Privacy Policy Privacy
GENERAL CONSIDERATIONS
OBJECTIVE
DEFINITIONS
- Authorization: Prior, express and informed consent of the data owner to carry out the processing. This may be written, verbal or through unequivocal conduct that allows the reasonable conclusion that the data owner granted authorization.
- Data Base: It is the organized set of Personal Data that are subject to processing, electronic or not, whatever the modality of its formation, storage, organization and access.
- Consultation: Request from the owner of the data or from the persons authorized by the owner or by law to know the information about him/her in databases or files.
- Personal data: Any information linked or that can be associated to one or several determined or determinable natural persons. These data are classified as sensitive, public, private and semi-private.
- Sensitive personal data: Information that affects the privacy of the person or whose misuse can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights or promoting the interests of any political party or to ensure the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data (fingerprints, among others). For the purposes of this policy, TURASER warns the optional nature of the owner of the personal data to provide such information in cases in which, eventually, may be requested.
- Public personal data: It is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Public data includes, among others, the data contained in public documents, public records, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality, those relating to the marital status of individuals, their profession or trade and their status as merchants or public servants. Likewise, public data are those which, by virtue of a decision of the owner or a legal mandate, are in files of free access and consultation. This data may be obtained and offered without any reservation whatsoever and regardless of whether it refers to general, private or personal information.
- Private personal data. It is data that, due to its intimate or reserved nature, is only relevant to the person who owns it. Examples: merchants' books, private documents, information extracted from the inspection of the domicile.
- Semi-private personal data. Semi-private is data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of persons or to society in general, such as, among others, data referring to the fulfillment or non-fulfillment of financial obligations or data relating to relations with social security entities.
- Data Controller: Person who by himself or in association with others, decides on the database and/or the processing of the data.
- Data processor: Person who carries out data processing on behalf of the data controller.
- Be "Authorized".is TURASER and all persons under the responsibility of the same, which by virtue of the authorization and the Policy have legitimacy to submit to processing the personal data of the holder. The Authorized includes the gender of the Entitlees.
- "Habilitation" or be "Entitled" or "Entitled"is the legitimacy expressly and in writing by contract or document that takes its place, granted by TURASER to third parties, in compliance with applicable law, for the processing of personal data, making such third parties in charge of the processing of personal data provided or made available.
- Claim: Request from the owner of the data or the persons authorized by the owner or by law to correct, update or delete their personal data or when they notice that there is an alleged breach of the data protection regime.
- Data subject: It is the natural person to whom the information refers.
- Processing: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or deletion of that kind of information.
- Transmission: Processing of personal data that involves the communication of personal data within (domestic transmission) or outside the country (international transmission) and that aims at the performance of a processing by the processor on behalf of the controller.
- Transfer: The transfer of data takes place when the controller and/or processor of personal data, located in the country, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The processing of personal data must be carried out in compliance with the general and special rules on the subject and for activities permitted by law. Consequently, the following principles apply for the purposes of this policy:
- Principle of legality: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.
- Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the Law.
- Principle of freedom: The treatment can only be exercised with the consent, prior, express and informed consent of the holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves consent.
- Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.
- Principle of transparency: In the processing, the holder's right to obtain from the controller, at any time and without restriction, information about the existence of data concerning him/her must be guaranteed.
- Principle of restricted access and circulation: The treatment is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the owner and/or by the persons provided by law.
- Principle of security: The information subject to Processing by the Data Controller or Data Processor referred to in this law, shall be handled with the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.
- Principle of confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, including after the end of their relationship with any of the tasks comprising the processing, and may only supply or communicate personal data when this corresponds to the development of the activities authorized in this law and under the terms of the same.
Any new project within the Organization that involves the Processing of Personal Data must be consulted with the Information Technology Management, which is the person and unit in charge of the data protection function to ensure compliance with the policy and the necessary measures to maintain the confidentiality of personal data.
RIGHTS OF DATA SUBJECTS
In accordance with the legal provisions in force, the rights of the holders of personal information are the following:
- Right to know, update, rectify, consult your personal data at any time against TURASER regarding the data it considers partial, inaccurate, incomplete, fractioned and those that mislead.
- Right to request at any time a proof of the authorization given to TURASER except in those cases where the Controller is legally released from having authorization to process the owner's data.
- Right to be informed by TURASER upon request of the owner of the data, regarding the use that has been given to them.
- Right to revoke the authorization and / or request the deletion of any data when you consider that TURASER has not respected their rights and constitutional guarantees.
- Right to access free of charge to the personal data you voluntarily choose to share with TURASER.
The information and/or personal data we collect from you are as follows:
Type of person:
Natural: first and last names, type of identification, identification number, gender, marital status and date of birth, e-mail, financial data (bank accounts).
Legal: company name, RIF, address, telephone, cell phone, e-mail, country, city, financial data (bank accounts).
Information necessary to facilitate travel or other services, including preferences such as class of travel, names and surnames of passengers (type of document, document number, date of birth, name, surname, gender, email, nationality, passport expiration date), contacts in case of accident or any other anomaly (names and surnames, telephone).
Cardholder data: type of document, document number, telephone, address, email, names, card number, expiration date and bank.
Request for quotation: names, surnames, telephone numbers, city and email.
Trip information: type of request, destination, departure date, duration, number of adults, number of children, hotel category, food, additional services, transportation service, budget per person.
Chat "online help": name, email, phone, what is your question?
Claim request: names, surnames, ID number, address, telephone numbers, city, email and comments.
Report technical problems: first names, last names, address, phone numbers, city, email and comments.
Biometric data: images, video, audio, fingerprints that identify or make identifiable our customers, users or any person who enters or is or transits in any place that TURASER has implemented devices to capture such information.
This data may be stored and/or processed in servers located in data processing centers, either our own or contracted with suppliers, located in different countries, which is authorized by our customers/users, by accepting this policy of treatment and protection of personal data.
For more information about the companies that are part of the Turaser group of companies, their identity, addresses and contact information, please visit the following e-mail address http://www.turaser.com.
TURASER reserves the right to improve, update, modify, delete any information, content, domain or subdomain, which may appear on the website, without any obligation of notice, being understood as sufficient with the publication on the websites of TURASER. For the solution of legal or internal requests and for the provision or offering of new services or products.
TREATMENT, SCOPE AND PURPOSES
TURASER informs owners that the data collected from our customers, contractors and suppliers may be used for the following purposes. The treatment may be carried out by TURASER directly or through its contractors, consultants, advisors and / or third parties responsible for the processing of personal data, to carry out any operation or set of operations such as the collection, storage, use, circulation, deletion, classification, transfer and transmission (the "Treatment") on all or part of their personal data:
- The support of the contractual relationship established with TURASER. b. The provision of services related to the products and services offered. c. The performance of all activities related to the service or product, will be included in a mailing list for sending the newsletter. d. Send information about changes in the conditions of the services and products purchased, and notify you about new services or products. e. Manage your requests, clarifications, and inquiries.
- Elaborate studies and programs that are necessary to determine consumption habits g. The fine-tuning of security filters and business rules in commercial transactions; confirming, processing such transactions, with your financial institution, with our service providers and with yourself. h. Conduct periodic evaluations of our products and services in order to improve the quality of our products and services . i. The sending, by traditional and electronic means, of technical, operational and commercial information on products and services offered by TURASER, its partners or suppliers, now and in the future. j. The request for satisfaction surveys, which is not obliged to answer. k. The transmission and / or transfer of data to other companies, business alliances or third parties in order to fulfill the obligations acquired. The transmission and transfer may be made even to third countries that may have a different level of protection with respect to the country, when necessary for the fulfillment of our obligations. l. To comply with obligations undertaken by TURASER with its customers at the time of acquiring our services and products. m. Respond to inquiries, requests, complaints and claims that are made by regulatory agencies and other authorities that under applicable law must receive personal data. n. Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of TURASER. o. Make inquiries in various databases and authorized sources (such as BIN lists, UN, among others) necessary for the control and prevention of fraud or crimes related to money laundering, according to our policies of prevention and risk management.
- The processing of personal data will be carried out with the prior authorization of the owner of the data, except in the events in which the data is of a public nature. For this purpose, an authorization form has been implemented for the processing of data, which must be filled out by the owner of the information at the very moment in which he/she submits his/her personal information. This authorization explains the scope and purposes of the processing of personal data, alludes to the authorization by another, the data of minors and sensitive data, and also defines the channel of attention of the owners who wish to exercise their rights under the habeas data and indicates the place where this policy is hosted. For the purposes of advancing the processing of data, TURASER employs all activities aimed at preserving the confidentiality of information.
Authorization will be obtained through any means that may be subject to subsequent consultation, such as the web page, forms, formats, face-to-face activities or through social networks, etc. Authorization may also be obtained from unequivocal conduct of the data owner that allows the reasonable conclusion that he/she granted authorization for the processing of his/her information.
III. If you provide us with personal information about a person other than yourself, such as your spouse or a co-worker, we understand that you have the authorization of such person to provide us with their data; and we do not verify, nor assume the obligation to verify the identity of the user/customer, nor the veracity, validity, sufficiency and authenticity of the data provided by each of them. By virtue of the above, we do not assume responsibility for damages or prejudices of any nature that could have origin in the lack of veracity, homonymity or the impersonation of the identity information.
- Certain services or products provided on the website www.turaser.com, and in any of the portals of the companies of Grupo Empresarial Turaser and its equivalents, may contain special conditions with specific provisions on the protection of Personal Data. VI. The Personal Data collected will be processed manually or automatically and incorporated into the relevant files or databases (hereinafter, the "File") of TURASER, either in the capacity of data processor and data protection officer. To determine the term of the treatment will consider the rules applicable to each purpose and the administrative, accounting, tax, legal and historical aspects of the information.
VII. When at the time of providing the service the holder is accompanied by minors or persons considered disabled, and in which the collection of personal data occurs, TURASER always request the authorization of whoever has the legal representation of the minor. However, if personal information of the population mentioned here is delivered without being the legal representative, you represent that you have the authorization of the respective legal representative, directly assuming the responsibility that this entails. TURASER will strive to ensure that at all times respect the rights of the same, and their best interests and prevailing. The representative must guarantee the right to be heard and assess their opinion of the treatment taking into account the maturity, autonomy and capacity of minors. The representatives are informed of the optional nature of answering questions about minors' data. The data of minors, included in a special category of protection, will be treated in accordance with the provisions of the applicable legislation on the subject and in accordance with the provisions of our personal data policy.
VIII. The companies of the Business Group TURASER have adopted the security levels of protection of personal data legally required, and has installed all the technical means and measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and illegitimate theft of personal data provided to TURASER however, the owner should be aware that Internet security measures are not unbreakable.
- If you choose to delete your information, to the extent permitted by law, we will retain certain personal information in our files for the purposes of accounting and tax identification of transaction data, fraud prevention, dispute resolution, investigating disputes or incidents, enforcing our terms and conditions of use, and complying with legal requirements.
However, at the moment you decide to revoke your authorization, the hosted information will not be used for the purposes foreseen herein, only in the terms strictly necessary and defined in the previous paragraph.
- Safety Risks you should be aware of when performing
transactions on the Internet:
- It is possible that a user may be tricked by means of e-mails or some DNS server deception, to visit a fake site with the same design, but where the card data are loaded into the fake system, stealing information from the cardholder. Therefore, it is important to generate the culture that users should enter directly through known domains to reduce risks. b. It is possible that the computer where the user is performing the transaction, has installed without prior knowledge, some spy or malicious software that captures everything typed on the keyboard or captures information from input devices and sent to a network or host on the Internet. Therefore, it is recommended that the transaction be made on the computer at home or at the office. c. It is possible that the owner may be impersonated if the owner denies having sent and/or received the transaction and it is used by a third party. d. It is recommended that the computer where electronic transactions are made has an updated and active antivirus to mitigate the risks of fraud.
- If the personal information was collected or provided prior to May 30, 2020 and you did not express your opposition to the transfer of your personal data, it will be understood that you have given your consent. In the event that you wish to ratify your consent or express your refusal, you can do so by sending an e-mail to fit@turaser.com.
XII. Like other websites, TURASER uses certain technologies, such as cookies and device fingerprinting, which allow us to make your visit to our site easier and more efficient, providing a personalized service and recognizing you when you return to our site. For the purposes of this Privacy Notice "cookies" will be identified as text files of information that a website transfers to the hard drive of the users' computer in order to store certain records and preferences.
- Websites may allow advertising or third party features
to send "cookies" to the computers of the owners. b. Cookies are only associated with an anonymous user and your computer, and do not themselves provide the name and surname of the same, in many cases, you can browse any of TURASER websites anonymously. When you access any TURASER website, your IP address (the Internet address of your computer) is recorded to give us an idea of which parts of the website you visit and how much time you spend in each section. We do not link your IP address to any personal information about you, unless you have registered with us and logged in using your profile. c. Therefore, in certain applications TURASER may recognize users after they have registered for the first time, without them having to register on each visit to access areas and services or products reserved exclusively for them. d. In other services it will be necessary to use certain access keys, and even the use of a digital certificate, in the characteristics to be determined. e. The cookies used can not read cookie files created by other providers. TURASER encrypts the user's identification data for added security. f. To use the TURASER website, it is not necessary for the user to allow the installation of cookies sent by TURASER, notwithstanding that in this case it will be necessary for the user to register for each of the services whose provision requires prior registration.
NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA
TURASER may transfer data to other data controllers when authorized by the owner of the information or by law or by an administrative or judicial order.
INTERNATIONAL AND NATIONAL TRANSMISSION OF DATA TO DATA PROCESSORS
TURASER may send or transmit data to one or more managers located within or outside the Republic of Venezuela in the following cases: a) When authorized by the owner and b) when without having the authorization exists between the Controller and the manager a contract for the transmission of data .
DUTIES OF THE DATA CONTROLLER
- Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
- Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the holder.
- Duly inform the owner about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
- Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
- To process the consultations and claims formulated under the terms set forth in this law.
- Adopt an internal manual of policies and procedures to ensure adequate compliance with this law and, in particular, for the handling of inquiries and complaints.
- Inform upon request of the owner about the use given to their data.
- Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the owners.
- Comply with the instructions and requirements issued by the regulatory agency.
DUTIES OF THE DATA CONTROLLERDUTY OF THE DATA PROCESSORS
- Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
- Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
- Timely updating, rectification or deletion of data under the terms of this law.
- Update the information reported by the data controllers within five (5) business days of receipt.
- To process the consultations and claims formulated by the owners under the terms set forth in this law.
- Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the attention of inquiries and complaints by the owners.
- Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the regulatory body.
- Allow access to information only to those who can access it.
- To inform the regulatory entity when there are violations to the security codes and there are risks in the administration of the information of the holders.
- Comply with the instructions and requirements issued by the regulatory agency.
PETITIONS, COMPLAINTS AND CLAIMS
For the purpose of receiving requests, complaints and inquiries related to the handling and processing of personal data, TURASER has assigned the email servicioalcliente@turaser.com, to channel, study and answer them.
Consultations: The holders or their successors may consult the personal information of the holder that is in our database. TURASER will provide them with all the information contained in the individual record or that is linked to the identification of the holder. The query will be answered within a maximum period of ten (10) working days from the date of receipt thereof. When it is not possible to answer the consultation within such term, the interested party will be informed and the date on which the consultation will be answered will be indicated, which in no case may exceed five (5) business days following the expiration of the first term.
Claims: The holder or his assignees who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with TURASER, which will be processed under the following rules:
- The claim shall be made by request addressed to TURASER with the identification of the owner, the description of the facts giving rise to the claim, the address, and accompanying documents you want to assert. If the claim is incomplete, TURASER require the person concerned within five (5) days of receipt of the claim to correct the faults. After two (2) months from the date of the requirement, if the applicant does not submit the required information, it will be understood that the claim has been withdrawn.
- Once the complete claim has been received, a legend will be included in the database stating "claim in process" and the reason for the claim, within a term no longer than two (2) business days. Said legend shall be maintained until the claim is decided.
- The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed and the date on which the claim will be addressed will be indicated, which in no case may exceed eight (8) business days following the expiration of the first term.
- In any case, the holder or assignee may only file a complaint with the regulatory body once it has exhausted the consultation process or complaint to TURASER.
- The area responsible for receiving and processing complaints is the Information Technology Management.
- The request for deletion of information and revocation of authorization will not proceed when the holder has a legal or contractual duty to remain in the database.
DATA OF THE PERSON IN CHARGE OF THE TREATMENT
Data controller dataTuraser USA Corp.
Address: 8725 NW 18TH TERRACE, Doral, Florida 33131
E-mail: reservas@turaser.com
Website: www.turaser.com
QUESTIONS OR SUGGESTIONS
If you have any questions or queries about the process of collection, processing or transfer of your personal information, or consider that the information contained in a database should be subject to correction, updating or deletion please send us a message to the following email account: servicioalcliente@turaser.com.
For more information about TURASER, identity, address and forms of contact can be found at the following address www.turaser.com. This website has with itself the terms and conditions applicable to the services and products published which can be consulted at any time for more information.
CURRENT
TURASER reserves the right to amend this policy to adapt to new legislation or case law, as well as good practice in the tourism sector and other sectors of the economy that are part of the business group. In such cases, TURASER announce on this page the changes made with reasonable notice before its implementation.
This policy was amended and posted on Turaser's websites on May 28, 2020 and is effective as of the date of posting. It was last updated on May 30, 2020.