COMPREHENSIVE PRIVACY NOTICE SOCIAL NETWORKS
A. Identity and domicile of Data Controller
In accordance with the Federal Law for the Protection of Data Held by Individuals (hereinafter referred to as LFPD) and in accordance with applicable provisions, Fundación Palace Resorts, I.A.P. (hereinafter and distinctively referred to as “Fundación Palace®” or as the “Data Controller”) having corporate domicile for hearing and receiving notifications at Carretera Cancún Puerto Morelos km 21, Manzana 01, Lote 1 – 11, Edificio A, Supermanzana 47, Municipio Benito Juárez, Cancún, Quintana Roo, Zip Code 77506, expressly informs:
B. Personal Data Collected and Subjected to Processing.
To fulfill the purposes established herein, Grupo Palace Resorts® processes the following categories of personal data:
a) Identity Data;
b) Personal Data;
c) Social Circumstances Data and
d) Labor Data
C. Processing of Sensitive Personal Data.
Fundación Palace® does not collect any sensitive personal data for any of the purposes listed herein below and data subjects using social networks shall restrain from submitting this type of data through the channels available at said networks.
D. Responsibilities of Fundación Palace® and of data subjects using the social networks of the social network services providers.
Fundación Palace® processes personal data of the data subjects using social networks by means of the access and management of the information that such data subjects using social networks publish or spread through the profiles they have created in each social network they use to link themselves to Data Controller. This processing also comprises the profiting of the personal data to disclose the activities of Fundación Palace® Fundación Palace® accesses, manages and takes advantage of the personal data of the data subjects using social networks solely during the term user data subjects are linked to the profiles that the Data Controller manages in every involved social network.
The data subjects using social networks shall be responsible for the truthfulness, accuracy and updating of the personal data they publish at their social network profiles. They shall also be responsible for the spread extent of information thereof and for access thereof which they consent or authorize to third-parties, by means of such profiles. Fundación Palace® suggests to all the data subjects using social networks to continuously check the privacy configuration of profiles thereof on each of the web pages they use to link themselves to the Data Controller.
The service providers of social networks are responsible for the databases created with the personal data of the users of such social networks. Such service providers are, in turn, responsible for the security measures they adopt to safeguard the personal data of users thereof. In accordance with the foregoing, Fundación Palace® shall be responsible for the due access, management and profiting of the personal data of the data subjects using social networks who are linked to the profiles Fundación Palace® manages in various social networks. Fundación Palace® does not create any new databases with he information and/or personal data of the data subjects using social networks.
E. Purposes of the Processing.
a. Initial and Necessary Purposes
1. Managing followers at social networks (Facebook, Twitter, Youtube, Foursquare, Google+, Linkedin, etc.) and managing of the subscribers to the newsletters of Grupo Palace Resorts®.
2. Communicating the activities of Fundación Palace®.
3. Information and foster of our beneficiary activities.
4. Making the statistics of the followers in social networks.
b. Additional Purposes.
1. There are no additional purposes. F. Personal Data Transference. In furtherance of the stated purposes, Fundación Palace® does not transfer any data to third-parties.
G. Data Transference Consent.
Your personal data shall not be transferred to third-parties without your consent, except for the cases contemplated at LFPD article 37. In which case the transference shall be conducted while complying with the conditions described at LFPD Regulations article 17.
H. Exercise of the ARCO rights before Data Controller.
In all cases legally applicable, at all times, you may exercise your access, rectification, cancellation and opposition rights (ARCO rights) by means of the procedures we have implemented.
The relevant request shall meet the requirements of the effective legislation, by means of a document addressed to our Personal Data Responsible at Carretera Cancún Puerto Morelos km 21, Manzana 01, Lote 1 – 11, Edificio A, Supermanzana 47, Municipio Benito Juárez, Cancún, Quintana Roo, C.P.77506.
The request shall contain the following:
I. Your name and domicile or any other means to answer your request.
II. The documents proving your identity or, if applicable, your legal powers.
III. A clear and precise description of the personal data with regard to which any ARCO Rights are to be enforced.
IV. Any other element or document facilitating the localization of your personal data.
Data Controller shall inform to you, within a maximum term of twenty business days, from the date when Data Controller receives the relevant request, the resolution thereof. In case the request was accepted, the request shall become effective within the fifteen business days after the date when Data Controller communicates the resolution. In the event the information provided at your requests turns out to be untrue or insufficient or in the event they are not included the documents required to prove your identity or the relevant legal powers, the Data Controller, within the five business days after the receipt of the request, shall require that deficiencies be corrected in order to process the request. In which case, you shall have ten business days to fulfill the correction requirement, from the day after receipt thereof. The relevant request shall be deemed as not presented in case you fail to conduct the correction within said term.
You may obtain the requested information or personal data by means of simple copies, electronic documents in conventional format (Word, PDF, etc.), by means of a restricted access authorized to the system processing your personal data (access) or through any other lawful means guaranteeing and accrediting the effective exercise of the requested right.
Alternatively, the Data Subject may address your request through the following address firstname.lastname@example.org, complying with all the aforesaid requirements, establishing as Subject o the communication “ARCO Rights and/or Consent Revocation”. The terms for the proceeding shall be the sames as the ones mentioned in the foregoing paragraph. The use of the electronic means for the enforcement of the ARCO rights authorizes data subject to answer the relevant request through the same means, unless data subject himself expressly and clearly indicates otherwise.
I. Exercise of the ARCO rights before the social network service providers.
The exercise of the ARCO rights before the social network service providers at which the data subjects using such networks have created a profile shall be governed in accordance with the applicable legislation, under the terms and conditions set forth in the Privacy Notices, Privacy Policies and/o Legal Notices each service provider has established in the social networks they operate and manage.
J. Consent Revocation.
You may revoke your consent for the processing of your personal data, without any retroactive effects, in case such a revocation does not entail that it is not possible to fulfill the obligations arising from an effective legal relation between you and the Data Controller.
You may revoke your consent for the processing of your personal data by disassociating yourself from the profile of the Data Subject, at any of the corresponding social networks.
The procedure for the revocation of the consent, if applicable, shall be the same as the one established in section H) for the exercise of the ARCO rights.
K. Limitations to the Disclosure of Your Personal Data.
You may limit the usage or disclosure of your personal data by addressing the relevant request to our Personal Data Department. The requirements for accrediting your identity, as well as the procedure for processing your request shall be the same as the ones indicated at section H) hereof (ARCO rights exercise).
However, we remind you that you as data subject using the social networks are responsible for the truthfulness, accuracy and updating of the personal data you publish at your social network profiles. They shall also be responsible for the spread extent of information thereof and for access thereof which you consent or authorize to third-parties, by means of such profiles.
L. Amendments or Updating to this Comprehensive Privacy Notice.
The Data Controller may amend, update, extend or otherwise change the form, content and scope hereof at any time and at its sole discretion. In such cases, Fundación Palace® shall publish said amendments in the website www.fundacionpalace.org, section “Privacy Notices”. Amendments hereto may also be communicated by means of the profiles of the Data Controller at the relevant social networks, should interface thereof allows so.