• reservas@viajamasperu.com
  • reservas@viajamasperu.com
  • +51 952 360 500
  • Blog
  • Español
  • English

PERSONAL DATA PROTECTION

1.- INTRODUCTION

VIAJA MAS PERÚ is a company dedicated to the tourist activity, selling tourist products and services at national and international level through different platforms, such as: Sale of tourist packages, hotel services, train tickets, bus tickets and airline tickets.

VIAJA MAS PERU, is committed to keep in total privacy the data and information, personal information. – To watch over the quality and security of the information. – Respect the rights of individuals with respect to information about themselves.

VIAJA MAS PERU is committed to the protection, handling and adequate treatment of personal data to which it has access in the regular operation of its business. Such commitment includes the review and continuous improvement of the organization’s processes in order to guarantee an adequate protection of such personal data and the guidelines established by VIAJA MAS PERU for the collection and treatment of personal data in order to ensure respect for the rights of its owners and compliance with the current regulatory framework. The Policy may be complemented with additional procedures, regulations and/or guidelines that develop what is established in this document as long as they are aligned with its guiding principles.

OBJECTIVE

The purpose of this document is to establish principles, uniform practices and responsibilities regarding the treatment of personal data in which VIAJA MAS PERU is involved.

SCOPE

This document is applicable to all processes of VIAJA MAS PERU that will use personal data of clients to be contained in the different databases of VIAJA MAS PERU and to the treatment of such data.

The Policy shall be known and fully complied with by all VIAJA MAS PERU employees and suppliers. For the purpose of interpreting this Policy, the definitions contained in the Law are applicable, especially those included below.

DEFINITIONS

Personal data: Any information that identifies a natural person or that can be identified through reasonably used means. For example, ID card, physical address, full name. Sensitive data: Personal data consisting of biometric data that by itself can identify the holder; data referring to racial and ethnic origin; economic income, political, religious, philosophical or moral opinions or convictions; union membership; and information related to health.

Personal data processing: Any operation or technical procedure, automated or not, that allows the collection, recording, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, suppression, communication by transfer or diffusion or any other form of processing that facilitates the access, correlation or interconnection of personal data. In short, the processing of personal data regulates all possible forms of use and processing of personal data within the organization from its entry to its eventual deletion or conservation.

Consent: Prior, free, unequivocal and express authorization that must be given by the individual to authorize the processing of his personal data. – Prior: Must be obtained prior to collection. – Free: Must not be forced or conditioned. – Unequivocal and express: There must be no doubt as to its manifestation and it must be recorded in some tangible medium. Personal data bank: Organized set of personal data, automated or not, regardless of the medium, whether physical, magnetic, digital, optical or other that may be created, whatever the form or modality of its creation, formation, storage, organization and access.

Holder of the personal data bank: Natural person, legal person of private law or public entity that determines the purpose and content of the personal data bank, the processing of such data and the security measures. Data Controller: Any natural person, legal person under private law or public entity that alone or acting jointly with another performs the processing of personal data on behalf of the owner of the personal data bank. Anonymization procedure: Processing of personal data that prevents identification or does not make the holder of the personal data identifiable. The procedure is irreversible. Disassociation procedure: Processing of personal data that prevents identification or does not make the holder of the personal data identifiable. The procedure is reversible.

COMPLIANCE OFFICERS

VIAJA MAS PERU will assign and communicate the corresponding responsibilities to all personnel and suppliers for compliance with this Policy.

The area responsible for annually reviewing this Policy and making the respective adjustments within VIAJA MAS PERU shall be the General Management. Likewise, said Management shall be in charge of answering any questions related to the application and scope of this Policy.

Notwithstanding, all employees of VIAJA MAS PERU as well as all suppliers and third parties with whom VIAJA MAS PERU is linked in the regular exercise of its business and have access to or process personal data are subject to compliance with the Policy. Finally, no employee of VIAJA MAS PERU shall perform, on behalf of the Company, actions or omissions that imply non-compliance with the Law.

CONFIDENTIALITY

This Policy shall be for internal and exclusive use of VIAJA MAS PERU and, therefore, it is confidential. Any use other than that indicated is prohibited and must be expressly authorized in writing by the General Management.

The personal data to which both VIAJA MAS PERU’s employees and related third parties have access or participate in its treatment may not be treated or used in any way without the prior consent of the owner of the personal data even after the termination of its relationship with VIAJA MAS PERU, except for the exceptions regulated by law.

In the case of workers who, due to the nature of their duties, have access to confidential and sensitive personal information, VIAJA MAS PERU will try to develop specific training and awareness actions. The persons involved in the treatment of personal data are obliged to keep professional secrecy and to maintain confidentiality with respect to such data. Such obligation will be maintained even after the end of their relationship with VIAJA MAS PERU.

PRINCIPLES

All employees of VIAJA MAS PERU shall permanently comply with the principles set forth in the Law, as detailed below, in the performance of their duties:

a. Legality. The processing of personal data carried out by VIAJA MAS PERU will be done in accordance with the provisions of the Law. The collection of personal data by fraudulent, unfair or illicit means is prohibited.

b. Consent. VIAJA MAS PERU will not process personal data that does not have the prior, express, unequivocal and free consent of its owner as required, except for the exceptions provided by the Law.

c. Purpose. VIAJA MAS PERU will collect personal data clearly indicating the purpose of such collection, which must be determined, explicit and lawful. The personal data being processed may not be used for purposes other than or incompatible with those for which they were collected, except with the consent of the owner. In this sense, VIAJA MAS PERU will comply with the implementation of measures that guarantee: – The collection, storage and conservation of personal data comply with the principles of proportionality and purpose. – The adequate safeguarding of personal data by complying with adequate technical and legal security measures. It should be specified that VIAJA MAS PERU will not be able to disclose personal data unless it is ordered by a reasoned order of a judge or with the authorization of the owner, with the guarantees provided by the Law. Likewise, VIAJA MAS PERU may not refuse to deliver to a public entity information containing personal data as long as such requirement is made for the strict compliance with the competences of such entities assigned by the legislation in force.

d. Proportionality. Any processing of personal data carried out by VIAJA MAS PERU must be adequate, relevant and not excessive to the purpose for which they were collected.

e. Quality. Personal data to be processed by VIAJA MAS PERU must be truthful, accurate and, as far as possible, updated, necessary, relevant and adequate with respect to the purpose for which they were collected. They must be kept in such a way as to guarantee their security and only for the time necessary to comply with the purpose of the processing, respecting the applicable legal terms of conservation of documents and information.

f. Security. VIAJA MAS PERU and the third parties to whom it entrusts the processing of personal data must adopt the necessary and appropriate technical, organizational and legal measures to guarantee the security of personal data against different risks, such as accidental loss or destruction by accident, unauthorized access, covert use or infection by malware or computer viruses. These measures will be established, communicated and, if necessary, updated by VIAJA MAS PERU.

g. Adequate level of protection. In case VIAJA MAS PERU carries out international transfers of personal data, it must guarantee a sufficient level of protection for the personal data to be processed or, at least, comparable to that provided by the Law.

Therefore, VIAJA MAS PERU will take the necessary measures to inform the holder of the personal data about the rights conferred by the Law. – It will adopt the measures that allow the holder of the personal data to keep them updated. – It will comply with the requirements and requests related to the aforementioned rights of the holders of personal data in a timely manner and within the terms of the law; The following guidelines will apply to the processes of attending to the rights of holders of personal data. – The suppression or rectification of personal data shall not proceed when it affects legitimate rights or interests of VIAJA MAS PERU, its shareholders, employees or directors or third parties or when there is a legal obligation to keep the personal data. – VIAJA MAS PERU may reject certain requests when the disclosure of personal data may compromise or hinder ongoing judicial or administrative proceedings.

TRANSFER OF PERSONAL DATA

Personal data processed by VIAJA MAS PERU may only be assigned or transferred to third parties for the fulfillment of purposes related to the legitimate interest of the assignor and the assignee and with the prior, express, free, unequivocal and informed consent of the holder of the personal data. Such consent will not be required in the cases permitted by law.

COLLECTION OF SENSITIVE DATA

VIAJA MAS PERU will only collect personal data and/or sensitive data when strictly necessary and in compliance with the principles of purpose and proportionality. When the collection and treatment of such data is derived from the compliance of a legal obligation, VIAJA MAS PERU will inform the owner of the data of such situation prior to its collection.

DISCLOSURE OF PERSONAL DATA

VIAJA MAS PERU will not disclose personal data to third parties except when: a) It is necessary for the purpose for which the personal data was collected; as in the provision of services through third parties and suppliers. b) The owner of the personal data is informed prior to the disclosure or at the time of collection of the personal data. c) The owner of the personal data gives its prior and express consent. d) The consent is not required by law. e) The personal data is required by public entities within the scope of their competencies and legal attributions. f) The personal data is necessary to satisfy legitimate requirements of a company interested in acquiring any of VIAJA MAS PERU’s operations, prior consent of the owner; or, g) The access to personal data is by auditors and lawyers and other professionals obliged to keep professional secrecy.

ELIMINATION OF PERSONAL DATA

Once the processing of personal data has been completed and the purpose principle has been complied with, and provided that there is no legal mandate or reason that justifies the conservation of personal data, VIAJA MAS PERU will proceed to delete them from its records. Alternatively, VIAJA MAS PERU may apply dissociation processes, or equivalent when for any commercial, statistical or market analysis reason justifies the convenience of keeping such data. VIAJA MAS PERU will timely define the respective procedures necessary for the elimination of personal data.

SANCTION REGIME

Any employee who commits any violation to the provisions set forth in this Policy shall be considered a serious offense and shall be subject to a sanction. VIAJA MAS PERU will take the disciplinary measures it considers pertinent in cases of non-compliance with the obligations herein stipulated by the employees.

DISSEMINATION AND COMPLIANCE WITH THE POLICY

VIAJA MAS PERU will endeavor to: i) ensure compliance with the provisions of this Policy; ii) make this Policy known, observed and respected by each employee; iii) publish this Policy in easily accessible places; and iv) subscribe to confidentiality obligations with employees, users, contractors and third parties who access personal data included in the databases.

Diseñado y desarrollado por SKYNETCUSCO mas informacion visita www.skynetcorp.pe