- INTRODUCTION
- Orosco Travel E.I.R.L is a company in the tourism sector dedicated to the sale of tourist services nationwide through the intermediation of services, which includes: sale of transport tickets, private transfers, lodging and food services, tourist packages and full days located on Urb. Urbanizacion La Florida Jr Los Lirios LL-6 WANCHAQ – CUSCO – PERU, is obliged to comply with current Peruvian legislation on the protection of personal data, Law No. 29733 Protection of Personal Data and its complementary provisions.
- For this reason, Orosco Travel E.I.R.L is committed to:
- The collection and use of personal information.
- Ensure the quality and security of the information.
- Respect the rights of people with regard to information about themselves.
- Orosco Travel E.I.R.L is committed to the protection, handling and proper treatment of the personal data to which it has access in the regular operation of its businesses. Said commitment includes the review and continuous improvement of the organization’s processes in order to guarantee adequate protection of said personal data and the guidelines established by Orosco Travel E.I.R.L for the collection and processing of personal data in order to ensure respect of the rights of its holders and compliance with the current regulatory framework. The Policy may be supplemented with additional procedures, regulations and / or guidelines that develop what is established in this document, provided that they are aligned with its guiding principles.
- OBJECTIVE
- The objective of this document is to establish uniform principles, practices and responsibilities regarding the processing of personal data in which Orosco Travel E.I.R.L is involved.
- SCOPE
- This document is applicable to all theof processes Orosco Travel E.I.R.L that will use personal data of the clients destined to be contained in the different databases of Orosco Travel E.I.R.L and their treatment.
- The Policy will be fully known and complied with by all the employees of Orosco Travel E.I.R.L and suppliers. For the purposes of interpreting this Policy, the definitions contained in the Law and especially those included below are applicable.
- DEFINITIONS
- Personal data: All information that identifies a natural person or the one that can be identified through reasonably used means. For example, the DNI, physical address, full name. Sensitive data: Personal data made up of biometric data that by themselves can identify the owner; data referring to racial and ethnic origin; economic income, political, religious, philosophical or moral opinions or convictions; union membership; and health-related information.
- Processing of personal data: Any technical operation or procedure, automated or not, that allows the collection, registration, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, deletion, communication by transfer or by diffusion or any another form of processing that facilitates the access, correlation or interconnection of personal data. In summary, the processing of personal data regulates all possible forms of use and processing of personal data within the organization from its entry to its eventual elimination or conservation.
- Consent: Prior, free, unequivocal and express authorization that the individual must grant to authorize the processing of their personal data. • Previous: It must be obtained before collection. • Free: It should not be forced or conditioned. • unequivocal and express: There should be no doubt about its manifestation and it must be recorded in some tangible medium. Personal data bank: Organized set of personal data, automated or not, regardless of the support, be it physical, magnetic, digital, optical or others that are created, whatever the form or modality of its creation, training, storage, organization and access.
- Holder of the personal data bank: Natural person, legal person under private law or public entity that determines the purpose and content of the personal data bank, the treatment of these and the security measures. Person in charge of the personal data bank: Any natural person, legal person under private law or public entity that alone or acting jointly with another performs the processing of personal data on behalf of the owner of the personal data bank. Anonymization procedure: Processing of personal data that prevents identification or does not make the owner of the personal data identifiable. The procedure is irreversible. Disassociation procedure: Processing of personal data that prevents identification or does not make the owner of the personal data identifiable.
- RESPONSIBLE FOR COMPLIANCE
- Orosco Travel E.I.R.L will assign and communicate the corresponding responsibilities to all personnel and suppliers, for compliance with this Policy.
- The area responsible for annually reviewing this Policy and making the respective adjustments withinOrosco Travel E.I.R.L will be the General Management. Likewise, said Management will be in charge of answering any questions related to the application and scope of this Policy.
- Notwithstanding this, all the employees of Orosco Travel E.I.R.L as well as all the suppliers and third parties with whom Orosco Travel E.I.R.L is linked in the regular exercise of its business and have access or carry out processing of personal data are subject to compliance with the Policy. Finally, no employee of Orosco Travel E.I.R.L shall perform on behalf of the Company. actions or incurring omissions that imply a breach of the Law.
- CONFIDENTIALITY
- This Policy will be for internal and exclusive use of Orosco Travel E.I.R.L and, therefore, is confidential. Any use other than that indicated is prohibited and must be expressly authorized in writing by the General Management.
- The personal data to which both the workers of Orosco Travel E.I.R.L and related third parties have access or participate in their treatment may not be treated or used in any way without the prior consent of the owner of the personal data even after termination. of its relationship with Orosco Travel E.I.R.L, except for the exceptions regulated by Law.
- In the case of workers who, due to the nature of their duties, have access to confidential and sensitive personal information, Orosco Travel E.I.R.L will endeavor to develop specific training and awareness-raising actions. The people involved in the processing of personal data are obliged to keep professional secrecy and maintain confidentiality with respect to them. This obligation will continue even after the end of its relationship with Orosco Travel E.I.R.L.
- PRINCIPLES
- All the employees of Orosco Travel E.I.R.L must permanently comply with the principles established in the Law that are detailed below: a. Legality. The processing of personal data carried out by Orosco Travel E.I.R.L will be done in accordance with the provisions of the Law. The collection of personal data by fraudulent, unfair or illegal means is prohibited.
- Orosco Travel E.I.R.L will not be able to process personal data that does not have the prior, express, unequivocal and free consent of the owner as necessary, except for the exceptions provided by law.
- Purpose Orosco Travel E.I.R.L will collect personal data clearly stating the purpose for which it is collecting, which must be determined, explicit and lawful. The personal data being processed may not be used for purposes other than or incompatible with those for which it was obtained, except with the consent of the owner. In this sense, Orosco Travel E.I.R.L will comply with implementing measures that guarantee: • The collection, storage and conservation of personal data comply with the principles of proportionality and purpose. • The adequate protection of personal data complying with adequate technical and legal security measures. It should be noted that Inversiones Orosco Travel E.I.R.L.
- Proportionality All processing of personal data carried out Orosco Travel E.I.R.L must be adequate, relevant and not excessive for the purpose for which they were collected.
- The personal data that will be processed by Orosco Travel E.I.R.L must be truthful, exact and, as far as possible, updated, necessary, pertinent and adequate with respect to the purpose for which they were collected. They must be kept in such a way as to guarantee their security and only for the time necessary to fulfill the purpose of the treatment, respecting the legal terms of conservation of applicable documents and information.
- Orosco Travel E.I.R.L and the third parties that it entrusts to process personal data must adopt the necessary and appropriate technical, organizational and legal measures to guarantee the security of personal data against different risks, such as accidental loss or destruction by sinister, unauthorized access, covert use or the infection of malware or computer viruses. These measures will be established, communicated and, if applicable, updated by Orosco Travel E.I.R.L.
- Adequate level of protection. In case Orosco Travel E.I.R.L carries out international transfers of personal data, it must guarantee a sufficient level of protection for the personal data that is going to be processed or, at least, comparable to the provisions of the Law.
- Rights of the holders of personal data. Orosco Travel E.I.R.L will have a simple and free procedure for attending to the rights of holders of personal data contemplated in the Law: (i) information, (ii) access, (iii) updating, (iv) inclusion, (v ) rectification, (vi) deletion, (vii) prevent the supply, (viii) opposition and (ix) objective treatment.
- Therefore Orosco Travel E.I.R.L:
- Will take the necessary measures to inform the owner of the personal data about the rights conferred by the Law.
- Will adopt the measures that allow the owner of the personal data to keep them updated.
- It will comply with responding in a timely manner and within the terms of the law, the requirements and requests related to the rights of the aforementioned holders of personal data; In the processes of attention to the rights of holders of personal data, the following guidelines will apply.
- The deletion or rectification of personal data will not proceed when this affects the rights or legitimate interests of Orosco Travel E.I.R.L, its shareholders, employees or managers or third parties or when there is a legal obligation to preserve personal data.
- Orosco Travel E.I.R.L may reject certain requirements when the disclosure of personal data may compromise or hinder ongoing judicial or administrative actions.
- TRANSFERS OF PERSONAL DATA
- The personal data subject to treatment by Orosco Travel E.I.R.Lmay only be assigned or transferred to third parties for the fulfillment of the purposes related to the legitimate interest of the transferor and the assignee and with the prior, express, free, unequivocal and informed consent. of the owner of the personal data. Said consent will not be required in the cases permitted by law.
- COLLECTION OF SENSITIVE DATA
- Will inform the owner of the data of this situation prior to its collection.will only collect personal data and / or sensitive data when strictly necessary and in compliance with the principles of purpose and proportionality. When the collection and processing of said data derives from compliance with a legal obligation, Orosco Travel E.I.R.L will inform the owner of the data of this situation prior to its collection.
- DISCLOSURE OF PERSONAL DATA
Orosco Travel E.I.R.L will not disclose personal data to third parties except when:
- a) It is necessary for the purpose for which the personal data was collected; as in the provision of services through third parties and providers.
- b) The owner of personal data is informed before disclosure or at the time of collection of personal data.
- c) The owner of the personal data gives their prior and express consent.
- d) Consent is not required by law.
- e) Personal data is required by public entities within the scope of their legal powers and attributions.
- f) The personal data are necessary to satisfy legitimate requirements of a company interested in acquiring any of the operations of Orosco Travel E.I.R.L, prior consent of the owner; or,
- g) Access to personal data is by auditors and lawyers and other professionals obliged to keep professional secrecy.
- ELIMINATION OF PERSONAL DATA
- Once the processing of personal data has been completed and the principle of purpose has been fulfilled, and provided that there is no legal mandate or reason that justifies the conservation of personal data, Orosco Travel E.I.R.L will proceed to eliminate them from its records. Alternatively, Orosco Travel E.I.R.L may apply dissociation processes, or equivalent when for any commercial, statistical or market analysis reason justify the convenience of keeping such data. Orosco Travel E.I.R.L will define in a timely manner the respective procedures that are necessary for the elimination of personal data.
- SCHEDULE OF SANCTIONS
- An employee who commits an infraction to the provisions established in this Policy will be considered a serious and punishable offense. Orosco Travel E.I.R.L will take the disciplinary measures it deems pertinent in cases of non-compliance with the obligations stipulated herein by the employees.
- DISSEMINATION AND COMPLIANCE WITH THE POLICY
Orosco Travel E.I.R.L will endeavor:
- i) to comply with the provisions of this Policy;
- ii) make known, observe and respect this Policy for each employee;
- iii) publish this Policy in easily accessible places; and
- iv) subscribe confidentiality obligations with employees, users, contractors and third parties who access the personal data included in the data banks.