I. Responsible for the protection of your personal data.Hotelera Malecón S.A. de C.V. hereinafter Royal Sunset with address in Boulevard Kukulcán, kilometer 10 Apple 51, Lote 13-B Zona Hotelera, Zip Code 77500, Cancún Quintana Roo México, is responsible for the collection and use of the personal data required from the customers, visitors and vacational member club, in terms of the rules established by the Mexican Federal Law for Data Protection of Private Individuals (Ley Federal de Protección de Datos Personales en Posesión de los Particulares LFPDPPP) as well in the provisions of the articles 1º, 3º and 5º of the General Data Protection Regulation (EU) 2016/679 (GDPR).
II. Data collected and use of the information requested from our customers.
The personal data and documents collected from our customers at the resort, in our Website, online services or by phone, will be used to start, management and maintenance of ours services and to send discounts, offers and promotions in terms of what is stated in this section.
a) General Data
The general data requested in our forms such as: name, gender, signature, home address, phone number, cell phone number, e-mail, date of birth, job, home city, economic dependents, country, national identity document or passport will be used for the following essential purposes:
i. Provide all our services;
ii. Include the information of our customers in our systems and databases to provide and administrate the services contracted;
iii. Carry out the check-In and Check-out;
iv. To comply with the different laws that regulate our services and activities;
v. To attend complains, doubts and provide information to our customers, related to transportation, reservations or cancellations received by our Call Center;
vi. To confirm, verify, correct and update your personal data;
vii. For the administration of the services all inclusive, European plan and day pass
viii. For the charge of our services and the collection efforts with respect to receivables that are not paid when due;
ix. In order to do the charges on-line of the services and programs paid with credit card;
x. To charge any extra charges or additional fees for extra services contracted by our customers and,
xi. For the proper identification of our guests and customers.
Additionally, this information can be used for the following non-essential purposes:
a) To send our customers offers, discounts, special fees and other benefits;
b) Spa Service
c) Babysitting service
d) To carry out wedding, banquets, and Honeymoon Service
e) Gym Service
f) Restaurant and Bar service
g) Medical attention
h) Transportation services
i) Currency exchange
j) For statistical purposes; and,
k) For promotional and marketing purposes
b) Financial and Patrimonial Assets Data
The financial and patrimonial data collected such as credit card number, bank account, monthly income and additional incomes, will be used to purchase our wedding services and events, to purchase our vacation packages, to make reservations, to administrate our European plan analyze the financial profile of our guests and customers in order to grant them access to promotions and programs based on their economic characteristics. Furthermore, additional financial data and information related to the patrimonial assets of the clients may be required in compliance of Mexican Federal Law to prevent money laundering (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita LFPIORPI).
According to Mexican Privacy Law, is required to obtain express consent of guests and customers in order to use and process their financial and patrimonial assets data for the different purposes and uses described above. Therefore, in compliance with the law, we will request your express authorization in written at the moment of the data collection.
c) Sensitive Data
The sensitive data collected such as health condition (allergies, disease, asthma, injuries, any illness) in our health questionnaire, babysitting service and medical care, will be used to value your health condition in order to purchase and carry out our services such as spa services, babysitting services and medical care.
According to the LFPDPPP article 9º and the provisions contained in article 9 (2.a) of the GDPR is required to obtain express consent of guests and customers in order to use and process their sensitive data for the different purposes and uses described above. Therefore, in compliance with the laws, we will request your express authorization in written at the moment of the data collection.
III. Data transfer.
The personal data collected by Royal Sunset can be transfer to companies that help to provide some of the services requested by our customers. These data transfer is necessary to comply with the contract and therefore express consent is not necessary for these transferences.
Out of these cases and unless one of the provisions stated in article 37 of the LFPDPPP and in the provision contained in article 49 of the GDPR are met, the data provided by our guests, customers or vacation members club, will not be transferred under any circumstances to third parties.
IV. Use of images.
Events: In order to document and communicate information about the activities and events held throughout the year in the resort, as well as news Royal Sunset can use, print, reproduce and publish the images of our guests, visitors, vacation members club and customers and their friends or family that attend our activities in print or electronic media, newsletters, publications, photographic memories, in all its forms and expressions, performances, editions, phonograms, video and emissions for the purposes indicated. These images will not be commercially exploited by Royal Sunset.
The information that we collect from our guests, vacation members club, and customers may be used for advertising, marketing and/or market research, according to the relationship existing between them and Royal Sunset. When Royal Sunset pretends to use the images for these purposes, the company will request your express authorization in written before its use.
V. Restrictions on the use or disclosure of personal data.
In Accordance to the articles 16 section III of the LFPDPPP and article 18 of the GDPR, If our customers do not wish to receive communications or advertising by Royal Sunset at any time they can: Subscribe their data in the “do not call list” (REPEP for its acronym in Spanish), administrated by the Bureau of Consumer Protection (PROFECO). For more information visit http://rpc.profeco.gob.mx/; or, send an email to the address email@example.com requesting stop being contacted for these purposes.
VI. Rights of access, rectification, cancellation and opposition, and withdrawal of consent.
As stated in the Federal Personal Data Protection Law and in the General Data Protection Regulation, customers may request the access, rectification, cancellation, oppose to the use of their personal data provided to the responsible, or revoke their consent. Their request will be answered by our Privacy Officer, through this email address: firstname.lastname@example.org
To exercise these rights of access, rectification, cancellation, opposition, and to revoke the consent, the following procedure must be followed:
1) Send an email to the address email@example.com with your full name, your legal or commercial relationship with Royal Sunset, (for example guest or customer), and if you want to exercise your right of access, rectification, cancellation, opposition or revoke your consent.
2) Fill the application form that our Privacy Officer will send you, identifying the data on which you request the access, rectification, cancellation, opposition or the revoke of your consent, providing a copy of any of the identifications mentioned in the form in order to prove that you are the owner of the data or its legal representative.
3) After filling this form you must sent it to the e-mail address indicated in the previous paragraph, attaching all the documents that are relevant to answer your request. For “rectification” applications it will be necessary to specify the changes to be done, including the documentation that supports your request.
4) Once your request is received we will send you a notice with the file number and date of receipt. If your applicarion does not fulfill the legal requirements we will contact you within five business days of the receipt date informing you this situation. You will have ten business day to provide the information or documents required, otherwise your application will be considered as not submitted.
5) If your application was sent on a saturday, sunday or non-working day, it will be received the following working day.
6) Your request will be answered via e-mail in a period of twenty working days from the date of receipt. This period may be extended for twenty additional days for proper reasons, this situation will be notified to you in terms of the provisions of Article 97 of the LFPDPPP Regulations.
7) If your application is accepted we will give you access, rectify or cancel you data, register your opposition to the use of your information or revoke your consent within the fifteen business days from the date on which we answer your request.
8) This period may be extended for fifteen additional days for proper reasons, this situation will be notified to you in terms of the provisions of Article 97 of the LFPDPPP Regulations.
9) When your application is accepted, in terms of Articles 32, 33, 34 and 35 of the LFPDPPP we will sent your data without any charge through your email address, in case you request or need another form of delivery you will have to pay for the cost of shipment and/or the cost of reproduction of copies or other formats.
VII. Online data management.
This section describes the use of your personal data in the following website:
When you access the website of Royal Sunset, we register your Internet address (this address usually is temporary and is assigned by your Internet service provider when you log in), the type of operating system and browser you use. In addition, we can trace the pages of the site that you are visiting. The information we collect is used to improve the users experience of our website, the whole process is done without any knowledge of your name or any other information that will allow us to identify you. While visiting the website of Royal Sunset, unless you decide to identify with us, your navigation is anonymous.
Royal Sunset, does not require that you provide personal data to use our website, unless necessary. Some applications may require you to disclose any personal information, our contact forms may require your email address to register and answer your comments, requests, questions or suggestions, and contact you if necessary. In these forms we will not require your name, financial, patrimonial and/or sensitive data, any disclosure of this information is your responsibility, regardless the above, if you voluntarily provide any of this information Royal Sunset assures it will be used with strict confidentiality.
Cookies: A cookie is information that an Internet portal sends to your computer, which is stored on your hard drive. The next time you visit our site, we may use the information stored in the cookie to facilitate the use of our website. A cookie does not allow us to know your personal identity unless you explicitly choose to provide it. Most cookies expire after a period of time or can be deleted by you at any time. Also you can configure your browser to notify you when you receive a cookie so you can accept or reject it.
The data and information posted by the users of our social network, is published on their own account and is subjected to the terms and conditions established by the social network provider. Royal Sunset will use this information to answer the requests and questions asked by the users and to contact them in case they request so.
The contact data of the users that request information about travel packages, tours and other services will be shared with our Customer Service Center to give them a personalized attention by e-mail or phone. The information provided by those users who decide to participate in our contests will be use to contact them in case they win and their image may be published.
In Accordance with the article 20 of the GDPR, you have the right to transfer your personal data to another supplier or controller without hindrance from the controller to which the personal data have been provided as long as the legal processing oy your data has been carried out by automated means. Royal Sunset ensures the most strict confidentiality and security to carry out the data transfer.
VIII. Complaints regarding the use of your personal data
If you believe that your rights regarding the protection of your personal data have been violated by any conduct, act or omission regarding the attention of your requests or in the use of your personal data, you can submit a complaint with the National Institute for Access to Information and Data Protection (INAI), for more information visit www.inai.org.mx
IX. More Information – Privacy Office.
If you have any questions regarding the content, interpretation or scope of this Privacy Notice, or need more information regarding the use of your personal data, please contact us through our Privacy Officer, at the following email address: firstname.lastname@example.org donde será atendido.
This Privacy Notice is effective from January 1º of 2012 and may be modified on a discretionary basis by Royal Sunset, in terms of the GDPR and LFPDPPP and its regulations, any amendment will be communicated by posting the new Privacy Notice in of our website listed in the VII section of this Privacy Note, and in the Resort Lobby.
Last Update: December 1, 2018.