On Vacation Colombia | Política de video vigilancia

Video surveillance policy

Policy Statement

TOUR VACATION HOTELES AZUL SAS with domicile in the city of BOGOTÁ at the address CARRERA 46 No. 94 - 73 Telephone: (601) 310 49 49 who for the purposes of this policy will be called the company and its website. www.onvacation.com which from this moment on will be called the Portal discloses the video surveillance policy and informs that it uses a closed circuit television (hereinafter, "CCTV") in its facilities. The purpose of this policy is to establish the position of Tour Vacation Hoteles Azul S.A.S. regarding the management, operation and use of CCTV in its facilities.

This policy applies to all passengers, guests, customers, clients, employees, contractors, monitored, third parties, users and those who visit Tour Vacation Hoteles Azul S.A.S. facilities and all other persons whose images may be captured by the CCTV system.

This policy takes into account all applicable legislation and guidelines, including:

Political Constitution of Colombia of 1991. Right of Habeas Data.

Law 1581 of October 17, 2012, which establishes general provisions for the protection of personal data.

The Guide on Personal Data Protection in Video Surveillance Systems of the Superintendence of Industry and Commerce.

Purpose of cctv

The capture and/or processing of images to ensure the security of goods and people is the main purpose pursued by video surveillance through CCTV. However, the proliferation of these systems expands the fields of application.

The collection of data taken by our personnel and the video surveillance cameras (content that is stored in specialized recording devices), are intended to leave a record of the entry to the facilities of the establishment in which, in the case of the entry logs, are recorded (name, ID number, HR, name of contact person and telephone number in case of emergency, EPS information, ARL, information of the computer equipment entered, position, area and name of immediate boss and image). This information in the logs is guarded by means of a physical access control, and in the case of security videos, they are protected by a physical access control to the data centers, wiring centers, and communications racks, and in turn, these devices have a user name and password known by the corresponding technology administrators. The images and videos will be stored for no more than fifteen (15) calendar days, and the information from the spreadsheets will be stored for no more than two (2) years, at which time the physical information will be disposed of.

The main ones are listed below:

Use for security purposes of material goods and people to provide a safe and secure environment related to monitoring security situations for passengers, guests, customers, employees, contractors and visitors: This purpose includes image capture for monitoring public safety, road safety, access to private environments, etc.

Use in business environments for labor control purposes, for the supervision of compliance with regulations on safety, health and prevention of occupational hazards; supervision of compliance with company employees' schedules: In this case, the use of cameras is intended to provide information to the employer on the employee's compliance with his labor obligations and duties. This power of verification has its limits and cannot be carried out in a way that infringes on the workers' right to privacy.

For the investigation of incidents related to the protection of minors.

To prevent loss or damage to Tour Vacation Hoteles Azul S.A.S. buildings and/or property.

To assist in the prevention of crime and to collaborate with the National Police, Prosecutor's Office, law enforcement and judicial investigation in the arrest of criminals.

To avoid violence, racism, xenophobia and intolerance in the activities that take place in Tour Vacation Hoteles Azul S.A.S.

Verification of inventory and its transfer, conditions of receipt, condition and dispatch.

Other purposes. The rise of these systems has led to their use in other areas, such as tourism promotion, research, behavioral studies, etc.

Transparency

Signs will be installed to inform people that they are in an area where CCTV is in operation.

Transparent information on the treatment of CCTV in the form of a Privacy Notice will be made available to individuals upon request at all Company receptions, service and information points.

Image processing as personal data

The processing of personal data has been defined as "any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression". In the case of the electronic security activity, specifically, processing is performed on personal data consisting of images and possibly biometric data of determined or determinable persons, with operations such as capture, recording, transmission, storage, preservation or reproduction in real time or later, among others. Such operations are considered as personal data processing, and are subject to the General Regime of Personal Data Protection.

The General Regime for the Protection of Personal Data establishes two figures for the processing of personal data:

The data controller, which is by definition, the natural or legal person who decides on the database and/or the processing of the data. The law has provided him/her with several obligations, in particular, to ensure the protection of the rights of data subjects with respect to the collection, storage, use and disposal of their personal data. In the electronic security activity, such data consists of images and biometric data of the data subjects.

The data processor is a third party, natural or legal person other than the data controller, who processes personal data on behalf of the data controller. In the activity of electronic security, in cases of CCTV video surveillance, when the implementation of the video surveillance system is carried out by a third party, such as private security and surveillance companies that make use, among others, of technological means for the provision of their service, these third parties have the quality of data processor and their client.

Treatment of images of children and adolescents

The processing of images of children and adolescents must respect their prevailing rights and may only be carried out when (i) it responds to and respects their best interests, and (ii) ensures respect for their fundamental rights.

As Responsible for the treatment of images of children and adolescents, there are special rules for their treatment, some of which are:

To have the authorization of the parents or legal representatives of the minors and their acquiescence, taking into account their maturity, autonomy and capacity to understand the matter.

Inform parents or legal representatives about the purpose and the treatment to which the personal data of minors will be submitted, as well as the rights they have.

Limit the collection and other processing of images, according to what is proportionate and appropriate in consideration of the purpose previously informed.

To guarantee the security and confidentiality of minors' personal data.

Restrict access to and circulation of images, as provided by law.

Tour Vacation Hoteles Azul S.A.S., in its capacity as responsible for the processing of images of children and adolescents, will require those responsible to comply with their duties.

Authorization

Tour Vacation Hoteles Azul S.A.S. must request prior, express and informed authorization from the owners of the personal data on which the processing is required, which may be exercised through unequivocal conduct that allows the reasonable conclusion that the authorization was granted, except for the cases defined in Article 10 of Law 1581 of 2012.

Prior authorization means, that consent must be given by the Data Subject, at the latest at the time of collection of the Personal Data.

Express authorization refers to the fact that the consent of the Data Subject must be explicit and specific; open and non-specific authorizations are not valid. The Holder is required to express his/her willingness to authorize Tour Vacaction Hoteles Azul S.AS to process his/her personal data.

This manifestation of will of the Holder may be given through different mechanisms made available by Tour Vacation Hoteles Azul S.A.S., such as:

In writing, for example, by filling out an authorization form.

Orally, for example, in a telephone conversation or videoconference.

Through unequivocal conduct that allows concluding that he granted his authorization, for example, through his entry to the company's facilities that have a video surveillance system and notices informing of its existence.

Regarding authorizations in terms of video surveillance systems, since they can be implemented in places such as commercial establishments, co-ownerships, buildings, hotels, stands, shopping centers, among others, in all cases the Owners of personal data shall be informed that they are in a video surveillance area and obtain their authorization for the treatment of the same. For this purpose, distinctive signs or notices may be used in the video surveillance areas, mainly in the entrance areas to the places that are being watched and monitored and inside them. Even audio announcements can be used. In those cases in which audio recording is made, the Licensees shall also be informed about such situation.

The privacy notices contain the following information:

Information on who is the Data Controller and its contact details

Indication of rights as holders

Indication of where the Video Surveillance Policy and Privacy and Confidentiality of Personal Data - Data Protection Policy are published.

Treatment Owners

Tour Vacation Hoteles Azul S.A.S. processes personal data of categories: public - semi-private and private, with the exception of some sensitive data on the following owners:

Worker

Customers

Drivers

Supplier

Third parties

Prospective customer

Petitioner

Withdrawn customers

Aspiring worker

Former employee

Employee's family member

Aspiring supplier

Inactive suppliers

Visitors

Monitored Customer

Monitored Workers

Shareholders

Board members

Apprentice Sena

Practitioner

Passengers

Guests

Officials of governmental entities

Users

Holder's rights

Your rights as data owner are those provided for in the Constitution and Law 1581 of 2012, especially the following:

Access free of charge to the data provided that have been subject to processing.

Request update and rectification of your information regarding partial, inaccurate, incomplete, incomplete, fractioned, misleading, or those whose treatment is prohibited or has not been authorized.

Request proof of the authorization granted.

To file complaints before the Superintendence of Industry and Commerce (SIC) for violations of the provisions of the regulations in force.

To revoke the authorization and/or request the deletion of the data, unless there is a legal or contractual obligation that makes it imperative to keep the information.

Refrain from answering questions about sensitive data or data of children and adolescents.

Access to images by personal data subjects

The holders of the information are entitled to exercise their right of access to the images processed by video surveillance systems. For the above, the holder who wishes to access the images, must include in his request for consultation, in addition to the requirements mentioned above, the date, time and place, to facilitate the location of the image and limit as much as possible the exposure of images to third parties.

System description

There are two CCTV systems in operation:

Analog System which corresponds to a perimeter system that covers the external perimeter and entrances to the establishments of Tour Vacation Hoteles Azul S.A.S.; this same system monitors the interior in the internal areas of the establishments, hotels, offices in the corridors.

Digital IP system which corresponds to a recording system for the cash registers of the different Tour Vacation Hoteles Azul S.A.S. establishments.

Each system has been installed in a different local area network that cannot be accessed externally (the systems that have external access are those previously authorized by the steering committee of TOUR VACATION HOTELES AZUL S.A.S., in order to monitor these locations for processes or special cases); for access to the recordings internally or externally, it can only be authorized through the Technology Management and/or a person delegated by this management.

Location of cameras

Proportionality shall be taken into account before considering the installation of CCTV, as well as with regard to the number of cameras to be used and their type (analog or IP), whether they are fixed cameras or cyber domes. All CCTV cameras shall be located in such a way that they fulfill the purposes described in section 2 above.

Cameras shall not, to the extent possible, be located in such a way as to record areas that are not intended to be monitored. Tour Vacation Hotels Azul S.A.S. will make every effort to ensure that the external CCTV captures the minimum street area necessary to fulfill the intended purposes.

Cameras shall not be located in areas where people expect to have a high degree of privacy, such as locker rooms, bathrooms or bedrooms.

Management and access

The perimeter CCTV system will be managed by the Administrative and Technology Management Department of Tour Vacation Hoteles Azul S.A.S. in its specialized recording devices as data processors.

The CCTV shall not be connected to an alarm receiving center or an external control center without prior review of the intended configuration, with appropriate access authorizations.

The recorded images stored by the perimeter and internal analog CCTV systems, and digital by IP of the cash registers, will have restricted access and may only be accessed by the technology management and/or head of administration with technology supervision (or persons delegated by them), who will arrange and authorize the reproduction and delivery of the videos that are required by other areas of the company, judicial and administrative orders and the owners of the data.

No other person shall have any right to view or access the CCTV images except as provided in the terms of this policy regarding the disclosure of the images.

The CCTV systems have preventive and, if necessary, corrective maintenance processes and are regularly checked by the technology staff to ensure that they are working effectively.

Image storage and preservation

All images recorded by the CCTV system will be retained for a maximum period of 15 calendar days.

Images will only be retained for longer periods when necessary for an ongoing investigation in compliance with the legal obligations to do so and, in particular, with the obligation to make them available to the competent authority within the legally stipulated period.

In this case, and only with the explicit authorization of the legal representative of Tour Vacation Hoteles Azul S.A.S. and/or the Data Protection Officer, the images will be kept for the duration of the investigation and the judicial process.

Safety measures

Tour Vacation Hoteles Azul S.A.S. will ensure that appropriate security measures are in place to prevent unlawful or accidental disclosure of recorded images. Existing measures include:

The location of CCTV recording systems in restricted access areas.

Encryption or password protection of the CCTV system.

Policies that limit permissions to certain profiles in the company with the ability to make copies (system administrator).

All CCTV equipment is configured with access credentials that limit the risk of unauthorized access to them.

Access points for viewing CCTV images will be located in secure rooms such as the IT department, security posts and the boardroom.

Tour Vacation Hoteles Azul S.A.S. maintains records of requests and all accesses to CCTV images, including the date and time and the person who accessed the images through the ServiceTonic Help Desk Software.

Disclosure of images to interested parties or representatives of minors

Any person whose image is recorded by the CCTV shall be considered a data subject for the purposes of the provisions of the Data Protection Legislation and has the right to request access to such images.

Any person requesting access to their own images will be considered to have made a request for access to their data, in accordance with the provisions of Law 1581 of 2012 General Data Protection Regime. This request must be sent immediately so that it can be handled following the established process to the following e-mail address atencionalcliente@onvacation.com within the maximum retention period set forth in this policy, it should be noted that due to storage capacity, the different establishments of Tour Vacation Hoteles Azul S.A.S. have shorter storage periods than the maximum period set forth.

When such a request is made, the head of administration and technology management (or delegated persons) will review the CCTV recordings, with respect to relevant time periods where appropriate, in accordance with the request.

If the recording only includes the person who has made the request, then this person will be allowed to view the recording, if the recording contains images of minors, the protection of the rights and freedoms of the minor will prevail in all cases. If necessary, disclosure will only be possible if the images can be distorted or if the legal representatives of the minors have given their consent to the disclosure of the images or if they have been requested by a governmental authority.

A log will be maintained through ServiceTonic's Help Desk Software and OSIRIS platform, of all access requests specifying:

When the request was made.

The process followed to determine if the images contained third parties.

Considerations as to whether or not to allow access to such images and, if so, the reasons for doing so.

The persons who have been allowed to view the images and when.

Whether a copy of the images was provided and, if so, to whom, when and in what format.

Procedure for exercising your rights as a data subject

Area in charge of personal data requests, queries and claims.

The Customer Service Area is the area in charge of handling requests, queries and claims from owners to exercise their rights to know, update, rectify and delete their data and revoke their authorization.

The law has defined two ways of exercising the rights; the first one is consultation and the second one is claims.

Inquiries will be answered within a maximum term of ten (10) business days from the receipt thereof.

When it is not possible to answer the consultation within said term, the interested party shall be informed of the reasons, indicating the new date on which the consultation will be resolved, which shall not be more than five (5) working days following the expiration of the first term.

Claims will be dealt with within a maximum term of fifteen (15) working days from the day following the date of receipt of the claim. Tour Vacation Hoteles Azul S.A.S. may extend the term of response in special cases by giving notice to the interested party. This new term shall not exceed eight (8) working days.

Service channels

Tour Vacation Hoteles Azul S.A.S. has an information area designed to ensure due attention to customer requirements, especially inquiries and claims related to data protection, in order to ensure the exercise of the rights contained in the Constitution and the Law.

For this reason, the holders of personal data may submit their queries and claims through the following channels:

The client and/or user has the right at any time to revoke this authorization and/or request the deletion, updating, rectification and disclosure of their authorized data for processing, by contacting the following e-mail address atencionalcliente@onvacation.comYou can also send a physical letter to the address CARRERA 46 No. 94 - 73 in Bogota addressed to the CUSTOMER SERVICE department Tour Vacation Hoteles Azul S.A.S. will respond to the request within the period stipulated by Law 1581 of 2012. When it is not possible to answer the query within that period, it will be notified in a timely manner, stating the reasons for the delay and indicating the date on which it will be answered.

It should be noted that the request for withdrawal or deletion will not proceed when there is a contractual or legal duty to keep it in our database. This is the case with the portfolio pending collection.

All of the above channels have trained personnel for the performance of their functions, as well as the necessary control systems so that any new personal information requested by users is documented and can be subject to verification.

However, it should be noted that Tour Vacation Hoteles Azul S.A.S. will only send personal data in connection with the inquiry or complaint to the following persons:

The owner of the data, their successors in title or their legal representatives, as long as they can prove this quality as mentioned in the definitions section of this document.

To persons authorized by the owner of the data.

To persons authorized by court or legal order.

In the latter case, the Constitutional Court's decision C-748 of 2011 regarding requests for information from public or administrative entities should be taken into account:

The public or administrative entity must justify its request by indicating the link between the need to obtain the data and the fulfillment of its constitutional or legal functions.

Secondly, with the delivery of the information, the public or administrative entity will be informed that it has the duty to comply with the obligations and requirements imposed by law 1581 of 2012, as data controller, or in charge in certain cases.

The receiving administrative entity must comply with all the legal mandates that exist on the subject at the date of receipt of the information, especially the principles of - purpose - legitimate use - restricted circulation - confidentiality and - security.

Following established channels is the way to a prompt response.

The owners of the data will be able to know, update and rectify the personal information contained in the databases of Tour Vacation Hoteles Azul S.A.S.

The ways to exercise the rights of the holders, are established in each of the treatment policies that are immersed in the Integral Program of Data Management, however it is noted that the terms for response will begin to count from Tour Vacation Hoteles Azul S.A.S. has actual knowledge of the request of the holder, if the request was received through the established channels.

Requirements for inquiries and claims of personal data

Regardless of the channel the holder chooses to submit his request, it must be addressed to Tour Vacation Hoteles Azul S.A.S. and contain at least the following items:

Contain the identification of the Holder (name and identification document).

Contain the description of the facts generating the consultation or complaint.

The object of the request.

Specify the Holder's notification address, either physical or electronic (e-mail).

Attach the documents you wish to assert (especially for claims).

In the event that the consultation or claim is submitted in person, the holder must submit the request or claim in writing without any formality other than the requirements set forth in the previous point.

We care about your satisfaction

If the holder considers that the response does not meet his/her needs, he/she has a term of fifteen (15) business days from the receipt thereof to request a reevaluation in those cases in which the response has been unfavorable to his/her interests.

Authorizations to third parties

The holder must deliver to Tour Vacation Hoteles Azul S.A.S. in a physical way or by means of previously registered e-mail the due authorization in which he/she authorizes a third party to consult, update or rectify his/her information. This requirement has the sole purpose of protecting and restricting access to the information to unauthorized third parties.

This authorization shall contain at least the following:

Identification of the authorizing holder

Copy of the owner's citizenship card

Name and identification data of the authorized person.

Time for which you can consult, update or rectify the information (only once, for one year, for the duration of the legal relationship, or until further notice, etc.).

Voluntary and free nature of the authorization.

Disclosure of images to third parties

Tour Vacation Hoteles Azul S.A.S. will only disclose CCTV images to third parties when permitted to do so in accordance with the Data Protection Legislation.

CCTV images will only be disclosed to law enforcement authorities in accordance with the purposes for which the CCTV system exists.

If a request for disclosure of CCTV images is received from an authority in charge of ensuring compliance with the law (Prosecutor's Office, Judicial Police, Investigation Bodies, Judges or Courts), in that case the Legal Representative shall follow the same process indicated above in relation to requests by the interested parties. In these cases, Tour Vacation Hoteles Azul S.A.S. will verify that such requests are made in a motivated manner and that the delivery of the images is proportional to the purpose of the request.

The above information must be recorded in connection with any disclosure.

If a court issues an order for the disclosure of CCTV images, the order must be complied with. However, careful consideration must be given to what exactly the court order requires.

CCTV policy and system review

This policy will be reviewed every year and, in any case, whenever legislative changes make it advisable.

The CCTV system and the privacy impact assessment relating to it will be reviewed annually by the Integrated Data Committee, or sooner if there is a major change in the installation or configuration of the system that makes it appropriate.

Misuse of cctv systems

Misuse of the CCTV system could constitute a criminal offense.

Any Tour Vacation Hoteles Azul S.A.S. employee who fails to comply with this policy may be subject to disciplinary sanctions.

Validity

This video surveillance policy is effective from the day of its publication for ten (10) years until December 31, 2023, a period that will be automatically renewed unless there is a request from the owner of the information to proceed to its deletion. The databases of images and videos will be stored for a maximum period of 5 calendar days, with the exception of the equipment that allows to have a duration longer than this fifteen (15) calendar days, the information of the spreadsheets will be stored for a period no longer than two (2) years, time in which a final disposition will be made to this physical information.

Menu
Menu
Menu
Menu
Tiktok Facebook-f Instagram Twitter Youtube Linkedin-in
Menu

Tour Vacation Hoteles Azul SAS BIC NIT No 900304940-9. RNT No 26847. Warns the user that in development of the provisions of Law 679/01 and 1336/09 the exploitation and sexual abuse of children and adolescents in the country are criminally and administratively punishable, according to the laws in force.
Address for judicial notifications: Carrera 46 # 94-73 Bogotá, Colombia - Comodo Trusted Site Seal Comodo Trusted Site Seal SSL Certificate

WTA 2017
WTA 2018
WTA 2019
WTA 2020
WTA 2021 ADZ
WTA 2021 AMA
WTA 2022
WTA 2023
WTA 2024
Secure Purchasing
PCI
SIC
Scroll to Top