Hotel Opportunity León in León de los Aldama, Official Website

Privacy Policy

COMPREHENSIVE PRIVACY NOTICE “GUESTS” (Hotel Real de Minas)

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

In accordance with the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter referred to as the “LFPD”, for its initials in the Spanish language), and in accordance with applicable provisions, we inform you that HOTEL ESPAÑA, S.A. DE C.V. (Hereinafter, the “Data Controller”) is responsible for collecting, using and protecting your personal data. Likewise, we inform you that our address for hearing and receiving notifications with regard to the treatment of your personal data is the following: C. Españita 543, El Coecillo, León, C.P. 37260, Guanajuato, México.

WHAT PERSONAL DATA DO WE COLLECT AND UTILIZE?

The Data Controller collects the following categories of personal data for the purposes described in this Notice:

Identifiable data,

Personal characteristics data,

Economic, financial and insurance data and, when applicable,

Sensitive data (health condition)

The Data Controller does not directly collect the personal data of minors. Minors must abstain from providing personal data to us in any way. The Data Controller only processes the personal data of minors given by their parents and/or tutors, in all cases with the consent of the latter, whenever the processing of such data is necessary for meeting the original purposes described in this Privacy Notice.

Parents and/or tutors may, at all times, exercise ARCO rights or revoke consent to processing the personal data of minors that was provided in order to enjoy the services and activities available in the facilities of the Data Controller.

DO WE PROCESS SENSITIVE PERSONAL DATA?

In certain cases, the Data Controller must collect personal data related to your health condition.

Identified sensitive personal data (health condition) will be processed in order to comply with the purposes set forth in this Privacy Notice and, in particular, to provide the services offered by the Data Controller, the nature of which requires that the adoption of specific means for ensuring the wellbeing and/or health of our guests.

You may refuse to provide sensitive personal data, and, in such case, the Data Controller may deny the specific service that requires processing such information.

The Data Controller may also process sensitive personal data related to your health condition, whenever these are provided by the owner for the provision of special services or assistance, as expressly required for your stay in our facilities.

Therefore, and whenever it may be strictly necessary, we will require your express written consent for processing said sensitive personal data through means that inform you regarding such treatment.

WHY DO WE PROCESS YOUR PERSONAL DATA?

Primary and necessary purposes

To provide the expressly contracted services, in any modality, for staying at any of the facilities of the Data Controller.

To ensure the functionality and quality of the contracted services, including through the issuance of identifying means for the use of our facilities.

To ensure the safety of our guests at all the facilities of the Data Controller and, if applicable, the contracting or confirmation of the services provided by third parties that are or have been requested by guests before or during their stay.

To lend assistance, deliver information and assist guests in hiring services from the Data Controller or from third parties, during their stay at the facilities of the Data Controller.

To allow and facilitate access to our services online.

To notify any changes to our services.

Invoicing of provided services and products, as well as the judicial or extrajudicial collection thereof.

To comply with applicable legislation regarding fiscal obligations or information on contracts and operations that must be reported to competent authorities.

For statistical purposes and to maintain a historical registry of guests.

Additional purposes

To send communications regarding offers and services provided by the Data Controller.

To carry out satisfaction surveys.

Third party personal data (for example, data of relatives) provided to the Data Controller for complying with the identified purposes, must be provided after informing such parties of the existence and content of this Privacy Notice.

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

The Data Controller may transfer your personal data to national and foreign third parties. The receivers and purposes of such transfers may be:

Holding companies, subsidiaries or affiliates of the Data Controller, for the purposes of centralized safeguarding of the information, additions and removals, changes to service reservations, as well as for performing statistics on the use of the services of the Data Controller.

Public Entities; federal, state, or municipal public administrations, regulating entities or other competent authorities; for complying with information obligations, as well as for complying with judicial or administrative requests issued by competent authorities.

Fee and reservation Aggregators and finders; for offering service fees and the automatic registration of your reservations.

Service Providers; so that these may assist the Data Controller in providing the services related to your reservations and, if applicable, to necessary or requested services expressly requested by you during your stay.

Persons subject to Doctor-Patient confidentiality or other similar obligations, in such cases where the transfer of sensitive personal data, related to your present or future health condition, is indispensable for medical attention, prevention, or diagnostics; for providing sanitary assistance; medical treatment or managing sanitary services.

Collecting Agencies, for collecting unpaid debts and the judicial or extrajudicial payment thereof.

HOW CAN YOU EXERCISE YOUR ARCO RIGHTS?

In all such legally valid cases, you may exercise your Access, Rectification, Cancellation and Opposition (ARCO) rights through the procedures we have implemented.

The corresponding request must comply with the requirements set forth in applicable law, through a written document sent to our Personal Data Department, to the address indicated in this Notice.

The request should contain and include the following:

Your name, address and other means for communicating our response to your request.

The documentation that confirms your identity or, if applicable, any legal representation.

The clear and precise description of the ARCO Rights you wish to exercise, and

Any other element or document that would allow locating personal data.

The Data Controller will communicate the decision taken within a maximum time period of twenty business days, counted as of the date in which we receive your request, if such request proves applicable, it will be valid within fifteen business days as of the date on which the Data Controller communicates a response. In case the information provided in your request proves erroneous or insufficient, or the request does not include the necessary documentation for confirming your identity or the corresponding legal representation, the Data Controller will require remedy of such deficiencies within five business days following receipt of your request. In such cases, you will have ten business days to remedy such deficiencies. The corresponding request will be null and void if you do not respond within said period.

Alternatively, you may direct your request to the address datospersonales@opportunityhotel.com, complying with all previously indicated requests, setting the subject heading as “ARCO Rights and/or Revocation of consent”. The time periods of the procedure will be the same as those mentioned in this section. The use of electronic means for exercising ARCO rights authorizes the Data Controller to answer the corresponding request through the same means, unless the rights holder expressly and clearly indicates other means.

You may obtain the requested information and personal data through simple photocopies, digital documents in conventional formats (word, PDF, etc.) or through any other legitimate means that guarantees and confirms the valid exercise of the requested right.

You are responsible for updating your personal data in possession of the Data Controller. Therefore, you guarantee and are liable for the veracity, preciseness, validity and authenticity of the facilitated personal data, and agree to maintain such data duly updated, informing the Data Controller of any changes.

CAN YOU REVOKE CONSENT TO THE USE OF YOUR PERSONAL DATA?

The procedure for revoking consent, if applicable, will be the same as the procedure established in the preceding section for the exercise of ARCO rights.

DO YOU WISH TO LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA?

You may limit the use or disclosure of your personal data by sending the corresponding request to our Personal Data Department. The requirements for confirming your identity, as well as the procedure for processing your request will be the same as those set forth in the section titled “HOW CAN YOU EXERCISE YOUR ARCO RIGHTS?”.

The Data Controller has the means and procedures to ensure the inclusion of some of your personal data in proprietary exclusion lists, whenever you expressly request such inclusion in these. The Data Controller will grant registered holders the corresponding proof of registry.

USE OF COOKIES

The Data Controller utilizes cookies in order to facilitate navigation and communication through the website www.opportunityhotel.com. If you navigate and/or send information through such site, the cookies used by the Data Controller allow compiling, analyzing and maintaining technical information related to your browsing habits and use of said communication channels through electronic means that allow collecting such information automatically at the moment the user makes use of our electronic services.

To obtain more detailed information regarding cookies and the way you can disable these in your browser and operating system, we recommend you visit www.allaboutcookies.org. If you disable cookies, it is possible you may not be able to use certain parts of the site www.realdeminas.com

CAN THIS PRIVACY NOTICE BE MODIFIED? HOW DO I KNOW IF ANY MODIFICATIONS EXIST?

The Data Controller may modify, update, extend or, in any way, change the content and reach of this Privacy Notice, at any time and the sole discretion of the Data Controller. In such cases, we will publish such changes in the website www.opportunityhotel.com, in the section “Privacy Notice”. Changes to the Privacy Notice may also be communicated through email, whenever such means has been established as a communications channel between yourself and the Data Controller, during the term of a legal relationship.

DENIAL OF PROCESSING

I do not wish to receive communications regarding offers or services provided by the Data Controller.

I do not wish to participate in surveys by the Data Controller.

If you have access to this Comprehensive Privacy Notice through remote means or, wish to communicate your denial, at any moment after giving your personal data to the Data Controller, you may inform your decision through the means set forth for exercising your ARCO rights.

Last Update:

April, _____ 2018

COMPREHENSIVE PRIVACY NOTICE “SOCIAL NETWORKS” (Hotel Real de Minas)

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

In accordance with the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter referred to as the “LFPD”, for its initials in the Spanish Language) and in accordance with applicable provisions, we inform you that HOTEL ESPAÑA, S.A. DE C.V. (Hereinafter, the “Data Controller”) is responsible for collecting, using and protecting your personal data. Likewise, we inform you that our domicile for hearing and receiving notifications with regard to the treatment of your personal data is the following: C. Españita 543, El Coecillo, León, C.P. 37260, Guanajuato, México.

WHAT PERSONAL DATA DO WE COLLECT AND UTILIZE?

The Data Controller collects the following categories of personal data for the purposes described in this Notice:

Identifiable data,

Personal characteristics data, and

Social circumstance data.

DO WE PROCESS SENSITIVE PERSONAL DATA?

For the fulfillment of the purposes indicated in the Privacy Notice, the Data Controller does not collect sensitive personal data.

RESPONSIBILITY OF THE DATA CONTROLLER, OF THE SOCIAL NETWORK OWNERS-USERS AND OF THE SOCIAL NETWORK SERVICE PROVIDERS

The Data Controller treats personal data of the holders-users of social networks by accessing and managing the information that said user-owners publish or disseminate through the profiles they have created in each of the social networks they use to link with the Data Controller. This treatment also includes the use of personal data for purposes of disclosure of activities of the Data Controller or its commercial group.

The Data Controller party accesses, manages and takes advantage of the personal data of the holders-users of social networks only during the period in which the holders-users remain linked to the profiles that the Data Controller manages in each of the social networks involved.

The users-holders are responsible for the accuracy, veracity and updating of the personal data they publish in their social network profiles, as well as the degree of dissemination of their information and access to it that they allow or authorize third parties through said profiles. The recommendation is made to all holders-users of social networks continuously review the privacy settings of their profiles in each of the websites used to link to the Data Controller.

The providers of social network services are responsible for the databases created with the personal data of the users of these networks. Such service providers are in turn responsible for the security measures they adopt to safeguard the personal data of their users.

In accordance with the foregoing, the Data Controller undertakes to provide adequate access, management and use of the personal data of the holders-users that are linked to the profiles that the Data Controller manages in various social networks. No new databases are created with the information and/or personal data of the holders-users of social networks.

WHY DO WE PROCESS YOUR PERSONAL DATA?

Primary and necessary purposes

Managing social network followers (Facebook, Twitter, Youtube, Foursquare, Google+, etc.).

Managing news bulletin subscribers.

Communication of activities.

Statistics on social network followers.

Additional purposes.

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

For the purposes described in this Privacy Notice, your personal data is not transferred to any individual or entity.

HOW CAN YOU EXERCISE YOUR ARCO RIGHTS?

In all such legally valid cases, you may exercise your Access, Rectification, Cancellation and Opposition (ARCO) rights through the procedures we have implemented.

The corresponding request must comply with the requirements set forth in applicable law, through a written document sent to our Personal Data Department, to the address indicated in this Notice.

The request should contain and include the following:

Your name, address and other means for communicating our response to your request.

The documentation that confirms your identity or, if applicable, any legal representation.

The clear and precise description of the ARCO Rights you wish to exercise, and

Any other element or document that would allow locating personal data.

Alternatively, you may direct your request to the address datospersonales@opportunityhotel.com, complying with all previously indicated requests, setting the subject heading as “ARCO Rights and/or Revocation of consent”. The time periods of the procedure will be the same as those mentioned in this section. The use of electronic means for exercising ARCO rights authorizes the Data Controller to answer the corresponding request through the same means unless the rights holder expressly and clearly indicates other means.

CAN YOU REVOKE CONSENT TO THE USE OF YOUR PERSONAL DATA?

You can revoke your consent to the processing of your personal data by disconnecting the profile of the Data Controller, in any of the corresponding social networks.

The procedure for revoking consent, if applicable, will be the same as the procedure established in the preceding section for the exercise of ARCO rights.

DO YOU WISH TO LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA?

Notwithstanding the foregoing, you are reminded that you, as the holder-user of social networks, are responsible for the veracity, accuracy and validity of the personal data you publish in your social network profiles, as well as the degree of dissemination of your information and access to it that allows or authorizes third parties through such profiles.

CAN THIS PRIVACY NOTICE BE MODIFIED? HOW DO I KNOW IF ANY MODIFICATIONS EXIST?

Last update:

April, _____ 2018

COMPREHENSIVE PRIVACY NOTICE “CANDIDATES” (Hotel Real de Minas)

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

WHAT PERSONAL DATA DO WE COLLECT AND UTILIZE?

The Data Controller collects the following categories of personal data for the purposes described in this Notice:

Identifiable data;

Personal characteristics data;

Social circumstance data;

Academic and professional data;

Work details.

The personal data whose categories have been identified can be collected by the person in charge directly or personally from the owner, or indirectly through data transfers such person has consented to through the publication of personal data on job search web pages or social networks of a professional character.

As a candidate, you are responsible for communicating to the people you have provided as references (relatives or former employers) about the existence of the selection process in which you participate and about the treatment of the personal contact data you have provided for the purposes established in this Privacy Notice. In your case, you must communicate the means through which one can know the full content of this Notice.

The acceptance of this Privacy Notice entails your authorization for the Data Controller to contact the personal and professional references you have provided, to obtain information and background on your performance in other jobs.

DO WE PROCESS SENSITIVE PERSONAL DATA?

For the fulfillment of the purposes indicated in the Privacy Notice, the Data Controller does not collect sensitive personal data.

WHY DO WE PROCESS YOUR PERSONAL DATA?

Primary and necessary purposes

Processing, control and administration of curricula and job applications for evaluation, direct contact with candidates, and selection of personnel.

Processing, control and administration of curricula and professional information provided and/or published on job search websites or social networks of a professional nature, as candidates for jobs.

Verification of personal and work references.

Where appropriate, generation and communication of work offers of a binding and non-binding nature.

For statistical purposes and to maintain a historical registry of candidates.

Additional purposes.

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

Your personal data may be transferred or processed by persons other than the Data Controller under the following assumptions and for the indicated purposes:

Parent companies, affiliates or subsidiaries of the Data Controller; with purposes of assessment and analysis of profiles of candidates, centralized safeguarding of information and for the statistical and historical registry of candidates of the Data Controller.

Your consent will not be required in order to perform the transfers indicated in the preceding items, pursuant to LFPD, article 37.

HOW CAN YOU EXERCISE YOUR ARCO RIGHTS?

In all such legally valid cases, you may exercise your Access, Rectification, Cancellation and Opposition (ARCO) rights through the procedures we have implemented.

The corresponding request must comply with the requirements set forth in applicable law, through a written document sent to our Personal Data Department, to the address indicated in this Notice.

The request should contain and include the following:

Your name, address and other means for communicating our response to your request.

The documentation that confirms your identity or, if applicable, any legal representation.

The clear and precise description of the ARCO Rights you wish to exercise, and

Any other element or document that would allow locating personal data.

The Data Controller will communicate the decision taken within a maximum time period of twenty business days, counted as of the date in which we receive your request, If such request proves applicable, it will be valid within fifteen business days as of the date on which the Data Controller communicates a response. In case the information provided in your request proves erroneous or insufficient, or the request does not include the necessary documentation for confirming your identity or the corresponding legal representation, the Data Controller will require remedy of such deficiencies within five business days following receipt of your request. In such cases, you will have ten business days to remedy such deficiencies. The corresponding request will be null and void if you do not respond within said period.

Alternatively, you may direct your request to the address datospersonales@opportunityhotel.com, complying with all previously indicated requests, setting the subject heading as “ARCO Rights and/or Revocation of consent”. The time periods of the procedure will be the same as those mentioned in this section. The use of electronic means for exercising ARCO rights authorizes the Data Controller to answer the corresponding request through the same means unless the rights holder expressly and clearly indicates other means.

EXERCISE OF ARCO RIGHTS BEFORE SOCIAL NETWORK SERVICE PROVIDERS

The exercise of ARCO rights against social network service providers in which the holders-users of said networks have created a profile will be governed by the applicable legislation and the terms and conditions established in the Privacy Notices, Privacy Policies and/or Legal Notices that each service provider has arranged in the social networks that they operate and manage.

CAN YOU REVOKE CONSENT TO THE USE OF YOUR PERSONAL DATA?

The procedure for revoking consent, if applicable, will be the same as the procedure established in the preceding section for the exercise of ARCO rights.

DO YOU WISH TO LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA?

CAN THIS PRIVACY NOTICE BE MODIFIED? HOW DO I KNOW IF ANY MODIFICATIONS EXIST?

Last update:

April, _____ 2018

COMPREHENSIVE PRIVACY NOTICE “VIDEO SURVEILLANCE” (Hotel Real de Minas)

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

WHAT PERSONAL DATA DO WE COLLECT AND UTILIZE?

The Data Controller processes the following type of personal data for the purposes described in this Privacy Notice:

Image.

WHY DO WE PROCESS YOUR PERSONAL DATA?

Primary and necessary purposes

Surveillance and security of guests, personnel, and visitors with access to the facilities of the Data Controller.

Control of access to such facilities.

Additional purposes.

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

Your personal data may be transferred or processed by persons other than the Data Controller under the following assumptions and for the indicated purposes:

Government entities, bodies or authorities; in compliance with the obligations set forth in applicable law and/or in compliance with requirements mandated thereby.

HOW CAN YOU EXERCISE YOUR ARCO RIGHTS?

In all such legally valid cases, you may exercise your Access, Rectification, Cancellation and Opposition (ARCO) rights through the procedures we have implemented. The corresponding request must comply with the requirements set forth in applicable law, through a written document sent to our Personal Data Department, to the address indicated in this Notice.

The request should contain and include the following:

Your name, address and other means for communicating our response to your request.

The documentation that confirms your identity or, if applicable, any legal representation.

The clear and precise description of the ARCO Rights you wish to exercise, and

Any other element or document that would allow locating personal data.

EXERCISE OF ARCO RIGHTS BEFORE SOCIAL NETWORK SERVICE PROVIDERS

CAN YOU REVOKE CONSENT TO THE USE OF YOUR PERSONAL DATA?

You may revoke your consent for processing personal data, without any retroactive effects, in all cases in which said revocation does not imply the impossibility of complying with obligations derived from a current legal relationship between yourself and the Data Controller. The procedure for revoking consent, if applicable, will be the same as the procedure established in the preceding section for the exercise of ARCO rights.

DO YOU WISH TO LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA?

CAN THIS PRIVACY NOTICE BE MODIFIED? HOW DO I KNOW IF ANY MODIFICATIONS EXIST?

Last update:

April, _____ 2018