Experience Creators Work with us