PRIVACY AND DATA PROTECTION POLICY
In compliance with the Mexican Federal Law for the Protection of Personal Data in Possession of Private Entities (hereafter the law), which has the purpose of protecting the personal data held by private parties (hereafter the information), El Dorado Spa Resorts provides the following Privacy and Data Protection Policy.
1. Data Protection Liability
Desarrollos Turísticos Costa Turquesa, S.A. de C.V. (hereby El Dorado Spa Resorts), located in Calle de Acceso L28, Manzana 16 Lote 37 Supermanzana 309, Cancún, Quintana Roo, México, Post Code 77560. The Web Development department, located in the address specified before, is liable for the protection of the information and may be contacted via e-mail to the following address: email@example.com
2. Personal Information Requested
El Dorado Spa Resorts will request personal information to all the people who uses our online and call centre services, in order to process, follow-up, and confirm the service(s) hired to El Dorado Spa Resorts. The information requested to the users includes, but is not limited to: full name, e-mail address, mailing address, postcode, birth date, credit card information and additional information important for the reserve and payment processes. The credit card information is used for the payment process during the hiring of the services provided by El Dorado Spa Resorts.
When filling the registry forms or giving the information to any representative of the call centre, the information owner gives full and voluntary consent to providing the personal information that may be requested on the understanding that in case that the user decides not to share any of the mandatory information he/she will not be able to access to the services which necessitate such information; nonetheless, will be able to access to all the other services provided inasmuch as the personal information is not required. El Dorado Spa Resorts in no case and in no circumstance will keep, store, nor file any sensitive personal information such as race, ethnicity, health status, genetic information, religion a/o belief, membership to any union or such group, political conviction, sexual preference, etc.
Furthermore, El Dorado Spa Resorts compiles the e-mail addresses of all the people that use these services to communicate with El Dorado Spa Resorts, the additional information regarding the web pages visited through their visit to the website, and any other information given voluntarily, including but not limited to polls, surveys, or online registry forms.
The information provided as a user of the website may be utilized to: contact the user provided that any change on the reservation is made, detect a/o prevent possible cyber-crimes, to make customer surveys and polls, manage the customer-company relations and improve the website’s content. In the case that the user provides El Dorado Spa Resorts with its phone number, it will be used as a means of communication in the event that any change in the reservations is made, or in any concern related to the payment process.
The personal information that, as a user of our website a/o Call centre, is provided to El Dorado Spa Resorts must be true and in accordance with your present situation.
3. Data Transfer
Personal data may be transferred a/o shared with trading partners, associates, suppliers; financial, banking and credit institutions, subsidiary partners, subsidiaries, affiliates, branches and third parties such as hotels, leasing companies, airlines, tour suppliers, etc., to verify and confirm the booking(s).
4. Privacy and Personal Data Protection.
El Dorado Spa Resorts commits to keep the user’s information undisclosed, and will not transfer the information to any third party unless prior consent from the user; with the exceptions mentioned on the Federal Law on Protection of Personal Data Held by Private Parties in its art.37; as well as executing the Data Transfer in observance of the present Law.
Article 37. Domestic or international transfers of data may be carried out without the consent of the data owner in the following cases:
- I. Where the transfer is pursuant to a Law or Treaty to which Mexico is party;
- II. Where the transfer is necessary for medical diagnosis or prevention, health care delivery, medical treatment or health services management;
- III. Where the transfer is made to holding companies, subsidiaries or affiliates under common control of the data controller, or to a parent company or any company of the same group as the data controller, operating under the same internal processes and policies;
- IV. Where the transfer is necessary by virtue of a contract executed or to be executed in the interest of the data owner between the data controller and a third party;
- V. Where the transfer is necessary or legally required to safeguard public interest or for the administration of justice;
- VI. Where the transfer is necessary for the recognition, exercise or defence of a right in a judicial proceeding, and
- VII. Where the transfer is necessary to maintain or fulfil a legal relationship between the data controller and the data owner.
5. Use of Bank Card Information Liability
El Dorado Spa Resorts commits to respect the privacy of all its customers; in the particular aspect of this website, to all those who make online booking or book through the Call centre. In order to ensure the safety of all the online operations a SSL certificate is used in its website, which protects the data sent from the user’s web navigator onto El Dorado Spa Resorts’ website and databases. All the information regarding the transactions made with a credit card is ciphered in order to keep the user’s information safe and private.
All the personal information provided by El Dorado Spa Resorts customers, such as full name, mailing address, e-mail address, telephone number, and any other data concerning the booking through the online payment process, will be considered as strictly confidential, unless specified otherwise by the customers.
6. Use of "Cookies" and IP Addresses
El Dorado Spa Resorts data server will send data to the user’s web navigator, same that will be stored in the user’s computer hard drive. This allows El Dorado Spa Resorts to identify the devises employed by the user to access to its portal. This whole process is known as the use of "cookies" or IP address. Through the use of these “cookies” or IP address.
El Dorado Spa Resorts is able to offer a personalized service to all its users for it permits, among other things, to issue publicity and promotion campaigns, measure the online audience and traffic in its websites visited by the user. Through these “cookies” or IP address the user is not personally identified, what is identified is the public IP address from where the user is accessing the website.
7. Access to Personal Data
The Law grants four rights to assert (the ARCO rights):
- Access to your personal data to learn which of it is being in safekeeping, if they are correct or updated and the means by which they are being used.
- Rectification of such data in the case it is inaccurate, incorrect or not updated.
Users have the right to abrogate the given consent for the treatment of their Personal Data in order for them not to be used furthermore, in addition to this, the consent to receive promotions and special offers by telephone or e-mail can be revoked.
In order to exercise the ARCO rights or the right to revoke the consent for the use of personal data, the User must send a written notification in Spanish to El Dorado Spa Resorts to the following e-mail address: firstname.lastname@example.org , or send it to the Web Calle de Acceso L28, Manzana 16 Lote 37 Supermanzana 309, Cancún, Quintana Roo, México, Código Postal 77560. In such written notification it must be specified: Full name, registered e-mail, mailing address, a telephone number, and a copy of the user’s ID must be attached.
El Dorado Spa Resorts will contact the user in follow up to the request in the consecutive 15 working days of the reception of such notification and attachments hereby solicited, to communicate whether the revoke proceeds or not, inform its rectification, perform the necessary steps to cancel the utilization of the user’s personal data, or end its usage.
9. Acceptance of the Terms