A. Identity and address of Controller.
In accordance with the provisions of the Federal Law for the Protection of Personal Information Held by Third Parties (LFPD – Mexican acronym) and other applicable regulations, Hotelera Palace Resorts, S.A.P.I. de C.V. (hereinafter commonly referred to as “Grupo Palace Resorts” or “Controller”, whose domicile to hear and receive communications is: Carretera Cancún Puerto Morelos km 21, Manzana 01, Lote 1 – 11, Edificio A, Supermanzana 47, Municipio Benito Juárez, Cancún, Quintana Roo, C.P. 77506, expressly states:
B. Personal information collected and processed.
For the purposes described in this Privacy Notice we collect the following types of personal information: 2) Image.
C. Processing of sensitive personal information.
Grupo Palace Resorts® does not collect sensitive personal information for the purposes described in the following section.
D. Purpose of processing.
c. Relevant and necessary purposes.
4. Safety and guarding of facilities.
5. Safeguarding clients, employees and visitors.
6. Entry and departure monitoring.
b. Additional purposes. 1. None
E. Sharing of personal information.
Your personal information may be shared and processed by other parties than the Controller under the following conditions:
2. Government authority, organizations or entities; To fulfill legal obligations and/or requirements.
F. Consent to share information.
Pursuant to article 37 of the LFPD your consent is not required to perform the sharing of information indicated in subsection 1 of Section E. In all other cases, your personal information will not be shared with third parties without your consent, except as provided under article 37 of the LFPD, and in all cases such sharing will be performed in strict compliance with Article 17 of the LFPD Regulations.
G. Exercise of ARCO Rights.
Under all legal circumstances you may exercise your right to access, modify, cancel and oppose information (ARCO rights) using the legal processes we have set up. All requests should be sent in writing to the address indicated in paragraph A of this Notice, addressed to our Controller of Personal Information and must comply with all legal requisites.
Information requests should contain the following:
V. Your name and address or other means of contacting you with a response.
VI. Valid identification documents or power of attorney, as the case may be.
VII. A clear and precise description of the personal information on which you wish to exercise your ARCO Rights.
VIII. Any other element or document that could facilitate locating your personal information. Controller will answer you with a decision within 20 business days counted from the date on which your request is received. If the request is admissible it will be put into effect within 15 business days following the date on which Controller advises you of a decision. In the event that the information you provide is incorrect or insufficient, or if you fail to send the necessary identity documents or power of attorney, Controller will ask that you correct such deficiencies within five business days after receiving your request, and you will have 10 business days to comply counted from the day after you receive such notice.
The process will be terminated if you do not answer within the required time. You can request personal information in the form of plain copies or electronic documents in common formats (Word, PDF, etc.), through authorized restricted access to the databanks (access) containing your personal information, or by any other legal method that guarantees and records the exercise of a requested right.
Alternatively, after fulfilling all the above-mentioned requirements, the Owner may submit their request by e-mail to firstname.lastname@example.org indicating “ARCO Rights and/or Consent Revoked” in the Subject line. Response times will remain the same as those mentioned in the immediately preceding paragraphs. The use of electronic media in the exercise of ARCO rights authorizes Controller to answer the request using the same media unless the petitioner specifically requests another format. You will be responsible for keeping your personal information held by Controller updated. Therefore, you will be liable and responsible for the truth, accuracy, validity and authenticity of the personal information you provide, and for keeping Controller informed of any changes
H. Revoking consent.
You may revoke consent to have your personal information processed, non retroactively, in all cases in which said revocation does not make it impossible to fulfill any obligations arising from the legal relation in effect between you and Controller. The process for revoking consent will be the same as the one set in the immediately preceding section on how to exercise your ARCO rights.
I. Limitations on disclosure of your personal information.
You may limit the use or disclosure of your personal information by sending a written notice to our Personal Information Department. Identification requirements and the process for attending your request remain the same as those indicated in the section “Exercise of ARCO Rights”. Controller has the means and procedures necessary to ensure that some of your information is listed in a personal information exclusion list and may do so when you expressly request such listing. Controller will then provide the petitioner with letter confirming their inclusion in the exclusion list.
J. Modifications or updates to this General Privacy Notice.
December 1, 2016