POLICIES

VOU Suites Reservation Request, Payment and Cancellation Policies

At VOU Suites we want to guarantee a comfortable and transparent experience for all our guests. Below are our reservation request, payment and cancellation policies:

Check-In and Check-Out Times

Check-In: 3:00 p.m.

Check-Out: 12:00 p.m.

Early Check-In (from 8:00 a.m.) and Late Check-Out (until 6:00 p.m.) have an additional cost of 50% of the nightly rate, subject to availability.

Cancellation Policies and Penalties

Reservations from 1 to 14 nights:

Cancellation without penalty: up to 24 hours before Check-In.

Cancellation outside the established time: a penalty equivalent to the value of one night plus VAT is applied.

No Show: one night's stay plus tax is charged.

Reservations of 15 nights or more:

Cancellation without penalty: up to 5 days before Check-In.

Cancellation outside the established time: a penalty of 10% of the total reservation plus VAT is applied.

VOU Suites does not make refunds for early departures. In these cases, the value of an additional night will be charged and the preferential long-stay rate will be lost, with the public rate being applied.

Extension and Long-Stay Rates

The extension of a reservation must be requested at least 24 hours in advance of the scheduled departure date and is subject to availability.

Biweekly and monthly rates must be requested at the time of booking or within the first 72 hours of arrival.

Damage Policies

Damage caused during the stay must be covered immediately by the guest.

Children's Policies

Children from 0 to 5 years old: No additional cost, share bed with parents.

Children from 6 to 11 years old: Rate of $40,000 per night.

Children over 12 years old: Rate of $70,000 per night.

It is mandatory to present the Civil Registry of the minor and, if necessary, the authorization of the parents, according to Law 679 of 2001.

Billing and Refunds

Billing information must be provided before the invoice is issued. Once generated, no changes are made.

VOU Suites does not refund advance payments or re-liquidate invoices already issued. In exceptional cases, a credit note will be issued in favor of the invoice holder.

Pet Policies

Pets are welcome with a fee of $50,000 per day. For long stays, this rate applies for the entirety of the reserved days.

It is mandatory to present the vaccination card at the time of Check-In.

Security and Admission Policies

All visitors must register according to the VOU Suites Security Protocol before being authorized to enter.

VOU Suites has the right to retain and lien for 30 days on the guest's luggage and property in case of non-payment of obligations such as accommodation, consumption of additional services or damages.

We reserve the right of admission.

Smoking Prohibition

Smoking is prohibited inside the apartments and in the building, according to Law 1335 of 2009. Failure to comply with this rule will result in a penalty of USD 50.

Sustainability Policies

In compliance with Colombian laws, VOU Suites promotes:

The prevention of sexual exploitation of minors (Law 679 of 2001).

The protection of cultural and natural heritage, including the prevention of illicit trafficking of flora and fauna (Law 1333 of 2009) and the conservation of cultural heritage (Law 1185 of 2008).

The inclusion and non-discrimination of vulnerable populations.

These policies are designed to ensure that your experience at VOU Suites is pleasant, transparent and aligned with the highest standards of quality and responsibility. Thank you for choosing us!

Personal data processing policy

GENERAL CONSIDERATIONS

Aware of the importance of the protection and proper management of personal information provided by the owners of the information, AVIA SOLUCIONES HOTELERAS, - hereinafter AVIANET, who acts as the person responsible for the information received, has designed this policy and procedures that together allow for the appropriate use of your personal data.

In accordance with the provisions of Article 15 of the Colombian Political Constitution, which establishes the fundamental right to habeas data, referring to the right of all citizens to know, update, and rectify personal data that exists about them in databases and files, both public and private, which is inevitably related to the management and treatment of information that recipients of personal information must take into account. This right has been developed through the issuance of Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013, based on which AVIANET, as the CONTROLLER of the personal data it receives.

OBJECTIVE

The implementation of this policy aims to guarantee the confidentiality of information and the security of the treatment that will be given to it for all clients, suppliers, employees and third parties from whom AVIANET has legally obtained information and personal data in accordance with the guidelines established by the law regulating the right to Habeas Data. Likewise, through the issuance of this policy, compliance is given to the provisions of literal K of article 17 of the aforementioned law.

DEFINITIONS

Authorization: Prior, express and informed consent of the data owner to carry out the treatment. This may be written, verbal or through unequivocal conduct that allows a reasonable conclusion that the owner has granted authorization.

Database: It is the organized set of Personal Data that is subject to processing, electronic or not, whatever the modality of its formation, storage, organization and access.

Consultation: Request by the owner of the data or by persons authorized by him or by law to know the information that is stored about him in databases or files.

Personal data: Any information linked to or that can be associated with one or more specific or identifiable natural persons. These data are classified as sensitive, public, private and semi-private.

Sensitive personal data: Information that affects the privacy of the person or whose misuse may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data (fingerprints, among others).

For the purposes of this policy, AVIANET warns of the optional nature of the owner of the personal data to provide this type of information in cases in which, eventually, it may be requested.

Public personal data: This is the data classified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Public data, among others, includes data contained in public documents, public registers, official gazettes and bulletins, and duly executed court rulings that are not subject to reservation, data relating to the civil status of persons, their profession or trade, and their status as merchants or public servants. Personal data contained in the commercial register of the Chambers of Commerce are public (Article 26 of the C.Co.).

Likewise, public data is data that, by virtue of a decision by the holder or a legal mandate, is found in freely accessible and searchable files. This data can be obtained and offered without reservation and regardless of whether it refers to general, private or personal information.

Private personal data. This is data that, due to its intimate or reserved nature, is only relevant to the person who owns the data. Examples: merchants' books, private documents, information extracted from a home inspection.

Semi-private personal data. Semi-private data is data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but to a certain sector or group of people or to society in general, such as, among others, data regarding the fulfillment and non-fulfillment of financial obligations or data relating to relations with social security entities.

Data Controller: Person who, by themselves or in association with others, decides on the database and/or the processing of data.

Data Processor: Person who processes data on behalf of the data controller.

Being “Authorized” is AVIANET and all persons under its responsibility, who by virtue of the authorization and the Policy have the legitimacy to process the personal data of the owner. The Authorized includes the gender of the Authorized.

“Authorization” or being “Authorized” is the legitimation that AVIANET expressly and in writing grants to third parties, in compliance with applicable law, through a contract or document that serves its purpose, for the processing of personal data,making such third parties responsible for the processing of personal data provided or made available.

Complaint: Request by the data owner or persons authorized by the data owner or by law to correct, update or delete their personal data or when they notice that there is an alleged breach of the data protection regime, according to Article Art. 15 of Law 1581 of 2012.

Data owner: The natural person to whom the information refers.

Processing: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or deletion of this type of information.

Transmission: Processing of personal data that involves the communication of the same within (national transmission) or outside Colombia (international transmission) and that has as its object the performance of a treatment by the person in charge on behalf of the person responsible.

Transfer: The transfer of data takes place when the person responsible for and/or in charge of processing personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the processing and is located within or outside the country.

Requirement of admissibility: The owner or successor in title may only file a complaint with the Superintendency of Industry and Commerce once he or she has exhausted the consultation or claim process with the person responsible for the processing or in charge of the processing, the above according to Article 16 of Law 1581 of 2012.

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

The processing of personal data must be carried out in compliance with the general and special regulations on the subject and for activities permitted by law. Consequently, the following principles apply for the purposes of this policy:

Principle of legality: The processing of data is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.

Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the Law.

Principle of freedom: The processing can only be carried out with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives consent.

Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Principle of transparency: The right of the owner to obtain from the person responsible for the processing, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.

Principle of restricted access and circulation: The processing is subject to the limits that arise from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the treatment may only be carried out by persons authorized by the owner and/or by the persons provided for in the law.

Principle of security: The information subject to Treatment by the Data Controller or Data Processor referred to in this law, must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.

Principle of confidentiality: All persons involved in the treatment of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks that comprise the treatment has ended, and may only provide or communicate personal data when this corresponds to the development of the activities authorized in this law and in the terms thereof.

Any new project within the Organization that involves the Processing of Personal Data must be consulted with the Information Security Management, which is the person and department in charge of the data protection function to ensure compliance with the policy and the measures necessary to maintain the confidentiality of personal data.

RIGHTS OF DATA OWNERS

In accordance with current legal provisions, the following are the rights of the owners of personal information:

The right to know, update, rectify, and consult their personal data at any time with AVIANET regarding data that they consider partial, inaccurate, incomplete, fractional, and those that lead to error.

The right to request proof of the authorization granted to AVIANET at any time, except in the case of a Those cases in which the person responsible is legally exempt from having authorization to process the data of the owner.

Right to be informed by AVIANET upon request of the owner of the data, regarding the use that has been given to the same.

Right to file with the Superintendence of Industry and Commerce the complaints that he considers pertinent to assert his right to Habeas Data.

Right to revoke the authorization and/or request the deletion of any data when he considers that AVIANET has not respected his rights and constitutional guarantees.

Right to access free of charge the personal data that he voluntarily decides to share with AVIANET.

The information and/or personal data that we collect from you are the following:

Type of person:

Natural: first and last names, type of identification, identification number, gender, marital status and date of birth, email, financial data (bank accounts).

Legal: company name, NIT, address, telephone, cell phone, email, country, city, financial information (bank accounts).

Information necessary to facilitate the trip or other services, including preferences such as travel class, passenger names and surnames (type of document, document number, date of birth, first name, last name, gender, email, nationality, passport expiration date), contacts in case of accident or any other anomaly (first name and last name, phone number).

Cardholder information: type of document, document number, phone number, address, email, first names, card number, expiration date and bank.

Request for a quote: first names, last names, phone numbers, city and email.

Travel information: type of request, destination, departure date, duration, number of adults, number of children, hotel category, food, additional services, transportation service, budget per person.

Write to Jean Claude Bessudo: first names, last names, ID, address, phone number (landline or cell phone), city and email.

Online help chat: name, email, what is your question?

Evaluate our site: your opinion is very important for us to continuously improve our customer service channels: names, surnames, email, telephones and city.

Complaint request: names, surnames, identification number, address, telephones, city, email and comments.

Technical problem report: names, surnames, address, telephones, city, email and comments.

Biometric data: images, video, audio, fingerprints that identify or make identifiable our clients, users or any person who enters or is located or transits in any place where AVIANET has implemented devices to capture said information.

This data can be stored and/or processed on servers located in data processing centers, whether our own or contracted with suppliers, located in different countries, which is authorized by our clients/users, by accepting this policy for the treatment and protection of personal data.

AVIANET reserves the right to improve, update, modify, delete any type of information, content, domain or subdomain that may appear on the website, without any obligation to give prior notice, with publication on the Aviatur websites being deemed sufficient. For the resolution of legal or internal requests and for the provision or offering of new services or products.

PROCESSING, SCOPE AND PURPOSES

AVIANET informs the owners that the data collected from our clients, contractors and suppliers may be used for the following purposes. The processing may be carried out by AVIANET directly or through its contractors, consultants, advisors and/or third parties in charge of processing personal data, so that they may carry out any operation or set of operations such as the collection, storage, use, circulation, deletion, classification, transfer and transmission (the "Processing") on all or part of your personal data:

The support of the contractual relationship established with AVIANET.

The provision of services related to the products and services offered.

The performance of all activities related to the service or product will be included in an email list for sending the newsletter.

Send information about changes in the conditions of the services and products purchased, and notify you about new services or products.

Manage your requests, clarifications, and research.

Prepare studies and programs that are necessary to determine consumer habits.

Fine-tuning security filters and business rules in commercial transactions; confirming and processing such transactions with your financial institution, with our service providers.

services and with yourself.

Conduct periodic evaluations of our products and services in order to improve their quality.

Send, by traditional and electronic means, technical, operational and commercial information on products and services offered by AVIANET, its associates or suppliers, currently and in the future.

Request satisfaction surveys, which you are not obliged to answer.

Carry out the transmission and/or transfer of data to other companies, business alliances or third parties in order to comply with the obligations acquired. The transmission and transfer may even be carried out to third countries that may have a different level of protection than Colombia, when necessary for the fulfillment of our obligations.

Comply with obligations contracted by AVIANET with its clients at the time of acquiring our services and products.

Respond to queries, requests, complaints and claims made by control bodies and other authorities that, by virtue of the applicable law, must receive personal data.

Any other activity of a similar nature to those described above that is necessary to develop the corporate purpose of AVIATUR.

Conduct queries in different databases and authorized sources (such as OFAC, UN lists, among others) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our prevention and risk management policies - SARLAFT.

• The data collected from our workers:

Fulfill the obligations contracted by AVIANET with the workers who own the information, in relation to payment of salaries, social benefits, and others established in the employment contract and current labor regulations.

Inform the worker of any new developments that occur during the development of the employment contract and until after its termination.

Evaluate the quality of the services we provide.

Conduct internal studies on the habits of the worker who owns the information or request personal information for the development of management programs or systems.

Make payroll deductions authorized by the worker.

Manage your requests, administration of activities, clarifications and investigations.

Marketing and sale of our products and services.

Sending, by traditional and electronic means, technical, operational and commercial information on products and services offered by partners or suppliers, currently and in the future.

Developing studies and programs that are necessary to determine consumer habits.

Carrying out the transmission and/or transfer of data to other companies, business alliances or third parties in order to comply with the obligations acquired. The transmission and transfer may even be carried out to third countries that may have a different level of protection than the Colombian one, when necessary for the fulfillment of our obligations.

The request for surveys, which the worker is not obliged to answer.

Transferring, either by way of transmission or transfer, the information received to all judicial and/or administrative entities when this is necessary for the fulfillment of the duties as an employer to fulfill the obligations of labor order, social security, pensions, professional risks, family compensation funds (Comprehensive Social Security System) and taxes.

Transfer the employer's personal information to third parties who legitimately have the power to access said information, which includes, but is not restricted to, the companies of the Aviatur Ltda. Business Group.

Deliver, either by way of transmission or transfer, the employee's personal information to all entities that have a relationship with the responsible party's compliance in its capacity as employer.

Any other activity of a similar nature to those described above that is necessary to develop the corporate purpose of AVIATUR and its labor obligations acquired by virtue of the execution of the employment contract or by operation of law.

Make queries in different databases and authorized sources (such as OFAC, UN lists, among others) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our prevention and risk management policies - SARLAFT.

The processing of personal data will be carried out with prior authorization from the data owner, except in events in which the data is of a public nature. For this purpose, an authorization form for data processing has been implemented, which must be completed by the owner of the information at the time he or she provides his or her personal information. This authorization explains the scope and purposes of the processing.

Regarding personal data, reference is made to authorization by another, data of minors and sensitive data, as well as defining the channel of attention of the holders who wish to exercise the rights contemplated within the habeas data and indicating the place where this policy is located. In order to advance the processing of the data, AVIANET employs all activities aimed at maintaining the confidentiality of the information.

Authorization will be obtained through any means that may be subject to subsequent consultation, such as the website, forms, formats, face-to-face activities or through social networks, etc. Authorization may also be obtained from unequivocal conduct of the data holder that allows us to reasonably conclude that he or she has granted authorization for the processing of his or her information.

If you provide us with personal information about a person other than yourself, such as your spouse or a coworker, we understand that you have the authorization of said person to provide us with his or her data; and we do not verify, nor assume the obligation to verify the identity of the user/client, nor the veracity, validity, sufficiency and authenticity of the data provided by each of them. By virtue of the above, we do not assume responsibility for damages or losses of any kind that may arise from the lack of veracity, homonymy or the impersonation of identity information.

Since AVIANET belongs to the Aviatur Business Group, your personal information may be shared by way of transfer or transmission with the group's companies, business partners and/or third-party providers involved (flight reservation systems, hotels, cars, transactional security validators, banks, financial networks, tourist services), said processes may be carried out in different places from where the acquired tourist service or product is contracted, with the same purposes that have been indicated for the collection of personal data. These entities are obliged to comply with the corresponding confidentiality, transmission or transfer agreements.

The Personal Data collected will be subject to manual or automated processing and incorporated into the corresponding files or databases (hereinafter, the "File"), either as the data processor or data protection officer. To determine the term of the processing, the regulations applicable to each purpose and the administrative, accounting, fiscal, legal and historical aspects of the information will be considered.

When, at the time of providing the service, the holder is accompanied by minors or persons considered disabled, and in whom the collection of their personal data occurs, AVIANET will always request the authorization of whoever has the legal representation of the minor. However, if personal information of the population mentioned here is provided without being the legal representative, you declare that you have the authorization of the respective legal representative, directly assuming the responsibility that this entails. AVIANET will strive to ensure that the rights of the same, and their superior and prevailing interest, are respected at all times. The representative must guarantee the right to be heard and assess their opinion on the treatment taking into account the maturity, autonomy and capacity of minors. Representatives are informed of the optional nature of answering questions about data of minors. The data of minors, included in a special category of protection, will be treated in accordance with the provisions of the applicable legislation on the matter and in accordance with the provisions of our personal data policy.

The companies of the Aviatur Business Group have adopted the legally required levels of security for the protection of personal data, and have installed all the technical means and measures within their reach to prevent the loss, misuse, alteration, unauthorized access and illegal removal of personal data provided to AVIANET; however, the owner must be aware that Internet security measures are not unbreakable.

If you choose to delete your information, to the extent permitted by law, we will retain certain personal information in our files for the purposes of identifying transaction data for accounting and tax purposes, preventing fraud, resolving disputes, investigating conflicts or incidents, enforcing our terms and conditions of use, and complying with legal requirements.

However, at the time you decide to revoke your authorization, the information stored will not be used for the purposes provided herein, only for the purposes strictly necessary and defined in the previous paragraph.

Security risks that you should take into account when making transactions on the Internet:

A user may be tricked by email or DNS server tricks into visiting a fake site that has the same design, but where the card details are loaded into the fake system, stealing information from the cardholder. Therefore, it is important to create a culture that users must enter directly through known domains to make transactions in order to reduce risks.

It may be that the computer where the user is making the transaction has, without prior knowledge, installed spyware or malicious software that captures everything typed on the keyboard or captures information from input devices and sends it to a network or host on the Internet. For this reason, it is recommended that the transaction be made on the computer at home or in the office, if possible.

There may be identity theft if the cardholder denies having sent and/or received the transaction and it is used by a third party.

It is recommended that the computer where you carry out electronic transactions has an updated and active antivirus to mitigate the risks of fraud.

If the personal information was collected or provided prior to July 30, 2013 and you did not express your opposition to your personal data being transferred, it will be understood that you have given your consent. In the event that you wish to ratify your consent or express your refusal, you can indicate this through the following email address privacidad@aviasolucioneshoteleras.com.

Like other websites, AVIANET uses certain technologies, such as cookies and device fingerprinting, which allow us to make your visit to our site easier and more efficient, providing you with a personalized service and recognizing you when you return to our site. For the purposes of this Privacy Notice, "cookies" will be identified as text files of information that a website transfers to the hard drive of the user's computer in order to store certain records and preferences.

Websites may allow advertising or third-party functions that send "cookies" to the owners' computers.

Cookies are only associated with an anonymous user and his or her computer, and do not provide the user's name and surname. In many cases, you can browse any of the AVIANET websites anonymously. When you access any AVIANET website, your IP address (the Internet address of your computer) is recorded, so that it gives us an idea of ​​which parts of the website you visit and how much time you spend in each section. We do not link your IP address to any of your personal information, unless you have registered with us and entered the system using your profile.

Therefore, it is possible that in certain applications AVIANET will recognize users after they have registered for the first time, without having to register on each visit to access the areas and services or products reserved exclusively for them.

In other services, the use of certain access keys will be necessary, and even the use of a digital certificate, in the characteristics that are determined.

The cookies used cannot read cookie files created by other providers. AVIANET encrypts the user's identification data for greater security.

In order to use the AVIANET website, it is not necessary for the user to allow the installation of the cookies sent by AVIANET, without prejudice to the fact that in such case it will be necessary for the user to register in each of the services whose provision requires prior registration.

NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA

AVIANET may transfer data to other data controllers when authorized by the owner of the information or by law or by an administrative or judicial mandate.

INTERNATIONAL AND NATIONAL TRANSMISSION OF DATA TO PROCESSORS

AVIANET may send or transmit data to one or more processors located within or outside the Republic of Colombia in the following cases: a) When it has the authorization of the owner and b) when without having the authorization there is a data transmission contract between the controller and the processor.

DUTIES OF THE PERSON RESPONSIBLE FOR THE PROCESSING

To guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

To request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the holder.

To duly inform the holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

To keep the information under the security conditions necessary for Prevent their alteration, loss, unauthorized or fraudulent consultation, use or access.

Process the queries and claims made in the terms indicated in this law.

Adopt an internal manual of policies and procedures to guarantee the proper compliance with this law and especially, for the attention of queries and claims.

Inform the owner at their request about the use given to their data.

Inform the data protection authority when violations of the security codes occur and there are risks in the administration of the owners' information.

Comply with the instructions and requirements issued by the superintendence of industry and commerce.

DUTIES OF THOSE IN CHARGE OF THE TREATMENT

Guarantee the owner, at all times, the full and effective exercise of the right of habeas data.

Keep the information under the security conditions necessary to prevent its alteration, loss, unauthorized or fraudulent consultation, use or access.

Carry out the timely update, rectification or deletion of data in accordance with the terms of this law.

Update the information reported by those responsible for the treatment within five (5) business days from its receipt.

Process the queries and complaints made by the owners in the terms indicated in this law.

Adopt an internal manual of policies and procedures to guarantee the proper compliance with this law and, especially, to address queries and complaints by the owners.

Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the superintendence of industry and commerce.

Allow access to the information only to those people who may have access to it.

Inform the superintendence of industry and commerce when violations of the security codes occur and there are risks in the management of the information of the owners.

Comply with the instructions and requirements issued by the superintendence of industry and commerce.

PETITIONS, COMPLAINTS AND CLAIMS

For the purposes of receiving requests, claims and queries related to the handling and treatment of personal data, AVIANET has designated the email address privacidad@aviasolucioneshoteleras.com, to channel, study and answer them. Therefore, you may send your requests to this address, which will be treated as provided by Law 1581:

Queries: The owners or their successors in title may consult the personal information of the owner that is in our database. AVIANET will provide them with all the information contained in the individual record or that is linked to the identification of the owner. The query will be answered within a maximum period of ten (10) business days counted from the date of receipt of the same. When it is not possible to answer the query within said period, the interested party will be informed, and the date on which his query will be answered will be indicated, which in no case may exceed five (5) business days following the expiration of the first term.

Claims: The owner or his successors who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged non-compliance of any of the duties contained in the law, may file a claim with AVIANET, which will be processed under the following rules:

The claim will be made through a request addressed to AVIANET with the identification of the owner, the description of the facts that give rise to the claim, the address, and accompanying the documents that the claimant wishes to assert. If the claim is incomplete, AVIANET will require the interested party within five (5) days following receipt of the claim to correct the deficiencies. After two (2) months from the date of the request, if the applicant does not submit the required information, it will be understood that the claim has been withdrawn.

Once the complete claim has been received, a legend stating “claim in process” and the reason for it will be included in the database within a period of no more than two (2) business days. This legend must be maintained until the claim is decided.

The maximum term to attend to the claim will be fifteen (15) business days counted from the day after the date of receipt. When it is not possible to attend to the claim within said term, the interested party will be informed and the date on which his claim will be attended to will be indicated, which in no case may exceed eight (8) business days following the expiration of the first term.

In any case, the owner or the successor in title may only file a complaint with the Superintendence of Industry and Commerce once he has exhausted the consultation or claim process with AVIANET.

The area responsible for carrying out the The Information Security Department is responsible for receiving and processing claims.

The request for deletion of information and revocation of authorization will not proceed when the owner has a legal or contractual obligation to remain in the database.

DATA OF THE PERSON RESPONSIBLE FOR THE TREATMENT

Company name: Operadora de Hoteles Avia SAS

Address: Centro de Negocios Andino, Carrera 11 # 82-01 Piso 4, Bogotá DC - Colombia

Email: privacidad@aviasolucioneshoteleras.com

Telephone: (+57 1) 3817111

Website: www.aviasolucioneshoteleras.com

QUESTIONS OR SUGGESTIONS

If you have any questions or queries about the process of collecting, processing or transferring your personal information, or consider that the information contained in a database should be corrected, updated or deleted, please send us a message to the following email account: privacidad@aviasolucioneshoteleras.com.

For more information about AVIATUR, the identity, address and contact forms, you can consult it at the following address www.aviasolucioneshoteleras.com. This website contains the terms and conditions applicable to the services and products published, which can be consulted at any time for more information.

VALIDITY

AVIANET reserves the right to modify this policy to adapt it to legislative or jurisprudential developments, as well as to good practices in the tourism sector and other sectors of the economy that are part of the business group. In such cases, AVIANET will announce the changes introduced on this page with reasonable advance notice of their implementation.

GENERAL AND COEXISTENCE POLICIES

1. Upon your arrival you must sign a lodging contract.

2. We will scan your identity documents (ID or passport) as well as the Colombian immigration stamp in the case of passports.

3. In the lobby of the building there is a 24/7 reception that will be in charge of providing you with all the information. 4. Every person entering the building, without exception, must present their original identification document so that the security personnel can carry out the respective validations.

5. For the entry of minors, they must be accompanied by one or both parents or legal guardian assigned in accordance with the established “Policies for Minors”.

6. The entry of persons other than those registered at the time of check-in is not permitted.

7. The parking lots are for the exclusive use of the owners, holders or users of the private units according to the assignment. Each guest must occupy the assigned spot corresponding to their unit.

8. It is prohibited to store, consume, sell or distribute in the private units or in the common property of the building any drug or narcotic or hallucinogenic substance.

9. It is prohibited to use your private property for uses contrary to morality and good customs, or for purposes prohibited by law or by the authorities.

10. Refrain from using the private units for purposes that cause harm or discomfort to other occupants of the building, avoiding parties or gatherings with loud music.

11. The property is pet-friendly. Organic waste must be collected by its owners. It is the guest's obligation to keep the common areas of the building clean.

12. The use of linen (body towels, hand towels, room linen) is only for personal care during your stay. Improper use of linen (use in the kitchen, shoe cleaning, stains or damage from other uses) will cause damage to the linen and will be charged.

POLICIES FOR MINORS

1. At VOU SUITES, the safety of minors is a priority, which is why we have adopted the measures dictated by Law 679 of 2001 (ESCNNA), which aims to dictate protective measures against exploitation, pornography, sexual tourism and other forms of sexual abuse of minors, by establishing preventive and punitive standards and the issuance of other provisions in development of article 44 of the Colombian Political Constitution.

2. VOU SUITES requires that all minors traveling with their parents must present the birth certificate (or equivalent document) where the relationship can be evidenced.

3. VOU SUITES requires that all minors traveling with a guardian or family member who is “NOT” their parents must present an original notarized permit signed by the parents indicating: Date of stay, name of the parents with identification number, name of the minor with identification number, name and identification number of the person they authorize to stay and be in charge of the minor, and a copy of the document of all of the above-mentioned.

In case of non-compliance with the above requirements, VOU SUITES will prevent the minor from leaving.

and his/her companion from their facilities and will notify the competent authorities to guarantee the integrity of the minor.

TAXES

The rates that appear on this page DO NOT include the 19% VAT tax. This tax will be charged at check in.

1. Foreign guests who come to the country in search of cultural, business, meeting, health and wellness tourism will be exempt from paying VAT.

2. For the application of the exemption, foreigners and nationals who enter the national territory without the intention of settling in Colombia and who prove such status with the documents indicated in this paragraph 1 Decree 297 are considered residents abroad. The foreigner residing abroad must prove his/her status by presenting the original passport; the Andean card or the Mercosur card proving his/her immigration status with the current stamp of the Entry and Stay Permit.

GENERAL CONSIDERATIONS

Aware of the importance of protecting and properly handling the personal information provided by the data subjects, AVIA SOLUCIONES HOTELERAS, - hereinafter AVIANET, acting as the party responsible for the information received, has designed this policy and procedures that together allow for the appropriate use of your personal data.

In accordance with the provisions of Article 15 of the Colombian Political Constitution, which establishes the fundamental right to habeas data, referring to the right of all citizens to know, update, and rectify their personal data held in databases and files, both public and private, which is inextricably linked to the handling and processing of information, which recipients of personal information must take into account. This right has been established through the enactment of Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013, based on which AVIANET, as the CONTROLLER of the personal data it receives, handles, and processes, hereby issues this personal data processing policy, which is hereby made known to the public so that they may be aware of how AVIA processes their information. The provisions of this personal data processing policy are binding on AVIANET, its administrators, employees, contractors, and third parties with whom AVIANET establishes any type of relationship.

AIM

The implementation of this policy aims to guarantee the confidentiality of information and the security of its treatment for all clients, suppliers, employees, and third parties from whom AVIANET has legally obtained information and personal data in accordance with the guidelines established by the law regulating the right to Habeas Data. Furthermore, the issuance of this policy complies with the provisions of Section K of Article 17 of the aforementioned law.

DEFINITIONS

• Authorization: Prior, express, and informed consent of the data subject to carry out processing. This may be written, verbal, or through unequivocal conduct that allows us to reasonably conclude that the data subject has granted authorization.

• Database: It is the organized set of Personal Data that is subject to processing, electronic or not, regardless of the method of its formation, storage, organization and access.

• Query: Request by the data subject or by persons authorized by the data subject or by law to access the information held about them in databases or files.

• Personal data: Any information linked to or that can be associated with one or more specific or identifiable natural persons. This data is classified as sensitive, public, private, and semi-private .

• Sensitive personal data: Information that affects a person's privacy or whose misuse may lead to discrimination, such as information revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, or human rights organizations, or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data (fingerprints, among others). 

For the purposes of this policy, AVIANET warns that the owner of the personal data has the discretion to provide this type of information in cases where it may eventually be requested.

• Public personal data: Data classified as such by law or the Political Constitution, and all data that is not semi-private or private. Public data includes, among others, data contained in public documents, public registries, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality, data relating to a person's marital status, profession or trade, and status as a merchant or public servant. Public data includes personal data held in the commercial register of Chambers of Commerce (Article 26 of the Civil Code). 

Public data also includes data that, by virtue of a decision of the data subject or a legal mandate, is contained in files that are freely accessible and searchable. This data may be obtained and offered without reservation and regardless of whether it refers to general, private, or personal information.

• Private personal data. This is data that, due to its intimate or confidential nature, is only relevant to the data subject. Examples: merchant's books, private documents, information obtained from a home inspection.

• Semi-private personal data . Semi-private data is data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general, such as, among others, data relating to the fulfillment or non-fulfillment of financial obligations or data relating to relationships with social security entities.

• Data Controller: Person who, either alone or in association with others, decides on the database and/or the processing of data.

• Data processor: Person who processes data on behalf of the data controller.

• "Authorized" refers to AVIANET and all persons under its responsibility who, by virtue of their authorization and the Policy, are entitled to process the data subject's personal data. Authorized includes those designated as authorized.

• “Authorization” or being “Authorized” is the legitimacy that AVIANET expressly and in writing, through a contract or document acting in its place, grants to third parties, in compliance with applicable law, for the processing of personal data, making such third parties responsible for the processing of personal data delivered or made available.

• Complaint: A request from the data subject or persons authorized by the data subject or by law to correct, update, or delete their personal data, or when they become aware of a suspected breach of the data protection regime, pursuant to Article 15 of Law 1581 of 2012.

• Data owner: This is the natural person to whom the information refers.

• Processing: Any operation or set of operations on personal data such as, but not limited to, the collection, storage, use, circulation or deletion of such information.

• Transmission: Processing of personal data that involves communicating the same within (national transmission) or outside Colombia (international transmission) and whose purpose is to carry out processing by the data processor on behalf of the controller.

• Transfer: Data transfer occurs when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, who is in turn the controller and is located within or outside the country.

• Requirement of admissibility : The owner or beneficiary may only file a complaint with the Superintendency of Industry and Commerce once he or she has exhausted the consultation or claim process with the data controller or data processor, as per Article 16 of Law 1581 of 2012.

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

The processing of personal data must be carried out in compliance with the general and specific regulations on the subject matter and for activities permitted by law. Consequently, the following principles apply for the purposes of this policy:

• Principle of legality: Data processing is a regulated activity that must comply with the provisions of the law and other implementing regulations.

• Principle of purpose: The processing must comply with a legitimate purpose in accordance with the Constitution and the Law.

• Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the data subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial order that waives consent.

• Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.

• Transparency Principle: In the processing of data, the right of the data subject to obtain from the data controller, at any time and without restrictions, information about the existence of data concerning him or her must be guaranteed.

• Principle of restricted access and circulation: strong > Processing is subject to the limits derived from the nature of the personal data, the provisions of the law, and the Constitution. In this regard, processing may only be carried out by persons authorized by the data subject and/or by the persons provided for by law.

• Security Principle: Information subject to processing by the Data Controller or Data Processor referred to in this law must be handled with the technical, human, and administrative measures necessary to ensure the security of the records, preventing their alteration, loss, unauthorized or fraudulent access, or consultation.

• Confidentiality Principle: All persons involved in the processing of personal data that are not public in nature are required to guarantee the confidentiality of the information, even after their relationship with any of the tasks involved in the processing has ended. They may only provide or communicate personal data when this corresponds to the development of the activities authorized by this law and under the terms thereof.

Any new project within the Organization that involves the processing of personal data must be consulted with the Information Security Department, which is the person and department responsible for data protection, to ensure compliance with the policy and the measures necessary to maintain the confidentiality of personal data.

RIGHTS OF DATA SUBJECTS

In accordance with current legal provisions, the rights of personal information holders are as follows:

• The right to know, update, rectify, and consult your personal data at any time with AVIANET regarding data you consider to be partial, inaccurate, incomplete, fragmented, or misleading.

• The right to request proof of the authorization granted to AVIANET at any time, except in cases where the controller is legally exempt from having authorization to process the data subject's data.

• Right to be informed by AVIANET, upon request by the data subject, regarding the use that has been given to the data.

• The right to file any complaints you deem relevant to the Superintendency of Industry and Commerce to assert your right to Habeas Data.

• The right to revoke authorization and/or request the deletion of any data when you consider that AVIANET has not respected your constitutional rights and guarantees.

• Right to access free of charge the personal data that you voluntarily choose to share with AVIANET.

The information and/or personal data we collect from you are the following:

Type of person:

Natural : first and last names, type of identification, identification number, gender, marital status and date of birth, email, financial data (bank accounts).

Legal : company name, NIT, address, telephone, cell phone, email, country, city, financial data (bank accounts).

Information necessary to facilitate travel or other services, including preferences such as travel class, passenger names and surnames (document type, document number, date of birth, first name, last name, gender, email address, nationality, passport expiration date), contact information in case of an accident or any other anomaly (first name, last name, telephone number).

Cardholder information : document type, document number, telephone number, address, email address, name, card number, expiration date, and bank.

Quote request: first name, last name, phone number, city, and email.

Travel information: type of request, destination, departure date, duration, number of adults, number of children, age, hotel category, meals, additional services, transportation service, budget per person.

Write to Yadira Rodríguez Guerrero: first name, last name, ID, address, phone number (landline or cell phone), city, and email address.

Chat “online help”: name, email, what is your question?

Please rate our site: Your feedback is very important to us as we continually improve our customer service channels: first name, last name, email, phone number, and city.

Claim request: first name, last name, ID number, address, phone number, city, email, and comments.

Technical issue report: first name, last name, address, phone number, city, email, and comments.

Biometric data: images, video, audio, fingerprints that identify or make identifiable our clients, users, or any person who enters, is present, or transits through any location where AVIANET has implemented devices to capture such information.

This data may be stored and/or processed on servers located in data processing centers, whether our own or contracted with suppliers, located in different countries. This is authorized by our clients/users upon accepting this personal data processing and protection policy.

AVIANET reserves the right to improve, update, modify, or delete any type of information, content, domain, or subdomain that may appear on the website without prior notice . Publication on the Aviatur websites is deemed sufficient. This is for the resolution of legal or internal requests and for the provision or offering of new services or products.

PROCESSING, SCOPE AND PURPOSES

• AVIANET informs data subjects that the data collected from our clients, contractors, and suppliers may be used for the following purposes. AVIANET may process the data directly or through its contractors, consultants, advisors, and/or third parties responsible for processing personal data, so that they may carry out any operation or set of operations, such as the collection, storage, use, circulation, deletion, classification, transfer, and transmission (the "Processing") of all or part of your personal data:

• The support of the contractual relationship established with AVIANET.

• The provision of services related to the products and services offered.

• All activities related to the service or product will be included in an email list for newsletter delivery.

• Send information about changes to the terms of purchased services and products, and notify you about new services or products.

• Manage your requests, clarifications, and investigations.

• Develop studies and programs that are necessary to determine consumer habits

• Refining security filters and business rules for commercial transactions; confirming and processing these transactions with your financial institution, our service providers, and yourself.

• Conduct periodic evaluations of our products and services in order to improve their quality.

• The sending, by traditional and electronic means, of technical, operational, and commercial information on products and services offered by AVIANET, its partners, or suppliers, currently and in the future.

• The request for satisfaction surveys, which you are not obliged to answer.

• Transmit and/or transfer data to other companies, business partners, or third parties in order to fulfill our obligations. This transmission and transfer may also be made to third countries that may have a different level of protection than Colombia, when necessary to fulfill our obligations.

• To fulfill the obligations contracted by AVIANET with its customers when they acquire our services and products.

• Respond to inquiries, requests, complaints, and claims made by regulatory agencies and other authorities that, pursuant to applicable law, must receive personal data.

• Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of AVIANET.

• Conduct queries in various databases and authorized sources (such as OFAC, UN, and other lists) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our risk prevention and management policies - SARLAFT .

• 

• Data collected from our employees:

• To comply with the obligations contracted by AVIANET with the workers who are the owners of the information, regarding the payment of salaries, social benefits, and other provisions established in the employment contract and current labor regulations.

• Inform the employee of any new developments that arise during the development of the employment contract and even after its termination.

• Evaluate the quality of the services we provide.

• Conduct internal studies on the habits of the employee who owns the information or request personal information for the development of management programs or systems.

• Make payroll deductions authorized by the worker.

• Manage your requests, activity administration, clarifications and investigations.

• Marketing and sales of our products and services.

• The sending, by traditional and electronic means, of technical, operational, and commercial information about products and services offered by partners or suppliers, currently and in the future.

• Develop studies and programs that are necessary to determine consumer habits.

• Transmit and/or transfer data to other companies, business partners, or third parties in order to fulfill our obligations. This transmission and transfer may also be made to third countries that may have a different level of protection than Colombia, when necessary to fulfill our obligations.

• The survey request, which the client is not obliged to answer.

• Transfer, either by transmission or transfer, the information received to all judicial and/or administrative entities when necessary for the fulfillment of the employer's duties and compliance with labor, social security, pension, occupational risk, family compensation fund (Comprehensive Social Security System), and tax obligations.

• Transferring the employer's personal information to third parties who legitimately have the right to access such information, which includes, but is not limited to, companies within the Aviatur Ltda. Business Group.

• Deliver, either by transmission or transfer, the employee's personal information to all entities related to the performance of the responsible party in its capacity as employer.

• Any other activity of a similar nature to those described above that is necessary to develop AVIATUR's corporate purpose and its labor obligations acquired by virtue of the execution of the employment contract or by operation of law.

• Conduct queries in various databases and authorized sources (such as OFAC, UN, and other lists) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our risk prevention and management policies - SARLAFT .

• Personal data will be processed with the prior authorization of the data subject, except in cases where the data is public. For this purpose, a data processing authorization form has been implemented, which must be completed by the data subject at the time they submit their personal information. This authorization explains the scope and purposes of personal data processing, refers to authorization by others, data of minors, and sensitive data, and defines the service channel for data subjects who wish to exercise the rights contemplated within habeas data. It also indicates the location where this policy is hosted. To process the data, AVIANET employs all necessary measures to maintain the confidentiality of the information. 

Authorization will be obtained through any means that may be subsequently consulted, such as the website, forms, templates, in-person activities, or through social media, etc. Authorization may also be obtained from unequivocal conduct by the data subject, which allows us to reasonably conclude that the data subject has granted authorization for the processing of his or her information.

• If you provide us with personal information about a person other than yourself, such as your spouse or co-worker, we understand that you have that person's authorization to provide us with their information; and we do not verify, nor do we assume the obligation to verify, the identity of the user/customer, nor the veracity, validity, adequacy, or authenticity of the information each of them provides. In light of the foregoing, we assume no liability for damages or losses of any kind that may arise from the lack of veracity, homonymity, or impersonation of the identity information.

• Since AVIANET belongs to the Aviatur Business Group, your personal information may be shared by transfer or transmission with group companies, business partners, and/or third-party providers (flight, hotel, and car reservation systems, transaction security validators , banks, financial networks, and tourism services). These processes may be carried out in different locations than where the purchased tourist service or product was contracted, for the same purposes indicated for the collection of your personal data. These entities are required to comply with the corresponding confidentiality, transmission, or transfer agreements.

• The Personal Data collected will be processed manually or automatically and incorporated into the corresponding files or databases (hereinafter, the "File"), either by the data processor or the data protection officer. To determine the processing term, the regulations applicable to each purpose and the administrative, accounting, tax, legal, and historical aspects of the information will be considered.

• When providing the service, when the data subject is accompanied by minors or persons considered to have disabilities, and their personal data is being collected, AVIANET will always request authorization from the minor's legal representative. However, if personal information of the population mentioned here is provided without being the legal representative, you declare that you have the authorization of the respective legal representative, and you directly assume the responsibility for this. AVIANET will strive to ensure that their rights and best interests are respected at all times. The representative must guarantee their right to be heard and assess their opinion on the processing, taking into account the maturity, autonomy, and capacity of the minors. Representatives are informed of the optional nature of answering questions about the data of minors. The data of minors, who fall into a special protection category, will be processed in accordance with applicable legislation and in accordance with our personal data policy.

• The companies of the Aviatur Business Group have adopted the legally required levels of personal data protection security and have implemented all available technical means and measures to prevent the loss, misuse, alteration, unauthorized access, and unlawful removal of personal data provided to AVIANET. However, data subjects should be aware that Internet security measures are not unbreakable.

• If you choose to delete your information, to the extent permitted by law, we will retain certain personal information in our files for accounting and tax purposes, to identify transaction data, prevent fraud, resolve disputes, investigate conflicts or incidents, enforce our terms and conditions of use, and comply with legal requirements. 

However, once you revoke your authorization, the stored information will no longer be used for the purposes set forth herein, but only for the purposes strictly necessary and defined in the preceding paragraph.

• Security Risks You Should Be Aware of When Transacting Online:

• A user may be tricked by emails or DNS server scams into visiting a fake site with the same design, but with card details uploaded to the fake system, thereby stealing the cardholder's information. Therefore, it's important to foster a culture where users should access known domains directly when making transactions to reduce risks.

• It is possible that the computer where the user is conducting the transaction may have spyware or malware installed without prior knowledge, which captures all keyboard input or information from input devices and sends it to a network or internet host. Therefore, it is recommended that the transaction be conducted on a home or office computer, if possible.

• Identity theft could occur if the account holder denies having sent and/or received the transaction and it is used by a third party.

• It is recommended that you have an updated and active antivirus program on the device where you conduct electronic transactions to mitigate the risk of fraud.

• If the personal information was collected or provided prior to July 30, 2013, and you did not express your objection to the transfer of your personal data, it will be deemed that you have given your consent. If you wish to ratify your consent or express your refusal, you may do so by emailing privacidad@aviasolucioneshoteleras.com .

• Like other websites, AVIANET uses certain technologies, such as cookies, and device Fingerprinting , which allows us to make your visit to our site easier and more efficient by providing you with personalized service and recognizing you when you return. For the purposes of this Privacy Notice, "cookies" are text files that a website transfers to a user's computer hard drive for the purpose of storing certain records and preferences.

• Websites may allow third-party advertising or features that send "cookies" to the owners' computers.

• Cookies are only associated with an anonymous user and their computer, and do not provide their first and last name. In many cases, you can browse any of the AVIANET websites anonymously. When you access any AVIANET website, your IP address (the Internet address of your computer) is recorded to give us an idea of which parts of the website you visit and how much time you spend in each section. We do not associate your IP address with any of your personal information unless you have registered with us and logged in using your profile.

• Therefore, in certain applications, AVIANET may recognize users after they have registered for the first time, without requiring them to register each time they visit to access areas, services, or products reserved exclusively for them.

• For other services, the use of certain access keys and even a digital certificate will be required, depending on the characteristics determined.

• The cookies used cannot read cookies created by other providers. AVIANET encrypts user identification data for greater security.

• To use the AVIANET website, it is not necessary for the user to allow the installation of cookies sent by AVIANET, although in such cases the user will need to register for each of the services whose provision requires prior registration.

NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA

AVIANET may transfer data to other data controllers when authorized by the data subject, by law, or by administrative or judicial order.

INTERNATIONAL AND NATIONAL TRANSMISSION OF DATA TO MANAGERS

AVIANET may send or transmit data to one or more data processors located within or outside the Republic of Colombia in the following cases: a) When it has authorization from the owner and b) when, without authorization, a data transmission contract exists between the controller and the processor.

DUTIES OF THE DATA CONTROLLER

• Guarantee the holder, at all times, the full and effective exercise of the right to habeas data.

• Request and retain, under the conditions provided for in this law, a copy of the respective authorization granted by the owner.

• Properly inform the owner about the purpose of the collection and the rights to which they are entitled by virtue of the authorization granted.

• Keep information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent consultation, use, or access.

• Process queries and complaints submitted in accordance with the terms set forth in this law.

• Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, to address inquiries and complaints.

• Inform the owner, upon request, about the use given to their data.

• Inform the data protection authority when security code violations occur and when there are risks in the management of data subjects' information.

• Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

DUTIES OF DATA PROCESSORS

• Guarantee the holder, at all times, the full and effective exercise of the right to habeas data.

• Keep information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent consultation, use, or access.

• Promptly update, rectify or delete data in accordance with this law.

• Update the information reported by those responsible for the treatment within five (5) business days from its receipt.

• Process queries and complaints submitted by the owners in accordance with the terms set forth in this law.

• Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, to address inquiries and complaints from owners.

• Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendency of Industry and Commerce.

• Allow access to information only to people who are allowed to access it.

• Inform the Superintendency of Industry and Commerce when security code violations occur and risks arise in the management of data subjects' information.

• Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

PETITIONS, COMPLAINTS AND CLAIMS

To receive requests, complaints, and inquiries related to the handling and processing of personal data, AVIANET has designated the following email address: privacidad@aviasolucioneshoteleras.com , to channel, review, and respond to them. Therefore, you may send your requests to this address, which will be processed in accordance with Law 1581:

Inquiries: Holders or their successors in title may consult the holder's personal information stored in our database. AVIANET will provide them with all the information contained in the individual record or that is linked to the holder's identification. The inquiry will be answered within a maximum period of ten (10) business days from the date of receipt. When it is not possible to answer the inquiry within this period, the interested party will be informed, and the date on which their inquiry will be answered will be indicated, which in no case may exceed five (5) business days following the expiration of the first term.

Claims: The owner or his successors in title who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged non-compliance with any of the duties contained in the law, may file a claim with AVIANET, which will be processed under the following rules:

• The claim shall be submitted by means of a request addressed to AVIANET, including the identification of the owner, a description of the facts giving rise to the claim, the address, and the accompanying documents to be asserted. If the claim is incomplete, AVIANET shall require the interested party within five (5) days following receipt of the claim to correct the deficiencies. After two (2) months from the date of the request, if the applicant does not submit the required information, it shall be deemed that the claim has been withdrawn.

• Once the complete claim has been received, a legend stating "claim in process" and the reason for the claim will be added to the database within a period of no more than two (2) business days. This legend must remain in effect until the claim is decided.

• The maximum term for addressing the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within this term, the interested party will be informed and the date on which their claim will be addressed will be indicated, which in no case may exceed eight (8) business days following the expiration of the first term.

• In any case, the owner or beneficiary may only file a complaint with the Superintendency of Industry and Commerce once they have exhausted the consultation or claim process with AVIANET.

• The area responsible for receiving and processing claims is the Information Security Department.

• The request to delete information and revoke authorization will not be valid when the data subject has a legal or contractual obligation to remain in the database.

DATA OF THE DATA CONTROLLER

Company name: Avia Hotel Operator SAS

Address: Andino Business Center, Carrera 11 # 82-01 Floor 4, Bogotá DC - Colombia

Email: privacidad@aviasolucioneshoteleras.com

Telephone: (+57 1) 3817111

Website: www.aviasolucioneshoteleras.com 

QUESTIONS OR SUGGESTIONS

If you have any questions or concerns about the collection, processing, or transfer of your personal information, or if you believe that the information contained in a database should be corrected, updated, or deleted, please send us a message to the following email address: privacidad@aviasolucioneshoteleras.com .

For more information about AVIANET, including its identity, address, and contact information, please visit www.aviasolucioneshoteleras.com . This website also includes terms and conditions applicable to the services and products published, which may be consulted at any time for further information.

VALIDITY

AVIANET reserves the right to modify this policy to adapt it to new legislation or jurisprudence , as well as to best practices in the tourism sector and other economic sectors within the business group. In such cases, AVIANET will announce any changes on this page with reasonable notice prior to their implementation.