PRIVACY POLICY

For CAMINOS DE COLOMBIA PROMOTORA SAS. (hereafter CAMINOS DE COLOMBIA) is very important to protect the information of our clients and visitors. This document contains our general policy concerning the treatment of information and personal data, and it is intended to communicate the type of information we collect and its purposes, how we use it, when we share it and how we protect it, as well as the rights that protect the information holders and the procedures to exercise them

The holders of the personal data accept the treatment of their personal data according to this privacy policy and authorize us for its treatment according to this policy when they provide their information through different means or visit our website

1. Who we are

CAMINOS DE COLOMBIA PROMOTORA SAS is a company legally incorporated in the Chamber of Commerce of Medellin, responsible for the treatment of personal data collected through transactions made on the website CAMINOSDECOLOMBIA.CO, BODASENSANTAFE.COM and other means. Our contact information is:

Email: proteccion@caminosdecolombia.com
Address: Carrera 43A Nro 11A 44 - Medellin, Colombia
Phone: +574 444 0322

2. Information and personal data that we collect

The USER, to be able to hire the different services offered by CAMINOS DE COLOMBIA, such as tourist services, special services in event logistics, shall provide some personal data as USER. For this procedure is necessary to collect and store personal information in our database

The personal data we collect is the following, among others:

• Name and last name
• ID number (ID, Passport number, foreign identity card, etc.)
• Contact information (Home number, cellphone number, address, email, Skype address, etc.)
• Relevant information to obtain the trip or other services, including name of companion(s), contact information in case of emergency or any other eventuality, seat preference, special meals or special medical requirements.
• Information that is required by sales representatives to meet requests or complains.

In some cases it is necessary to collect sensitive information. The holders are not obligated, at any time, to authorize the treatment of sensitive information, and therefore the provision of our services is not subject to the delivery of this sensitive information.

All databases of CAMINOS DE COLOMBIA are store in a Data Center in the United States only for storage, safety and control purposes CAMINOS DE COLOMBIA only uses the information of the clients to transmit it to suppliers of services acquired by the User and not to share it or to commercialize it to a third party that is not related to these services.

The information that is provided shall be permanently stored, unless the USER expresses the contrary, to allow the compliance of legal and/or contractual obligations in accounting, contractual, taxation and tax subjects; or to comply with regulations to administrative, accounting, taxation, juridical and historical of the information.

We assume the veracity of the information provided and we do not verify it, nor assume the obligation to verify the veracity, validity, sufficiency or authenticity of the data provided. Therefore, we do not assume liability whatsoever for damage of any nature that arise from lack of veracity, validity, sufficiency or authenticity of the information, including damage caused by homonymous names or identity theft. If you provide personal information of a person different than you, as your spouse or a colleague, we understand that you have the authorization from that person to provide his information.

When subscribing or searching on our websites, our clients, users and/or website visitors specifically express they know and accept these policies, and give consent for the treatment of their information.

3. Purpose of the treatment

If you provide personal data, you are authorizing us to use that information for the agreed purpose in accordance with the anticipated in this Privacy Policy, and we shall not transfer or disclose that information out of our database unless (i) you authorize us to do it (ii) it is necessary for allowing our contractors, suppliers or agents to provide the services we shall entrust, (iii) we, or a third party, use it to provide our products or services, (iv) it is delivered to organizations that provide marketing services on our behalf or other organizations which have agreements with us for joint market, (v) it is related to a merger, consolidation, acquisition, disinvestment or any other reorganization process, (vi) we implement a contract of personal data transmission in accordance with the Decree 1377, 2013, or (vii) it is required or permitted by the law or for the purposes developed in the current privacy policy.

In agreeing with this Privacy Policy, the holders of the collected data authorize that we treat the data, fully or partly, including the collection, storage, recording, use, circulation, processing, elimination, transmission and/or transfer to third countries of the data provided, for the execution of the activities related to services and products acquired, such as to process, confirm, accomplish and provide the services and/or products acquired, directly and/or through a third party that provides products or services (booking, airlines, hotels, call centers, etc.), as well as to promote and advertise our activities, products and services, to conduct transactions, to make reports to different control and surveillance national or international administrative authorities, police or judicial authorities, financial institutions and/or insurance companies, for internal and/or commercial administrative purposes like market research, audit, accounting reports, statistical analysis, booking, modifications, cancellations and itinerary changes, refunds, requests, complaints and claims, airline tickets and other products and services billing, compensation and indemnification payments, accounting records, mail, processing and verification of credit and debit cards and other payment instruments, identification of fraudsters and money laundering prevention and other illicit activities and any other purpose indicated in this document, among others.

In respect of our activity, we are obligated to provide a series of data of the passengers to the aviation, immigration and customs authorities and any other governmental organizations that regulate them or organizations of national and international security, before the departure or arrival of flights in each destination country or at any time after executed the transportation contract. As a general principle, the information refers to identity information of the passengers and the information in their identity documents (passport, visa) or to the transported merchandise.

In addition, our travelers, clients and users, as holders of the collected data, agreeing to this privacy policy, authorize us to:

• Use the information collected for marketing of our products and services, and products and services of third parties we have businesses relationships with.
• Share the personal data with commercial representatives, tour operators, airlines, hotels, among others, as appropriate for booking travel plans or services like car rental or hotel room reservations.
• Provide personal data to control and surveillance police and judicial authorities, according to legal requirements or regulations and/or to use that information and personal data in defense of their rights and/or assets if that defense is related to the products and/or services obtained by their clients and users.
• Allow access to the information and personal data to the auditors or third parties hired to conduct internal or external audit of the commercial activity we perform.
• Check and update personal data, at any time, to keep that information updated.
• Hire with a third party the storage and/or processing of the information and personal data for the appropriate execution of the agreed contracts, under the safety and confidentiality standards we are committed to.
• Transfer and transmit personal data to countries different than those where the information is collected, for we shall to protect the data according to the security and confidentiality standards established in this document.
• Receive communications via email with advertisement and commercial news from CAMINOS DE COLOMBIA and the products or services the company commercializes or advertises.

CAMINOS DE COLOMBIA makes available for the USER the contact information mentioned in the previous paragraph to revoke his consent.

Children and adolescents under the age of 18 years old can be users of our products and services, as long as they act through or are duly authorized by their parents or their legal representatives, complying with the article 16 in Law 679 of August 3rd 2001, to protect minors against prostitution and sexual abuse. We shall care for the proper use of personal data of children and adolescents under the age of 18 years olds, to guarantee that in the treatment of their information their rights are respected, and as possible, taking into account their opinion as holders of their personal data.

The acceptance of this Privacy Policy by the holders of the personal data, authorizes CAMINOS DE COLOMBIA to send by different means (including email, SMS or text messages, etc.) products and services information, and offers of products and services that may be of their interest.

4. Security and confidentiality

The delivery and reference of data executed by the USER through the websites CAMINOSDECOLOMBIA.CO, BODASENSANTAFE.COM or the information that is collected by CAMINOS DE COLOMBIA is protected by the most up-to-date electronic security techniques on the web. Additionally, the information provided and stored in our database is protected by security systems that prevent access by third parties that are not authorized for it CAMINOS DE COLOMBIA makes a special effort to have the most up-to-date procedures for the efficacy of security systems. We support our company in security technological tools and implement security practices that are recognized in the industry, which include: transmission and storage of sensitive information through safe means like: encrypted system, use of safe protocols; assurance of technological components, access to information only by authorized personnel, information backup, safe software developing practices, among others.

We have information security policies, procedures and standards to protect and maintain the integrity, confidentiality and availability of the information, regardless the mean or format where the information is stored, its location (permanent or temporal) or the way in which the information is transmitted.

The third parties that work with us are equally committed to follow and to comply the policy and regulation of security of the information, as well as the security protocols we comply in all our processes.

Any contract with a third party (contractors, employees, external consultants, temporary workers, etc.), that involves treatment of the information and personal data, includes a confidentiality agreement with a commitment to protect, care, ensure and preserve the confidentiality, integrity and privacy of that information.

5. Rights of Users and procedures

With the acceptance of this Privacy Policy, you express openly and previously that you were informed about the rights that the law gives you as a holder of your personal data and that are as following:

• To know, update and correct your personal information with the entity that is responsible of the treatment of the information or in charge of your personal data.
• To request authorization evidence granted to the responsible of the treatment unless is expressly described as a requirement for the treatment of the information.
• To be informed by the responsible of the treatment, by previous request about the use of your personal data.
• To present to the Industry and Commerce Superintendence any complaints for violations to the regulation of personal data protection.
• To revoke the authorization and/or to request the elimination of personal data in accordance with Law 1581, 2012.
• To have free access, for at least once a month, to the personal data that was treated according to the valid regulations.

The procedures for the exercise of your rights are as follows:

(i) Inquiries

Holders, authorized personnel or successors can inquire their personal information storage in our database, and we shall provide the requested information, previous verification of the authentication to request the information. The enquiry shall be attended in ten (10) business days of the receipt of the request. If it is not possible to attend the request within such period, the user shall be informed of the reasons for the delay, informing the date when his request shall be attended and that cannot exceed five (5) business days after the due date of the first period of time.

(ii) Complaints

If the holders, authorized personnel or successors consider that the information in our database must be corrected, updated or eliminated, or in the case they find noncompliance of any of the rights in the regulation, they can file a complaint, which shall be processed under the following regulations:

• The complaint must be filed to CAMINOS DE COLOMBIA, with the identification number, description of the facts which give rise to the complaint, address, and the documents that support the complaint. If the complaint is not complete, the user shall be notified within five (5) days at the receipt of the complaint to complete the missing information or documents. After two (2) months from the requirement date, without completing the missing information, we shall understand that the user has desisted from the complaint. In the case that we are not competent to solve the complaint, it shall be transferred within a period of two (2) business days to the appropriate stage of proceedings which shall inform the user opportunely.
• If it is applicable, the complete complaint shall be included in our database a label of “complaint in process” and the description of it, within a period of two (2) business days. The label shall be kept until the complaint is processed.
• The maximum term to process and answer the complaint shall be fifteen (15) business days from the following day of its receipt. If it is not possible to attend the complaint within that term, the user shall be informed of the reasons for the delay and the date when the complaint shall be attended, which cannot exceed eight (8) business days after the due date of the first term.

The holders of personal data can exercise their rights to know, updated, correct and eliminate their personal data sending a request to the email proteccion@caminosdecolombia.com or in writing to Carrera 43A Nro 11A 44 - Medellin, Colombia in accordance with this Privacy Policy.

The information holder can contact the attention department for requests, inquires or complaints:

Área: Management
Email: proteccion@caminosdecolombia.com
Address: Carrera 43A Nro 11A 44 - Medellin, Colombia
Phone: +574 444 0322

6. Modifications and validity of the privacy policy

We are allowed to modify at any time the terms and conditions of these privacy and confidentiality policies and/or the email sending practices. If we decide to modify our privacy policies, these modifications will be informed through our website and we will publish an up-to-date privacy policy version. The databases will have indefinite validity in accordance with the purposes and use of the information.

This privacy policy was modified and published on our website on October 21th, 2020 and takes effect from the publishing date.

Click aquí para Versión en Español