Privacy Policy & Data Protection

For CAMINOS DE COLOMBIA PROMOTORA SAS. (hereinafter CAMINOS DE COLOMBIA)It is crucial to protect the information of our clients and visitors. This document contains our general policy for the processing of personal information and data, and its purpose is to communicate and inform what information we collect and for what purposes, how we use it when we share it, and how we protect it, as well as the rights that assist users as holders of the information and the procedures to exercise them.

The holders of the personal data accept the processing of their data by the terms of this Privacy Policy and authorize us to process them in the terms of this policy when you provide data through different means or during your visit on our web pages.

1. Who we are

CAMINOS DE COLOMBIA PROMOTORA SAS. Company legally constituted in the Chamber of Commerce of Medellín, responsible for personal data processing collected through transactions carried out on the website CAMINOSDECOLOMBIA.COM and other means. Our contact information is:

Email: proteccion@caminosdecolombia.com
Address: Carrera 43A Nro 11A 44 - Medellín, Colombia
Phone: +57 300 471 1426

2. Information and personal data we collect

The USER, to contract the different services offered by CAMINOS DE COLOMBIA, such as tourist services and special services in event logistics, must provide some personal data such as USER. The personal data we collect are the following, among others:

• Name and surname
• Document or ID number (citizenship card, passport, immigration card, etc.)
• Contact information (landline, cell phone, address, email, Skype, among others)
• Information necessary to facilitate the trip or other services, including the name of the companion(s). ) travel, contacts in cases of accident or any other contingency, seat preferences, special meals, or medical or special requirements.
• Information required by sales and customer relations areas to attend to requests or complaints.

In some cases, we may collect sensitive data. We inform the holders that they will not obliged at any time to authorize the processing of sensitive data, and the provision of our services is not conditional on the delivery of this sensitive information.

All CAMINOS DE COLOMBIA databases are stored in a Data Center in the United States only for storage, security, and control purposes. CAMINOS DE COLOMBIA only uses customer information to transmit it to the providers of the services contracted by the USER and not to transfer or market it to third parties unrelated to these services.

The information provided will remain permanently stored until the USER expresses otherwise to allow us to comply with the legal and contractual obligations under our charge, especially in accounting and contractual matters, fiscal, and tax or to address the provisions applicable to the administrative, accounting, fiscal, legal, and historical aspects of the information.

We assume the information veracity provided. We do not verify nor do we assume the obligation to verify the validity, sufficiency, and authenticity of the data provided. Therefore, we do not assume responsibility for damages and losses that may arise from the lack of authenticity, validity, or sufficiency of the information, including damages that may be due to homonymy or identity theft. If you provide personal information other than yourself, such as your spouse or a co-worker, we understand that you have the authorization of that person to provide us with their data.

By registering and browsing our websites, our clients, users, and visitors to the page expressly state that they agree and are aware of these policies and grant their consent to process their information.

3. Processing purposes

If you provide us with personal data, you authorize us to use this information for the purposes indicated by the provisions of this Privacy Policy. We will not proceed to transfer or disclose it outside of our databases unless (i) you authorize us to do so, (ii) it is necessary to allow our contractors, suppliers, or agents to provide the services that we have entrusted to them, (iii) used by us or third parties to provide you with our products or services, (iv) it is shared to companies that provide marketing services on our behalf or to other companies with which we have joint marketing agreements, (v) is related to a merger, consolidation, acquisition, divestiture or other restructuring process, (vi) we implement a contract for the transmission of personal data under the terms of Decree 1377 of 2013, or (vii) as required or permitted by law or for the purposes developed in this privacy policy.

By accepting this Privacy Policy, the holders of the data collected, authorize us to process it, partially or totally, including the collection, storage, recording, use, circulation, processing, deletion, transmission and/or transfer to third countries of the data provided, for the execution of activities related to the acquired services and products, such as processing, confirming, fulfilling and providing the acquired services and/or products, directly and/or with the participation of third-party providers of products or services (reservation systems, airlines, hotels, call centers, etc.), as well as to promote and advertise our activities, products and services, carry out transactions, make reports to the different national or international administrative control and surveillance authorities, police authorities or judicial authorities, entities banking and/or insurance companies, for internal and/or commercial administrative purposes such as market research, audits, accounting reports, statistical analysis, making the reservation, modifications, cancellations and itinerary changes, refunds, attention to queries, complaints and claims, billing of air tickets and other products and services, payment of compensation and indemnities, accounting records, correspondence, processing and verification of credit cards, debit cards and other payment instruments, identification of fraud and prevention of money laundering and of other criminal activities and other purposes indicated in this document, among others.

Due to our activity, we are obliged to provide a series of passenger data to the aeronautical, immigration and customs authorities and other government entities that regulate them or national and international security entities, before the departure of the flights or landing in each destination territory or at any time after the transportation contract has been executed. As a general rule, the information refers to the identity data of the passengers traveling on board and those contained in their respective travel documents (passport, visa) or about the goods transported.

Additionally, our travelers, clients, and users, as holders of the data collected, accepting this privacy policy, authorize us to:

• Use the information received for marketing purposes of their products and services and the products and services of third parties with whom we have a business relationship.
• Share personal data with commercial representatives, tour operators, carriers, airlines, and hotels, among others, as required for the management of reservations for travel plans or services such as car rental or hotel room reservations.
• Provide personal data to the police or judicial control and surveillance authorities under a legal or regulatory requirement and use or reveal this information and personal data in defense of their rights and their assets insofar as said defense is related to the products and services contracted by their clients and users.
• Allow access to information and personal data to auditors or third parties hired to carry out internal or external audit processes specific to the commercial activity we carry out.
• Consult and update personal data, at any time, to keep said information updated.
• Contract with third parties the storage and processing of information and personal data for the correct execution of the contracts entered into with us, under the standards of security and confidentiality to which we are obliged.
• Transfer and transmit personal data to countries other than those where the information is collected, for which we will seek to protect said data by security and confidentiality standards and confidentiality established in this document.
• Receive electronic communications with advertising and commercial news from CAMINOS DE COLOMBIA and the products or services it markets or promotes.

CAMINOS DE COLOMBIA makes available to the USER the means of contact referred to in the previous paragraph so that they can revoke their consent.

Boys and girls and minor adolescents, may be users of the products and services that we offer, as long as they act through or duly authorized by their parents or by those who have parental authority over the minor, complying with the provisions of article 16 of Law 679 of August 3, 2001, protection of minors regarding prostitution. We will ensure the appropriate use of the personal data of boys, girls, and adolescents, guaranteeing and respecting their fundamental rights in their data processing and, as far as possible, considering their opinions as holders of their data.

With the acceptance of this Privacy Policy, the holders of the personal data authorize us to send them by different means (including email, SMS, or text messages, etc.) information about products and services, and offers for products and services that we believe may be of interest to you.

4. Security and confidentiality

The sending and forwarding of data carried out by the USER through the WEBSITE CAMINOSDECOLOMBIA.COM or the information that CAMINOS DE COLOMBIA collects and process, is protected by the most modern electronic security techniques on the Internet. Likewise, the data provided and stored is also protected in our databases by security systems that prevent access by unauthorized third parties. CAMINOS DE COLOMBIA makes its best efforts to have the most up-to-date procedures for the effectiveness of security systems. In this sense, we rely on security technological tools and implement security practices recognized in the industry, which include transmission and storage of sensitive information through secure mechanisms, such as encryption, use of secure protocols, assurance of technological components, restriction of access to information only to authorized personnel, information backup, secure software development practices, among others.

We have established information security policies, procedures, and standards, whose objective is to protect and preserve the integrity, confidentiality, and availability of information, regardless of the location's medium or format, its temporary or permanent location or how it is transmitted.

Third parties hired by us are equally obliged to adhere to and comply with the information security policies, manuals, and protocols we apply to all our processes.

All contracts with third parties (contractors, employees, external consultants, temporary collaborators, etc.) that involves the processing of personal information and data include a confidentiality agreement that details your commitments to the protection, care, security, and preservation of the confidentiality, integrity, and privacy of the same.

5. User rights and procedures

By accepting this Privacy Policy, you freely, expressly, and previously declare that you are aware of the rights that the law grants you as the holder of your data, which are set out below:

• Know, update and rectify your data in the face of the entity responsible for the processing or in charge of processing your data.
• Request proof of the authorization granted to the person responsible for the processing except when the holder accepts the processing as a registration requirement.
• Be informed by the person responsible for the processing or the person in charge of the processing, upon request, regarding the use of your data.
• Submit to the Superintendence of Industry and Commerce complaints for violations of the personal data protection regime.
• Revoke the authorization and request the deletion of personal data in the terms of Law 1581 of 2012.
• Access free of charge once a month to your data that has been processed, in terms of current regulations.

The procedures for exercising your rights will be as follows:

(i) Queries

The holders, authorized persons, or successors in title may consult their personal information that resides in our databases, which we will provide them with the requested information after verifying the legitimacy of submitting said request. We will answer the query within a maximum of ten (10) business days from the reception date. When it is not possible to attend to the query within said term, you will be informed of the reasons for the delay, indicating the date on which your query will be attended to, which in no case may exceed five (5) business days following the expiration of the first term.

(ii) Complaints

If the holders, authorized persons, or assigns consider that the information stored in a database should be corrected, updated, or deleted, or when they notice the alleged breach of any of the duties contained in the Regulation, they may file a claim before us, which we will process under the following rules:

• You must address your claim to CAMINOS DE COLOMBIA, with your identification, a description of the facts that give rise to the claim, your address, and accompanying the documents that you want to assert. If the claim is incomplete, we will require you to correct the deficiencies within five (5) days of receipt of the claim. After two (2) months from the date of the request, without you submitting the required information, we will understand that you have abandoned the claim. If we are not competent to resolve your claim, we will notify the appropriate person within a maximum period of two (2) business days and will inform you.
• If appropriate, once we receive the complete claim, a label that says “claim in process” will be included in the database with the reason within no more than two (2) business days. We'll keep the label until the decision of the claim.
• The maximum term to address the claim will be fifteen (15) business days, counted from the day following the date of receipt. If we cannot address the claim within said term, we will inform you of the reasons for the delay and the date on which we will address your claim, which in no case may exceed eight (8) business days following the expiration of the first term.

The holders of personal data can exercise their rights to know, update, rectify, and delete their data by sending their request to the email proteccion@caminosdecolombia.com or by writing to Carrera 43A No. 11A 44 - Medellín, Colombia by this Privacy Policy.

The area for handling requests, queries or claims before which the owner of the information can exercise their rights is:

Area: Administration
Email: proteccion@caminosdecolombia.com
Address: Carrera 43A Nro 11A 44 - Medellín, Colombia
Phone: +57 300 471 1426

6. Modifications and validity of the privacy policy

We may modify the terms and conditions of these privacy and confidentiality policies and email-sending practices at any time. If we decide to make any material changes to our privacy policies, we will notify you on the website and by posting an updated version of the privacy policies. The databases will be valid indefinitely, by the purposes and uses of the information.

This policy was modified and published on our website on January 15, 2024, and it will be in force as of the publication date.