I. Responsible for the protection of your personal data.
Hotelera Malecón S.A. de C.V. hereinafter Sunset Royal, with address in Boulevard Kukulkan, kilometer 10, MZ 51, Lot 13-B, Hotel Zone, Zip Code 77500, Cancun, Quintana Roo, Mexico, is responsible for the collection and use of the personal data required from customers, visitors and members of the vacation club, in terms of the rules established by article 3, section XIV of the Mexican Federal Law for Data Protection of Private Individuals (Ley Federal de Protección de Datos Personales en Posesión de los Particulares LFPDPPP) as well in the rules established by articles 1º, 3º and 5º of the General Data Protection Regulation (EU) 2016/679 (GDPR).
II. Data collected, and use of the information requested from our customers.
We inform you that the personal data collected through our formats, by telephone or by electronic means (online) and through our website will be used to provide our services and to send to our customers, visitors, and members of the vacation club: discounts, offers and promotions. The rules for the personal information management are described in the following section
a) General Data
The general personal data collected through our formats such as: name, gender, signature, home address, phone number, cell phone number, e-mail, date of birth, job, home city, number of children, economic dependents, country, national identity document or passport will be used for the following essential purposes:
i.Provide and administrate the services contracted by our customers.
ii.Register their information in our systems and databases.
iii.Check-In and Check-out process.
iv.Comply with the laws that govern our activities.
v.Customer service, including providing information of our services, transportation, reservations, doubts, complaints, and cancellations received through our Call Center.
vi.To confirm, verify, correct, and update their personal data.
vii.To administrate the reservations requested by our customers (all inclusive, European plan and day pass).
viii.To register the reservations requested by our clients.
ix.To charge for our services and for the collection efforts with respect to receivables that are not paid when due.
x.To charge for services and programs paid electronically with a credit card.
xi.To charge any additional expenses or fees for extra services contracted.
xii To properly identify our associates, guests, and customers.
Additionally, this information can be used for the following secondary (non-essential) purposes:
a)To send to our customers offers, discounts, special fees, and other benefits.
b)For our wedding, banquets, and Honeymoon services.
c)For Sunset Spa Services.
d)For our gym services.
e)For medical attention if it is required.
f)For our restaurant and bar services.
g)For currency exchange.
h)For transportation services.
i)For statistics of our services.
j)For promotional and marketing purposes.
b) Financial and Patrimonial Assets Data
The financial and patrimonial data collected such as credit card number, card security code, card expiration date, bank account, will be used to purchase our vacation packages, to purchase our wedding services, make reservations, to administrate our European Plan and analyze the financial profile of our guests and customers to grant them access to promotions and programs based on their economic characteristics. Furthermore, additional financial data and information related to the patrimonial assets of the clients may be required in compliance of Mexican federal law to prevent money laundering (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita LFPIORPI). According to Mexican Privacy Law, is required to obtain express consent of guests and customers in order to use and process their financial and patrimonial assets data for the different purposes and uses described above. Therefore, in compliance with the law, we will request your express authorization in written at the moment of the data collection.
c) Sensitive Data
The sensitive data collected in our health questionnaire such as health conditions (allergies, hearth diseases, blood pressure, diabetes, cancer, epilepsy, dermatologic problems), will be used to evaluate your health to determine that you have the physical conditions required for the services offered by the SPA, and for medical attention if it’s required in case of emergency during our services.
According to Mexican Privacy Law (LFPDPPP) article 9º and the provisions established by article 9 (2.a) of the GDPR is required to obtain express consent of guests and customers to collect and process their sensitive personal data for the different purposes and uses described above. Therefore, in compliance with these regulations, we will request your express authorization in written at the moment of the data collection.
III. Data transfer.
The personal data collected by Sunset Royal can be transfer to companies that help it to provide some of the services requested by its customers, associates, and visitors. These data transfer is necessary to comply with the services contracted by the clients and therefore express consent is not necessary for these transferences according to article 37, section VII of the Mexican Privacy Law and article 44 of the GDPR.
Except for the cases indicated above, and unless the conditions set by articles 37 of the LFPDPPP and 49 of the GDPR are being materialized, the data provided by our customers will not be transferred under any other circumstances.
IV. Use of images.
In order to document and journalistically communicate information about the activities and events held throughout the year in the resort, as well as news Sunset Royal can use, print, reproduce and publish the images of our guests, visitors, members of the vacation club and customers and their friends or family that attend to our events and activities: in print or electronic media (website, social networks, blogs, Apps), newsletters, publications, photographic memories, in all its forms and expressions, performances, editions, phonograms, video and emissions for the purposes stated above.
The images collected form guests, members of the vacation club, and customers may be used for advertising, marketing and/or market research. When Sunset Royal intends to use the images for these purposes, the resort will request their express authorization in written before its use.
V. Restrictions on the use or disclosure of personal data.
In Accordance to the articles 16 section III of the LFPDPPP and 18 of the GDPR, those who wish to limit the use and disclosure of their personal data, or who no longer wish to receive communications regarding the non-essential (secondary) purposes detailed in this privacy notice, must send an email to the adress: email@example.com requesting stop being contacted for these purposes.
VI. Rights of access, rectification, cancellation and opposition, and withdrawal of consent.
As stated in the LFPDPPP as of January 6, 2012, as well as in articles 15, 16, 17, 18 of the GDPR, the owners of personal data collected by Sunset Royal may request: access, correction, cancellation (should this be legally appropriate) and opposition of the use of their personal data, as well as to withdraw their consent. To exercise these rights, they must follow this procedure:
1) Send an application by email to our Privacy Office at firstname.lastname@example.org stating the right they want to exercise: access, rectification, cancellation and/or opposition, which must indicate their full name, the legal or commercial relationship with Sunset Royal, the type of right they wish to exercise, accurately identifying the data for which they request access, correction, cancellation or opposition, or those for which they decide to withdraw their consent, attaching any of the official identification documents (valid passport, identification or current immigration document), in order to prove their identity
2)In the case of personal data whose owners are underage or people that cannot legally give consent by themselves, this request must be made by the person who legally represents their rights, either through the accreditation of parental rights; or through his/her legally appointed guardian or tutor.
3)Data owners must send their application for the exercise of the rights and may attach all the documents that are relevant to their request. For correction applications, it will be necessary to precisely specify the changes requested, including the documentation that supports their claim.
4) Applications for the exercise of these rights must be submitted during working hours and on business days in accordance with the Federal Law of Administrative Procedure
5)The request must be sent to the email address mentioned in numeral 1 and an acknowledgment of receipt will be sent with the corresponding date of receipt. Should the application not fulfill the legal requirements, we will contact the data holder within five (5) business days to ask to amend the application for up to ten (10) business days. Otherwise, the application will be considered as not submitted.
6)If the request has been sent on Friday or on a non-business day, it may be received on the following business day after it was sent.
7)The request will be answered via email within a period of twenty (20) business days from the date of receipt. This period may be extended for twenty (20) additional business days when there are adequate reasons, and this situation will be notified to the data holder under the terms of the provisions of Article 97 of the LFPDPPP Regulations.
8)If the request is made in accordance with the LFPDPPP and other current regulations, access will be granted, the data will be corrected or canceled, the right of opposition will be effective or the consent will be revoked, within fifteen (15) business days following the date on which the request was answered. This period may be extended for fifteen (15) additional days for adequate reasons, and this situation will be notified to the data holder under the terms of the provisions of Article 97 of the RLFPDPPP.
9)In all cases where the request is appropriate, in accordance with the terms of articles 32, 33, 34 and 35 of the LFPDPPP, the data will be sent free of charge through the data holder’s email address for said purpose. In case the information should be required to be sent through another form of delivery, payment must be made for the cost of shipping and/or the cost of reproduction of copies or other formats that may be incurred.
VII. Online data management.
This section describes the use of your personal data in the following website:
When you access to Sunset Royal website, we register your IP address (which is usually temporary and is assigned by your internet service provider when you log in), as well as the type of operating system and browser you use. In addition, we can trace the pages of the site you are visiting. The information we collect is used to improve our website’s user experience, and the whole process takes place without any knowledge of your name or any other information that will allow us to identify you. While visiting Sunset Royal website, your navigation is anonymous unless you decide to identify yourself.
Sunset Royal does not require that you provide personal data to use the website unless it’s necessary. Some applications may require you to disclose any personal information, our contact forms may require your email address to register and answer your comments, requests, questions, or suggestions, and contact you if necessary. In these forms, we will not require your financial or property data, and/or sensitive data. Any disclosure of this information is your responsibility. Regardless of the above, if you voluntarily provide any of this information, Sunset Royal assures it will be used with strict confidentiality.
Cookies: A cookie is information that an internet portal sends to your computer and is stored on your hard drive. The next time you visit the website, we may use the information stored in the cookie to facilitate the use of our internet portal (for example, passwords). A cookie does not allow us to know your personal identity unless you explicitly choose to provide it. Most cookies expire after a short period of time or can be deleted by you at any time. Also, you can configure your browser to notify you when you receive a cookie so you can accept or reject it.
The personal data and information sent by inbox or posted by the users of our social networks profiles is published on their own account and is subjected to the terms and conditions established by the social network provider. Sunset Royal will use this information to answer the requests and questions asked by the users and to contact them in case they request it and for statistical purposes.
The contact data of the users that request information about travel packages, tours and other services will be shared with our Customer Service Center to give them a personalized attention by email or phone. The information provided by those users who decide to participate in our contests will be used to contact them in case they win, and their image may be published.
In Accordance with article 20 of the GDPR, you have the right to transfer your personal data to another supplier or controller without hindrance from the controller to which the personal data have been provided if the legal processing of your data has been carried out by automated means. Sunset Royal ensures the strictest confidentiality and security to carry out the data transfer.
VIII. Complaints regarding the use of your personal data
If you believe that your rights regarding the protection of your personal data have been breached by any conduct, act, or omission regarding the attention of your requests or in the use of your personal data, you can submit a complaint with the National Institute for Access to Information and Data Protection (INAI). For more information you can visit the website: www.inai.org.mx.
IX. More Information – Privacy Office.
If you have any questions regarding the content, interpretation, or scope of this Privacy Notice, or if you need more information regarding the use of your personal data, please contact us through our Privacy Office at the following email address: email@example.com
This Privacy Notice will be in force since January 1º, of 2012 and may be updated by Sunset Royal, in terms of the GDPR and LFPDPPP and its regulations, by publishing a new version in our website.
Last Update: January 1st, 2023