Data Protection

POLICY ON PROTECTION AND TREATMENT OF PERSONAL DATA - PERU

  1. Applicable Regulations

This means: (i) the Political Constitution of Peru, which stipulates that computerized or non-computerized, public or private information services must not provide information that affects the personal and family privacy of individuals, (ii) the Personal Data Protection Law – Law 29733 of 2011, and its regulation approved by Supreme Decree 003-2013-JUS, (iii) the Information Security Directive managed by Personal Data Banks approved by Directive Resolution No. 019-2013-JUS-DGPDP, (iv) the Peruvian Technical Standard NTP-ISO/IEC 27001 2014 on Security Techniques in Information Security Management Systems, (v) Directive No. 01-2020-JUS/DFTAIPD regulating the processing of Personal Data through Video Surveillance Systems, and any other provision that modifies, complements, repeals, or replaces the aforementioned.

  1. Definitions

Personal Data Bank: Means the organized set of Personal Data, whether automated or not, regardless of the medium in which it is found, be it physical, magnetic, digital, optical, or others created, in any form or manner of its creation, formation, storage, organization, and access.

Authorization for the Processing of Personal Data: Means any operation or technical procedure, automated or not, that allows the collection, recording, organization, storage, preservation, processing, modification, extraction, consultation, use, deletion, communication by transfer or dissemination, or any other form of processing Personal Data.

Processing of Personal Data of children and/or adolescents: For the Processing of Personal Data of a minor, the consent of the parents or legal guardians, as applicable, will be required.

  1. Responsible Party (holder) of the Personal Data Bank

GHL Perú S.A.C.

  • RUC: 20513187573
  • Address: Calle Pancho Fierro No. 194, District of San Isidro

Holding Hotelera GHL S.A.S.

  • NIT: 901580112 2
  • Central Office: Calle 72 # 6-30, Bogotá – Colombia
  • Phone: +57 3139333
  1. Responsibilities of the holder of the Personal Data Bank:

4.1. Grant and maintain a sufficient level of protection to the Personal Data contained in the Personal Data Bank under its ownership.

4.2. Determine and comply with the purpose and content of the Personal Data Bank under its ownership.

4.3. Process the Personal Data contained in the Personal Data Bank under its ownership.

4.4. Ensure compliance with the rights of the Holder conferred by Law No. 29733, Personal Data Protection Law.

The Responsible Party (holder) of the Personal Data Bank is responsible for the Processing of Personal Data stored in its Personal Data Bank.

  1. Responsibilities of the Processor of the Personal Data Bank:

The Processor carries out the Processing following the guidelines and using the means designated by the Responsible Party (holder) of the Personal Data Bank. Likewise, the Processor must assist the Responsible Party upon request, to ensure compliance with all obligations regarding the protection of Personal Data.

  1. Types of Personal Data Banks and Purposes of Processing

The Personal Data Banks mentioned above will be registered in the National Registry of Personal Data Protection managed by the National Authority of Personal Data Protection. The Responsible Party (holder) of the Personal Data Bank may determine the registration of other Personal Data Banks.

  1. Transmission of Personal Data and Cross-Border Flow of Personal Data

The transmission of Personal Data is carried out to the Processor of Personal Data, GHL PERÚ S.A.C., as a hotel administration and operation manager. GHL PERÚ S.A.C. is part of the GHL HOTELES group, which operates various hotels in Peru and in several countries worldwide.

As part of a multinational business group operating hotels worldwide, Personal Data may be transferred outside the national territory, including to countries that may not offer an equivalent level of data protection. However, we will ensure that any transfer of Personal Data complies with Applicable Regulations to guarantee the security and protection of information, as provided by Law No. 29733 and applicable provisions.

To facilitate travel, it may be necessary to disclose and process Personal Data for immigration, border control, security and counter-terrorism purposes, or other specific purposes as determined appropriate by government authorities at departure and/or destination points. Some countries require passenger data to be provided in advance to allow travel. In compliance with Applicable Regulations, if legally authorized, we may share the minimum necessary Personal Data with competent authorities.

  1. Detail of Obligations regarding the Processing of Personal Data

GHL recognizes that Personal Data belongs to the individuals concerned and that only they can decide on its use. Accordingly, we will use Personal Data only for those purposes for which we are duly authorized, and always respect Applicable Regulations.

In accordance with Article 28 of Law 29733, we commit to permanently comply with the following obligations:

(i) Carry out the Processing of Personal Data, only with prior informed, express, and unequivocal consent of the data subject, except when authorized by law, with the exceptions set forth in Article 14 of Law 29733.

(ii) Not collect Personal Data by fraudulent, unfair, or unlawful means.

(iii) Collect Personal Data that is updated, necessary, relevant, and appropriate, with respect to specific, explicit, and lawful purposes for which they were obtained.

(iv) Not use the Personal Data subject to Processing for purposes other than those that motivated its collection, unless anonymization or dissociation procedures are followed.

(v) Store Personal Data in a manner that allows the exercise of the rights of its Holder.

(vi) Delete and replace, or if applicable, complete the Personal Data subject to Processing when it is found to be inaccurate or incomplete, without prejudice to the rights of the Holder in this regard.

(vii) Delete the Personal Data subject to Processing when they are no longer necessary or relevant for the purpose for which they were collected, or when the period for their Processing has expired, unless anonymization or dissociation procedures are followed.

(viii) Provide the National Authority of Personal Data Protection with the information regarding the Processing of Personal Data that it requires, and allow access to the Personal Data Banks it manages, for the exercise of its functions, within the framework of an ongoing administrative procedure requested by the affected party.

(ix) Other obligations established in Applicable Regulations.

  1. Validity and Changes

This Annex to the policy on the Processing of Personal Data is approved on May 22, 2024, from which date it becomes applicable.

This Policy may be modified by GHL as required without prior notice, provided such modifications are not substantial. Otherwise, changes will be communicated in advance to the Data Subjects.

La Política de Tratamiento de Datos Personales de GHL ha sido traducida automáticamente desde el español a otros idiomas utilizando CHAT GPT. El texto oficial es la versión en español, disponible AQUÍ

La traducción realizada por inteligencia artificial puede contener inexactitudes, errores o afirmaciones incorrectas. GHL Hoteles no es responsable de las traducciones generadas por inteligencia artificial y, por lo tanto, no garantiza la exactitud ni la fiabilidad de dichas traducciones. La traducción realizada por inteligencia artificial no debe considerarse como exacta, certificada, oficial, autorizada ni respaldada por GHL Hoteles.

GHL Hoteles no se responsabiliza por cualquier pérdida directa o indirecta, daño u otro perjuicio resultante de cualquier inexactitud, error o afirmación incorrecta presente en la traducción generada por inteligencia artificial.

Cualquier discrepancia o diferencia entre la traducción realizada por inteligencia artificial y la versión en español oficial no será vinculante ni tendrá efectos legales para ningún propósito, incluidos, entre otros, el cumplimiento o la aplicación de normas. El titular de los datos personales utilizará la traducción realizada con inteligencia artificial bajo su propio riesgo.

Al usar la traducción generada por inteligencia artificial, el titular de los datos personales comprende y acepta la totalidad de lo aquí establecido. En caso de dudas sobre la exactitud o fiabilidad de la información, se deberá consultar la versión oficial en español en AQUÍ

Cookies Policy, More details can be found in our page Cookies Policy