Comprehensive Privacy Notice
1. IDENTITY AND DOMICILE OF RESPONSIBLE PERSON
This privacy notice governs treatment of personal data by HOLIDAY CLUB MANAGEMENT COMPANY DE MEXICO, S.A. DE C.V. dba and hereinafter “ROYAL HOLIDAY”, domiciled at Insurgentes Sur 1999, colonia Guadalupe Inn, Delegacion Alvaro Obregon, in Mexico City, Federal District, C.P. 01020, as Responsible Person, who will perform treatment to personal data concerning you, the owner of your personal data, in order to protect your privacy and right to information self-determination, as foreseen under the Federal Law of Protection of Personal Data in Possession of Private Persons (Federal Law of Protection of Personal Data in Possession of Private Persons, hereinafter LFPDPPP), its Regulations and Privacy Notice Guidelines issued by the Department of Economy (hereinafter, Ordinances).
For the purposes of this Notice, definitions of the terms “Personal Data”, “Sensitive Personal Data”, “Days”, “Treatment”, “Owner of Data”, “Responsible Person”, “Transfer”, “ARCO Rights” – “Access Rights”, “Rectification Right”, “Cancelation Right”, “Opposition Right”; “Cookies”, as well as all other elements foreseen under the Notice will have the same meaning as that assigned thereto by the Ordinances.
3. PERSONAL DATA COLLECTED AND TREATED BY US
ROYAL HOLIDAY collects and processes Personal Data listed below:
a) Identifying Data
Name, last name, signature, ID with photograph.
Full domicile whether home or office, personal or business e-mail, home or business telephone number; mobile phone number, Nextel ID (as applicable) and fax number.
Birthdate; age, civil status, nationality as well as all other similar information.
c) Tax Data
Federal Tax Payer (Registro Federal de Contribuyentes or RFC) Code and Folio, as well as tax domicile and tax regime (as applicable).
d) Data linked to bank accounts, credit and/or debit cards
Name of account holder, account number and bank of origin, CLABE (as applicable), card number, valid through date, type of card and security code.
e) Sensitive Personal Data
ROYAL HOLIDAY does not collect nor give treatment to your Sensitive Personal Data.
f) Personal Data obtained from public sources and received via consented transfers
Data from public registries, directories, social networks and other legal sources available in the market as well as Personal Data shares by third parties having been first authorized.
g) Third-party Personal Data
Identifying and contact data including name, office and institution, office landline and/or mobile telephone number and e-mail to request your commercial references including information as to your behavior and payment history.
Data from automatic data capture tools and public access sources
h) Personal Data collected by automatic data capture at ROYAL HOLIDAY websites
Data regarding type of web browser, language used, identification means of login in our websites, password to access ROYAL HOLIDAY website, access hours, IP address, type of browser and operating system of information system or device used to access ROYAL HOLIDAY website, interaction with our e-mails and website.
i) Personal Data part of an automated decision-making process
ROYAL HOLIDAY does not give treatment to your Personal Data in decision-making automated processes without actual people assessment intervention.
j) Personal Data from public access sources received by consented transfer
Data from public registries, directories, social networks and other legal sources available in the market.
k) Personal Data from social networks
ROYAL HOLIDAY may collect and Personal Data and information shared by you in social networks (such as Facebook® and Twitter®, among other), particularly that shared in the ROYAL HOLIDAY profile of such social networks including information shared as “public” in accordance to the provisions of terms and conditions of use and policy and declarations thereof.
Personal Data described in above paragraphs herein are collected through: i) the use of printed formats or documents; ii) the use of e-mails and/or iii) voluntary supply of information and Personal Data when Owner visits our points of sale, when contacting us by phone or contacting our Appointed Individuals (including customer service areas); iv) via our website as well as l) the use of public access sources and other sources available in the market.
ROYAL HOLIDAY treats your Personal Data for the purposes of completing activities and procedures focused in satisfaction with obligations originated and deriving from any business and/or legal relationship with you deemed as primary purposes, including:
i) Allow you to access or website;
ii) Process security incidents;
iii) Allow management, administration and security of your Personal Data;
iv) Maintain physical, electronic and procedure backups of your Personal Data in terms with applicable laws and regulations.
v) Request, contract, change or cancel services;
vi) Process your payments through diverse modes of payment;
vii) Issue invoice or digital tax proof;
viii) Issue a service quotation or information;
ix) Reservations through webpage, by phone, in person at offices domiciled at Insurgentes Sur 1999, colonia Guadalupe Inn, Delegacion Alvaro Obregon, C.P. 01020;
x) Traveling Services;
xi) Customer Service;
xii) Demonstrate your identity and verify the information you provided to us;
xiii) Manage our business relationship with you;
xiv) Have you registered in our customer data base;
xv) Integrate your file, assign an ID number and generate your profile, and
We will also treat your Personal Data for secondary purposes, that originate no legal and or business relationship or essential for such relationship with you, such as:
i) Implement activities to the effect of promoting, maintaining and improving our products;
ii) Participate in chats, discussion forums and social networks;
iii) Notify ROYAL HOLIDAY about issues in its websites;
iv) Receive printed or electronic advertising including communications for online marketing purposes or telemarketing on products and services;
v) Creation of personal profiles;
vi) Survey participation;
vii) Use different services in its own websites including content and format downloading;
viii) Notify to Responsible Person any issues in its websites;
ix) Participate in trivias, contests, raffles, gambling and drawings;
x) Make comments or suggestions regarding products and services
xi) Any other activity analogous in nature to any of those above described.
xii) Maintain an updated database on member prospects and manage incorporation of new members;
xiii) Identify new prospects by obtaining data through client referrals, company alliances, member referral, among other;
xiv) Offer services, coupons and promotions to prospects by phone and live communication;
xv) Manage member contracting process;
xvi) Send publications, notices, club novelties to owner through telephone, live, electronic and in-person media;
xvii) Manage processing of service related to lodging reservations to members in club’s own or affiliated resorts;
xviii) Manage RCI (exchange company) service processing;
xix) Manage complaints and member service quality processing;
xx) Manage contract cancellation and member reimbursement process;
xxi) Maintain an updated and classified member database;
xxii) Promote amongst members use and increase of agreed benefits;
xxiii) Manage collection process by using telephone, live, electronic and in-presence means;
xxiv) Transfer data to credit bureau;
xxv) Manage complaint and claim processing of those filed by members.
5. OWNER CONSENT.
For the purposes of that provided for under Ordinances, you hereby recite: i) that this Notice has been made of your knowledge by ROYAL HOLIDAY prior recollection and/or treatment of your Personal Data, ii) that you have read, understood and agreed the terms contained in this Notice regarding collection and treatment of your patrimonial and/or financial data, therefore, if supplied you will autographically enter your name and signature at the foot of this document or else you will express your consent through dialogue windows enabled in our websites. The above on the grounds of articles 8 and 9 of LFPDPPP, as well as in terms of articles 11, 12, 14, 15, 16 of the Regulations, without detriment of exception cases foreseen under articles 10 and 37 of LFPDPPP authorizing us to treat your Personal Data and transfer the same in order to allow compliance with our obligations in legal or contract terms or by virtue of the legal relationship, both current and/or future, with you.
For collection, treatment and transfer of your Personal Data, when not of financial or patrimonial nature, you will provide your implied consent in terms of this Notice upon your not objecting or opposing its contents within the next 48 hours of Personal Data collection and this Notice has been made available to you through different media included by publication through our Website.
6. TRANSFER OF DATA TO THIRD PARTIES.
Having read, understood and agreed to the terms contained in this Privacy Notice, Owner consents to the transfer of Personal Data thereof by Responsible Person or any Person in Charge to domestic or foreign third parties, in the understanding that treatment such domestic or foreign third parties may give to Owner’s Personal data must adhere to the contents of this Privacy Notice. For the purposes of that provided for in this Section but subject to the provisions of last paragraph thereof, Responsible Person informs Owner that in order to deliver products, services and solutions to customers, consumers and all other service users, Responsible Person and/or Persons in Charge have executed or will execute a number of business agreements with suppliers of products and service providers both in domestic territory as well as abroad to provide services including, among other: e-mail; database management and administration; automated treatment of Personal Data and storage; customer support call center; e-mail authentication and validation; telemarketing; credit card terminals; e-invoicing; marketing; audit services and other similar services. Owner’s authorization granted in terms hereof authorizes Responsible Person and/or its Persons in Charge to transfer Owner Personal Data to such service providers in the understanding that such service providers be bound, in terms of applicable contract, to maintain confidentiality of Personal Data made available thereto by Responsible Person and/or its Persons in Charge and to observe this Privacy Notice. Responsible Person and/or its Persons in Charge may transfer Owner collected Personal Data to any other company of the same corporate group to which Responsible Person belongs operating under the same internal processes and policy, whether in domestic territory or abroad for their treatment to the same ends as described in this Privacy Notice. Such Personal Data may also be transferred thereby to alternate third parties providing their support to comply with agreements or legal relationships with Owner.
Your personal data may be transferred, stored and processed in a country other than the place of delivery. If we do, we will be transferring your information in accordance with applicable information protection laws. We will adopt measures to protect personal data regardless the country of storage or where it is transferred to. We have prompt procedures and controls for the procurement of such protection.
We reserve ourselves the right to transfer your Personal Data upon the sale or transfer of all or some of our business or assets. Should such sale or transfer occur, we will do our best to invite the ensuing business owner to use Personal Data in terms with this Notice. Should, following transfer, you not be willing to have your Personal Data processed you should contact the new business owner.
Notwithstanding the provisions of this Section or anywhere else in this Privacy Notice, Owner acknowledges and accepts that Responsible Person requires no authorization or confirmation from such Owner for the purposes of domestic or international transfers of Personal Data in cases foreseen under Article 37 of the Federal Law of Protection of Personal Data in Possession of Private Persons or in any other case except as foreseen in same applicable law or any other.
7. PROCEDURE TO EXERCISE ARCO RIGHTS AND CONSENT REVOCATION
In order to exercise ARCO Rights, Owner or Owner’s representative must file an access, rectification, cancellation or opposition request providing the following information and documents:
I) Owner name and domicile or any other information to allow delivery of our reply to your request;
II) Documents proof of your identity (hard-copy or electronic simple copy of your voter’s card, passport or FM-2 or FM-3) or, as applicable, document evidencing legal representation of Owner (hard-copy or electronic simple copy of simple proxy bearing the autograph signature of Owner, representative and their respective official IDs - (voter’s card, passport or FM-2 or FM-3);
III) Clear and accurate description of Personal Data as to which you are seeking to exercise any ARCO Rights, and
IV) Any other element or document facilitating location of Owner’s Personal Data.
For Personal Data rectification purposes, pertinent Owner must also indicate modifications to be made and contribute documents in support of such request..
For filing, registration and attention of requests to exercise access, rectification, cancellation and opposition rights regarding own Personal Data, and to limit use or disclosure of such data and all other rights foreseen under Federal Law of Protection of Personal Data in Possession of Private Persons, you may contact: e-mail: email@example.com (This e-mail is only for request to exercise ARCO rights. Request of any other nature will be disregarded). To access request formats available to you and attachments thereto go to www.royal-holiday.com.
Responsible Person or Appointed Individuals will answer to pertinent Owner within twenty business days as from the date access, rectification, cancellation or opposition request was filed or as of the date of adopted resolution to the effect that, if applicable, the same is to be executed within fifteen days following the date the answer is notified to Owner. When about Personal Data access requests, Responsible Person or Appointed Individuals will proceed to delivery thereof prior demonstration of identity of requesting party or his/her legal representative, as the case may be. Above described terms may be only extended in terms of the Federal Law of Protection of Personal Data in Possession of Private Persons.
Delivery of Personal Data will be without consideration, you will only have to pay justified expenses for sending or reproducing copies or other formats. Should Owner file a second request for a term shorter than twelve months, Owner should pay costs at the rate equivalent to 1.5 days of Daily Minimum Wages in force in Mexico City in terms of the Federal Law of Protection of Personal Data in Possession of Private Persons, unless there are substantial modifications to the Privacy Notice motivating new consultation.
For the purposes of Personal Data cancellation requests, in addition to the provisions of this Privacy Notice, the provisions of Article 26 of the Federal Law of Protection of Personal Data in Possession of Private Persons will apply, including identified Personal Data cancellation exceptions.
Filing of Personal Data opposition request by the Owner thereof will entitle Responsible Person to oppose the use of Personal Data delivered to the counterparty as Owner thereof.
8. PERSONAL DATA DEPARTMENT.
Any questions, comments or information about our Privacy Notice may be directed to our Personal Data and ARCO Rights Administration Committee at: HOLIDAY CLUB MANAGEMENT COMPANY DE MEXICO, S.A. DE C.V; Insurgentes Sur 1999, Colonia Guadalupe Inn, Delegacion Alvaro Obregon, C.P. 01020, Mexico City, Federal District e-mail: firstname.lastname@example.org. (This e-mail is only for requests to exercise ARCO rights. Request of any other nature will be disregarded). For the purposes of that provided for under fraction I, Article 16 of the Federal Law of Protection of Personal Data in Possession of Private Persons, the domicile of Responsible Person is that provided for in this Section 6 of this Privacy Notice .
9. LIMIT OF USE AND DISCLOSURE OF INFORMATION.
ROYAL HOLIDAY will maintain your Personal Data as long as necessary to manage the business and/or legal relationship with you as well as to maintain records in terms of that provided for under the LFPDPPP, its Regulations, and applicable commercial, administrative and tax laws.
Personal Data collected by ROYAL HOLIDAY are protected by administrative, technical and physical security measures appropriate against unauthorized damage, loss, alteration, destruction or use, access or treatment, in accordance with the provisions of the LFPDPPP and its Regulations.
To limit use and disclosure of your Personal Data, please e-mail our Personal Data Department at email@example.com notifying your request.
Users unwilling to receive our newsletters may click on the cancel subscription link, which is included at the end of all emails delivered by Royal Holiday, in order to stop receiving future messages, without costs other than the transmission costs pursuant to the basic tariffs being incurred in this regard.
You may also register in the Public Registry of Consumers in the Federal Consumer Protection Agency (http://rpc.profeco.gob.mx) to prevent any advertising, promotion and/or product offering phone calls.
Collection of data when browsing ROYAL HOLIDAY websites
ROYAL HOLIDAY may collect Personal Data through its Website or using automatic data capture tools. Amongst automatic data capture tools used by ROYAL HOLIDAY in its Websites are cookies, Web beacons and links in e-mails.
ROYAL HOLIDAY’s website requires, for accurate performance, enabling cookies in your web browser. Cookies are small data files transferred by the Website to your computer or mobile device’s hard disk when browsing our websites. Most browsers automatically enable cookies by virtue of their preset configuration, you may adjust your browser preferences to accept or reject cookies. Cookie deactivation may disable a function of ROYAL HOLIDAY websites functions or avoid accurate display. Should you prefer to eliminate cookies you may eliminate them at the closing of each web browser session.
These cookies may be disabled. To learn how to, you may follow the following electronic link or address:
•Internet Explorer: http://windows.microsoft.com/es-MX/windows-vista/Block-or-allow-cookies
•Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=es&hlrm=en&answer=95647
Use of Web beacons
Also known as web tags, pixel tags and clearGIFs.- ROYAL HOLIDAY may use Web beacons in its websites and HTML-formatted e-mails, whether individually or in combination with cookies to collect information on the use of websites and interaction with e-mail. A Web beacon is an electronic image, of a single pixel (1x1) or GIF that is able to recognize information processed by your computer such as cookies, time and date the site and different sections were viewed.
Links ROYAL HOLIDAY e-mails.- e-mails with links allow ROYAL HOLIDAY to learn whether you activated such link and visited the destination webpage, and such information may be included in your profile.
Protection to minors or incapacitated persons: ROYAL HOLIDAY does not collect nor gives treatment to Personal Data of minors or incapacitated persons and encourages parents and/or tutors to actively participate in on-line activities of their children and/or represented. Should ROYAL HOLIDAY believe that a minor or an incapacitated person has provided Personal Data in contravention to this Notice, we will immediately eliminate such Personal Data. Should you become knowledgeable of such Personal Data being provided by an underage minor or by an incapacitated person, please e-mail us to: firstname.lastname@example.org
10. AMENDMENTS to NOTICE.
ROYAL HOLIDAY reserves itself the right to update this Notice for the purposes of reflecting changes in our data protection practice as a result of our continuous improvement process as well as changes in laws, regulations and administrative provisions that may apply. Please often review the contents of our Privacy Notice at our website, there we will publish any amendments implemented and date of last update.
Last update: September 2016
Procedure to Exercise ARCO Rights