Security and Privacy
Grupo Posadas, S.A.B. de CV and its affiliates and / or subsidiaries (hereinafter referred to collectively as Posadas), headquartered at Paseo de la Reforma 155, Fourth Floor, Col. Lomas de Chapultepec, Miguel Hidalgo, CP 11000, Mexico City, Mexico, is committed to protecting your privacy. Posadas’ Department of Personal Data oversees all identity, privacy and data protection and is located at the same headquarters address. You may contact the department directly at email@example.com.
B. Personal Data
Personal data obtained by Posadas through these means includes:
1. Identify Data: your names and family name, address, home phone number, mobile and / or work phone number, marital status, signature, email, gender, age, date of birth, username and password.
2. Financial Data: cardholder name, credit card number and expiration date (for online transactions).
3. Billing Data: name or business name, tax registration number and tax domicile
4. Preference Data: details relating to your room, service and travel preferences.
C. Sensitive Personal Data
Personal data is classified as sensitive when it involves an individual’s most closely held details or when its misuse may potentially lead to discrimination or pose a risk of discrimination. Specifically, Posadas considers information that might disclose potentially sensitive issues such racial or ethnic origin; present and future health status; genetic information; religious, philosophical and moral beliefs; union membership; political affiliations; and sexual preferences. When you stay in one of our hotels, and you provide any information concerning your health or any disabilities, this data will only be used to serve you better and to meet your specific needs.
D. Use and Purpose of Personal Data
Events when personal data is legally required in order for Posadas to provide a service:
1. Posadas uses the personal information provided by you in order to perform or deliver the services you requested, or they are part of a program for which you registered. These events include making reservations, buying vacation packages, becoming a vacation club member, becoming a member of Posadas loyalty programs, attending events or social gatherings, or purchasing goods and / or tour and travel-related services.
2. Posadas may use the personal data you provide to better serve you and, where appropriate, identify your preferences during your stay, in order to make it more enjoyable.
Events when personal data is not required for Posadas to provide a service:
3. Posadas may also use your information to offer you promotions, tourism and consumer products, special services, newsletters, surveys, giveaways and online contests.
E. Limitations on the Use or Disclosure of Personal Data
At any time you may request that your personal information not be used for purposes other than those purposes that are legally required for Posadas to provide you with a service. You must submit this request in writing to Posadas’ Department of Personal Data at the following address: Paseo de la Reforma 155, Fourth Floor, Col. Lomas de Chapultepec, Miguel Hidalgo, CP 11000, Mexico City, Mexico or email it to firstname.lastname@example.org. Written requests will be processed between 9am and 2pm Monday through Friday.
Any such requests must include at least the following items: (i) Name of the owner of the personal data; (ii) An email address where a confirmation notice may be sent; (iii) Documents proving your identity or demonstrating your legal representation for the owner; (iv) A clear and concise description of the personal data in question and the requested action; (v) Any other item or document that will facilitate the request or the locating of your personal data. If the request is missing any of these requirements, the Department of Personal Data may respond within 5 days of your request and ask that you provide the required information or documents. In this event, you will have 10 days to submit the needed information or documents. If you do not respond with the missing items in that timeframe, no further action will be taken and no changes will be made to your personal data or their usage.
After Posadas receives a request with all required items included, it will make a determination and respond within 20 days. When Posadas confirms that a requested change will be made to the use of personal data, that change will become effective 15 days after Posadas emails a confirmation that the change will occur. In order to protect your privacy, Posadas will send its response to the email address you included in the request and will have all details available to you during the designated business hours and at the address listed above.
F. Exercising Rights of Access, Rectification, Cancellation and Opposition
You are able to exercise your rights of access, rectification, cancellation or opposition to the information you provided to Posadas, as stated in Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties. You may do so by delivering the request to Posadas, following the steps outlined in subsection E above. Posadas will respond as outlined above.
G. Control and Security of Personal Data
Posadas agrees to take necessary precautions to protect the data it has collected, utilizing security technologies and procedures to restrict access, use, or disclosure of personal data without consent. For example, the personal data you provide will be stored on computer servers in secure data centers with restricted access. For online transactions, Posadas also uses security technologies to protect data that is transmitted electronically, such as the use of a secure server on the Secure Socket Layer (SSL).
However, no security system or data transmission devices over which Posadas does not retain absolute control or is dependent on the Internet can be guaranteed to be totally secure.
H. Electronic Media and Cookies
In the event that you visit any of our websites, cookies will be generated and stored on your computer in order to provide you with a better experience. Cookies are small pieces of information that are transferred to your browsers by websites.
Last updated: April 2, 2013