Roberto Muñoz Castillo («RMC»), by operating the establishment commercially known under the denomination of «Santuario San Agustín» (the «Santuario»).
Roberto Muñoz Castillo, (hereinafter «RMC» or «Responsible«), with domicile in Aldama 3629, Jardines de Tehuacán, Tehuacán, Puebla, C.P. 75769, Mexico, is responsible for the use and protection of personal data, as well as the treatment, use, storage and disclosure of the Personal Data (as defined in the Law) collected from the Holder when using the lodging services provided at the address of the Sanctuary, in order to guarantee the privacy and the corresponding right of protection, for which it makes available this Privacy Notice (hereinafter «Notice»), elaborated to comply with the Federal Law of Protection of Personal Data in Possession of Individuals, its regulations, and other applicable norms (hereinafter, the «Law»), in its capacity as responsible for the treatment of personal data, informing the holder of the Personal Data (hereinafter, the «Holder») that provides through different means to RMC the following:
I. GENERAL CONDITIONS
The Holder accepts that by providing his/her Personal Data to RMC he/she accepts the Privacy Notice, therefore, at the moment the Holder provides his/her Personal Data by any type of instant messaging service, e-mail, telephone call, videoconference, and in general, through any other electronic means, as well as in person at the commercial establishment called «Santuario San Agustín», located at a known address in Bahía de San Agustín, Huatulco, Oaxaca, Mexico, expressly grants its consent for RMC to process the Personal Data provided by the Holder and collected by RMC, in accordance with the terms and conditions set forth in this Notice, the Law and any other applicable regulation.
By providing his/her Personal Data (as detailed below), the Data Subject agrees to receive emails, SMS, notifications, messages in social networks and notifications in known and to be known media. The Holder consents to receive notifications regarding any situation related to the services that RMC provides or may provide in the future, including service follow-up, request for information, temporary suspension of the service provided, those related to promotions and information of interest, as well as any other that may be necessary that RMC requires to communicate to the Holder with respect to its legal relationship.
The Holder may opt to stop receiving e-mails and notifications that are strictly promotional at any time by replying to the corresponding e-mail, being that this shall be on a single occasion when the Holder wishes to stop receiving such e-mails. However, in no case may the Holder opt out of receiving the necessary emails or notifications when RMC is still providing services to the Holder, or when it needs to inform the Holder of any situation related to the services provided or that may be provided in the future.
II. PERSONAL DATA COLLECTED AND SUBJECTED TO PROCESSING AND PRIMARY PURPOSES
Personal Data are collected for the primary purposes of: (i) to provide the services requested by the Data Subjects, as well as for the purpose of ensuring the identity of the persons who require services from RMC; (ii) to use the Personal Data for internal statistical analysis or for any other research function that RMC may carry out in order to continue improving the services that RMC offers; (iii) to carry out the provision of the services, as well as to identify, process and store the records of the services required by the Holder; (iv) to send notifications related to the services, request updates of relevant information for the provision of the services, as well as the payment thereof; (v) to comply with the applicable legal and tax obligations; (vi) to perform internal analysis and statistical studies to improve the services offered. In order to comply with the aforementioned primary purposes, RMC may collect the following personal data from the Holder, in accordance with the following:
a) Name(s) and surname(s), RFC (in case an invoice is required), e-mail address, address, identification number exhibited at the time of arrival at the Sanctuary (passport number, driver’s license number, professional card number or voter’s credential, as applicable), landline, home, office, and/or cell phone numbers (as applicable), number and name of the persons staying at the reservation made by the Holder, and country of nationality of the Holder;
b) In case the Holder arrives at the Sanctuary in any type of motor vehicle or requires the parking service at any time, additionally the identification data of such vehicle will be collected, such as, make, model, color, license plate number and state and/or country of issuance of such plates;
c) In the event that the Holder makes the payment through electronic means, all data will be collected to identify the payment or transfer made in order to be able to accredit before the corresponding Financial Institutions the origin and legitimacy of the charge and thus, avoid possible counter-charges. RMC will not collect patrimonial, financial or fiscal data such as, for example, tax returns, bank account information and statements, nor will it collect expiration dates or security codes, nor PINs associated to the credit or debit cards used by the Card Holder to make the payment for the provision of the services; and
d) Once the Holder has provided all the required information for the registration in the Sanctuary, he/she must sign his/her autographic signature or digitalized autographic signature (the «Signature») in the format provided by the Sanctuary for such purpose. The purpose of such Signature is for the Beneficiary to accept the terms of the services rendered, as well as to state that all the information provided is true, complete and free of errors.
e) In case the Holder requires to the Sanctuary the support with the organization of aquatic activities, sports, walks and in general any additional activity to the lodging services, the Holder will be requested (either the person who made the reservation or the person who carries out such activities) that prior to the realization of the activity he/she uses his/her Signature to declare under oath that he/she does not have any medical condition, The Holder will not be asked to describe such situation, since in case he/she has any, RMC or the third party service provider may refuse to provide the service at its sole discretion, therefore, RMC will not collect or store such information.
f) The Sanctuary has a closed circuit security system through video cameras with integrated audio that have the purpose of assisting in the security of the Sanctuary and its visitors, as well as the attention of complaints; therefore, the Holder declares its acceptance to the possibility that its activity in the public and common areas of the Sanctuary will be recorded and kept for at least a period of 15 (fifteen) calendar days. These recordings will not be published in social networks, nor provided to third parties, unless RMC is required by any competent authority in the matter and that such request is duly founded and motivated.
g) In case of reservations made on behalf of legal entities, all kind of information related to the company(ies) that the Holder represents and that allows to prove the representation of such company(ies). In general, the personal data collected will be managed and processed in accordance with the general management of the Responsible, in order to comply with the primary purposes indicated. The personal data collected will be part of a database that will remain in force for the period that RMC considers necessary to fulfill the purposes indicated in this Notice, and once concluded, the personal data will be blocked and cancelled, for its subsequent deletion. The blocking period shall be equivalent to the statute of limitations period of the actions derived from the legal relationship that
the processing under the terms of the applicable law on the matter.
At no time will RMC require sensitive personal data from the Data Subject that affect the most intimate sphere of the Data Subject, or whose improper use may give rise to discrimination or entail a serious risk to the Data Subject. In particular, sensitive data are considered those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, and/or sexual preference, among others. Notwithstanding the above, RMC may ask the Holder and any of the persons staying at the Sanctuary about any type of allergy or medical situation that is relevant to consider during their stay, however, such information will not be stored in any database, nor in any document, being only considered at the moment of food preparation or in case of any type of emergency situation.
The Holder undertakes to keep the data provided to RMC duly updated. The Holder shall be liable for any damages that RMC or third parties may suffer as a consequence of the lack of truthfulness, inaccuracy, lack of validity and authenticity of the data provided.
III. SECONDARY PURPOSES
Additionally, RMC will process personal data for the following secondary purposes:
(a) Send information about promotions, special offers, events or relevant news related to services and topics that may be of interest to the Data Subject;
b) To understand and address the needs, interests and concerns of the Data Subject;
c) Where appropriate, to incorporate the personal data in facts or legal acts that may be necessary;
d) Provide all kinds of advice related to the services provided;
e) Maintain and develop relations with the Data Subject;
f) Comply with all applicable laws, regulations and general provisions;
g) Process requests regarding requests for access, rectification, correction and opposition to the processing of personal data;
h) Conduct market research, promotional and prospecting activities, product offerings and information; and
i) Additionally, public or private documentary supports that prove the veracity of the personal data provided.
IV. TRANSFER OF PERSONAL DATA
The personal data collected by RMC may be transferred to various third parties involved in the processes of storage and processing of information and documentation of the Holder, and in general all the processes necessary to perform the provision of services to the Holder, among which are the employees and service providers of RMC, such as Google Cloud Services (Google Mail, Google Drive, Google Forms), Legalario, instant messaging services, and servers used by RMC. Therefore, personal data will not be transferred to any other third party, except in the cases established in the Law and other related regulations, or if required to perform any process or for the provision of services, or in case of requests from the competent authorities in the matter, provided that such requests comply with the applicable legal requirements. In the event that RMC requires the use of the services of any other third party for the rendering of services, the Holder will be informed through the update of this Notice.
In any case, personal data may be processed by RMC to comply with the purposes set forth in this Privacy Notice.
V. SECURITY MEASURES
RMC has administrative, physical and technical security measures, as well as the necessary access controls to protect personal data from any damage, loss, alteration, destruction or unauthorized use, access or processing. RMC does not use the services of service providers that have access to the Personal Data of the Data Subject.
Once the primary and/or secondary purposes to which the personal data is submitted are concluded, the Controller will keep the confidentiality of the personal data, and the complete destruction of the same once the legal relationship indicated has completely ceased and the legal terms required by the applicable regulation have elapsed.
VI. RIGHTS OF THE HOLDER OF THE PERSONAL DATA
The Holder of the personal data may exercise before the Controller the rights of access, rectification, cancellation and opposition («ARCO Rights» or «Rights»).
Pursuant to the foregoing, the Data Subject may exercise with respect to his/her personal data the rights to: (i) access them and have knowledge of the processing thereof; (ii) rectify them in case they are inaccurate; (iii) request cancellation when he/she considers that they are excessive or unnecessary for the purposes that justified the collection thereof; (iv) oppose the processing, and (v) revoke the consent granted for the processing of personal data, as well as limit the use or disclosure thereof.
Any request related to the exercise of the ARCO Rights must contain the following: (i) name of the Data Subject; (ii) address or any means to receive the response; (iii) documents proving the identity of the Data Subject; (iv) indication of the right exercised; (v) clear and precise description of the personal data on which the exercise of the requested right is sought; (vi) any other element or document that facilitates the location of the personal data, and (vii) all such information and/or documentation that motivates the cause for the exercise of the corresponding rights.
In order to exercise such right, the respective request must be sent to the e-mail address santuario.sanagustin@gmail.com with the requirements indicated for the exercise of the ARCO Rights, when applicable, or through written communication addressed to RMC’s domicile located at Aldama 3629, Jardines de Tehuacán, Tehuacán, Puebla, C.P. 75769, Mexico.
All of the above in the understanding that, in no case and under no circumstances, the request for limitation to the use and disclosure of personal data will proceed when the intended limitation interferes with the legal relationship in force between RMC and the Holder, or when RMC is required by law to keep the personal data, records and any other information or documentation of the services provided.
RMC will respond to the Holder’s request by communicating its resolution, by the same means in which the request was submitted and, if this is not possible, by the most convenient one, within a period not exceeding 20 business days from its receipt.
In the event that the request does not contain all the information and/or documentation described above, a warning will be issued stating that the applicant has a maximum period of 5 business days from the day following the date of sending the warning to provide the required information, otherwise the request will be deemed not to have been filed.
Likewise, in the event that a decision is made, RMC shall have a term not to exceed 15 business days from the day following the day on which the corresponding response to the decision on the validity of the requested right has been notified.
In the event of disagreement with the response to the aforementioned request, as a second instance, a data protection request may be filed before the National Institute for Transparency, Access to Information and Protection of Personal Data (INAI) within 15 days from the date on which RMC communicates the response to the Holder. The procedure shall be carried out as described in the Federal Law for the Protection of Personal Data in Possession of Individuals, its Regulations or any other applicable legislation, at the time the corresponding request is made.
VII. CHANGES TO THE PRIVACY NOTICE
In the event that this Notice undergoes modifications, changes or updates, whether as a result of legislative reforms, internal policies, use of third party services, new requirements for the provision or offering of our services, market practices or others, the updated version will be made available to the Holder through the email address provided to us. In the event that the Holder continues to use RMC’s services after the updating of the Notice, it shall be understood as accepted in all its terms. In the event that the Data Subject does not agree with the updates made to the Notice, he/she must notify RMC and RMC will not be able to continue providing the services.
however, RMC may continue to be obliged to store or process the personal data as set forth in paragraph VI above.
VIII. USE OF «COOKIES» AND «WEB BEACONS»
RMC has a web page identified with the web address:
https://santuariosanagustin.com.mx/, however, neither the web page, nor any of our e-mails contain any type of «cookies» or «web beacons» that allow RMC to obtain information from the Holder; therefore, RMC does not use any of these means to collect Personal Data from its customers.
IX. PROTECTION OF RIGHTS AND COMPLAINTS ABOUT THE TREATMENT
INDEBTED
In case you consider that your right to the protection of your personal data has been undermined, injured or violated by any member, employee or officer of RMC or that any of the guidelines set forth in this Privacy Notice has been breached, you may file the corresponding complaint or denunciation before the National Institute of Transparency, Access to Information and Protection of Personal Data, for which you may obtain further information by visiting https://home.inai.org.mx/, together with access to the corresponding form https://home.inai.org.mx/wp-content/documentos/formatos/PDP/FormatodenunciaLFPDPPP.PDF.
X. CONTACT
If you have any questions or comments regarding the Privacy Notice, you can contact our department of personal data protection, through the following email address santuario.sanagustin@gmail.com or directly in person at Aldama 3629, Jardines de Tehuacán, Tehuacán, Puebla, C.P. 75769, Mexico.
Date of last update: February 01, 2024
