Netviajes business unit specialized in providing tourism services (hereinafter "The Agency" or "Netviajes") values and is committed to protecting the personal data of its customers in their capacity as responsible or in charge of the treatment, for it developed this privacy policy (hereinafter "Policy"), which refers to the collection, use, storage and disclosure of personal information collected in the course of its activity, the above in compliance with the Law on Protection of Personal Data in Colombia, Law 1581 of 2012, Decree 1377 of 2013 and its complementary rules.

When you access to make purchases of tourist services, you leave us the record of your personal information, which may sometimes be previously validated by the commercial or banking establishment that refers you to our website (hereinafter "website").  This Policy is intended to help you understand what kind of data we collect, why we collect it and what it is used for.

Thus, being you the user, owner or authorized to provide personal data on this website, you grant authorization to perform the practices detailed below, so we invite you to carefully read the following information:

 

The responsible in its own capacity or in charge of the database collected through the website is Netactica Colombia SAS with NIT 900132867-1 through its specialized business unit Netviajes located at Carrera 15 # 88 21 office 502 in the city of Bogota.

 

1. DATA COLLECTED

   1. Information that you provide us, Netviajes receives and stores this information to be able to make tourist reservations, to carry out this procedure you must provide us with certain personal information (hereinafter the "Personal Information") that includes name and surname, document number or valid identification, nationality, in some occasions tax identification code, and contact information (such as telephone number, address or e-mail address).

In order to formalize tourist reservations and according to the means of payment selected by you, sometimes you must also provide us with your credit or debit card information (such as credit card number, security code, cardholder's name and expiration date).

At the sole discretion of The Agency may corroborate the personal information provided by you, by consulting with public entities, specialized companies or credit bureaus for which you expressly authorize us to treat confidentially.

In general, the personal information requested on the website is essential to generate tourist reservations, you decide if you voluntarily provide such information, otherwise you may not be able to contract with us.

In case you make a reservation on behalf of another person, you must first obtain the consent of that person before giving us the Personal Information of this person. If that person is a minor according to the applicable law, you declare to have sufficient faculties to offer this Personal Information and to accept this Policy.

2. Information from third parties, to the extent permitted by law, Netviajes may also obtain Personal Information about you and add it to the Personal Information you provide to us either from affiliated entities, business partners and other independent third party sources -whom you previously authorized to treat your personal data such as public databases. Any Personal Information obtained by Netviajes by the means mentioned herein will be treated in accordance with the provisions of this Policy.

3. Information collected by our systems: Netviajes automatically collects and stores certain information about the activity of its users. Such information may include the URL they come from (whether or not they are on the Netviajes Web Site), which URL they access next, which browser they are using, and their IP addresses. Also the pages visited and the searches performed. In order for the Web Site to work properly, Netviajes uses its own and third party cookies.

 

Information about cookies and web beacons

Cookies are specific types of information that a website transmits to a user's computer hard drive for record-keeping purposes. Cookies can serve to facilitate the use of a website by saving passwords and preferences as the user navigates the Internet.

Web beacons are images embedded in an Internet page or e-mail, which can be used to monitor a visitor's behavior, such as storing information about the user's IP address, duration of interaction time on that page and the type of browser used, among others.

Most browsers accept cookies and web beacons automatically, but you can always choose not to receive a cookie file by enabling your web browser to refuse cookies or to inform you before accepting cookies (for details, see www.aboutcookies.org). Please note that cookie preferences must be set for each browser (Internet Explorer, Google Chrome, Mozilla Firefox or Safari).

 

2. USES OF THE COLLECTED DATA

By accepting this Policy you expressly authorize Netviajes to record and process your personal information for the following purposes:

1. Manage your tourist reservation, carry out transactions including payment processing transactions that you have initiated and process invoices or other tax documentation.

2. To provide you with products and services and to respond to your questions and comments;

3. To send you confirmation and updates about your trip, as well as any relevant information about it. This information may be forwarded via email, SMS or WhatsApp to the cell phone provided by you. These messages may contain (but are not limited to) information about Netviajes services, as well as contact details of suppliers that may assist your travel experience at your destination.

4. Contact you for customer service purposes, conduct surveys, statistics or analysis on consumer habits or preferences, notify you by email of special offers and travel-related products and services that may be of interest to you unless you do not wish to do so (see below: Unsubscription policy).

 

3. DATA PROCESSING WITH THIRD PARTIES

You unequivocally grant Netviajes to share the relevant Personal Information of its users with suppliers for the management of your reservations and/or purchase requests, such as airlines, hotels, tourist companies that provide services at destination, car rental companies, wholesalers, and other suppliers of products and services that you hire through our Web Site. Also, you agree to share your Personal Information with suppliers that provide services to Netviajes, including credit card, business analytics, customer service, marketing and fraud prevention.

 

The information and personal data collected are used to process, confirm and comply with the services purchased, as well as for the completion of the reservation, modifications, cancellations and itinerary changes, refunds, attention to queries, complaints and claims, payment of compensation and indemnities, accounting records, correspondence, processing and verification of credit cards, debit cards and other payment instruments, promote and advertise our activities, products and services, perform financial transactions of payments, collections or refunds, attend legal proceedings, make reports or meet requirements of the various national or international administrative authorities of control and surveillance, police authorities or judicial authorities, banking entities and/or insurance companies, for internal and/or commercial administrative purposes, including market research, audits, accounting reports, statistical analysis, invoicing, and offering and/or recognition of benefits through loyalty programs, for the execution of the transportation contract and other services and complementary activities, identification of fraud and prevention of money laundering and other criminal activities and/or for the operation of loyalty programs and other purposes indicated in this document. 

 

In Netviajes we do not sell or transfer to third parties for a price the information and personal data of our customers or users. The transfer of data that we make to third parties under the terms of this Policy, it is informed that the receiver of the personal data will assume the same obligations that correspond to the responsible that transfers the personal data, it is made exclusively on the basis of compliance with the purposes contained therein.  Netviajes is not responsible for the improper use of the Personal Information that could be made by third companies outside the web site.

 

We inform you that in accordance with the provisions of Article 12, paragraph d) of the Statutory Law 1581 of 2012, Netviajes may optionally answer questions related to sensitive data provided by you or data of children and adolescents.

 

4. STORAGE, TRANSFER AND TRANSMISSION OF PERSONAL INFORMATION

By accepting this Policy, you expressly state your consent for Netviajes to process the information, establishing that the Personal Information is collected and stored in servers physically located in the United States, Argentina and Colombia. Netviajes can relocate these servers in any other country, in the future, and can store Personal Information in the current countries or in other countries, for backup or back up purposes. You give your unequivocal consent so that Netviajes can transfer or transmit as Responsible for your Personal Information your data to any country in the world and to any other responsible or in charge. In any case, Netviajes commits itself to guarantee the compliance with the legally required standards for the protection and safeguard of your Personal Information, through the signature of agreements or conventions whose purpose is the privacy of your personal information.

 

The Personal Information will be treated according to the degree of protection required in Colombia and with the standards, security and confidentiality procedures established by Law 1581 of 2012 and the regulatory decree 1377 of 2013 to ensure the security of the same and avoid its alteration, loss, treatment or unauthorized access.

 

5. CONSULTATION, UPDATING AND/OR DELETION OF COLLECTED INFORMATION

   1. Unsubscription of promotional messages

When you make transactions or register as a user in Netviajes, you can choose to receive promotional circulars, messages or e-mail alerts about offers. Likewise, in each e-mail message we send you, you will have the opportunity to unsubscribe. You will be able to modify your elections at any time, following any of the alternatives that are explained later ("Rights of Access, cancellation, rectification and opposition of the Personal Information").

2. Rights of Access, Cancellation, Rectification and Opposition of Personal Information

The holders of personal information by themselves or through their representative and/or proxy or their successor in title may exercise the following rights with respect to the personal information that is processed by Netviajes.

1. Right of access: By virtue of which you may access the personal data under the control of Netviajes for the purpose of consulting them free of charge at least once every calendar month, and every time there are substantial modifications of the Policies of Treatment of the information that motivate new consultations.

2. Right to update, rectification and suppression: By virtue of which you may request the update, rectification and/or suppression of the personal data object of treatment, in such a way that the purposes of the treatment are satisfied.

3. Right to request proof of authorization: except in the events in which, according to the legal regulations in force, authorization is not required to carry out the processing.

4. Right to file complaints before the Superintendence of Industry and Commerce: for violations of the provisions of the current regulations on the processing of personal data.

 

1. Rectification and updating of data: Netviajes has the obligation to rectify and update at the holder's request, the information of the holder that turns out to be incomplete or inaccurate, in accordance with the procedure and terms stated above. In this regard, the following shall be taken into account: In requests for rectification and updating of personal data, the holder must indicate the corrections to be made and provide the documentation supporting his request.

2. Deletion of data: The holder has the right, at any time, to request Netviajes the suppression (deletion) of his/her personal data when:

   1. Consider that they are not being treated in accordance with the principles, duties and obligations under current regulations.

   2. They are no longer necessary or relevant for the purpose for which they were collected.

   3. The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.

This deletion implies the total or partial elimination of personal information as requested by the holder in the records, files, databases or treatments carried out by Netviajes.

It is important to take into account that the right of cancellation is not absolute and the responsible can deny the exercise of the same when:

1. The holder has a legal or contractual duty to remain in the database.

2. The deletion of data hinders judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

3. The data is necessary to protect the legally protected interests of the holder; to carry out an action in the public interest, or to comply with an obligation legally acquired by the holder.

 

3. Netviajes' duties

Netviajes will keep in mind, at all times, that personal data are property of the people to whom they refer and that only they can decide about them. In this sense, it will use them only for those purposes for which it is duly authorized, and respecting in any case the current regulations on personal data protection. A. Duties when acting as data controller:

1. Request and keep, under the conditions provided in this policy, a copy of the respective authorization granted by the holder.

2. Clearly and sufficiently inform the holder about the purpose of the collection and the rights that he/she has by virtue of the authorization granted.

 

4. Duties when acting as Processor of personal data.

If you process data on behalf of another entity or organization (Data Controller) you must comply with the following duties:

1. Establish that the Controller is authorized to provide the personal data that it will process as Processor.

2. Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

3. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

4. To update, rectify or delete data in a timely manner.

5. Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.

6. Allow access to the information only to persons authorized by the owner or empowered by law for such purpose.

 

5. Duties with respect to the Superintendency of Industry and Commerce

1. To inform it of any violations to the security codes and the existence of risks in the administration of the information of the owners.

Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

 

6. TIME LIMITATIONS TO THE PROCESSING OF PERSONAL DATA  

It may only collect, store, use or circulate the personal data during the time that is reasonable and necessary, in accordance with the purposes that justified the processing, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical aspects of the information.

Once the purpose or purposes of the processing have been fulfilled, and notwithstanding any legal provisions to the contrary, the personal data in its possession shall be deleted. Notwithstanding the foregoing, personal data must be retained when required for compliance with a legal or contractual obligation.

 

7. PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF THE HOLDERS OF THE PERSONAL DATA

The holder of the personal data or whoever exercises his representation may send his request, complaint or claim from Monday to Friday during business hours, to the email servicioalcliente@netviajes.co or file the request at the address Carrera 15 # 88-21 Of.502 in Bogota.

Procedure:

The rights of rectification, updating or deletion may only be exercised by:

1. The holder or his successors in title, upon proof of identity, or through electronic instruments that allow him to identify himself.

2. Their representative, with prior accreditation of representation. When the request is made by a person other than the holder, the legal capacity or mandate to act must be duly accredited; and if such capacity is not accredited, the request shall be deemed not to have been filed.

The petition, complaint or claim must contain the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying documents to be asserted. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults.

After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been abandoned. In the event that the person receiving the claim is not competent to resolve it, he/she will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation.

Once the complete claim has been received, a legend will be included in the database stating "claim in process" and the reason for the claim, within a term not exceeding two (2) business days. Such legend shall be maintained until the claim is decided.

The maximum term to address the claim shall be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

 

8. AUTHORIZATION FOR THE CONSULTATION AND PROCESSING OF FINANCIAL DATA IN CREDIT BUREAUS.

With the acceptance of this Privacy Policy, you expressly and irrevocably, freely and voluntarily authorize Netviajes or whoever represents your rights or holds in the future in any capacity as creditor, to report, consult and disclose to the Banking Association and Financial Institutions of Colombia ASOBANCARIA, or any other operator and / or legally established source of information, all the information regarding its behavior as a client related to the birth, execution, modification, liquidation and/or extinction of the obligations derived from the present contract, at any time, and which may be reflected in the databases of CIFIN or any other legally established operator and/or source of information. The permanence of the information shall be subject to the principles, terms and conditions set forth in Law 1266 of 2008, Law 1581 of 2012 and other rules that modify, clarify or regulate it. Likewise, you expressly and irrevocably authorize Netviajes to consult all the financial, credit, commercial, service and other information coming from other countries, related to the commercial relations you have with the financial, commercial and service system, or any other sector, both in Colombia and abroad, at any time.

The present authorization is extended so that Netviajes can share your financial information with public or private third parties, whether they are information sources, information operators or users, with whom you have legal ties of any nature, all in accordance with the provisions of the current legislation in Colombia regarding the protection of personal data.

 

9. SECURITY MEASURES

In development of the security principle established in Law 1581 of 2012, Netviajes will adopt the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. The personnel performing the processing of personal data will execute the protocols established in order to ensure the security of the information.

 

10. EFFECTIVE DATE

This version of the information processing policy manual is effective from the date of its publication on the company's website.