In GRAND HOTEL GUAYAQUIL CIA. LTDA. We recognize the importance of privacy and are committed to protecting the personal data of our guests, clients and visitors. This policy is the means that informs how we collect, use, store and protect the personal information provided to us, in accordance with the Organic Law for the Protection of Personal Data (Fifth Supplement No. 459) (hereinafter referred to as the «LOPD») concerning the protection of individuals with regard to the processing of their personal data. In this way, we inform the general public:
The present personal data processing policy of GRAND HOTEL GUAYAQUIL CIA. LTDA., hereinafter «GHG») has the purpose of informing the general public the way in which GHG treats personal data of its clients, guests or users.
2. Who is the data controller?
The data controller is GHG, the information identifying the data controller is as follows:
Company Name: GRAND HOTEL GUAYAQUIL Cia. Ltda.
Registered Address: 1615 Boyacá entre, Diez de Agosto &, Guayaquil 090307
Legal Representative: Stefano Piroli[
3. To whom is the Policy addressed?
The present Policy of Treatment of Personal Data is addressed to:
E. Suppliers and Contractors.
F. Information Officers.
G. Any owner of the information, either acting on their own behalf, or as a legal representative on the occasion of the activities that are linked to the Hotel.
4. What personal data does GHG process?
On the occasion of your relationship with GHG the following categories of personal data may be processed:
● Identifying guest and customer contact data (may include processing of minors).
● Transactional, economic, financial and insurance data (payments, receipts, transfers, debits).
Video, image, and voice data (video surveillance system).
Interests and preferences regarding the provision of the different services offered by GHG.
Request data: information provided by data subjects in connection with requests or reservations.
5. For what purposes do we process personal data at GHG?
At each GHG, we process your personal data to achieve the purposes of each database, which are detailed below:
i. In relation to all personal data of our data subjects:
● To carry out the registration of persons and goods entering and leaving the Hotel.
● To ensure the security of the goods and people who are in the Hotel.
● To comply with the occupational health and safety management system, as well as the Biosecurity Protocols.
● Incident management.
● Establish communication channels for the purpose of activities related to the administration of the Hotel.
● Contact the Holder through the channels indicated for such purposes, for the purpose of contractual development.
● To comply with legal, accounting, commercial and regulatory duties.
● Control access to the Hotel’s common areas and zones.
● Performing video surveillance activities inside and in the perimeter areas of the Hotel.
● Management of activities related to Marketing, promotions, contests and events.
● Sharing information with governmental authorities or regulatory entities.
ii. In relation to the personal data of our customers and guests:
● Management of reservations and registration of guests and customers.
Management of payments and invoicing of GHG services.
● Attention and management of requests, queries and complaints.
● Management of customer loyalty programs and personalized offers.
Sending information and advertising about promotions, events and services of the Hotel.
● Analysis of customer preferences and consumption habits to improve the quality of services.
● Analysis of the effectiveness of marketing strategies and continuous improvement of the services offered.
● Compliance with legal and tax obligations.
Protection of security and privacy.
● Access control and security in the facilities.
● Management of contracted third-party services (e.g., transportation or tourist services).
Attention to medical emergencies and health risk situations.
● Managing relationships with external suppliers and service providers.
Conducting market research and competitive analysis.
iii. In relation to the personal data of employees, collaborators and/or contractors.
● Manage and operate, directly or through third parties, the processes of selection and recruitment of personnel, including the evaluation and qualification of participants and the verification of labor and personal references.
● Develop the activities inherent to human resources management within the Company, such as payroll, affiliations to entities of the general social security system, welfare and occupational health activities, exercise of the employer’s sanctioning power, among others.
● Transmit, transfer and provide the information and personal data of the Holders to those third parties in charge of managing the social security system, as well as to insurance companies.
● Make the necessary payments arising from the execution of the employment contract and/or its termination, and other social benefits that may be due in accordance with applicable law.
● Notifying authorized contacts in case of emergencies during working hours or on the occasion of the development thereof.
● To plan business activities;
● To verify employment, professional, commercial background and any reference concerning their professional and commercial suitability.
● Socialization of policies, projects, programs and organizational changes.
● Transmit, transfer and provide the information and personal data of the Data Holders to third parties, for the purpose of providing labor and/or professional references about the Data Holders.
iv. In relation to contractors, suppliers, third parties and commercial allies
● Creación, actualización y selección de Proveedores.
● Solicitar cotizaciones y evaluación de propuestas.
● Registrar a los contratistas y proveedores en los sistemas de la Compañía y procesar sus pagos.
● Conservar y administrar la información de la relación laboral, civil o comercial de los Titulares.
● Gestión de actividades relacionadas con la operación, mantenimiento y protección física de los Hoteles.
6. What happens if the holder does not provide his/her personal data in the context of his/her relationship with one of the Hotels?
Los datos identificativos, así como los demás datos de contacto y cualesquiera otros que puedan ser exigidos por la normativa aplicable, es obligatorio declararlos y la negativa a suministrarlos podría suponer la imposibilidad de acceder al servicio, o la formalización de un contrato. Los restantes datos que se solicitan son voluntarios, por lo que el hecho de no facilitarlos no impedirá el establecimiento de la relación contractual.
7. What happens if the data subject does not provide his/her personal data in the context of his/her relationship with GHG?
Los datos identificativos pertenecientes al huésped/cliente, así como los demás datos de contacto y cualesquiera otros que puedan ser exigidos por la normativa aplicable, es obligatorio declararlos y la negativa a suministrarlos podría suponer la imposibilidad de acceder al servicio. Los restantes datos que se solicitan son voluntarios, por lo que el hecho de no facilitarlos no impedirá el establecimiento de la relación contractual.
8. What is the legitimacy for the processing of personal data by the GHG?
|Reservation and registration management
|Reception and hotel services
|Management of payments and billing services
|Attention and management of requests, inquiries and complaints
|Sending information and advertising about promotions, events and hotel services.
|Analysis of preferences and consumer habits to improve service quality
|Management of customer loyalty programs and customized offers
|Analysis of the effectiveness of marketing strategies and continuous improvement of services offered.
|Compliance with legal and tax obligations
|Fulfillment of a legal obligation
|Security and privacy protection
9. How long will GHG keep the personal data?
In general, personal data to which we have access will be processed for the time necessary to fulfill the purpose for which they were collected. After that, GHG will keep the personal data when they are no longer relevant to the purposes for which they were collected, duly blocked, when there is a legal obligation to keep them.
10. To which recipients will the personal data be communicated?
In general, all personal data collected by GHG may be processed directly by GHG or by companies integrated, affiliated or linked to GHG. In this way, we may share your information with third parties. These third parties may be companies affiliated or integrated with our organization, as well as other entities related to the sector in which we operate. The purpose of sharing this information is to ensure the proper delivery of our services.
Some of these third parties may be located outside the territory of Ecuador, including in countries that may not offer a level of data protection equivalent to that of Ecuador. However, we will ensure that any transfer of data complies with applicable laws and regulations to ensure the security and protection of the information.
It is important to note that we will only share your information with third parties when necessary to fulfill our contractual commitments, protect our legitimate interests or comply with legal obligations.
To facilitate travel, it may be necessary to disclose and process personal data for immigration, border control, security and anti-terrorism purposes, or other purposes determined appropriate by governmental authorities at the points of departure and/or destination. Some countries require passenger data to be provided in advance to allow travel. In compliance with the law or if we are legally authorized, we may share the minimum necessary personal data with other authorities.
The services offered by GHG are not directed to children and adolescents. Thus, GHG will only process personal data of children and adolescents when these are provided by employees, by virtue of their employment relationship; or are provided deliberately by the legal representatives of children and / or adolescents. The above, in accordance with Article 21 of the LOPD, and when the treatment complies with the following parameters and requirements:
– That it responds to and respects the best interests of children or adolescents.
– That it ensures respect for their fundamental rights.
– That it complies with the criteria of legality, proportionality and necessity for the processing.
Once the above requirements are met, GHG will ask the legal representative or guardian of the child or adolescent to consider his/her opinion, which shall be assessed taking into account the maturity, autonomy and capacity to understand the matter and shall verify that the person acting as representative of the child or adolescent is legally entitled to do so. The minor must be heard prior to granting any consent.
In all cases, the delivery of any information related to the minor is optional; however, this will be treated, as long as it is necessary to comply with the corporate purpose of GHG or the services provided by it.
GHG and any person involved in the processing of personal data of children and adolescents shall ensure the treatment of such data. In compliance with the above, the principles and obligations established in the Organic Law for the Protection of Personal Data and other legal and regulatory standards are applied and developed.
12. Security Measures
GHG is committed to the correct Treatment of Personal Data contained in its Databases and files, avoiding unauthorized access to third parties that may know, violate, modify, disclose or destroy the information contained therein; for which technical, human and administrative measures have been adopted to provide security to GHG’s Databases and files, through the Internal Policies and Procedures Manual for the Protection of Personal Data and the Information Security Manual.
13. Video Surveillance
GHG has video surveillance systems in place to safeguard the security and integrity of its clients and guests, as well as its personnel and third parties that have any type of relationship with GHG. Pursuant to the provisions of the Organic Law on Personal Data Protection, GHG informs the owners that they are in a video surveillance area, through distinctive signs or notices in the monitored areas, mainly in the entrance areas
In order to improve its service on the website and digital applications, it uses its own and third party cookies to optimize the experience of our partners, customers and users, monitor statistical information, present content and advertising related to the preferences of the owners when browsing our website, platforms and / or technological and / or digital applications. The information collected through cookies is encrypted and will not be used to identify and / or disclose the information of the Holder.
15. What are the rights of the owners regarding the processing of their personal data?
You have the right to obtain confirmation as to whether or not we are processing your personal data and, if so, to access it. You may also request that your data be rectified if they are inaccurate or to have incomplete data completed, as well as to request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
In certain circumstances, you may request that we restrict the processing of your data. In such a case, we will only process the data concerned for the exercise or defense of claims or for the protection of the rights of other persons. Under certain conditions and for reasons relating to your particular situation, you may also object to the processing of your data. In this case, we will stop processing the data except for compelling legitimate reasons that override your interests or rights and freedoms, or for the formulation, exercise or defense of claims. You may also, under certain conditions, request the portability of your data to be transferred to another data controller. In addition, you may revoke the consent you have given for certain purposes (for example, in commercial communications), without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
To exercise your rights, you may contact GHG by sending a communication to the e-mail address pdp@grandhotelguayaquil, in both cases, with the reference or subject «Data Protection», attaching a photocopy of your valid identity card or passport, and indicating the right you wish to exercise and the reasons that support such request. GHG will respond to the request within a maximum period of fifteen (15) days from receipt of the request. In turn, requests will be answered within a maximum period of ten (10) days. The holder also has the possibility to file a complaint with the competent supervisory authority.
16. Validity and Changes
The present policy is approved on 11/21/2023, date from which it is applicable. It shall be published on the grandhotelguayaquil.com website and at GHG’s physical facilities, located at the front desk & restaurant.
GHG reserves the right to implement the Personal Information Processing Policy at any time. Any changes will be informed and published in a timely manner in corporate emails and on the website. The control of modifications is as follows: