Privacy and Confidentiality Policy

Authorization for the Processing of Personal Data

El titular de los datos personales mediante el suministro y registro voluntario de sus datos en los canales habilitados en el sitio web de On Vacation o través de mensaje de texto, autoriza a la sociedad TOUR VACATION HOTELES AZUL S.A.S. BIC como responsable del tratamiento para recolectar, registrar, almacenar, usar, circular, administrar, actualizar y suprimir sus datos en atención a las siguientes finalidades y dependiendo del módulo de registro: 

Receive more promotions, We call you, Chat, register via text message and social networks.: Administrative management, reservation management, internal statistics management, marketing, commercial prospecting, conduct studies on consumption habits, preference and interest in purchasing, customer loyalty, opinion polls, data update campaigns and information on changes in the processing of personal data, sales and attention to information queries.

Reservations: Administrative management, reservation management, customer loyalty, internal statistics management, collection management, billing management, economic and accounting management, marketing, commercial prospecting, studies on consumption habits, preference and purchase interest, opinion surveys, analysis for the control and prevention of fraud and money laundering, including but not limited to the consultation of reports in restrictive lists, data update campaigns and information on changes in the processing of personal data, transmission of data within the framework of the contractual relationship to allied companies.

Work with us: Administrative management, personnel management, promotion and selection of personnel, data and reference checks, conducting pre-employment or entry medical examinations, data update campaigns and information on changes in the processing of personal data, marketing and commercial prospecting.

Support and PQRSD, Appointments-Online: Attention to requests, complaints, claims, suggestions or compliments within the framework of statutory laws 1755 of 2015 and 1581 of 2012, as well as the consumer statute regulated through Law 1480 of 2011, reservation management, data update campaigns and information on changes in the processing of personal data, marketing and commercial prospecting.

Forms for promotions or special campaigns: Reservation management, customer loyalty, internal statistics management, marketing, commercial prospecting, studies on consumption habits, preference and purchase interest, opinion polls, data update campaigns and information of changes in the processing of personal data, participation in special benefits to be effective in accommodation plans or complete packages (accommodation, tickets, meals) according to the terms and conditions of the campaign through which the registration of personal data is made.

Form for access to the Internet service in hotel facilities: Administrative management, enabling permissions for internet access in hotel facilities, keeping a connection log for security purposes, administration of information systems, user administration, internal statistics management, marketing, commercial prospecting, customer loyalty, opinion polls, data update campaigns and information on changes in the processing of personal data, sales and information queries.

Rights of Owners: Data subjects may exercise their rights through the following website https://servicioalcliente.onvacation.com/ the following rights:

Access free of charge to the data provided that have been subject to processing.

Request update and rectification of your information regarding partial, inaccurate, incomplete, incomplete, fractioned, misleading, or those whose treatment is prohibited or has not been authorized.

Request proof of the authorization granted.

To file before the Superintendence of Industry and Commerce (SIC) complaints for violations of the provisions of the regulations in force, once the consultation or complaint process has been exhausted before the data controller.

To revoke the authorization and/or request the deletion of the data, unless there is a legal or contractual obligation that makes it imperative to keep the information.

It is optional to answer questions concerning sensitive data or data of children and adolescents.

The video surveillance policy and information treatment policy, as well as its substantial changes, can be consulted through the web portal https://www.onvacation.com.

Provisions

TOUR VACATION HOTELES AZUL SAS BIC, located in the city of BOGOTÁ at Calle 100 # 7 A -81, 6th Floor, Phone: 601 3908484, which for the purposes of these policies shall be referred to as the company, and its website www.onvacation.com which shall hereinafter be referred to as “the portal,” hereby sets forth the policies regarding the use, privacy, processing, and confidentiality of personal data, which apply to all users, customers, and individuals who have provided their personal data, as well as to the data subjects whose personal data has been acquired by the company pursuant to commercial agreements, agreements, collaborations, and/or partnerships, who use the portal in any way, or who purchase any product or service from the company through any existing channel. These policies outline the rights of users and/or customers to access, update, and correct the information collected about them in databases or files, as well as their right to information. 

The company and its portal may ask users and/or customers for personal data and any information linked or that may be associated with users and/or customers, always making reference to the fact that they are personal data, but no sensitive data is requested, nor is there any data of that nature in the records.

Taking into account the Privacy policies, by using or accessing or registering in any other way and by continuing to browse the portal or by providing their Data and information, users and/or customers express their authorization and express consent for the company to carry out the processing of personal data and information provided.

Information processing

The main purpose of the information and data provided by the reservation holders is to provide them with tourist services, as well as to offer them products and services, send them promotions, and a general treatment related to this and also for the following purposes:

Establish a fluid, current and repeated communication in relation to services, products, promotions, programming and everything related to the corporate purpose. To carry out marketing, promotion and/or advertising of its own or third parties repeatedly, sales, invoicing, collection management, collection, schedules, market intelligence, service improvement, verifications and consultations, control, behavior, habit, and enabling of means of payment, fraud prevention, as well as any other related to products and services, current and future, for the fulfillment of contractual obligations and corporate purpose, which users and/or customers expressly authorize to be sent through any means of communication, virtual, networks, mail, voice, SMS, and any other that is developed for the mass or personal sending of information.

Evaluate the quality of products and services, and conduct studies on consumption habits, preference, purchase interest, product testing, concept, service evaluation, satisfaction and others related to services and products. To advance everything necessary to comply with the obligations inherent to the services and products contracted with the company. Comply with the obligations contracted with customers, users, suppliers, partners, subsidiaries, distributors, subcontractors, outsourcing and other public and/or private third parties, directly or indirectly related to the corporate purpose of the company.

Inform about changes in products and services related to the ordinary course of business of the company. The data provided by the reservation holder may be processed, collected, stored, used, circulated, deleted, shared, updated, transmitted, in accordance with the terms and conditions of the above Privacy Policies as applicable, mainly to enable the provision of its services, for reports to control and surveillance authorities, and also use for administrative, commercial and advertising purposes and contact with the holders of the same.

The owner of the information, once he/she has granted the corresponding express and previous authorization, authorizes TOUR VACATION HOTELES AZUL SAS BIC, or whoever represents his/her rights, to consult, request, supply, report, process and disclose all the information related to his/her credit, financial, commercial and service behavior to the different credit bureaus or mechanisms for consultation of financial behavior in Colombia or in a different country.

TOUR VACATION HOTELES AZUL S.A.S. BIC may provide the personal contact information of reservation holders to the airlines, so that the air transport operators may communicate with them for the purpose of notifying them of any change, novelty or adjustment in the flight itineraries.

TOUR VACATION HOTELES AZUL S.A.S. BIC may transfer or share the personal contact information of the owners with allied companies, in order to send them commercial information of all types of products and services through e-mails, data messages and telephone calls.

In the portal, as a principle of security, the privacy of data and information is ensured, therefore it will be used only in order to provide better service to its customers by adapting them to the interests and needs of these. Therefore, physical, electronic and administrative security measures have been designed and established in order to protect the information collected in accordance with the Privacy Policy. These security measures are reviewed frequently to protect against unauthorized access, consultation or use, adulteration, loss, disclosure and improper use of your information, and to maintain the accuracy and integrity of such information.

The information related to the means of payment is used to request the collection authorization before the respective entities. Therefore, the information provided in the portal by users and/or customers such as personal data, card number, expiration dates, is not stored or recorded at any time. Confidentiality agreements are subscribed in any remission of this type of information to a third party and authorized entity, and the users and/or clients authorize this treatment.

Due to the security applicable to the portal, no information related to credit and/or debit cards, or any other electronic means of payment, will ever be stored or saved, for which reason the user and/or client is obliged to enter all the data related to the card or means of payment he/she will use, each time he/she makes a transaction on the portal.

The information provided by the user and/or client to access and use the portal, will not be disclosed in any form by the portal or the company. However, the user and/or client expressly authorizes the company to make any legal treatment, commercial use, any development, communication, as well as to share, assign, transfer the information and personal data with any entity or third party company that is in charge or responsible for data and information processing, extending to them the express authorization granted by the owner to carry out the processing of personal data.

Personal Data Protection Officer

This is the natural person who assumes the function of coordinating the implementation of the legal framework for the protection of personal data, who oversees the processing of requests from Data Subjects, for the exercise of the rights referred to in Law 1581 of 2012, appointed by the Habeas Data Committee of the company.

Area Responsible for Requests, Inquiries and Claims of Personal Data

The area in charge of handling requests, queries and claims from reservation holders to exercise their rights to know, update, rectify and delete their data and revoke their authorization is the Customer Service (SAC).

Means to Exercise the Rights of Access, Withdrawal and Rectification of Personal Data

The client and/or user has the right at any time to revoke the authorization for data processing and/or request the deletion, updating, rectification and disclosure of their data authorized for processing, by contacting us through the page https://servicioalcliente.onvacation.com/Tour Vacation Hoteles Azul S.A.S. BIC will respond to the request within the term stipulated by Law 1581 of 2012. When it is not possible to answer the query within that period, it will be notified in a timely manner, stating the reasons for the delay and indicating the date on which it will be answered.

It should be noted that the request for withdrawal or deletion will not proceed when there is a contractual or legal duty to keep it in our database. This is the case with the portfolio pending collection.

The client and/or user has the right to authorize the communication channel through which he/she wants to be contacted, in accordance with the provisions of Law 2300 of 2023.

Procedure To Exercise Your Rights As A Data Subject

The law has defined two ways of exercising the rights; the first one is consultation and the second one is claims.

Inquiries will be answered within a maximum term of ten (10) business days from the receipt thereof.

When it is not possible to answer the consultation within said term, the interested party shall be informed of the reasons, indicating the new date on which the consultation will be resolved, which shall not be more than five (5) working days following the expiration of the first term.

Claims will be dealt with within a maximum term of fifteen (15) working days from the day following the date of receipt of the claim. Tour Vacation Hoteles Azul S.A.S. BIC may extend the term of response in special cases by giving notice to the interested party. This new term shall not exceed eight (8) working days.

When it is not possible to attend the consultation within said term, it shall be notified in due time, stating the reasons for the delay and indicating the date on which it will be attended.

It should be noted that the request for withdrawal or deletion will not proceed when there is a contractual or legal duty to keep it in our database. This is the case with the portfolio pending collection.

All of the above channels have trained personnel for the performance of their functions, as well as the necessary control systems so that any new personal information requested by users is documented and can be subject to verification.

However, it should be noted that Tour Vacation Hoteles Azul S.A.S. BIC will only send personal data in connection with the inquiry or complaint to the following persons:

The owner of the data, their successors in title or their legal representatives, as long as they prove this quality as mentioned in the definitions section of this document.

To persons authorized by the owner of the data.

To persons authorized by court or legal order.

In the latter case, the Constitutional Court's decision C-748 of 2011 regarding requests for information from public or administrative entities should be taken into account:

The public or administrative entity must justify its request by indicating the link between the need to obtain the data and the fulfillment of its constitutional or legal functions.

Secondly, with the delivery of the information, the public or administrative entity will be informed that it has the duty to comply with the obligations and requirements imposed by law 1581 of 2012, as data controller, or data processor in certain cases.

The receiving administrative entity must comply with all the legal mandates that exist on the subject at the date of receipt of the information, especially the principles of - purpose - legitimate use - restricted circulation - confidentiality and - security.

Following established channels is the path to a prompt response.

The owners of the data may know, update and rectify the personal information contained in the databases of Tour Vacation Hoteles Azul S.A.S. BIC.

The ways to exercise the rights of the holders are established in each of the treatment policies that are immersed in the Integral Data Management Program, however, it is noted that the terms for response will begin to count from Tour Vacation Hoteles Azul S.A.S. BIC has actual knowledge of the request of the holder, if the request was received through the established channels.

Requirements for Personal Data Queries and Claims

Regardless of the channel the holder chooses to submit the request, it must be addressed to Tour Vacation Hoteles Azul S.A.S. BIC and contain at least the following items:

Contain the identification of the Holder (name and identification document).

Contain the description of the facts generating the consultation or complaint.

The object of the request.

Specify the Holder's notification address, either physical or electronic (e- mail).

Attach the documents you wish to assert (especially for claims).

In the event that the consultation or claim is submitted in person, the holder must submit the request or claim in writing without any formality other than the requirements set forth in the previous point.

If the holder considers that the response does not meet his/her needs, he/she has a term of fifteen (15) business days from the receipt thereof to request a reevaluation in those cases in which the response has been unfavorable to his/her interests.

Third Party Authorizations

The holder must deliver to Tour Vacation Hoteles Azul S.A.S. BIC in a physical way or by means of previously registered e-mail the due authorization in which he/she empowers a third party to consult, update or rectify his/her information. This requirement has the sole purpose of protecting and restricting access to the information to unauthorized third parties.

This authorization shall contain at least the following:

Identification of the authorizing holder

Copy of the owner's citizenship card

Name and identification data of the authorized person.

Time for which you can consult, update or rectify the information (only once, for one year, for the duration of the legal relationship, or until further notice, etc.).

Voluntary and free nature of the authorization.

Confirmation of Authorization

By virtue of the above and having the authorization granted by the customer and/or user for the processing of data and information, the authorization empowers the company to use the information received and entered from the user and/or customers for marketing, statistical, surveys, customer service, its own affiliated or linked products, in the sense of being able to offer services, offers and promotions according to their profile. Include for registration, the information provided to third parties, suppliers, partners, etc., as appropriate. These third parties, suppliers, related parties, etc., will be subject to confidentiality agreements that do not allow the disclosure or unauthorized use of the information provided. Notwithstanding the foregoing, the authorization granted herein is extended by the client and/or user to these third parties, suppliers, related parties, etc., and may be revoked at any time, by means of written communication. To use the e-mail address(es) included in the database to contact you, reference you, send you offers, advertising, surveys, etc., in relation to new services, promotions, suppliers or to send you communications or electronic messages, unless you inform us that you do not wish to receive them. The user and/or client grants his/her consent for the portal to exchange, reproduce, obtain, process, transfer, dispose, etc., of the data and information of the registered users and/or clients, to third parties, their establishments, companies and/or affiliated and/or participating and/or linked entities, with the purpose that such third parties, offer the products and/or services to the users and/or clients.

The treatment made by the company and its portal ensures respect for the prevailing rights of children and adolescents.

Confidentiality of Information

The data provided by the user and/or client, are under security measures that seek to ensure the confidentiality of the information in the systems, adopting the implementation of technology that provides the highest possible security. This confidentiality will be handled, even after the end of the relationship that includes the treatment.

Rights of Users and/or Customers

The holders of the information (users and/or clients) have the right to know, update and rectify their personal data. This right may be exercised, among others against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly prohibited or has not been authorized. Request proof of the authorization granted to the Data Controller, notwithstanding this authorization in accordance with the provisions of the acceptance and implementation of privacy and confidentiality policies. To be informed by the Data Controller regarding the use given to their personal data. To present before the corresponding entities the complaints related to the handling of personal data. To revoke the authorization and/or request the deletion of the data when in the treatment. Access free of charge to their personal data that have been subject to processing.

Others established in the Law

These rights can be exercised at any of the points of attention or through the national hotline or any suitable means of direct communication with the company or through the portal.

Acceptance and Enforcement of Privacy and Confidentiality Policies

The user and/or client who accesses or uses the services of the portal and/or makes use of any other type of product or service offered by the portal and/or by the company through any channel or mechanism existing and/or different from the web portal, accepts and applies the privacy and confidentiality policies established in the portal and as such constitutes a legal agreement between the client and/or user and the company, understanding that these are expressly accepted and that he/she agrees with the terms and conditions set forth, since his/her consent is being express and informed. Similarly, the acceptance implies that the user and/or client grants authorization to the company and/or the portal to carry out the processing of personal data.

This privacy policy and confidentiality of personal data came into force on February 22, 2013 and the database of the company TOUR VACATION HOTELES AZUL SAS BIC will be valid for a period of ten (10) years from February 22, 2013, period that will be automatically renewed unless there is a request from the owner of the information to proceed to its deletion.

Privacy Notice

Tour Vacation Hoteles Azul S.A.S. BIC and its allied companies, in compliance with Law 1581 of 2012 and its regulatory decrees, through this Privacy Notice informs the holders of personal data on the conditions and treatment to which the data stored in our databases will be subject:

Data Controller: Tour Vacation Hoteles Azul S.A.S. BIC, a company with its registered office in Bogotá, D.C., at Calle 100 # 7 A -81, 6th Floor, is the data controller responsible for processing your personal data. 

Processing and purpose of personal data collection: Tour Vacation Hotels Azul S.A.S. BIC, informs users, workers, visitors, suppliers and customers that the collection, recording, storage, use, circulation, administration, updating and deletion of data taken by our staff and video surveillance cameras (content that rests on specialized recording devices under security measures), are intended to leave a record of the entry to the facilities of the establishment, in compliance with the administrative management of the company and for strictly security reasons, internal statistics management, marketing, commercial prospecting, studies on consumer habits, preference and interest in purchasing, customer loyalty, opinion polls, sales and attention to information queries.

Rights of Data Subjects: Data owners may exercise through the website. https://servicioalcliente.onvacation.com/ the following rights:

Access free of charge to the data provided that have been subject to processing.

Request update and rectification of your information regarding partial, inaccurate, incomplete, incomplete, fractioned, misleading, or those whose treatment is prohibited or has not been authorized.

Request proof of the authorization granted.

To file before the Superintendence of Industry and Commerce (SIC) complaints for violations of the provisions of the regulations in force, once the consultation or complaint process has been exhausted before the data controller.

To revoke the authorization and/or request the deletion of the data, unless there is a legal or contractual obligation that makes it imperative to keep the information.

It is optional to answer questions concerning sensitive data or data of children and adolescents.

The video surveillance policy and information treatment policy, as well as its substantial changes, can be consulted through the web portal https://www.onvacation.com