"PRIVACY NOTICE" WHICH APPLIES RESPECTIVELY TO EACH HOTEL, ON THE ONE PART, THE COMPANY NAMED PLAYA RESORTS MANAGEMENT MEXICO, S. DE R.L. DE C.V., OR THE COMPANY NAMED PLAYA MANAGEMENT USA, LLC (HEREINAFTER THE "CONTROLLER") AND, ON THE OTHER PART, ANY AND ALL PERSONS (HEREINAFTER THE "OWNER"), WHO ENTER THEIR PERSONAL INFORMATION IN THE PRINTED OR ELECTRONIC FORMS (HEREINAFTER THE "FORMS") PROVIDED IN ANY OF THE INDIVIDUAL HOTELS OPERATED BY THE CONTROLLER AND/OR ON ITS WEBSITE.
I. STATEMENTS: (a) The CONTROLLER states: (I) with respect to the company named PLAYA RESORTS MANAGEMENT MEXICO, S. DE R.L. DE C.V. it is a company incorporated in accordance with the laws of Mexico and having an address at Blvd. Kukulcan, M 27, Lt 1-02, UC 27 2 Local B 01 B, Cancún, Benito Juarez, Quintana Roo, México, C.P. 77500; (II) with respect to the company named PLAYA MANAGEMENT USA, LLC, it is a limited liability company incorporated under the laws of the United States of America and has its address at 1560 Sawgrass Corporate Parkway, Suite 140, Sunrise, FL 33323 (III) it is responsible for the use or processing of your personal information and its protection; (IV) in terms of Article 49 of the Regulations of the Federal Law on Protection of Personal Information Held by Private Parties, the corresponding company will be designated as “MANAGER” depending on the type of hotel, which appears in each physical or email form that the OWNER signs, the MANAGER will collect your personal information, as a direct ruslt of the business relationship for the operation of the Hotel that the CONTROLLER and the MANAGER maintain between themselves. (b) The OWNER of the Personal Information states under oath: (I) that all the information recorded in the FORMS are true and exact; (II) that you have received information to your satisfaction regarding the content of this Privacy Notice and have fully understood and expressly accepted its terms and conditions and the way in which the CONTROLLER protects the personal information provided to you; (III) that it has sufficient legal capacity to be bound by the terms and conditions of this Privacy Notice.
II. IDENTIFICATION OF THE CONTROLLER AND MANAGER BY HOTEL: (1) The company named PLAYA RESORTS MANAGEMENT MEXICO, S. DE R.L. DE C.V. is RESPONSIBLE at the hotels: WYNDHAM ALLTRA CANCUN, WYNDHAM ALLTRA PLAYA DEL CARMEN, HYATT ZILARA CANCUN, HYATT ZIVA CANCUN, HILTON PLAYA DEL CARMEN, THE YUCATAN RESORT PLAYA DEL CARMEN TAPESTRY COLLECTION BY HILTON, HYATT ZIVA PUERTO VALLARTA, HYATT ZIVA LOS CABOS (2) The company named PLAYA MANAGEMENT USA, LLC is responsible for the hotels: WHYNDAM ALLTRA VALLARTA, SEADUST CANCUN FAMILY RESORT.
The MANAGER: (1) The company named DESARROLLOS GCR, S. DE R.L DE C.V. at the WYNDHAM ALLTRA CANCUN hotel, (2) The company named PLAYA GRAN, S. DE R.L DE C.V. at the WYNDHAM ALLTRA PLAYA DEL CARMEN hotel, (3) The company named GRAN DESING & FACTORY, S. DE R.L DE C.V. at the HYATT ZILARA CANCUN hotel, (4) The company named CAMERON DEL CARIBE, S. DE R.L DE C.V. at the HYATT ZIVA CANCUN hotel, (5) The company named INMOBILIARIA Y PROYECTOS TRPLAYA, S. DE R.L DE C.V. at the HILTON PLAYA DEL CARMEN hotel, (6) CIBANCO, S.A., INSTITUCIÓN DE BANCA MULTIPLE AS TRUSTEE OF TRUST F/1596 AND FIBRA HOTELERA, S.C. at the hotel THE YUCATAN RESORT PLAYA DEL CARMEN TAPESTRY COLLECTION BY HILTON, (7) The company named CAMERON DEL PACIFICO, S. DE R.L DE C.V. at the HYATT ZIVA PUERTO VALLARTA hotel, (8) The company named PLAYA CABOS BAJA, S. DE R.L DE C.V. at the HYATT ZIVA LOS CABOS hotel, (9) The company named CONSTRUCTORA PASEO DE LOS COCOTEROS, S. DE R.L DE C.V. at the WYNDHAM ALLTRA VALLARTA hotel, (10) The company named PROCUREKA, S.A. DE C.V. at the SEADUST CANCUN FAMILY RESORT Hotel.
III. PURPOSE AND SCOPE: The purpose of this Privacy Notice is to establish the terms and conditions under which the CONTROLLER protects the personal information of its clients and guests who provide them with personal information, to protect their privacy and their right to informative self-determination, in terms of the Federal Law on Protection of Personal Information Held by Private Parties ("LFPDPPP") and the administrative regulation derived from it or related to it, regardless of the means or manner in which personal information is collected and/or handled. This Privacy Notice allows the CONTROLLER to comply with its legal obligations, as well as those derived from legislation and administrative regulation regarding the protection of personal information, in commercial and tax matters.
IV. PRIVACY PRINCIPLES: The CONTROLLER is obliged to observe the principles of legality, consent, information, quality, purpose, loyalty, proportionality and responsibility in the processing of your personal information: (a) PRINCIPLE OF LEGALITY: The CONTROLLER collects and processes your personal data in a lawful manner, without using fraudulent means or deception; (b) PRINCIPLE OF LOYALTY: The processing of your personal information will be done in accordance with the provisions of this Privacy Notice in order to provide you with a reasonable expectation of privacy; (c) PRINCIPLE OF CONSENT: All processing of your personal information will be subject to your consent, with the exception of the cases provided for in the Federal Law on Protection of Information Held by Private Parties ("LFPDPPP"); (d) INFORMATION PRINCIPLE: The CONTROLLER will inform you about the personal information and information it collects from you and for what purposes; (e) PRINCIPLE OF INFORMATION QUALITY: The CONTROLLER undertakes to implement reasonable measures so that your personal information that is processed and stored in its databases is relevant, correct and updated for the purposes for which it was collected. Among such measures are the sending of emails and/or phone calls with reminders to update your personal information to ensure its veracity and accuracy; (f) PRINCIPLE OF PURPOSE: The processing of your personal information is limited to the fulfillment of the purposes provided for in this Privacy Notice. Any processing of your information for purposes other than those that are compatible or similar to those provided for here, will require obtaining of your consent again; (g) PRINCIPLE OF PROPORTIONALITY: The processing of your personal information will be that which is necessary, appropriate and relevant in relation to the purposes described in this Privacy Notice. In the case of sensitive personal information, THE CONTROLLER will establish the necessary measures to limit the processing period to the essential minimum. The CONTROLLER undertakes to cancel the personal information provided by you once they are no longer necessary to fulfill the purposes provided for in this Privacy Notice. The foregoing, without prejudice to preserving the information and documentation that is required to comply with the obligations provided for in the Commercial Code, the Federal Tax Code and other tax legislation, as well as any other current or future applicable legislation ( h) PRINCIPLE OF RESPONSIBILITY: In order to comply with this Privacy Notice, the "LFPDPPP" and the administrative regulation derived from it, the CONTROLLER has established the Personal Information Department of the company, which has, among other functions, process the requests that you make to assert your rights in terms of the LFPDPPP and the requirements of the National Institute of Transparency, Access to Information and Protection of Personal Information (INAI) and other competent authorities.
V. INFORMATION AND DOCUMENTS THAT ARE COLLECTED AND PROCESSED: The MANAGER collects, and the CONTROLLER processes your personal information, that is, information that can reasonably identify you, and that may appear in various documents. The personal information that will be collected and processed are specified in each of the privacy notices that are made available to you in the physical and/or electronic forms of the CONTROLLER, personal information that may include, for example: name and surname; date of birth, nationality, pre-existing medical condition, occupation, sex, address, work or tax status; Email address; landline and/or cell phone number; code to the Federal Taxpayer Registry (RFC). The personal information will be collected by the MANAGER through physical or electronic forms, or by comparing the originals or their certified copies with the copies that the OWNER of the information provides: the voter ID; the passport or the national military service identity card; the registration card in the RFC; If applicable, proof of address.
Regarding our suppliers, we collect information such as name or company name, handwritten signature, Federal Taxpayer Registry (RFC) and a copy of their updated tax status certificate, copy of their identification or that of their legal representative, address and copy of their proof of address, dated within 3 months from the date of registration, email, landline and/or cell phone contact, a copy of their bank account´s front page and/or letter from the bank signed by the bank executive indicating type of account, branch number, account number, bank and CLABE standardized to 18 digits) to be able to compare their account information and to be able to register their bank account in our banking payment portal, proof of compliance with tax obligations in matters of social security issued by the Mexican Social Security Institute (IMSS) in case of Project Contractors and its REPSE registration if applicable
During the COVID-19 pandemic, we collected information from our employees about their past, present and future health status; information linked to their health status, related to COVID19 and/or any other disease that classifies them as a vulnerable group, as well as information related to behaviors that you have carried out and that have a direct link with the detection and care of COVID-19.
If you use the currency exchange service, we will need to obtain a copy of your passport (or government-issued identification for Mexican citizens) and retain said copy in accordance with local regulations issued by the Bank of Mexico.
VI. PURPOSES OF THE INFORMATION: The personal information described in section V above are collected and processed for the purposes specified in each of the privacy notices that are made available to you in the physical and/or electronic forms of the CONTROLLER. for example purposes such as: (1) providing you with our hospitality services, as well as complying with mandatory registration requirements; (2) provide you with our SPA services; (3) manage the marketing of services based on: the reservation confirmation document and the receipt of deposits on account; (4) document and guarantee the confirmed reservation according to the agreed conditions; (5) enter into contracts with the client; (6) provide information to the client and the guest in a clear and visible manner, about the conditions, policies and provisions for the hiring and use of services and facilities, as well as about environmental practices, means of payment, rates for services, modalities and calendars, as well as any change that occurs in the reservation, after its confirmation, or any unusual circumstance in the establishment such as construction, limitations on schedules or services, among others; (7) manage food services, room service, room cleaning and maintenance, telephone service, parking, among others, based on the policies previously defined and communicated to clients and guests; (8) manage the parcel and courier service for deliveries and shipments of packages on behalf of the client or guest; (9) manage the currency exchange service; (10) manage charges and collections from clients and guests, via bank cards, credits and cash; (11) prepare, manage, send and collect digital invoices or tax receipts; (12) manage credit to clients and guests for payment of services; (13) prepare and manage commercial documents for clients and guests, in printed or electronic format; (14) manage incentives for clients and guests; (15) manage contests in which guests and clients are invited to participate; (16) send promotional material, including notifications of offers, notices and/or promotional messages, which will be sent to you, unless you expressly indicate to the Data Department your wish not to receive such notifications; (17) prepare internal statistics that indicate the services and products most appreciated by clients, guests and other users of the hotel's services; (18) manage the entry and exit of guests and clients, based on previously defined and communicated policies; (19) monitor and control physical and logical access to hotel facilities and assets; (20) control visitor access; (21) manage security by applying the necessary current legal regulations regarding safety, hygiene and contingencies, evacuation plan and emergencies; (22) protect the valuables of guests and clients; (23) safeguard, destroy, send or deliver, as the case may be, objects, documents and payment instruments forgotten by clients or guests; (24) manage the handling and response of complaints or claims from guests and clients through the means and supports that are provided for their presentation; (25) manage legal acts in order to solve disputes that arise between clients and/or guests with the hotel; (26) manage the payment of compensation agreed with insurers, on behalf of the client or guest; (27) to charge your bank card for the photography service, (28) to identify you as the applicant for the general service of your wedding photographs, (29) to create a file with your information in the database of the wedding department, (30) to begin wedding preparations and contact you in case more wedding details are required, (31) to cover the municipal marriage application, in order to legally carry out the wedding in the Country, (32) to take your comments into account and contact you in order to follow up on your comments, (33) to facilitate medical services, investigate what circumstance, object or substance caused the accident, easily locate your family or friends and this way they can go or communicate quickly to the place where you are transferred and can give instructions on important aspects of your health, such as allergies, possible diseases or special medication that you may be taking, (34) for the potential transfer of the same to the medical service personnel, insurance company and its consultants, ambulance and the hospital in case they require them, (35) to identify you as a signer of a release or set a limit and create a record that will be filed (36) to charge for the SPA service and subsequently file it in the log. (37) manage customer satisfaction based on surveys and knowledge of their needs and preferences, and other purposes of a similar nature to those described above. Likewise, the CONTROLLER will implement video surveillance cameras in its facilities for security purposes. The recordings are kept in a secure area with restricted access to managers, directors and, where applicable, the competent authorities. Recordings are routinely destroyed unless they are necessary for the investigation of an incident or for legal proceedings. With respect to its employees, to maintain adequate internal control, as well as to make the corresponding payments derived from an employment relationship. With respect to prospective employees, to schedule job interviews, carry out evaluations, contact them and maintain internal controls for monitoring and possible hiring. With respect to your suppliers to register you as a supplier or service provider and enter your information into our system, as well as to be able to process your payments.
During the COVID-19 pandemic, the information that the Hotel collects from its employees is so that the Hotel can comply with its obligation to maintain safety and hygiene and the prevention of work related risks in the workplace, established in the Law. Federal Labor Law (LFT), the applicable NOMs, its internal work regulations and the policies and processes implemented by the Hotel to address this situation; know whether or not you are classified as a “vulnerable person” in accordance with what is established by the authorities regarding COVID-19; take preventive and corrective measures necessary for the prevention, care and mitigation of COVID-19 and/or other diseases, as well as guarantee the health of third parties; determine whether you are able to continue performing your job duties; determine the modality of their incorporation into work; determine if you can perform job functions within the facilities. For the aforementioned purposes, we need to obtain the following personal information: Information about your past, present and future health status; Information linked to your health status, related to COVID19 and/or any other disease that classifies you as a vulnerable group, as well as information related to behaviors that you have performed and that have a direct link with the detection and care of COVID-19 .
If you use the currency exchange service, we will use the copy of your passport (or government-issued identification for Mexican citizens) to keep in our files and if requested, it will be shared with INTERCAM BANCO, S.A., Institución de Banca Múltiple , Intercam Grupo Financiero in accordance with the general provisions referred to in article 115 of the Credit Institutions Law, as well as the secondary provisions regarding the prevention of operations with resources of illicit origin.
VII. TRANSFERS OF PERSONAL INFORMATION TO THIRD PARTIES: The CONTROLLER will not market your personal information with third parties. We notify you that your personal information may be transferred and processed in Mexico or abroad by subsidiaries, associates or companies that in any way form an integral part of the corporate group of the CONTROLLER to send information regarding special events and/or promotions in general to your email. We undertake not to transfer your personal information to third parties without your consent.
If you use the currency exchange service, as has been established in the corresponding privacy notice, for which you must have given us your express consent, there is the potential transfer of a copy of your official identification and the information of the operation and/or transaction carried out at INTERCAM BANCO, S.A., Institución de Banca Múltiple, Intercam Grupo Financiero, in compliance with local regulations issued by the Bank of Mexico.
VIII. RETENTION AND SECURITY OF PERSONAL INFORMATION: The CONTROLLER retains your personal information for as long as necessary to process your requests for information and/or services, as well as to maintain accounting, financial and audit records in terms of commercial legislation. , fiscal and administrative regulations, your information can be safely destroyed if it is no longer necessary or if the purposes for which it was collected have been fulfilled. The personal information collected by the MANAGER and processed by the CONTROLLER are protected by appropriate administrative, technical and physical security measures against damage, loss, alteration, destruction or unauthorized use, access or handling, in accordance with the provisions of the LFPDPPP and the administrative regulation derived from it. All personal information stored electronically is kept in confidential and secure data banks. The CONTROLLER evaluates its security equipment and procedures regularly and modifies them if necessary. To prevent unauthorized access or improper disclosure of personal information, and in order to maintain its accuracy, integrity, availability, and confidentiality, the CONTROLLER also uses relevant legal procedures and controls in terms of the LFPDPPP and those provided for in the administrative regulation derived from the Law. When processing personal property information, such as your information related to your bank account, the CONTROLLER uses a variety of technologies and procedures designed to protect your personal information, the use of secret users and passwords, computer tools of (PGP) encryption for laptops as well as FTPS data transfer. Such personal information is stored in computer systems protected with programs against viruses, Spyware and other malicious codes; Additionally, it uses networks protected with firewalls and controlled access facilities.
During the COVID-19 pandemic, the information will only be kept by the Hotel as long as it is necessary to address the COVID-19 crisis and subsequently the Hotel will proceed to securely eliminate it.
IX. PERSONAL INFORMATION DEPARTMENT: The CONTROLLER places at your disposal the Personal Information Department, which will be in charge of receiving, registering and replying to your requests to exercise your right of access, correction, cancellation and opposition to the processing of your personal information, as well as to limit the use or disclosure of your data, and the other rights provided for in the LFPDPPP. For any request, clarification or comment related to this Privacy Notice, please contact email: datospersonales@playaresorts.com or phone (998) 8818485, from Monday to Friday from 10:00 a.m. to 4:00 p.m., where they will notify you of the procedure to exercise your ARCO rights, if it is not the person responsible for the handling, they will notify you to which person in charge of handling personal information you should send the request. ARCO RIGHTS: The CONTROLLER is committed to your privacy and to compliance with the rights that correspond to you in terms of the LFPDPPP. The following rights are called ARCO Rights: RIGHT OF ACCESS: You have the right to know about the personal information referring to you that are held by the CONTROLLER and to whom they have been shared and for what purposes. RIGHT TO RECTIFICATION: You have the right to have your personal information corrected when it is inaccurate or incomplete. RIGHT OF CANCELLATION: You have the right to request that your personal information be deleted at any time, which will happen once the blocking period has expired. Blocking involves the identification and conservation of your personal information, once the purposes for which they were collected have been fulfilled, and its purpose is to determine possible responsibilities in relation to its handling, until the legal or statutory limitation period thereof. During this period, your personal information will not be processed and once this has elapsed, it will be deleted from the corresponding database. Once the information is cancelled, the CONTROLLER will give you the corresponding notice. In the event that your personal information had been transmitted prior to the date of correction or cancellation and continue to be processed by third parties, the CONTROLLER will notify you of the request for correction or cancellation, so that you can proceed to carry it out as well. RIGHT TO OBJECT: You have the right at all times to request, provided you have a legitimate cause, that the CONTROLLER stop processing your personal information. Procedure for the exercise of ARCO Rights: To exercise ARCO rights, you or your representative must send the duly completed application by email, which you can download at the following link: ARCO RIGHTS REQUEST FORM, to access, make corrections, cancellations or opposition, or you can request it directly from the person in charge of handling your information, filling out the request and attaching the following documentation: (i) the name of the owner; (ii) the documents that prove your identity (simple copy in printed or electronic form of your voter ID, passport or Immigration Form) or, where appropriate, the legal representation of the holder (simple copy in printed or electronic form of the letter simple power of attorney with handwritten signature of the holder, two witnesses and the representative and their corresponding official identification - voter ID, passport or Immigration Form); (iii) the clear and precise description of the personal information with respect to which you seek to exercise any of the ARCO rights; and (iv) any other item or document that facilitates the location of your personal information. In case of ACCESS, you will be given a copy of the document that you provided with your personal information, once you prove that you are the owner. In case of requests for CORRECTION of personal information, you must also indicate the modifications to be made and provide the documentation that supports your request. In case of CANCELLATION, you must indicate which information you wish to cancel. Once you prove that you are the owner, they will be blocked and then they will be deleted. In the case of OPPOSITION and REVOCATION, once you prove that you are the owner, we will proceed to no longer process your personal information. In case of LIMITATION AND USE, you must tell us what data you want us to keep in our database or what service you no longer want to receive. The CONTROLLER will respond to you within a maximum period of twenty days, counted from the date on which the request for access, correction, cancellation or opposition was received, with its decision taken, so that, if appropriate, it becomes effective within the fifteen days following the date on which the reply is communicated to you. In case of requests for access to personal information, the CONTROLLER will proceed with its delivery after accreditation of the identity of the applicant or their legal representative, as appropriate. The above-mentioned deadlines may be extended only once for an equal period, as long as the circumstances of the case justify it. The delivery of personal information will be free, you will only be responsible for covering the justified shipping costs or the cost of reproduction in copies or other forms. If you repeat your request in a period of less than twelve months, you must cover the corresponding costs in terms of the LFPDPPP, unless there are substantial modifications to the privacy notice that motivate new inquiries.
X. CHANGES TO THE PRIVACY NOTICE: The CONTROLLER may modify this Privacy Notice at any time, in order to implement improvements or incorporate new measures provided for in the Law and other regulatory provisions, an issue for which it is suggested that you regularly review its content. Updates will be published on the website https://www.playaresorts.com/privacy-policy. If the CONTROLLER makes significant changes, they will also notify you by other means such as sending an email.
XI. CONSENT: You provide your express consent for the collection, processing and use of your sensitive personal information in accordance with the provisions of article 9 of the LFPDP, and at the time of reading this privacy notice, consent for the processing of your personal information, with this Privacy Notice you agree to express your will through a written, electronic statement or by any other technology, or by voluntarily providing the requested information. You provide your implied consent for the use of automatic data entry tools by not opposing this privacy notice published on the CONTROLLER'S website, without objecting to its content within the next 48 hours following its publication. In some cases, the LFPDPPP in its article 10 allows the CONTROLLER to collect, use and disclose your personal information without your consent. If the CONTROLLER obtains personal information through third parties, it will require for them to confirm that they have your consent for the disclosure of your personal data to the CONTROLLER. You have the right to withdraw your consent in relation to the collection, use and disclosure of your personal information. If you request that the CONTROLLER revoke your consent, the CONTROLLER will take the necessary measures to destroy or delete the personal information that you have provided to us, with the exceptions provided for in the LFPDPPP. Residual personal information may remain in saved files or historical records. Furthermore, the CONTROLLER does not allow the destruction of tax or accounting information on transactions that may be necessary to maintain or comply with legal obligations. However, the CONTROLLER will not use your personal information for other purposes once you revoke your consent.
XII. APPLICABLE LEGISLATION: The interpretation and application of this Privacy Notice is governed by the Federal Law on Protection of Personal Information Held by Private Parties. In the absence of an express provision in this Law, the provisions of the Federal Code of Civil Procedures and the Federal Law of Administrative Procedure will be applied in a supplementary manner.
XIII. EFECTIVE DATE: This Privacy Notice is effective as of its publication date, as provided in the Third and Fourth Transitory articles of the LFPDPPP.
USE OF COOKIES AND WEB BEACONS
Cookies are text files that are automatically downloaded and stored on the hard drive of the user's computer when browsing a specific Internet page, which allow the Internet server to remember some data about this user, including their preferences for viewing the pages on that server, name, and password.
On the other hand, web beacons are images inserted into an Internet page or email, which can be used to monitor the behavior of a visitor, such as storing information about the user's IP address, duration of interaction time on said page and the type of browser used, among others.
We inform you that we use cookies and web beacons to obtain personal information from you, such as the following:
Your browser type and operating system.
The Internet pages you visit.
The links that you follow.
The IP address.
The site you visited before entering our site.
These cookies and other technologies can be disabled. To learn how to do so, consult the following manual: DISABLE COOKIES AND WEB BEACONS.
XIV. COMPLAINTS AND CLAIMS
If you consider that your right to protection of personal information has been harmed by any conduct of our employees or our action or responses, believe that in the handling of your personal information there are some violations of the provisions set forth in the Federal Law on Protection of Personal Information Held by Private Parties, you may file the corresponding complaint or claim with the National Institute of Transparency, Access to Information and Protection of Personal Information (INAI), for more information visit http://inicio.ifai.org.mx
Last Update: January 2024.