A. Identity and address of the Controller.
In accordance with the provisions of the Federal Law for the Protection of Personal Information Held by Third Parties (LFPD – Mexican acronym) and other applicable regulations, Hotelera Palace Resorts, SAPI de C.V. (hereinafter commonly referred to as “Grupo Palace Resorts” or “the Controller”, whose domicile to hear and receive communications is: Carretera Cancún Puerto Morelos km 21, Manzana 01, Lote 1 –11, Edificio A, Supermanzana 47, Municipio Benito Juárez, Cancún, Quintana Roo, C.P. 77506, expressly states:
B. Personal information collected and processed.
For the purposes described in this Privacy Notice we collect the following types of personal information: 1) Identification 2) Social environment 3) Employment 4) Marketing
C. Processing of sensitive personal information.
Health information. Grupo Palace Resorts® does not collect sensitive personal information for the purposes described in the following section.
D. Purpose of processing.
a. Relevant and necessary purposes.
1. Control and identification of visitor and supplier access to Grupo Palace Resorts® facilities.
2. Control of registered user access and exit to and from Controller’s data systems.
b. Additional purposes. 1. None
E. Sharing of personal information.
Your personal information may be shared or processed by persons other than Controller under the following circumstances:
1. Government authorities, organizations or entities; in the performance of their legal duties or as ordered by the courts.
F. Consent for the sharing of information
Pursuant to Article 37 of the LFPD the sharing of information under paragraph 1 above does not require your consent. Your personal information will not be shared with third parties without your consent except under the circumstances described in Article 37 of the LFPD, and in all cases such sharing will be performed in strict compliance with Article 17 of the LFPD Regulations.
G. Exercise of ARCO rights.
Under all legal circumstances you may exercise your rights to access, modify, cancel and oppose information (ARCO rights) using the legal procedures we have set up. All such requests should be sent in writing to the address indicated in paragraph A of this Notice addressed to our Controller of Personal Information, and comply with the applicable legal requirements.
Information requests should contain the following:
I. Your name and address or other means of providing you with a response.
II. Valid identification documents or power of attorney, as the case may be.
III. A clear and precise description of the personal information on which you wish to exercise your ARCO Rights; and
IV. Any other element or document that could facilitate locating your personal information.
The Controller will answer you with a decision within 20 business days counted from the date on which your request is received. If the request is admissible it will be put into effect within 15 business days following the date on which the Controller advises you of the decision. In the event that the information you provide is incorrect or insufficient, or if you fail to send the necessary identity documents or power of attorney, the Controller will ask that you correct such deficiencies within five business days after receiving your request and you will have 10 business days to comply, counted from the day after you receive such notice.
The process will be terminated if you do not answer within the required time. You can obtain the requested personal information in the form of plain copies or electronic documents in common formats (Word, PDF, etc.), by means of authorized restricted access to the databanks (access) containing your personal information or by any other legal means that guarantee and evidence the exercise of the requested right. Alternatively, after fulfilling all the above-mentioned requirements, the Owner may submit their request by e-mail to firstname.lastname@example.org and indicating “ARCO Rights and/or Consent Revoked” in the Subject line.
Response times will remain the same as those mentioned in the immediately preceding paragraph. The use of electronic media in the exercise of ARCO rights authorizes Controller to answer the request using the same media unless the petitioner specifically requests another format. You will be responsible for maintaining your personal information in possession of the Controller updated. Therefore, under all circumstances you are responsible for the truth, accuracy, validity and quality of the personal information you provide, and you hereby undertake to keep such information updated by informing the Controller of any changes.
H. Revoking consent.
You may revoke your consent to have your personal information processed, without retroactive effect, in all cases in which said revocation does not make it impossible to fulfill any obligations arising from the legal relation in force between you and the Controller. The process for revoking consent will be the same as the one established in the immediately preceding section on how to exercise your ARCO rights.
I. Limitations on the disclosure of your personal information.
You may limit the use or disclosure of your personal information by sending our Personal Information Department a request to that effect. The requirements for personal identification and the procedure for answering your request remain the same as those indicated in the section on “Exercise of ARCO Rights”. The Controller has the resources and procedures to ensure that some of your information is included in a Personal Exclusion List, on condition that you expressly request the inclusion of such information in said list. The Controller will then issue to all registered owners [of said information] a letter certifying their inclusion in said list.
J. Modification or updating of this General Privacy Notice.
December 1, 2016