Personal Data Protection Policy
Personal Data Protection Policy
- INTRODUCTION
- Cuscom Tours is a company in the tourism sector dedicated to the sale of tourist services nationwide through the intermediation of services, which includes: sale of transport tickets, private transfers, lodging and food services, tourist packages and full days located on (Direction), is obliged to comply with current Peruvian legislation on the protection of personal data, Law No. 29733 Protection of Personal Data and its complementary provisions.
- For this reason, Cuscom Tours is committed to: • The collection and use of personal information. • Ensure the quality and security of the information. • Respect the rights of people with regard to information about themselves.
- Cuscom Tours is committed to the protection, handling and proper treatment of the personal data to which it has access in the regular operation of its businesses. Said commitment includes the review and continuous improvement of the organization’s processes in order to guarantee adequate protection of said personal data and the guidelines established by Cuscom Tours for the collection and processing of personal data in order to ensure respect of the rights of its holders and compliance with the current regulatory framework. The Policy may be supplemented with additional procedures, regulations and / or guidelines that develop what is established in this document, provided that they are aligned with its guiding principles.
- OBJECTIVE
- The objective of this document is to establish uniform principles, practices and responsibilities regarding the processing of personal data in which Cuscom Tours is involved.
- SCOPE
- This document is applicable to all theof processes Cuscom Tours that will use personal data of the clients destined to be contained in the different databases of Cuscom Tours and their treatment.
- The Policy will be fully known and complied with by all the employees of Cuscom Tours and suppliers. For the purposes of interpreting this Policy, the definitions contained in the Law and especially those included below are applicable.
- DEFINITIONS
- Personal data: All information that identifies a natural person or the one that can be identified through reasonably used means. For example, the DNI, physical address, full name. Sensitive data: Personal data made up of biometric data that by themselves can identify the owner; data referring to racial and ethnic origin; economic income, political, religious, philosophical or moral opinions or convictions; union membership; and health-related information.
- Processing of personal data: Any technical operation or procedure, automated or not, that allows the collection, registration, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, deletion, communication by transfer or by diffusion or any another form of processing that facilitates the access, correlation or interconnection of personal data. In summary, the processing of personal data regulates all possible forms of use and processing of personal data within the organization from its entry to its eventual elimination or conservation.
- Consent: Prior, free, unequivocal and express authorization that the individual must grant to authorize the processing of their personal data. • Previous: It must be obtained before collection. • Free: It should not be forced or conditioned. • unequivocal and express: There should be no doubt about its manifestation and it must be recorded in some tangible medium. Personal data bank: Organized set of personal data, automated or not, regardless of the support, be it physical, magnetic, digital, optical or others that are created, whatever the form or modality of its creation, training, storage, organization and access.
- Holder of the personal data bank: Natural person, legal person under private law or public entity that determines the purpose and content of the personal data bank, the treatment of these and the security measures. Person in charge of the personal data bank: Any natural person, legal person under private law or public entity that alone or acting jointly with another performs the processing of personal data on behalf of the owner of the personal data bank. Anonymization procedure: Processing of personal data that prevents identification or does not make the owner of the personal data identifiable. The procedure is irreversible. Disassociation procedure: Processing of personal data that prevents identification or does not make the owner of the personal data identifiable.
- RESPONSIBLE FOR COMPLIANCE
- Cuscom Tours will assign and communicate the corresponding responsibilities to all personnel and suppliers, for compliance with this Policy.
- The area responsible for annually reviewing this Policy and making the respective adjustments within Cuscom Tours will be the General Management. Likewise, said Management will be in charge of answering any questions related to the application and scope of this Policy.
- Notwithstanding this, all the employees of Cuscom Tours as well as all the suppliers and third parties with whom Cuscom Tours is linked in the regular exercise of its business and have access or carry out processing of personal data are subject to compliance with the Policy. Finally, no employee of Cuscom ToursC shall perform on behalf of the Company. actions or incurring omissions that imply a breach of the Law.
- CONFIDENTIALITY
- This Policy will be for internal and exclusive use of Cuscom Tours and, therefore, is confidential. Any use other than that indicated is prohibited and must be expressly authorized in writing by the General Management.
- The personal data to which both the workers of Cuscom Tours and related third parties have access or participate in their treatment may not be treated or used in any way without the prior consent of the owner of the personal data even after termination. of its relationship with Cuscom Tours, except for the exceptions regulated by Law.
- In the case of workers who, due to the nature of their duties, have access to confidential and sensitive personal information, Cuscom Tours will endeavor to develop specific training and awareness-raising actions. The people involved in the processing of personal data are obliged to keep professional secrecy and maintain confidentiality with respect to them. This obligation will continue even after the end of its relationship with Cuscom Tours.
- PRINCIPLES
- All the employees of Cuscom Tours must permanently comply with the principles established in the Law that are detailed below: a. Legality. The processing of personal data carried out by Cuscom Tours will be done in accordance with the provisions of the Law. The collection of personal data by fraudulent, unfair or illegal means is prohibited.
- Consent. Cuscom Tours will not be able to process personal data that does not have the prior, express, unequivocal and free consent of the owner as necessary, except for the exceptions provided by law.
- Purpose Cuscom Tours will collect personal data clearly stating the purpose for which it is collecting, which must be determined, explicit and lawful. The personal data being processed may not be used for purposes other than or incompatible with those for which it was obtained, except with the consent of the owner. In this sense, Cuscom Tours will comply with implementing measures that guarantee: • The collection, storage and conservation of personal data comply with the principles of proportionality and purpose. • The adequate protection of personal data complying with adequate technical and legal security measures. It should be noted that Inversiones Cuscom Tours.
- Proportionality All processing of personal data carried out Cuscom Tours must be adequate, relevant and not excessive for the purpose for which they were collected.
- Quality. The personal data that will be processed by Cuscom Tours must be truthful, exact and, as far as possible, updated, necessary, pertinent and adequate with respect to the purpose for which they were collected. They must be kept in such a way as to guarantee their security and only for the time necessary to fulfill the purpose of the treatment, respecting the legal terms of conservation of applicable documents and information.
- Security. Cuscom Tours and the third parties that it entrusts to process personal data must adopt the necessary and appropriate technical, organizational and legal measures to guarantee the security of personal data against different risks, such as accidental loss or destruction by sinister, unauthorized access, covert use or the infection of malware or computer viruses. These measures will be established, communicated and, if applicable, updated by Cuscom Tours.
- Adequate level of protection. In case Cuscom Tours carries out international transfers of personal data, it must guarantee a sufficient level of protection for the personal data that is going to be processed or, at least, comparable to the provisions of the Law.
- Rights of the holders of personal data. Cuscom Tours will have a simple and free procedure for attending to the rights of holders of personal data contemplated in the Law: (i) information, (ii) access, (iii) updating, (iv) inclusion, (v ) rectification, (vi) deletion, (vii) prevent the supply, (viii) opposition and (ix) objective treatment.
- Therefore Cuscom Tours: • Will take the necessary measures to inform the owner of the personal data about the rights conferred by the Law. • Will adopt the measures that allow the owner of the personal data to keep them updated. • It will comply with responding in a timely manner and within the terms of the law, the requirements and requests related to the rights of the aforementioned holders of personal data; In the processes of attention to the rights of holders of personal data, the following guidelines will apply. • The deletion or rectification of personal data will not proceed when this affects the rights or legitimate interests of Cuscom Tours, its shareholders, employees or managers or third parties or when there is a legal obligation to preserve personal data. • Cuscom Tours may reject certain requirements when the disclosure of personal data may compromise or hinder ongoing judicial or administrative actions.
- TRANSFERS OF PERSONAL DATA
- The personal data subject to treatment by Cuscom Tours may only be assigned or transferred to third parties for the fulfillment of the purposes related to the legitimate interest of the transferor and the assignee and with the prior, express, free, unequivocal and informed consent. of the owner of the personal data. Said consent will not be required in the cases permitted by law.
- COLLECTION OF SENSITIVE DATA
- Will inform the owner of the data of this situation prior to its collection.will only collect personal data and / or sensitive data when strictly necessary and in compliance with the principles of purpose and proportionality. When the collection and processing of said data derives from compliance with a legal obligation, Cuscom Tours will inform the owner of the data of this situation prior to its collection.
- DISCLOSURE OF PERSONAL DATA
Cuscom Tours will not disclose personal data to third parties except when:
- a) It is necessary for the purpose for which the personal data was collected; as in the provision of services through third parties and providers.
- b) The owner of personal data is informed before disclosure or at the time of collection of personal data.
- c) The owner of the personal data gives their prior and express consent.
- d) Consent is not required by law.
- e) Personal data is required by public entities within the scope of their legal powers and attributions.
- f) The personal data are necessary to satisfy legitimate requirements of a company interested in acquiring any of the operations of Cuscom Tours, prior consent of the owner; or,
- g) Access to personal data is by auditors and lawyers and other professionals obliged to keep professional secrecy.
- ELIMINATION OF PERSONAL DATA
- Once the processing of personal data has been completed and the principle of purpose has been fulfilled, and provided that there is no legal mandate or reason that justifies the conservation of personal data, Cuscom Tours will proceed to eliminate them from its records. Alternatively, Cuscom Tours may apply dissociation processes, or equivalent when for any commercial, statistical or market analysis reason justify the convenience of keeping such data. Cuscom Tours will define in a timely manner the respective procedures that are necessary for the elimination of personal data.
- SCHEDULE OF SANCTIONS
- An employee who commits an infraction to the provisions established in this Policy will be considered a serious and punishable offense. Cuscom Tours will take the disciplinary measures it deems pertinent in cases of non-compliance with the obligations stipulated herein by the employees.
- DISSEMINATION AND COMPLIANCE WITH THE POLICY
Cuscom Tours will endeavor:
- i) to comply with the provisions of this Policy;
- ii) make known, observe and respect this Policy for each employee;
- iii) publish this Policy in easily accessible places; and
- iv) subscribe confidentiality obligations with employees, users, contractors and third parties who access the personal data included in the data banks.