Portobelo Hotels Privacy Policy

Hoteles Portobelo S.A.S. Personal Data Processing Policy

• HOTELES PORTOBELO SAI S.A.S., with its registered office in the city of San Andrés, at the address AV. COLOMBIA No. 5A – 69 and email address correspondencia@hotelesportobelo.com, which for the purposes of these policies shall be referred to as the company that discloses the policies regarding the use, privacy, processing, and confidentiality of personal data, which apply to all users, guests, customers, and individuals who have provided their personal data, who are the data subjects of personal data acquired by the company pursuant to commercial agreements, contracts, collaborations, and/or partnerships, and who purchase any product or service from the company through any existing channel. These policies outline the rights of users and/or customers to access, update, and correct the information collected about them in databases or files, as well as their right to information.
• The company may request personal data from users and/or customers, as well as any related information or information that may be associated with users and/or customers, always specifying that such information constitutes personal data; however, sensitive data is not requested, nor is any data of that nature included in the records.
• In accordance with our Privacy Policy, by using or accessing the hotel, or by providing their data and information, users and/or customers expressly authorize and consent to the company’s processing of the personal data and information provided.

1. PROCESSING OF INFORMATION

• The primary purpose of the information and data provided by reservation holders is to provide them with tourism services, as well as to offer them products and services, send them promotions, and process such information in general, and also for the following purposes:
• Establish fluid, up-to-date, and frequent communication regarding services, products, promotions, programming, and all matters related to the company’s corporate purpose. To carry out marketing, promotional, and/or advertising activities—whether our own or those of third parties—on a recurring basis, as well as sales, billing, collection management, payment processing, scheduling, market intelligence, service improvement, verifications and inquiries, monitoring, behavior and usage patterns, enabling payment methods, fraud prevention, and any other activities related to current and future products and services, for the fulfillment of contractual obligations and the corporate purpose, which users and/or customers expressly authorize to be sent via any means of communication, including online platforms, social media, email, voice, SMS, and any other method developed for the mass or personalized delivery of information.
• To evaluate the quality of products and services, and to conduct studies on consumer habits, preferences, purchase intent, product testing, concept evaluation, service evaluation, satisfaction, and other factors related to products and services. Take all necessary steps to fulfill the obligations inherent in the services and products contracted with the company. Comply with obligations contracted with customers, users, suppliers, partners, subsidiaries, distributors, subcontractors, outsourced providers, and other public and/or private third parties directly or indirectly related to the company’s corporate purpose.
• To provide information about changes to products and services related to the company’s ordinary course of business. The data provided by the data subject may be processed, collected, stored, used, circulated, deleted, shared, updated, and transmitted in accordance with the terms and conditions of the Privacy Policies noted above, as applicable, primarily to enable the provision of services, for reporting to regulatory and supervisory authorities, as well as for administrative, commercial, and advertising purposes and to contact the data subjects.
• Once the data subject has provided the necessary express and prior authorization, he or she authorizes HOTELES PORTOBELO SAI S.A.S., or whoever acts on its behalf, to access, request, provide, report, process, and disclose all information regarding their credit, financial, and commercial behavior, as well as information regarding services, to the various credit bureaus or financial behavior inquiry mechanisms in Colombia or in another country.
• HOTELES PORTOBELO SAI S.A.S. may provide the personal contact information of reservation holders to airlines so that air carriers can contact them to notify them of any changes, updates, or adjustments to their flight itineraries.
• HOTELES PORTOBELO SAI S.A.S. may transfer or share the personal contact information of data subjects with partner companies for the purpose of sending them commercial information regarding all types of products and services via email, text messages, and phone calls.
• As a matter of security, we safeguard the privacy of data and information; therefore, this information will be used solely for the purpose of providing better service to our customers by tailoring it to their interests and needs. To this end, we have designed and implemented physical, electronic, and administrative security measures to protect the information collected in accordance with our Privacy Policies. These security measures are reviewed frequently to protect against unauthorized access, consultation, or use, as well as against the alteration, loss, disclosure, and misuse of your information, and to maintain the accuracy and integrity of such information.
• Information related to payment methods is used to request payment authorization from the respective financial institutions. Therefore, information provided by users and/or customers—such as personal data—is never stored or recorded. Whenever this type of information is shared with a third party or authorized entity, confidentiality agreements are signed, and users and/or customers authorize this processing.
• In accordance with applicable security regulations, no information related to credit and/or debit cards or any other electronic payment method will ever be stored or retained; therefore, the user and/or guest is required to enter all details regarding the card or payment method they will use each time they make a transaction at the hotel.
• The information provided by the user and/or customer to access the hotel will not be disclosed in any way by the company. However, the user and/or customer expressly authorizes the company to carry out any legal processing, commercial use, development, or communication of such information, as well as to share, assign, or transfer personal information and data with any third-party entity or company that is a data processor or data controller, with the express authorization granted by the data subject to process personal data being extended to such third parties.

• Data Protection Officer

This is the individual designated by the company’s Habeas Data Committee to coordinate the implementation of the legal framework for personal data protection and to oversee the processing of requests from data subjects regarding the exercise of their rights under Law 1581 of 2012.

• Department Responsible for Requests, Inquiries, and Complaints Regarding Personal Data

The department responsible for handling requests, inquiries, and complaints from reservation holders regarding their rights to access, update, correct, and delete their data, as well as to revoke their consent, is Customer Service (SAC).    

• Means for Exercising the Rights of Access, Deletion, and Correction of Personal Data
• The customer and/or user has the right at any time to revoke consent for data processing and/or request the deletion, updating, or correction of their data, as well as to access the data authorized for processing, by sending an email to correspondencia@hotelesportobelo.com – HOTELES PORTOBELO SAI S.A.S. will respond to the request within the timeframe stipulated by Law 1581 of 2012. If it is not possible to address the inquiry within that timeframe, the customer will be notified in a timely manner, stating the reasons for the delay and indicating the date by which the inquiry will be addressed.
• Please note that a request for deletion or removal will not be granted if there is a contractual or legal obligation to retain the information in our database. This is the case, for example, with outstanding receivables.
• The customer and/or user has the right to specify the communication channel through which they wish to be contacted, in accordance with the provisions of Law 2300 of 2023.

• Procedure for Exercising Your Rights as a Data Subject
• The law has established two ways to exercise these rights: the first is through consultations, and the second is through complaints.
• Inquiries will be addressed within a maximum of ten (10) business days from the date of receipt.
• If it is not possible to address the inquiry within that timeframe, the interested party will be informed of the reasons and notified of the new date by which the inquiry will be resolved, which shall not exceed five (5) business days following the expiration of the initial timeframe.
• Complaints will be addressed within a maximum of fifteen (15) business days, starting from the day following the date of receipt. HOTELES PORTOBELO SAI S.A.S. may extend the response period in special cases, provided it notifies the interested party. This new period shall not exceed eight (8) business days.
• If it is not possible to address the inquiry within that timeframe, the party concerned will be notified in a timely manner, stating the reasons for the delay and indicating the date by which the inquiry will be addressed.
• Please note that a request for deletion or removal will not be granted if there is a contractual or legal obligation to retain the information in our database. This is the case, for example, with outstanding receivables.
• All of the above channels are staffed by personnel trained to perform their duties and are equipped with the necessary control systems to ensure that any updates to personal information requested by users are documented and can be verified.
• However, please note that HOTELES PORTOBELO SAI S.A.S. will only disclose personal data in connection with an inquiry or complaint to the following individuals:
• The data subject, their successors, or their legal representatives, provided that they can prove their status as described in the “Definitions” section of this document.
• To persons authorized by the data subject.
• To persons authorized by court order or law.
• In the latter case, one must take into account the Constitutional Court’s ruling in Case C-748 of 2011 regarding requests for information from public or administrative entities:
• The public or administrative entity must justify its request by explaining the connection between the need to obtain the data and the fulfillment of its constitutional or legal duties.
• Second, upon submission of the information, the public or administrative entity will be notified that it is responsible for complying with the obligations and requirements imposed by Law 1581 of 2012, either as the data controller or, in certain cases, as the data processor.
• The receiving administrative entity must comply with all applicable legal requirements in effect as of the date the information is received, particularly the principles of purpose, legitimate use, restricted circulation, confidentiality, and security.
• Following the established channels is the way to get a prompt response.
• Data subjects may access, update, and correct the personal information stored in the databases of HOTELES PORTOBELO SAI S.A.S.
• The procedures for exercising data subjects’ rights are set forth in each of the data processing policies included in the Comprehensive Data Management Program; however, please note that the response period will begin once HOTELES PORTOBELO SAI S.A.S. has actual knowledge of the data subject’s request, provided the request was received through the established channels.

• Requirements for Inquiries and Complaints Regarding Personal Data
• Regardless of the method the applicant chooses to submit their application, it must be addressed to HOTELES PORTOBELO SAI S.A.S. and include at least the following items:
• Include the account holder's identification (name and identification number).
• Include a description of the events giving rise to the inquiry or
• The purpose of the request.
• Specify the Data Subject's contact address, whether physical or electronic (email).
• Attach the documents you wish to submit (especially for claims)
• If the inquiry or complaint is submitted in person, the account holder must submit their request or complaint in writing, with no formal requirements other than those specified in the section
• If the account holder believes that the response does not meet their needs, they have fifteen (15) business days from the date of receipt to request a reevaluation in cases where the response was unfavorable to their

• Authorizations to Third Parties
• The account holder must provide HOTELES PORTOBELO SAI S.A.S. with the appropriate authorization—either in person or via a previously registered email address—authorizing a third party to view, update, or correct their information. This requirement is intended solely to protect and restrict access to the information by third parties who are not
• This authorization must include at least the following:
• Identification of the authorizing party
• Copy of the holder's ID card
• Name and identifying information of the individual
• The period during which you may access, update, or correct the information (once only, for one year, for the duration of the legal relationship, or until further notice).
• The voluntary and optional nature of the authorization.
• • Confirmation of Authorization
• Based on the foregoing and pursuant to the authorization granted by the customer and/or user for the processing of data and information, this authorization entitles the company to use the information received from and entered by the user and/or customers for marketing, statistical, and survey purposes, as well as for customer service regarding its own products or affiliated or related products, in order to offer services, offers, and promotions tailored to their profile. Include, for registration purposes, any information provided to third parties, suppliers, affiliates, etc., as appropriate. These third parties, suppliers, affiliates, etc., will be subject to confidentiality agreements that prohibit the disclosure or unauthorized use of the information provided. Notwithstanding the foregoing, the authorization granted herein by the customer and/or user extends to these third parties, suppliers, affiliates, etc., and may be revoked at any time by written notice. Use the email address(es) included in the database to contact you, refer to you, send you offers, advertising, surveys, etc., regarding new services, promotions, or suppliers, or to send you communications or electronic messages, unless you inform us of your wish not to receive them through this communication channel. The user and/or customer grants consent for HOTELES PORTOBELO SAI S.A.S. to exchange, reproduce, obtain, process, transfer, dispose of, etc., the data and information of registered users and/or customers to third parties, its establishments, companies, and/or affiliated and/or participating and/or related entities, so that such third parties may offer products and/or services to users and/or customers.
• The company's practices ensure that the rights of children and adolescents are respected.

• Confidentiality of Information

The data provided by the user and/or customer is protected by security measures designed to ensure the confidentiality of the information stored in our systems, utilizing technology that provides the highest possible level of security. This confidentiality will be maintained even after the relationship involving the processing of such data has ended.

• User and/or Customer Rights

Data subjects (users and/or customers) have the right to access, update, and correct their personal data. This right may be exercised, among other things, in cases where data is partial, inaccurate, incomplete, fragmented, misleading, or where its processing is expressly prohibited or has not been authorized. Request proof of the authorization granted to the Data Controller, notwithstanding this authorization in accordance with the provisions regarding the acceptance and application of privacy and confidentiality policies. Be informed by the Data Controller regarding the use made of your personal data. File complaints with the relevant authorities regarding the handling of personal data. Revoke authorization and/or request the deletion of data during processing. Access, free of charge, your personal data that has been processed.

• The others specified in the Act

These rights may be exercised at any of our service locations, through our national hotline, or via any appropriate means of direct communication with the company.

• Acceptance and Application of Privacy and Confidentiality Policies
• Any user and/or customer who accesses or uses the hotel’s services and/or makes use of any other type of product or service offered by the hotel and/or the company through any existing channel or mechanism, whether or not related to the hotel, accepts and is bound by the privacy and confidentiality policies set forth in this policy; as such, this constitutes a legal agreement between the customer and/or user and the company, on the understanding that these are expressly accepted and that the user and/or customer agrees to the terms and conditions set forth, as their consent is express and informed. Likewise, acceptance implies that the user and/or customer grants the company authorization to process their personal data.
• This privacy and personal data confidentiality policy takes effect on February 7, 2025, and the database of HOTELES PORTOBELO SAI S.A.S. will remain in effect for ten (10) years from February 7, 2025, a period that will be automatically renewed unless the data subject requests the deletion of their information.