Terms and Conditions

TERMS AND CONDITIONS
VAOVA privacy and personal data processing policy
1. Introduction and purpose of the policy

1.1. This Privacy and Personal Data Processing Policy (hereinafter the “Policy”) is intended to guarantee the rights of the data subjects as set forth in the Colombian Law as well as in the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27th of 2016 (hereinafter the “GDPR”), including, without limit, the right of every person to consult, update and correct the Personal Data that exists about him/she in databases and/or or files of public or private entities. Likewise, this Policy is intended to guarantee compliance of VAOVA S.A.S.’s (hereinafter “VAOVA” or the “Controller”) obligation to respect the rights and guarantees provided in favor of the data subjects whenever their Personal Data is Processed.

1.2. This Policy regulates the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data carried out by VAOVA as the legal entity responsible for Processing Personal Data pursuant to Law 1581 of 2012. Additionally, considering that article 25 of Law 1581 of 2012 provides that in no case may the Personal Data Processing policies shall have rights and duties inferior to those established in the Law, this Policy contains, in addition to the rights and duties set forth in the Colombian Law, certain additional rights duties included in accordance with the GDPR.

1.3. VAOVA, is committed with the compliance of the regulations on the protection of Personal Data and with respect for the rights of the data subjects. Therefore, it enacts this Policy, which is mandatory for VAOVA as responsible of the Processing of Personal Data, as well as it is mandatory for its employees, officers and for the third parties and contractors to whom the Personal Data may be transmitted in case of authorization of the data subject, being all of them bound by the terms and conditions set forth herein, in Law 1581 of 2012, in Decree 1377 of 2013, and in the applicable regulations of the jurisdictions in which such Personal Data may be Processed.

2. Definitions

2.1. The following terms used in this Policy shall have the respective meanings assigned to them below:

2.1.1. Authorization: Prior, free, express, informed and clear consent granted by the Data Subject for the Processing of his/her Personal Data.

2.1.2. Database: Organized ensemble of Personal Data which is subject to Processing.

2.1.3. Personal Data: Any information related to, or that may be associated to one or several determined or determinable individuals.

2.1.4. Data Processor: natural or legal person who Process the Personal Data on behalf of the Data Controller.

2.1.5. Data Controller: Entity who, by itself or in association with third parties, decides over the Databases and Process the Personal Data and determines the purposes and means of the Processing of Personal Data.  

2.1.6. Data Subject: Individual whose Personal Data may be subject to Processing.

2.1.7. Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Scope

3.1. This Policy shall be mandatory for VAOVA as well as for its employees, officers and the third parties and contractors to whom the Personal Data is transmitted, in case of authorization of the Data Subjects, and shall apply whenever Personal Data be Processed in Colombia or in any case by VAOVA or its Data Processors. 

3.2. Should the Personal Data be Processed abroad, the legislation of the jurisdiction where the Processing of Personal Data is carried out will be applied, provided that the terms and conditions set forth in said legislation establish rights and guarantees superior to those set forth in this Policy, otherwise, this Policy will be preferentially applied.

4. Controller’s Information

Corporate name: VAOVA S.A.S.

Domicile: Bogotá D.C., Colombia.

Address: Carrera 7 # 84A -29 Of. 204

E-mail address: treksinfo@vaovatravel.com

Phone number: 315 861 9219

5.  Applicable principles to the Processing of Personal Data

5.1. VAOVA will apply the principles provided below in the Processing of the Data Subjects’ Personal Data in accordance with the provisions set forth in Law 1581 of 2012 and its complementary Decrees and in those not foreseen in such regulation, or in cases in where greater protection is provided for the Data Subjects’ Personal Data, the GDPR principles indicated in section 5.2. of this Policy, will apply.

5.1.1. Lawfulness principle: The Processing referred to in this Policy is a regulated activity, subject to the terms set forth in Law 1581 of 2012 that must be subject to what is established in it, its complementary regulation and in this Policy.

 5.1.2. Purpose principle: The Processing must be carried with a legitimate purpose in accordance with the Constitution and the Law, such purpose shall be informed to the Data Subject. 

5.1.3. Freedom principle: The Processing can only be carried with the prior, express and informed consent of the Data Subject. Personal Data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate relieving consent. 

5.1.4. Truthfulness principle: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The Processing of partial, incomplete, fractioned or misleading data is forbidden. 

5.1.5. Transparency principle: In the Processing of Personal Data, the Data Subject’s right to obtain from the Controller or the Processor information regarding the existence of data related to him/her, at any time and without restrictions, must be guaranteed. 

5.1.6. Access and restricted circulation principle: The Processing is subject to the limits derived from the nature of the specific Personal Data, the provisions of Law 1581 of 2012, the Constitution and this Policy. Thus, the Processing can only be carried out by persons authorized by the Data Subject and/or by the persons indicated in such Law; except from public information, Personal Data, shall not be available on the Internet or other means of dissemination or mass communication, unless the access is technically controllable in order restrict access only to the Data Subjects or authorized third parties pursuant to the Law. 

5.1.7. Security principle: The information subject to Processing by the Controller or the Processor, shall be Processed with the necessary technical, human and administrative measures to grant security to the records, avoiding their adulteration, loss, unauthorized use or consultation, or fraudulent access. 

5.1.8. Confidentiality principle: All persons involved in the Processing of non-public Personal Data, are compelled to guarantee the reserve of such information, even after the end of their relationship with any of the tasks involved in the Processing, being able to only perform supply or communication of Personal Data when this corresponds to the development of the activities authorized by the Law. 

5.2. In addition to the principles outlined in section 5.1. of this Policy, and in accordance with the provisions of article 5 of the GDPR, whenever VAOVA or the Managers Process Personal Data, such shall be: 

5.2.1. Processed lawfully, fairly and in a transparent manner in relation to the Data Subject (‘lawfulness, fairness and transparency’). 

5.2.2. Collected for specified, explicit and legitimate purposes and not further Processed in a manner that is incompatible with those purposes.

5.2.3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed (‘data minimization’).

5.2.4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are Processed, are erased or rectified without delay (‘accuracy’).

5.2.5. Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are Processed; Personal Data may be stored for longer periods insofar as the Personal Data will be Processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (‘storage limitation’).

5.2.6. Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

6. Processing to which Personal Data will be subject and Processing purposes

6.1. Prior Authorization from the Data Subjects, their Personal Data shall be collected, stored, organized, used, circulated, transmitted, transferred, updated, rectified, deleted, removed, and managed according to its nature and the purposes provided in this Policy.

6.2. The Processing of the Data Subjects’ Personal Data by VAOVA has as main and general purpose the compliance of VAOVA’s legal and contractual obligations as well as the fulfillment of VAOVA’s corporate purpose and the development of its complementary activities. The aforementioned, in compliance with the duties established in the Law and in this Policy and with absolute respect for the Data Subjects’ rights pursuant to the Colombian legislation and this Policy, which includes additional rights, terms and principles in accordance with the GDPR.

6.3. The specific purposes for which the Processing of Personal Data of the different subjects with whom VAOVA has legal or commercial relationships, are subject to the nature and characteristics of said relationships, subjects and Personal Data, in such a way that the Processing of Personal Data allows to VAOVA the effective fulfillment of its legal and contractual obligations with the Data Subjects and third parties as well as the development of the corporate purpose of VAOVA together with its complementary activities. Below the purposes for which the Personal Data of the different types of Data Subjects:

6.3.1. VAOVA shall Process the Personal Data of candidates for a position in VAOVA, with the following purposes:

6.3.1.1. Contact in order to begin and carry out the hiring process.

6.3.1.2. Verification and analysis of the information provided by the candidate on education and prior employment. 

6.3.1.3. Background checks when authorized through express and special consent given the sensitive nature of the Personal Data to be verified. As mandated by the applicable regulations, the candidate will not be compelled to grant this authorization and refusal shall not be deemed by VAOVA as a negative conduct in order to select a determined candidate. Moreover, the candidate will be able to grant authorization for the Processing of his/her Personal Data in order to carry out the engagement process without authorizing the consult of his/her sensitive Personal Data. 

6.3.1.4. Registration before social security entities family compensation funds in case of engagement

6.3.1.5. The defense of VAOVA’s interests and VAOVA’s related parties’ interests in case of a lawsuit. 

6.3.1.6. The development of surveys (commercial, academic or any other kind) and in general any technical or field studies directly or indirectly related with VAOVA, regardless if such are carried by VAOVA or third parties. 

6.3.1.7. Making transfers and transmissions of Personal Data to other companies, commercial allies and third parties in order to comply VAOVA’s obligations with such.

6.3.1.8. Any other purpose authorized by the Data Subject provided that such purpose is allowed under the jurisdiction applicable for the Processing of the Personal Data. 

6.3.1.9. All the accessory and/or necessary actions for the correct fulfillment of the purposes related in this Policy. 

6.3.2. VAOVA shall Process the Personal Data of its employees, with the following purposes: 

6.3.2.1. Compliance and execution of the employment agreements entered with the employees. 

6.3.2.2. Compliance and execution of VAOVA’s contractual and legal obligations with third parties including without limiting; contractors, contracting parties and authorities. 

6.3.2.3. Drafting, modification and compliance of VAOVA’s internal policies. 

6.3.2.4. The realization of disciplinary investigations and disciplinary proceedings, the imposition of disciplinary sanction and the termination of the employment agreement. 

6.3.2.5. The defense of VAOVA’s interests and VAOVA’s related parties’ interests in case of a lawsuit. 

6.3.2.6. The verification and request of compliance of the employee’s obligations. 

6.3.2.7. The offering and administration of employee’s extralegal benefits. 

6.3.2.8. The control over the computer systems and the work tools provided by VAOVA. 

6.3.2.9. The administration of information and communication systems, the creation of copies and security files of the information on the devices provided by VAOVA. 

6.3.2.10. The control and prevention by VAOVA of possible frauds and money laundering. 

6.3.2.11. In order to ensure the security of VAOVA’s clients and employees as well as of the facilities and goods of VAOVA, its employees, clients and contractors. 

6.3.2.12. The development of surveys (commercial, academic or any other kind) and in general any technical or field studies directly or indirectly related with VAOVA, regardless if such are carried by VAOVA or third parties. 

6.3.2.13. The creation and use of databases regarding the characteristics and the profiles of the employees. 

6.3.2.14. Maintain the employees’ health and safety at the workplace, pursuant to the applicable regulations of the Health and Safety at Work System and in order to keep the documents required by the Colombian law.

6.3.2.15. Assess the employees’ performance. 

6.3.2.16. Collect and use evidence in case of alleged non-compliances with the law and the employment contract by the employees. 

6.3.2.17. Carry all the required procedures pertaining to the employees’ social security as well as for the compliance of VAOVA’s obligations in labor, corporate, social security, tax and payroll taxes matters. 

6.3.2.18. Contact the employees’ families in case of absence or emergency.

6.3.2.19. Inform the employee about the events and decisions arising during the execution of the employment agreement and even after its termination.

6.3.2.20. Make payroll discounts authorized by the employee or otherwise ordered by the law or a judge.

6.3.2.21. Marketing and sell of the services offered by VAOVA and its commercial allies. 

6.3.2.22. Making transfers and transmissions of Personal Data to other companies, commercial allies and third parties in order to comply VAOVA’s obligations with such.

6.3.2.23. The production, publication and sending of advertising in VAOVA’s web page and through other communication channels and platforms, which include the publication of the Data Subjects images in order to advertise VAOVA’s activities.

6.3.2.24. Any other purpose authorized by the Data Subject provided that such purpose is allowed under the jurisdiction applicable for the Processing of the Personal Data. 

6.3.2.25. All the accessory and/or necessary actions for the correct fulfillment of the purposes related in this Policy.

6.3.3. VAOVA shall Process the Personal Data of its clients and users, with the following purposes: 

6.3.3.1. Ensure the fulfillment and compliance of the legal and contractual rights and obligations of the parties.

6.3.3.2. Providing of information to suppliers and contractors involved in the services rendered to the clients and users. 

6.3.3.3. The contracting and execution of insurance policies covering the clients, users and/or VAOVA when required.

6.3.3.4. Reservation and cancelling of flight and transport tickets, hotels and activities related with the services rendered by VAOVA.

6.3.3.5. Fulfillment of business obligations within the framework of contractual relationships with VAOVA’s clients, users and third parties.

6.3.3.6. Manage and ensure compliance and rendering of the services contracted by the clients and users.

6.3.3.7. Drafting and sending the relevant invoicing.

6.3.3.8. Drafting, sharing and sending of brochures, presentations and travel schedules to potential clients, clients, users and third parties.

6.3.3.9. The production, publication and sending of advertising in VAOVA’s web page and through other communication channels and platforms, which include the publication of the Data Subjects images in order to advertise VAOVA’s activities.

6.3.3.10. Conduct market and consumer habits research, statistical analysis, and client behavior reports.

6.3.3.11. Sending satisfaction surveys or any other mechanisms to assess the quality of the products and services provided by VAOVA.

6.3.3.12. Send information about changes in the conditions of the services and products purchased and notify the Data Subject about new services or products.

6.3.3.13. Conduct studies and programs that are necessary to determine consumption habits.

6.3.3.14. Respond to queries, requests, complaints and claims that are made by control bodies and other authorities that in accordance with applicable law request the Personal Data.

6.3.3.15. Collection and transmission to third parties of the CV’s and Linkedin profiles of the clients and/or users that participate in the events organized by VAOVA.

6.3.3.16. Publication of the clients’ and/or users’ CV´s regarding the participation of the Data Subject in selection processes to be done by VAOVA’s sponsors and its related companies.

6.3.3.17. Data Subject’s registration and participation in the events and conferences organized by VAOVA in which the Data Subject may interact with other participants of the Event and third parties.

6.3.3.18. Sending to the Data Subject brand activation e-mails from VAOVA and its sponsors.

6.3.3.19. Any other purpose authorized by the Data Subject provided that such purpose is allowed under the jurisdiction applicable for the Processing of the Personal Data.

6.3.3.20. All the accessory and/or necessary actions for the correct fulfillment of the purposes related in this Policy.

6.3.4. VAOVA shall Process the Personal Data of its independent contractors, with the following purposes: 

6.3.4.1. Verification of the information provided by the contractors.

6.3.4.2. Engagement and registration before social security when applicable.

6.3.4.3. Payment of fees.

6.3.4.4. Creation of suppliers’ databases which shall be used for prices and services comparisons as well as to qualify rank the suppliers in accordance with the quality of the rendered services and the offered products.

6.3.4.5. Investigate, verify, and validate the information provided by suppliers with any information that VAOVA lawfully has, and with international lists on the commission of crimes, money laundering and terrorism financing.

6.3.4.6. Any other purpose authorized by the Data Subject provided that such purpose is allowed under the jurisdiction applicable for the Processing of the Personal Data.

6.3.4.7. All the accessory and/or necessary actions for the correct fulfillment of the purposes related in this Policy.

6.3.5. VAOVA shall Process the Personal Data of its Speakers, with the following purposes: 

6.3.5.1. Verification of the information provided by the speakers.

6.3.5.2. Payment of fees.

6.3.5.3. Advertising of VAOVA’S Events and Conferences in which the participation of the Speaker has been agreed.

6.3.5.4. Mailings to third parties interested in the participation in VAOVA’s Conferences and Events in which the Speaker is to participate.

6.3.5.5. Publication in VAOVA’s webpage, in VAOVA’s managed social media and in mass media in order to advertise the activities developed by VAOVA.

6.3.5.6. Any other purpose authorized by the Data Subject provided that such purpose is allowed under the jurisdiction applicable for the Processing of the Personal Data.

6.3.5.7. All the accessory and/or necessary actions for the correct fulfillment of the purposes related in this Policy.

6.4. Pursuant to the GDPR, the Processing of Personal Data for purposes other than those for which the Personal Data were initially collected should be allowed only where the Processing is compatible with the purposes for which the personal data were initially collected. In such a case, no legal basis different from that which allowed the collection of the Personal Data is required.

7. Sensitive Personal Data Processing

7.1. When processing sensitive Personal Data, VAOVA will apply the legal provisions on the Processing of sensitive data, including the following:

7.1.1. Obtain Data Subjects’ previous, explicit and informed consent, by informing the discretionary character thereof, and which specific sensitive data is being collected. This authorization will be implemented for any collection of sensitive data, except for the following cases specifically excluded by law from such statutory requirement:  

7.1.1.1. The Processing is necessary to safeguard Data Subject’s vital interests, whenever he/she is physically or legally disabled. In these events, Data Subject’s legal representatives must grant the relevant authorization.

7.1.1.2. The Processing is carried out in the course of legitimate activities and with appropriate safeguards by a foundation, NGO, association or any other nonprofit organization with political, philosophical, religious or trade union purposes, provided that it exclusively refers to its members or persons with whom they have regular contact in connection with its purpose. In these cases, the data cannot be disclosed to third parties without the Data Subject’ authorization.

7.1.1.3. The Processing refers to data necessary for the establishment, exercise, or defense of a right in a judicial proceeding.

7.1.1.4. The Processing has historical, statistical, or scientific purposes. In this event, the measures aimed at removing the Data Subject’s identity shall be adopted.

7.2. In those cases where VAOVA has access to sensitive data, Processing will be carried out for the following purposes:

7.2.1. Candidates and employees’ health status and occupational health records:

7.2.1.1. Verify whether the candidate meets the physical requirements necessary to perform the position that he/she is applying or was hired for.

7.2.1.2. Have the necessary information to attend to any medical emergency taking place while providing any services at VAOVA’s facilities.

7.2.1.3. Comply with the health and safety standards at the workplace and implementing the MSOHS and any other program, system, and/or plan that aims to protect the employees’ and people’s health in the workplace. 

7.2.2. Employees’ biometric data (fingerprints and photographs):

7.2.2.1. Identify the personnel accessing VAOVA’s facilities.

7.2.2.2. Provide access to VAOVA’s facilities.

7.2.2.3. Verify the employee’s permanence at VAOVA’s facilities.

7.2.2.4. Compliance with the legal obligations arising from the employment relationship, such as carrying out all the necessary proceedings for the registration of beneficiaries with the Social Security System or any other activity derived from the applicable legislation.

7.2.2.5. Providing the relevant security while in trainings and activities carried out by VAOVA for its employees.

7.2.2.6. Advertise VAOVA’s employees’ participation in different activities, conferences, and social events.

7.2.3. Video surveillance

7.2.3.1. VAOVA uses several video surveillance mechanisms, installed in different places within its facilities or offices. The information collected will be used only for security purposes in connection with the people, assets, and facilities. This information may be used as evidence in any type of proceedings before any type of authority and organization. VAOVA will implement authorizations to obtain this information, so that it complies with the legal provisions regulating the access to sensitive data.

7.2.4. Children and adolescents’ data Processing:

7.2.4.1 VAOVA may Process the data of children of candidates or employees that are under 18 years of age. This information is collected with authorization of the parents or persons legally authorized to do so, following the requirements provided under Colombian data protection regulation. For this reason, data of children will be Processed only with the purpose to comply with the legal obligations arising from the employment relationship, such as carrying out all the necessary proceedings to register the relevant beneficiaries with authorities such as the Social Security System or for purposes of any other activity under the applicable laws.

8. Transfers and Transmissions of Personal Data

8.1. VAOVA transfers its clients and collaborators’ Personal Data to its contractors involved in the services offered to the clients to the extent necessary for the rendering of such services. The contractors to whom these Personal Data be transferred shall be subject to the terms and conditions set forth in this Policy for any matter related to the Personal Data Processing of the Personal Data transferred to them by VAOVA. VAOVA may transfer the Personal Data of the Data Subjects to related third parties in other countries in order to comply with its contractual obligations.

9. Data Subject’s rights

9.1. The Data Subject whose Personal Data is Processed by VAOVA, will be entitled to all the rights established in the Colombian legislation which are indicated in section 5.2. of this Policy. Should the Colombian legislation provide additional rights or with greater scope to those indicated in this Policy, those established in the legal regulations will prevail. Likewise, this Policy establish a series of additional rights included in accordance with the GPDR, all of which are indicated below.

9.2. Pursuant to the Colombian Legislation, Data Subjects are entitled to;

9.2.1. Consult, update and correct their Personal Data towards VAOVA and the third parties Processing such Personal Data on behalf of VAOVA.

9.2.2. Request proof of the authorization given to VAOVA except when the Law does not require such authorization.

9.2.3. Upon prior request, to be informed about the use given to her Personal Data by VAOVA or those who carry out the Processing of such Personal on behalf of VAOVA.

9.2.4. File before the competent authorities the complaints regarding the infringement of the Colombian regulations on Personal Data protection.

9.2.5. Revoke the Consent for the Processing of Their Personal Data and/or to request the erase of his/her Personal Data when VAOVA incurs in behaviors against the law, the Constitution or this Policy, in the Processing of their Personal Data.

9.2.6. Access without any charge his/her Personal Data that has been subject to Processing.

9.3. In addition to the rights set forth in the Colombian Legislation, and pursuant to voluntary incorporation of GDPR provisions within this Policy, Data Subjects will also have the rights to; i) transparency; ii) information and access to Personal Data; iii) rectification; iv) erasure (right to be forgotten); v) restriction of Processing; vi) data portability, and vii) object, in the extent set forth in chapter III of the GDPR, for which a copy of this regulation will be provided to the Data Subjects upon request.

10. Department and officer responsible for the attention of requests, queries and claims before which the Data Subject can exercise his/her rights to consult, update, correct and delete his/her Personal Data and revoke authorization

10.1. For the purposes required by the Law, VAOVA has designated the Sales Management department for the attention of the issues related with the Processing of the Data Subjects’ Personal Data. Therefore, the Data Subjects may address any issue regarding their Personal Data this office either through the email address treksinfo@vaovatravel.com or through filing in the address Carrera 7 # 84 A -29 Of. 204 in Bogotá, D.C.

10.2. For GDPR purposes, the Sales Manager shall be the senior officer in charge of addressing all the Data Protection related matter within VAOVA as well as to ensure compliance with the law and this Policy in all the matters related with Personal Data Processing.

11. Procedure for the Data Subjects to exercise their rights to consult, update, correct and delete their Personal Data and to revoke Authorization

11.1. Consultation and access to Personal Data procedure.

11.1.1. The Data Subject or his/her successors may consult the information stored in VAOVA’s databases. The Data Subject shall deliver the corresponding request to the e-mail address treksinfo@vaovatravel.com, call telephone number (+57) 315 861 9219, or submit in the request in writing at VAOVA’s offices in the address Carrera 7 # 84 A -29 Of. 204, in Bogotá, D.C.

11.1.2. n order to prevent unauthorized third parties from accessing Data Subjects’ personal information, it will be necessary to previously ascertain the Data Subject’s identification. When the request is made by a person other than the Data Subject and such person fails to demonstrate that he/she has the power to act on behalf of the Data Subject, the request will be considered as non-submitted.

11.1.3. The request will be attended within a maximum ten (10) business days-term counted as of the receipt date. If for any reason the request cannot be answered within such term, Data Controller will inform the reasons for the delay and will provide a new deadline to answer the request, which may not exceed five (5) additional business days.

11.2. Procedure to request updates, corrections, deletions, the revocation of the authorization, or to submit claims.  

11.2.1. The Data Subject or his/her successors who believes that the information contained in VAOVA’s Databases should be corrected, updated, or deleted, or that notices an alleged breach of any of the duties forest forth in the law, may file a claim with VAOVA which will be attended pursuant to the following rules, in accordance with article 15 of Law 1581 of 2012:

11.2.1.1. The claim shall be submitted to treksinfo@vaovatravel.com or by submitting a written communication from Monday to Friday between 8:00 AM to 6:00 PM, at VAOVA’s address located in Carrera 7 # 84 A -29 in Bogotá, D.C.

11.2.1.2. In order to prevent unauthorized third parties from accessing the Data Subject’s personal information, it will be necessary to previously ascertain the Data Subject’s identification. Should the request be made by a person other than the Data Subject and such person fails to demonstrate that he/she has the power to act on behalf of the Data Subject, the relevant request will be considered as non-submitted.

11.2.2. The request shall contain the following information:

a) The Data Subject’s identification.

b) The contact information (physical and/or electronic address and contact telephone numbers).

c) The documents that demonstrate the Data Subject’s identity or his/her agent’s representation.

d) A description or identification of the Personal Data That motivated the complaint.

e) The basis of the request.

f) Any additional document or information deemed as relevant by the Data Subject.

g) Signature of the Data Subject and/or his/her representative.

11.2.3. If the complaint is incomplete, VAOVA will request the interested party to correct the errors within the next five (5) business days following the complaints’ receipt. If the individual does not complete the complaint within the next two (2) months after the information request is sent by the Data Controller, the complaint will be discarded.

11.2.4. If the department receiving the claim is not competent to resolve it, it shall notify it to the competent area within a maximum two (2) business days term and inform the interested party accordingly.

11.2.5. Once the complaint with all the required information is received, the Data Controllers will mark the Personal Data with the following phrase “complaint currently under review”, and the reasons for such complaint. This label must be placed during two (2) business days. Additionally, this label will remain until the complaint is finally answered by the Data Controller.

11.2.6. The complaint must be resolved within fifteen (15) business days after the date in which the request is received.

11.2.7. If for any reason the complaint cannot be answered within the legal term described above, Data Controller will inform of this situation to the individual. Additionally, Data Controller will inform the reasons for the delay and will define a new deadline to answer the request. The new deadline should be of maximum eight (8) additional days.

11.3. Deletion of Data.

11.3.1. The Data Subject is entitled to request VAOVA the deletion (removal) of his/her Personal Data, particularly when he/she:

a) Considers that the information is not being Processed in compliance with the principles, duties, and obligations provided for in Law 1581 of 2012, its complementary regulations and/or this Policy.

b) The Personal Data have ceased to be necessary or pertinent for the purposes for which it was collected.

c) The period necessary to fulfill the purposes for which the data were collected has elapsed. This deletion implies the personal information’s total or partial removal from VAOVA’s records, files, databases or Processing, pursuant to the Data Subject’s request.

11.4. Revoke of Authorization.

 11.4.1. The Data Subject may revoke his/her consent to the Processing of the Personal Data at any time, provided that no legal provision prevents him/her from doing so.

12. Information Security

12.1. Pursuant to the security principle, VAOVA has adopted reasonable technical, administrative, and human measures to protect the Data Subjects’ information and prevent any adulteration, loss, consultation, use, or unauthorized or fraudulent access. Access to Personal Data is restricted to its Data Subjects and VAOVA will not allow access to this information by third parties, except with the Data Subject’s express request or that of any persons entitled to do so in accordance with the domestic legal regulations.

13. Effective date of applicability and period of the databases

13.1. This Policy shall be applicable and therefore mandatory for VAOVA its employees, officers and for the third parties and contractors to whom the Personal Data may be transmitted in case of authorization of the Data Subject, as of its publication on VAOVA’s web page on [insert date] Any material change to this Policy will be informed through our website www.vaovatravel.com 

13.2. The term of the authorizations to Process Personal Data is understood to be equal to that of the business relationship or employment term and for the validity of the corporate purpose of the company, except in the cases specifically excluded by law or in the cases of Personal Data erase set forth in this Policy.

Client's authorization for personal data processing

Authorization for the Processing of Personal Data.

By clicking on ACCEPT, the user, identified with the data provided on this web page, grants prior, free, express and informed authorization to VAOVA S.A.S ; (hereinafter the “Controller” or “VAOVA”), to carry out the Processing of his/her Personal Data included in this form. Such Personal Data shall be processed exclusively for the purposes outlined in section 6.3.3. of VAOVA’s privacy and personal data processing policy. Also, your Personal Data shall be Processed in acordance with the terms and conditions set in such VAOVA Privacy and Personal Data Processing Policy and in Law 1581 of 2012 and its regulatory decrees which also contain your rights as Data Subject. For the purposes required by the Law, VAOVA has designated the Sales Management department for the attention of the issues related with the Processing of the Data Subjects’ Personal Data. Therefore, the Data Subjects may address any issue regarding their Personal Data to this office either through the email address treksinfo@vaovatravel.com or through filing in the adress Carrera 11 # 93A -53 Of. 501 in Bogotá, D.C.