TREATMENT POLICY PROTECTION OF PERSONAL DATA
DANN HOTELS AND HOTELS DANN CARLTON


NAME OF THE COMPANY: ADMINISTRADORA HOTELERA DANN LTDA and PROMOTORA DE APARTAMENTOS DANN S.A. (Hereinafter HOTELS DANN and HOTELS DANN CARLTON or jointly HOTELS DANN)

ADDRESS: Calle 94 No. 19-71 of Bogotá D.C.

EMAIL: habeasdata@hotelesdann.com

TELEPHONE: (571) 6338555

ARTICLE ONE. DEFINITIONS

AUTHORIZATION: prior, express and informed consent of the owner to carry out the processing of personal data.

DATABASE: organized set of personal data that is subject to treatment. The "database" will have such a status regardless of the medium in which those are contained, it can be physical, electronic, manual, automated, computer tools, etc.

PERSONAL DATA: any information linked to or associated with one or more specific or determinable natural persons.

HOLDER: natural person whose personal data are processed.

TREATMENT: any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

PRIVACY NOTICE: verbal or written communication generated by the person responsible, addressed to the owner for the treatment of their personal data, by which is informed about the existence of the information treatment policies that will be applicable, the way of accessing them and the purposes of the treatment intended to be given to personal data.

PUBLIC DATA: is the data that is not semi-private, private or sensitive. Data considered public: Data relating to the marital status of people, their profession or trade and their status as a trader or public servant. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed judicial decisions that are not subject to reservation.

SENSITIVE DATA: Sensitive data are those that affect the privacy of the owner or whose abuse may generate discrimination, such as those that racial or ethnic origin, political orientation, religious or philosophical beliefs, membership of trade unions, social organizations or human rights that promotes the interests of any political party or that guarantee the rights and opposition political parties, as well as data relating to health, sex life, and biometric data.

TRANSFER: the data transfer takes place when the person responsible or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the treatment and is inside or outside from the country.

TRANSMISSION: processing of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it has as its object the performance of a treatment by the manager on behalf of a single responsible.


SECOND ARTICLE. VALUES

In the development, interpretation and application of Law 1581 of 2012, the following guiding values will be applied in a harmonious and integral way:

VALUE OF PURPOSE: the treatment must obey a legitimate purpose in accordance with the Constitution and Law, which must be informed to the holder.

VALUE OF FREEDOM: treatment can only be exercised with the prior, express, and informed consent of the holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves the feelingly.

VALUE OF VERACITY OR QUALITY: The information subject to treatment must be truthful, complete, accurate, updated, verifiable and understandable. The treatment of partial, incomplete or fractionated data is forbidden.

VALUE OF TRANSPARENCY: the treatment must guarantee the right of the holder to obtain from the controller, at any time and without restrictions, information about the existence of data that may concern.

VALUE OF ACCESS AND RESTRICTED CIRCULATION: the treatment is subject to the limits that derive from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the treatment can only be done by persons authorized by the holder and / or by persons provided for by law.

Personal data, except for public information, may not be available on the Internet or other means of mass communication or communication, unless access is technically controllable to provide restricted knowledge only to authorized owners or third parties.

SAFETY VALUE: The information subject to treatment by HOTELS DANN shall be handled with the technical, human and administrative measures necessary to provide security for the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.


PRINCIPLE OF CONFIDENTIALITY: HOTELS DANN is obliged to guarantee the reservation of the information, even after its relationship with any of the tasks included in the treatment, and may only supply or communicate personal data when it corresponds to the development of authorized activities In the law.
ARTICLE THREE. RIGHTS ASSISTED BY THE INFORMATION HOLDER
The holder of the personal data will have the following rights:
To know, to update and to rectify your personal data in front of HOTELS DANN in its condition of person in charge of the treatment. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading, or those whose treatment is expressly prohibited or has not been authorized.
B. Request proof of authorization granted to HOTELES DANN unless expressly requirement for treatment (cases in which authorization is not required).
C. To be informed by HOTELS DANN, upon request, regarding the use that has given to your personal data.
D. Submit to the Superintendence of Industry and Commerce complaints for violations of the provisions of law 1581 of 2012 and other rules that modify, add or complement, and revoke the authorization and / or request the suppression of the data when in the treatment the principles, rights and constitutional and legal guarantees are not respected.
F. Access free of charge to the personal data (data of the holder) that have been processed.

ARTICLE FOUR. DUTIES OF HOTELS DANN

Under the present policy of treatment and protection of personal data are duties of HOTELS DANN the following:

A. To guarantee to the holder, at all times, the full and effective exercise of the right of habeas data.

B. Request and keep a copy of the respective authorization granted by the holder.

C. Duly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

D. To keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access and.

E. To correct the information when it is incorrect and communicates the pertinent.

F. To process the queries and claims made by the holders.

G. Inform the data protection authority when there are violations of security codes and there are risks in the administration of the owner’s information.

H. To comply with the requirements and instructions issued by the Superintendence of Industry and Commerce on the subject in particular.

I. Inform at the request of the owner about the use given to their data.

J. Ensure that the information is truthful, complete, accurate, up-to-date, verifiable and understandable.
K. Update the information, taking care of this way all the novelties regarding the data of the holder. In addition, all necessary measures must be implemented to keep the information up-to-date.
L. Respect the conditions of security and privacy of the information of the holder.
M. Identify when certain information is under discussion by the holder.
N. Only use data that has previously been authorized in accordance with the provisions of Law 1581 of 2012.
ARTICLE FIFTH. EVENTS IN WHICH THE AUTHORIZATION OF THE TITLE OF PERSONAL DATA IS NECESSARY

The authorization of the holder of the information will not be necessary when it is:

A. Information required by a public or administrative entity in the exercise of its legal functions or by court order.

B. Data of public nature.

C. Cases of medical or health emergency.

D. Treatment of information authorized by law for historical, statistical or scientific purposes.

E. Data related to the Civil Registry of people.


ARTICLE SIX. LEGITIMATION FOR THE EXERCISE OF THE RIGHT OF THE HOLDER

The rights of the holders may be exercised by the following persons:

For the owner, who must prove his identity in sufficient form by different ways available to him provided by DANN HOTELS.

B. For the beneficiaries of the owner (in cases where the owner is absent due to death or incapacity), those who must prove such quality.

C. By the representative and / or attorney of the holder, previous accreditation of the representation or power corresponding.

D. By stipulation in favor of another or for another.

E. The rights of children and adolescents shall be exercised by the persons empowered to represent them.


ARTICLE SEVEN. TREATMENT TO WHICH THE DATA AND THE PURPOSE OF THE SAME WILL BE SUBMITTED

The information collected is used to process, confirm, fulfill and provide the services and / or products purchased, directly and / or with the participation of third party suppliers of products or services, as well as to promote and advertise our activities, products and services, perform transactions, reporting to different national or international administrative and control authorities, police authorities or judicial authorities, banking entities and / or insurance companies, for internal and / or commercial administrative purposes such as market research, audits, reports accounting, statistical analysis, Billing, and offering and / or recognition of benefits specific to our loyalty programs.

By accepting this PERSONAL DATA PROTECTION TREATMENT POLICY, our guests, visitors, customers, users and suppliers in their capacity as owners of the collected data, authorize DANN HOTELS to perform the treatment of the same, partially or totally, including the collection , storage, recording, use, circulation, processing, suppression, for the execution of the activities related to the services and products acquired, such as, making reservations, modifications, cancellations and changes of the same, refunds, consultations, complaints and claims, payment of compensation and indemnification, accounting records, correspondence, processing and verification of credit cards, debit and other payment instruments, fraud identification and prevention of money laundering and other criminal activities and / or for the operation of the programs of loyalty and other purposes indicated in this document.

The foregoing, without prejudice to other purposes that have been informed in this document and the terms and conditions of each of the products and services specific to each of our business units.

We note the third party providers, such as reservation system providers, travel agencies, call centers, banks, insurance companies, etc. may be involved in these activities.

In addition, our travelers, customers and users, as owners of the data collected, by accepting this privacy policy, authorize us to:

A. Use the information received from them, for the purposes of marketing their products and services, and the products and services of third parties with which DANN HOTELS maintain a business relationship.

B. Provide personal data to police and judicial control and surveillance authorities, pursuant to a legal or regulatory requirement and / or use or disclose this information and personal data in defense of their rights and / or their property as soon as said defense Relationship with the products and / or services contracted by its travelers, customers and users.

C. Allow access to information and personal data to auditors or third parties contracted to carry out internal or external audit processes specific to the business activity we develop.

D. Consult and update personal data, at any time, in order to keep this information up to date.

E. To contract with third parties the storage and / or processing of the information and personal data for the correct execution of the contracts celebrated with us, under the standards of security and confidentiality to which we are obligated.

ARTICLE EIGHT. PERSONAL DATA OF CHILDREN AND ADOLESCENTS

The processing of personal data of children and adolescents is prohibited except in the case of data of public nature, and when said treatment complies with the following parameters and / or requirements:

A) That they respond to and respect the best interests of children and adolescents.

B) To ensure respect for their fundamental rights.

C) Authorization from the parent or guardian of the child or adolescent.

ARTICLE NINE. TO WHOM THE INFORMATION MAY BE PROVIDED

Information that meets the conditions established in the law may be provided to the
following persons:

A. To the holders, their successors (when those are absent) or their legal representatives.

B. To the public or administrative entities in the exercise of their legal functions or by judicial order.

C. To third parties authorized by the owner or by law.

ARTICLE TENTH. AUTHORIZATION

The collection, use, circulation or suppression of personal data by HOTELES DANN requires the free, prior, express and informed consent of the owner of the same. HOTELS DANN, in its capacity as responsible for the processing of personal data, has had the necessary mechanisms to obtain the authorization of the holders guaranteeing in any case that it is possible to verify the granting of such authorization.

With the aforementioned authorization, the client accepts the policies and conditions established in this document.



ARTICLE ELEVEN. FORM AND MECHANISMS TO GRANT THE AUTHORIZATION.
The authorization of the holder of the information will be included in each of the channels and data collection mechanisms of HOTELES DANN. Therefore, it can be recorded in a physical document, electronic or any other format that allows guaranteeing its subsequent consultation. The authorization will be issued by the owner prior to the processing of his personal data, in accordance with the provisions of Law 1581 of 2102. The authorization procedure ensures that the owner of the personal data has been informed, both the fact that your personal information will be collected and used for specific and known purposes, and that you have the option to know any alternation to them And the specific use of them has been given. The foregoing in order for the owner to make informed decisions regarding their personal data and control the use of their personal information.
ARTICLE TWELVE. PROCEDURE FOR STORING PERSONAL DATA INFORMATION

HOTELS DANN will adopt adequate and adequate technical and administrative measures that allow the care and maintenance of the personal data of the holders, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

Similarly, the implementation of these measures will allow the preservation of the authorization granted by the holders of personal data for the treatment of themselves.

HOTELS DANN will adopt all the mechanisms to keep the confidentiality of the information and shall refrain from using the information for purposes other than those expressly authorized by the holder.

Notwithstanding the foregoing, the client assumes the risks that derive from providing this information in a medium such as the internet, which is subject to various variables - third party attacks, technical or technological failures, among others. HOTELS DANN will make its best technological effort to guarantee the security of the personal information of all its clients and / or users, using reasonable and current methods of security to prevent unauthorized access, to maintain the accuracy of the data and to guarantee the correct utilization of the information.

ARTICLE THIRTEEN. PROCEDURE FOR THE USE AND MOVEMENT OF INFORMATION.

For the event in which third parties other than HOTELS DANN need to validate, rectify or confirm information corresponding to the personal data of the holders contained in the databases of HOTELES DANN, it will be required for the provision of the information prior and express authorization of the Holder to operate the transfer.

HOTELS DANN will abstain from using the information provided by the holders for marketing purposes other than their specific programs and services.


ARTICLE FOURTEEN. PROCEDURE FOR THE ATTENTION OF CONSULTATIONS.

Holders may ask HOTELS DANN to consult their personal data. This request must be made in writing addressed to the email: habeasdata@hotelesdann.com, specifying the type of data to be consulted, name, surname, citizenship card, telephone number and email to which the corresponding information will be sent.

HOTELS DANN will send to the holder the information consulted, which will be integrated by the list of all the information that is linked to the identification of the holder in the database. The consultation will be attended in a maximum term of fifteen (15) working days, counted from the day after the date of receipt of the same.
When it is not possible to attend the consultation within this term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed the eight (8) working days following the Expiration of the first term. The consultation will be attended in writing and will not generate cost for the holder.

ARTICLE FIFTEEN. PROCEDURE FOR THE ABORTION, CORRECTION OR UPDATE OF INFORMATION.

The owners may at any time request from HOTELS DANN the deletion, correction or updating of their personal data and / or revoke the authorization granted for the treatment of the same, by filing a complaint as follows:

A. The complaint will be made by means of a communication addressed to the email: habeasdata@hotelesdann.com with the identification of the holder, the description of the facts that give rise to the request, the address and accompanied by the documents that support the request to be applicable.

B. If the claim is incomplete, DANN HOTELS will require the holder within five (5) business days of receipt of the request to remedy the faults. After two (2) months from the date of the request, without the holder presenting the requested information, it will be understood that he has withdrawn from the claim.

C. Once the complete claim is received, a legend will be included in the database that says "claim in process" and the reason for it, an activity that must be carried out in a term not exceeding two (2) business days. This legend must be maintained until the claim is settled.

D. The maximum term to attend the claim shall be fifteen (15) working days from the day following the date of receipt. When it is not possible to deal with the claim within that term, the interested party will be informed of the reasons for the delay and the date on which their claim will be dealt with, which in no case may exceed eight (8) business days following the expiration of the first finished.


ARTICLE SIXTEEN. TEMPORALITY OF THE TREATMENT OF PERSONAL DATA

The information provided by clients and users will remain stored for up to fifteen (15) years as of the date of the last treatment, to enable us to fulfill the legal and / or contractual obligations, especially in accounting matters, Tax and tax.

ARTICLE SEVEN. MODIFICATIONS TO THE PRIVACY POLICY.
HOTELS DANN reserves the right to make modifications or updates to this Privacy Policy at any time, in order to deal with new legislation, internal policies or new requirements for the provision or offering of its services or products.

TREATMENT OF PERSONAL DATA PROCTECTION POLICY


ADMINISTRADORA HOTELERA DANN LTDA and PROMOTORA DE APARTAMENTOS DANN S.A. (Hereinafter HOTELS DANN and HOTELS DANN CARLTON or jointly HOTELS DANN) report that to date it has collected and processed personal data of third parties for the development of its activities and in accordance with the provisions of article 10 of Decree 1377 of 2013, Hereby requests all holders of the data processed, authorization to continue to do so with the following purposes: efficiently communicate information specific to HOTELES DANN, including information on new products or services that are related to the service or services purchased and other established In TREATMENT POLICY PROTECTION OF PERSONAL DATA HOTELS DANN, which can be consulted on the website: www.hotelesdann.com.


The personal data collected include, but not limited to, name, identification, and contact details, professional and corporate information.


In accordance with article 10 of Decree 1377 of 2013, if within thirty (30) days as of the date of this communication, the Holders of the information have not contacted HOTELES DANN requesting the deletion of their personal data, It may continue to carry out the treatment for the purposes described in this document and in its POLICY OF TREATMENT PROTECTION OF PERSONAL DATA.


In case of questions, doubts, queries, complaints, requests or complaints in relation to your personal data, the Holders may contact HOTELS DANN by sending an email to the following address: habeasdata@hotelesdann.com