Privacy Policy Hotel in MexicoPROMOTORA LORETO BCS, S.A DE C.V

Hotel Loreto Bay Golf & Sea At Baja

LEGAL NOTICE

At Hotel Loreto Bay Golf & Sea in Baja, we understand the importance of knowing how we are going to handle your personal data and we are aware that by using our services you trust us with such data and we understand the responsibility that entails, which is why we will strive to care for and protect your information.

In that sense and in order to inform you of how we treat your personal data and in compliance with the Law, we make available to you the following Privacy Notice, with the OBJECTIVE of informing you of what data we collect, why we request it, how you can update or even delete it, among other things.

Personal data of minors or legally incapacitated individuals can only be provided by the father, mother, or legal guardian and will be safeguarded under strict security measures. If you are a minor or legally incapacitated individual, you should not provide us with your personal data without the prior, express, and written consent of the person who exercises parental authority or guardianship over you.

1.- IDENTITY AND ADDRESS OF THE "RESPONSIBLE".

Promotora Loreto BCS, S.A. de C.V. as operator of the hotel commercially known as Hotel Loreto Bay Golf & Sea at Baja and all its consumption centers (points of sale) (hereinafter simply the “RESPONSIBLE”) with address at Liverpool 133, Col. Juárez, Cuauhtémoc Mayor’s Office, C.P. 06600, Mexico City, is responsible for the processing of your personal data (hereinafter simply the “DATA”) and the Information collected from the owners of the “DATA” (hereinafter simply the “OWNERS” or the “OWNER”) which will be treated strictly confidentially.

2.- PERSONAL DATA THAT WILL BE REQUIRED.

Promotora Loreto BCS, S.A. de C.V., will be responsible for collecting, using, and protecting the following “DATA”, whether verbally, in writing, or through electronic means, in accordance with the purposes for which the “HOLDER” gives their consent, with the latter being responsible for the veracity of the information:

  • a).- Full name.
  • b).- Place and date of birth.
  • c) - Nationality.
  • d).- Age.
  • e) - Marital Status.
  • f).- Address.
  • g) - Tax Status Certificate.
  • h).- CURP
  • i).- Email.
  • j).- Phone number(s).
  • k).- Official identification with photograph (INE, passport, professional license, ID, driver's license).
  • 1).- Bank card number (either credit or debit), expiration date and security code.
  • m).- License plates of your car, if you park it at the mentioned hotel.
  • n).- If your stay is covered by your company: name of your company, position you hold in that company and Tax Situation Certificate of your company.
  • n).- If your stay is covered by your company: company name, position held in that company, and Fiscal Situation Certificate of your company.

3.- SENSITIVE DATA.

The “RESPONSIBLE PARTY” will collect and process certain “SENSITIVE DATA”, that is, those that may reveal aspects such as racial or ethnic origin, present or future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, and sexual preference, committing the “RESPONSIBLE PARTY” to ensuring that all sensitive data will be treated with strict security and confidentiality.

Derived from the COVID-19 pandemic, data concerning your health status will be collected for the sole purpose of obtaining your health protection and that of the other people who are in the aforementioned hotel, safeguarding this information for the time necessary to comply with the purposes of this “NOTICE” (hereinafter simply the “NOTICE”), in accordance with the provisions of Article 10 fractions V and VI of the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter simply the “LAW”).

4. PURPOSES OF THE TREATMENT OF PERSONAL DATA.

The “DATA” obtained will be used for the following purposes, considering that some of these purposes will proceed until you are our guest:

I.- Primary or necessary purposes:

  • a).- Verify your identity and information.
  • b).- Update your information in our database.
  • c) Analyze your economic capacity to cover our services.
  • d) - Identify and/or register you as a customer or user of our site.
  • < p > Perform, if necessary, investigations in order to verify the accuracy of the data provided through third parties hired for this purpose.
  • f).- To provide the requested services and inform you about changes in them.
  • g) Internal reports from the different areas of the aforementioned hotel for statistical purposes.
  • h) Payment for services for one time or scheduling service payments.
  • i).- Issuing invoices.
  • j).- Video surveillance inside our facilities (common areas) for your safety, that of other guests, and the staff inside them.
  • k).- Preserve your information for compliance with legal provisions and requirements of various authorities and/or regulatory entities.
  • l).- Compliance with regulations on Anti-Money Laundering prevention.
  • m)- Attend to your doubts, complaints, clarifications, claims, and suggestions as a guest.
  • n).- Know your needs to properly provide services.
  • o).- Evaluate the quality of the services provided by the hotel.

  • - Provide personal attention through various electronic communication channels such as email, phone, chat, WhatsApp, among others.
  • q).- Keep a record of the use of our services, including a physical or electronic file of your stays, consumption, payment of the same, and the channel through which you made the reservation.

    • II.- Secondary or accessory purposes:

    • a).- Inform you about new services, products or events related to the above.
    • b).- Send to you through various means our promotions, newsletters, news, thanks, congratulations.
    • c) - Comply with obligations related to services.
    • d).- Carry out quality and satisfaction surveys to evaluate the quality of our services and, if applicable, our products.
    • e). - Invite them to participate in our events or campaigns.
    • f) - Make advertising on social media, communication and information channels, newspapers or magazines.
    • g).- Offer you any of our services and, if applicable, our products.
    • h).- For marketing purposes, commercial prospecting, statistical and historical purposes.
    • i).- Develop analysis of service usage, market segmentation, statistics, records, and information analysis.
    • j) Use of images in advertising and promotional media, corporate image, marketing, advertising campaigns, videos, photography, and publications in any means of communication.

    The “OWNER” of the “DATA” has the right to object to their “DATA” being used for the aforementioned secondary or ancillary purposes. If the “OWNER” of the “DATA” wishes to exercise this right, they must do so in accordance with the procedure established in numeral 5 (five) of this “NOTICE”, within 5 (five) business days following the date on which this “NOTICE” has been made available to them, so that the “RESPONSIBLE PARTY” does not process their “DATA” for those purposes. Otherwise, it will be understood that the “OWNER” agrees and consents to the processing of their “DATA” for each and every one of the purposes listed above. It should be noted that the foregoing is without prejudice to the provisions of article 26 of the “LAW” and other applicable regulations.

    Refusing to authorize the use of your “DATA” for secondary or accessory purposes will not be a reason for us to deny our services to you.

    5.- OPTIONS OR MEANS OFFERED BY THE RESPONSIBLE PARTY TO LIMIT THE USE OR DISCLOSURE OF PERSONAL DATA.

    The “OWNER” of the “DATA” to limit the use or disclosure of the same, must send an email to the email address hernandeza@ostar.com.mx in which they will request the limitation of the use or disclosure in question, through which they may request to be included in the internal exclusion lists of no contact for promotional and market purposes. The “OWNER” of the “DATA” to avoid unwanted advertising, may also register in the Public Registry of the Federal Consumer Protection Agency (REPEP) by entering the following link http://repep.profeco.gob.mx/, in which case there is a possibility that they may not have access to possible additional benefits with our secondary purposes.

    6.- MEANS TO EXERCISE THE RIGHTS OF ACCESS, RECTIFICATION, CANCELLATION OR OPPOSITION (ARCO RIGHTS).

    Based on the “LAW”, the “DATA SUBJECT” has the right to Access (“ACCESS”) the data held by the “CONTROLLER”, as well as details of its processing. They also have the right to Rectify (“RECTIFICATION”) them if they are incomplete or inaccurate, Cancel (“CANCELLATION”) them as stipulated in the “LAW” itself, and Object (“OBJECTION”) to the processing of the same.

    To exercise the aforementioned rights, the “HOLDER” of the “DATA” or their legal representative, must submit a request through a written document to the email hernandeza@ostar.com.mx or through written notification to the legal department located at Liverpool 133, Col. Juárez Alcaldía Cuauhtémoc, C.P. 06600, from Monday to Friday from 09:00 a.m. to 6:00 p.m., indicating specifically that they wish to exercise their ARCO rights. Said request (written document) must contain the requirements referred to in article 29 of the “LAW”, that is:

    • a).- Name of the "HOLDER" and address or other means (for example email) to communicate the response to your request.
    • b).- Documents proving their identity or, if applicable, the legal representation of the "HOLDER".
    • c).- Clear and precise description of the "DATA" for which you intend to exercise any ARCO right.
    • d).- Any other element or document that facilitates the location of the "DATA".
    • e).- In case of requests for rectification of "DATA", the owner must indicate, in addition to what is indicated in the previous paragraphs of this numeral, the modifications to be made and provide the documentation supporting their request.
    • e).- In case of requests for rectification of "DATA", the owner must indicate, in addition to what is indicated in the previous paragraphs of this section, the modifications to be made and will provide the documentation that supports their request.

    If the information provided by the “HOLDER” in their request is not sufficient or is incorrect to process their request, or if the necessary documents are not provided, the “RESPONSIBLE” may request the “HOLDER” to provide the necessary information and/or documentation to process their request in accordance with article 96 of the “LAW” Regulation, with the “HOLDER” having 10 (ten) business days to comply with the request of the “RESPONSIBLE”. In turn, the “RESPONSIBLE” must inform the “HOLDER” within a maximum period of 20 (twenty) business days from the date of receiving their request for access, rectification, cancellation or opposition, the decision made, so that if appropriate, it can be implemented within 15 (fifteen) business days following the date the response is communicated. In accordance with article 33 of the “LAW”, the aforementioned deadlines may be extended only once for an equal period, provided that the circumstances justify it.

    When the “HOLDER” exercises the right of “ACCESS”, said obligation on the part of the “RESPONSIBLE” will be considered fulfilled when the “DATA” are made available to the “HOLDER”, or through the issuance of simple copies or electronic documents that will be sent to the “HOLDER” at the email address indicated in their request.

    The “RESPONSIBLE PARTY” may deny access to the “DATA” or refuse to make rectifications or cancellations or grant opposition to the processing of the same in the cases referred to in article 34 of the “LAW”. The “RESPONSIBLE PARTY” will not be obliged to cancel the “DATA” of the “HOLDER”, under the cases established in article 26 of the “LAW”.

    If the “OWNER” of the data needs to clarify doubts about the procedure and requirements for the exercise of ARCO rights, they must send an email to the address hernandeza@ostar.com.mx

    7. - WITHDRAWAL OF CONSENT.

    The “DATA” owner has the right to revoke at any time the consent granted for the processing of their “DATA”, as established in article 8 of the “LAW”, for which they must send a written request to the email hernandeza@ostar.com.mx, or by written notification to the address Liverpool 133, Col. Juárez, City Cuauhtémoc, Zip Code 06600, Mexico City, from Monday to Friday from 09:00 to 18:00 hours, detailing clearly the data for which they revoke their consent. At those same addresses, they will be informed about the procedure to follow to address their request.

    8.- PERSONAL DATA OF INDIVIDUALS WHO ARE UNDER GUARDIANSHIP OR LEGALLY INCAPACITATED.

    Some of the data we handle may include data of individuals who are under interdiction or legal incapacity, for which we require the consent of guardians for processing. In this case, the exercise of ARCO rights can be carried out through the legal guardian or representative of the incapacitated individual or the one declared under interdiction.

    9.- SECURITY MEASURES.

    The “RESPONSIBLE” knows and recognizes the value of its “DATA”, so it has implemented security measures to try to prevent its use for purposes other than those authorized, as well as to try to prevent its alteration, loss, theft, or access by third parties. The measures include the use of specialized computer programs, training of personnel, and adoption of internal data protection policies.

    10.- TRANSFER OF PERSONAL DATA THAT MAY OCCUR.

    The “RESPONSIBLE” may carry out national or international data transfers without the consent of the “HOLDER” in accordance with the provisions of Article 37 of the “LAW” and in compliance with Article 69 of its Regulation.

    11.- USE OF COOKIES.

    A cookie is a file that is downloaded to your computer when accessing certain web pages. In this sense, we use cookies to improve our services, show you advertising related to your browsing preferences and the content of your previous visits, keep sessions active, as well as to record traffic coming from the redirecting of other sites. When visiting the website of the “RESPONSIBLE” again, cookies allow us to personalize our content according to your preferences.

    It should be noted that the “RESPONSIBLE” website does not use or save cookies to obtain personal identification data from the “HOLDER’s” computer regarding data that was not originally sent as part of the cookie. While it is true that, although most browsers accept cookies, the “HOLDER” of the “DATA” can configure their browser to not accept them, that is, they can disable them by following the procedure of each browser, in which case, it should be taken into consideration that, by deactivating them, it could limit the functionality offered by the platform.

    12.- NOTIFICATION OF CHANGES AND/OR UPDATES TO THE PRIVACY NOTICE.

    The “RESPONSIBLE” may modify and/or update this “NOTICE” at any time, either due to legislative or jurisprudential reforms, internal policies or new requirements, the updated version that will apply at all times will be the one published on our website loretobayresort.com

    When the “RESPONSIBLE” needs to change their identity, collect additional financial or asset data, change or modify the purposes for which the “DATA” was obtained, or modify the conditions of the transfers that can be made according to what is established in this “NOTICE”, they will provide to the “DATA SUBJECTS”, a new “NOTICE”, through the email that the “DATA SUBJECT” has provided to the “RESPONSIBLE” or through the internet page of the “RESPONSIBLE”.

    13.- ACCEPTANCE OF TERMS.

    If the “HOLDER” uses the services, it means that he has read, understood and accepted, each and every one of the points before mentioned in this “NOTICE”. In case of not agreeing with all or any of these points, the “HOLDER” should not provide any personal information or use the services

    In case of any dissatisfaction or complaint about the treatment of your “DATA”, you can address the Institute indicated by the “LAW” itself.

    June 21, 2023.