FULL PRIVACY NOTICE – AQUATIC ACTIVITIES / USERS
A. Identity and address of Data Controller
In accordance with the provisions of the Ley Federal de Protección de Datos PErsonales en Posesión de los Particulares (LFPD – Mexican acronym) and other applicable regulations, Hotelera Palace Resorts, S. de R.L de C.V., (hereinafter commonly referred to as “Aqua Safari®” or “Data Controller”, whose domicile to hear and receive communications is: Avenida Andrés García Lavín Calle 32, Número Exterior 298, Piso 11, Colonia Montebello, Mérida, Yucatán, C.P.97113, expressly states:
B. Personal information collected and processed
For the purposes described in this Privacy Notice we collect the following types of personal information:
- Identification and contact information.
- Personal characteristics information.
- Sensitive personal information (health).
C. Processing of sensitive personal information. Health information
Aqua Safari® collects sensitive personal information for the purposes described in the following section. Therefore, we require your express written consent to process such information.
Before collecting your sensitive personal information, we will make physical or electronic means (such as check boxes) available to you so that you can clearly indicate that you agree that we process and transfer your sensitive personal data for the purposes that require so.
D. Purpose of processing
a. Relevant and necessary purposes
- Provide the expressly agreed services in any of their modes as user of the aquatic services managed and/or administered by Aqua Safari®.
- Ensure the safety, functionality and quality of purchased services.
- Evaluate the possibility and suitability of using aquatic services based on information provided by their users.
- Announce changes in our service policies.
- Invoicing and debt collection even judicially or through third parties.
- Announcing promotions and new aquatic services provided by Aqua Safari®.
- Keeping of statistical and historical records of aquatic service users.
b. Additional purposes - Sending communications about offers and new aquatic services provided by Aqua Safari®.
- Carrying out satisfaction surveys.
Before collecting your personal information, we will make physical or electronic means (such as check boxes) available to you so that you can clearly indicate that you do not want us to process your data for these additional purposes.
Please note that if you change your mind, you can oppose the processing of your personal information for the aforementioned additional purposes, and even revoke your consent for such purposes. In such cases, you can communicate your decision through the procedure provided in the “ARCO Rights” section of this Privacy Notice.
In addition to the above, we advise you that the personal information on third parties that you provide to Aqua Safari® by any mean for the purposes stated above (for example, information on family members), may be used only after you are informed of the content of this Privacy Notice and that such information will be processed.
E. Sharing of personal information
Your personal information (including sensitive personal information) may be transferred to and processed by parties other than Data Controller. The receivers of such transferred information (domestic or international) belong to the following categories:
1. Controlling companies, subsidiaries or affiliates of Aqua Safari®, for centralized storage of information, control of registrations and cancellations, changes in service reservations; as well as for the collection of statistics on users of Data Controller, for the purpose of evaluating, improving and designing new services for users.
2. Nonaffiliated Third Parties (service providers), for the one and only purpose of having them assist Palace Elite Resorts® to perform the services related to reservations and purchasing of additional necessary or requested services by the User during their stay (performance of the legal relation between Data Controller and user/contracts executed or to be executed in benefit of the user, by Data Controller and a third-party).
3. Insurance, for compliance with existing regulations related to liability insurance that must be maintained by tourist service and lodging providers for the protection and safety of tourists or users and, as the case may be, for the transfer of information required by the insurance company hired and designated by the users themselves.
4. Persons subject to professional medical secrecy or equivalent obligation, in cases when the sharing of your sensitive personal information related to your present or future state of health with any legally entitled third party is indispensable for medical attention, prevention, diagnostic, health services, medical treatments or management of health services, when you are not able to grant your consent, under the terms set by the General Health Law and other applicable legislation.
5. Collection agencies, for the recovery of unpaid loans through the courts or private settlement.
F. Consent for the sharing of information
Pursuant to the provisions of article 37 of the LFPD, the sharing of personal information described in numbers 1 through 5 of the immediately preceding section, does not require your consent pursuant to the provisions of article 37 of the LFPD.
Your personal information will not be shared with third parties without your consent except under the circumstances described in article 37 of the LFPD, and in all cases, such sharing will be performed in strict compliance with article 17 of the LFPD Regulations.
G. Exercise of ARCO rights
Under all legal circumstances you may exercise your rights to access, modify, cancel and oppose information (ARCO rights) using the legal procedures we have set up.
All such requests should be sent in writing to the address indicated in paragraph A of this Notice addressed to our Data Controller of Personal Information, and comply with the applicable legal requirements.
Information requests should contain the following:
I. Your name and address or other means of providing you with a response.
II. Valid identification documents or power of attorney, as the case may be.
III. A clear and precise description of the personal information on which you wish to exercise your ARCO Rights; and
IV. Any other element or document that could facilitate locating your personal information.
Data Controller will answer you with a decision within 20 business days counted from the date on which your request is received. If the request is admissible it will be put into effect within 15 business days following the date on which Data Controller advises you of the decision. In the event that the information you provide is incorrect or insufficient, or if you fail to send the necessary identity documents or power of attorney, Data Controller will ask that you correct such deficiencies within five business days after receiving your request and you will have 10 business days to comply, counted from the day after you receive such notice. The process will be terminated if you do not answer within the required time.
You can request personal information in the form of plain copies or electronic documents in common formats (Word, PDF, etc.), by means of authorized restricted access to the databases (access) containing your personal information or by any other legal means that guarantee and evidence the exercise of the requested right.
Alternatively, after fulfilling all the above-mentioned requirements, the Data Subjects may submit their request by e-mail to derechosarco@palaceresorts.com and indicating “ARCO Rights and/or Consent Revoked” in the Subject Line. Response times will remain the same as those mentioned in the immediately preceding paragraph. The use of electronic media in the exercise of ARCO rights authorizes Data Controller to answer the request using the same media unless the petitioner specifically requests another format.
You will be responsible for maintaining your personal information in possession of Data Controller updated. Therefore, under all circumstances you are responsible for the truth, accuracy, validity and quality of the personal information you provide, and you hereby undertake to keep such information updated by informing the Data Controller of any changes.
H. Withdrawal of consent and limitation of the use of your personal information
You may withdraw your consent to the processing of your personal information, without retroactive effect, in all those cases in which said revocation does not imply the impossibility of fulfilling obligations derived from a legal relationship in force between you and Data Controller. The procedure to withdraw of consent, where appropriate, will be the same as that established in the immediately preceding section for the exercise of ARCO Rights.
You can limit the use or disclosure of your personal information by addressing the corresponding request to our Data Protection Officer. The requirements to prove your identity, as well as the procedure to meet your request, will be the same as those indicated for the exercise of ARCO rights.
Data Controller has the means and procedures to ensure the inclusion of some of your data in exclusion lists, when you expressly request the inclusion of them. Data Controller will grant Data Subjects who request their registration, the corresponding registration proof.
I. Automatic means to collect personal information
Data Controller uses cookies to facilitate browsing on this website. Cookies are a tool used by web servers to save and retrieve information that is stored in the browser used by users or visitors of the website that allow to save your personal preferences in order to provide you with a better browsing experience.
Cookies have an expiration date, which can range from the duration of the session or visit to the website to a specific date after which they stop to be operational. Most of the cookies used by Data Controller are associated only with an anonymous user and his computer equipment, they do not provide references that allow the user’s name and surnames to be deduced, they cannot read data from their hard drive or include viruses in your texts.
We can also collect information using “web beacons”, “pixel tags”, “clear gifs” or similar means (generically “web beacons”) that allow us to obtain non-personal or aggregated information, such as domain names, website areas that you visit, your operating system, the version of the operating system that you use, the version of the browser and the URL prior to your visit. This information is used to improve your experience on the site and to understand traffic patterns.
We may also use third party advertisements on our websites. These advertisers may also use cookies and pixel tags to identify among other things which ads have been shown to you and on which pages. Data Controller has no control over the use of this technology by third parties and therefore we cannot be held responsible for their actions and policies.
You can configure your browser to automatically accept or reject all cookies or to receive an onscreen warning about the reception of each cookie and decide at that time whether or not to install them on your hard drive. We suggest you consult the help section of your browser to find out how to change the cookies acceptance or rejection settings. Even when you configure your browser to reject all cookies or expressly reject the cookies from our booking engine, you can continue browsing the website, but it is not possible to guarantee in these cases that you can complement your reservation process. In any case, you can delete the cookies from our booking engine implanted in your hard drive, at any time, following the procedure established in the help section of your browser.
J. Modifications and update of this Full Privacy Notice
Data Controller may modify, update, extend or in any other way change the content and scope of this Full Privacy Notice at any time and at their complete discretion. In such cases, Aqua Safari® will publish any changes on the website www.aquasafari.com.
Changes may also be announced by e-mail while the legal relations continue, when such form of communication has been agreed upon between you and Data Controller.
Last updated:
June 26, 2023