In accordance with the provisions of the law, grupocun handles your data with the following guidelines:
When you use grupocun services through any of our sales channels, websites, application for mobile phones and tablets, call center, branches, etc. grupocun collects certain personal data to be used later.
At grupocun we are committed to protecting your privacy and ensuring that your personal data is treated in accordance with applicable law and the best practices in the market. We are transparent about our practices and are available to answer any questions about them. Below, we detail the principles that guide the way in which grupocun treats your personal data:
• When personal data is no longer necessary and we have no legal obligation to store it, our intention will be to delete, destroy or anonymize it.
• Our intention is to collect the least amount of personal data necessary, collecting only those necessary to fulfill the purposes set out in this Policy.
Terms important for you to understand the protection we give to your personal data, the limits of our processing of your personal data and your rights:
• Owner: you are the owner of your personal data.
• Personal data: information that identifies or leads to the identification of a holder. Examples of personal data are your full name, telephone number, identification number and postal address.
• Controller: person responsible for making decisions related to the processing of personal data of the holders. For the purposes of this Policy, it will be grupocun.
• Processing: any operation carried out with personal data, which may include collection, access, analysis, transfer, storage, anonymization, deletion, etc.
• Anonymization: process of depersonalization of personal data by eliminating any association of this information with the holders to whom they refer.
The law gives you certain rights in relation to your personal data, which may be exercised as indicated in this Policy. The following are your main rights in relation to your personal data:
• Consult if your personal data is processed by grupocun.
• Obtain information about the way in which your personal data is processed.
• Correct incomplete, inaccurate or outdated data.
• Request the anonymization, blocking or deletion of personal data that is unnecessary, excessive or that is being processed in violation of the law.
• Know which public and private entities have access to your personal data through grupocun.
• Revoke your consent to the processing of your data and be informed of the consequences of such revocation.
• Revoke your consent to the collection of new personal data.
1. What personal data do we collect?
GrupoCUN collects and stores a) the personal data that the user provides us, b) personal data obtained from third parties, including public data, and c) personal data collected automatically by our platform, as described below:
a) Personal data that the user provides us.
b) Personal data obtained from third parties, including public data.
To the extent permitted by law, and in particular the legislation on the protection of personal data, grupocun may also obtain personal data about you from its affiliates, business partners, suppliers and other third-party sources – such as public databases, information collected during a telephone conversation with the call center and/or through interactive applications. Personal data obtained from third parties will be combined with other personal data held by you.
c) Personal data collected automatically by our platform.
Grupocun automatically collects and stores certain browsing data from users. Browsing data includes: IP addresses, Uniform Resource Identifiers (URIs), request times, methods used to send requests to the server, size of files received in response, numerical codes indicating the status of the server’s response, and other parameters related to the user’s operating system and computing environment. Computer systems and programs designed to navigate websites collect during their use certain data whose transmission is necessary for the use of Internet communication protocols. As a rule, this information is not gathered to identify users, but, given its nature, it may allow that identification by associating it with other data. Likewise, for our websites to function properly, grupocun uses its own and third-party cookies.
2. What is our policy on cookies and web beacons?
• Technical cookies: they are necessary to ensure the functioning of the website and cannot be deleted. They are determined in response to actions taken by you, such as your privacy preferences, login, service requests or filling out forms.
• Functional cookies: their function is a more advanced personalization of the user’s session than that allowed by technical cookies.
• Analytical cookies: they allow to see the surfing behavior of visitors on the website, with the aim of improving the user experience. The captured data is aggregated and anonymized.
• Advertising cookies: These are third-party cookies (e.g. Google and Facebook) that collect information about your preferences and choices on the website. They are intended for ad networks, which later use them to show you personalized advertising on other websites.
3. What do we use the personal data we collect for?
Grupocun uses the personal data collected for the following purposes:
• Manage your tourist reservation, carry out the transactions you have initiated and process invoices or other tax documentation related to your reservation. In addition, we keep the reservation history in our database.
• Offer you products and services, individually or jointly with third parties.
• Manage your requests and respond to your questions or comments.
• Perform internal analysis regarding sales and / or consumption patterns.
• Measure the satisfaction of our customers with our products, services and attention.
• Comply with our legal obligations, including cooperating with any request from public bodies protected by law.
• Send you confirmation and updates about your trip, as well as any relevant information about it. This information may be sent via email, SMS, WhatsApp or other instant messaging service to the means of contact provided by you. These messages may contain (but are not limited to) information about grupocun services, as well as contact details of suppliers that could help your travel experience.
• Contact you to provide customer service, conduct surveys, statistics or analysis on consumption habits or preferences. • Send special offers and information to participate in contests and sweepstakes, in our loyalty program.
• In order to offer better services or provide its users with information related to their preferences, grupocun may also develop internal studies on the interests, behaviors and demographics of users, to better understand their needs and interests, improve our commercial and promotional initiatives, personalize their contents, their presentation and services and / or show advertising or promotions of interest to users, For which purpose GrupoCUN will only use anonymized data.
• Likewise, grupocun uses debit or credit card information (such as the name of the cardholder, card number and expiration date) only to arrange the travel reservations you make, including sending your data to the final service providers to manage your reservations and / or purchase requests. You can choose to have grupocun remember certain card and billing information, which will appear automatically when entering grupocun’s online Sales Channels.
• Finally, grupocun may use the user’s personal data to provide payment processing or fraud prevention services in favor of its related companies or third parties.
4. With whom do we share the personal data we collect?
5. Where do we store and how do we protect the personal data collected?
All personal data is collected and stored on servers physically located in the United States of America. grupocun may relocate these servers in any other country and may store personal data in the United States of America or in other countries, for backup purposes. By accepting this Policy, you give your unequivocal consent for grupocun to transfer your personal data to any country in the world. We guarantee that personal data transferred abroad will be protected. In any case, grupocun undertakes to ensure that the legally required standards for the protection and safeguarding of your personal data are met, by signing agreements whose purpose is the protection of the privacy of your data. Grupocun has tools to protect your personal data from unauthorized access by third parties. We take appropriate security measures to prevent unauthorized access, alteration, disclosure or destruction of your data. These measures include internal analyses of our data collection, storage and processing practices. With the measures we take, we can ensure that we will prevent security breaches that affect your personal data to the greatest extent possible. However, we recognize that there are risks inherent in the use of the Internet and understand that we cannot completely eliminate them. In any case, we guarantee that the protection of your personal data is one of our priorities and that, in the event of an incident, we will take all possible measures to minimize any damage.
6. How can the personal data collected be accessed, deleted, rectified and/or updated?
When you make purchases or register as a user in grupocun, you may choose to receive promotional circulars, messages or alerts about offers. In each message we send you you the opportunity to unsubscribe. Please note that the exercise of the right to opt out applies to promotional circulars, messages or alerts about offers. However, you will continue to receive communications regarding the status of your active reservations. Likewise, grupocun will keep certain personal data of yours in order to resolve disputes or claims, detect problems or incidents and solve them, and comply with the provisions of the General Terms and Conditions for the period of time determined by law. In addition, a user’s personal data may not be immediately deleted from our files for technical reasons, including security support systems.
• By sending a request by email to the address email@example.com In your request you must indicate your full name and prove your identity. Likewise, in the event that you make the request on behalf of a third party, you must prove your powers of representation. grupocun may request additional information or documentation to verify your identity or to specify your request, such as a copy of your national identity document, indication of your email and postal address that you designate for notifications and a contact telephone number; and clear and precise description of the personal data with respect to which you seek to exercise the right, as well as the documents that support the request. Once the detailed requirements have been met, and whenever it is appropriate to place the order, grupocun will inform you if it has proceeded to give rise to it or if it has been rejected. Unless a different period is indicated in the special clauses by country, grupocun will have 10 (ten) business days from receipt of the complete request to send a response in case of a request for access, and 5 (five) business days if you request the rectification, updating or deletion of personal data.
• Additionally, you may access, update and correct your registration information at any time by accessing “My Profile” under “My Account” or “My Booking” on our website or app. In turn, by accessing “Emails and Alerts” in “My account” or “My reservation”, you can choose which emails you want to receive. Please note that you are responsible for providing up-to-date, correct and authentic personal data.
7. How does grupocun interact with your social networks?
When registering with grupocun you are asked to choose a user ID and password (i.e. access a personal account). Also, grupocun le allows access to your personal account through your Facebook account or other social networks that are compatible in the future. Also, as part of the functionality of the Online Sales Channels, and to provide a more personalized experience, you can link your account with Social Networks by providing the login information of your Social Network account through the website or the grupocun application, or by allowing grupocun to access your Social Network account, as permitted in the applicable terms and conditions governing your use of each Social Network. You declare that you have the right to disclose the login information of your Social Network to grupocun and / or grant access to grupocun to your account, without this implying a breach on your part of any of the terms and conditions governing your use of the corresponding Social Network and without grupocun being obliged to pay any fee or respect any limitations of use imposed by the Social Network’s third-party service providers. By granting grupocun access to any Social Network, you understand that grupocun will access, make available and store (if applicable) all the contents of the Social Network that you have authorized to be available on our websites and / or applications. Depending on the Social Networks you choose and subject to the privacy settings you have set on such accounts, the personally identifiable information you post on your Social Networks will be available in and through your groupgroup account on our websites and/or applications. Please note that if a Social Network becomes unavailable, or if the third party service provider blocks group access to such Social Network, the contents of the Social Networks will no longer be available on our websites and applications. If you register on the grupocun website through your personal social network account (the “Personal Account”), you agree that grupocun may access the information contained in your Personal Account, including your personal data, information about your interests, preferences, contacts and any content available in your Personal Account.
PLEASE NOTE THAT YOUR RELATIONSHIP WITH THIRD PARTY SERVICE PROVIDERS IS GOVERNED SOLELY BY THE AGREEMENTS YOU HAVE WITH SUCH THIRD-PARTY PROVIDERS.
grupocun websites and/or applications may contain links to other websites that have their own privacy policies. Therefore, we recommend that if you visit other websites, we carefully review their privacy and confidentiality policies, since this Policy does not cover the practices or policies of third parties, including those that may disclose and / or share information with grupocun. If you lose control of your account or password access to the Social Media may lose control of your personal data and could be subject to legally valid transactions carried out on your behalf. Therefore, if for any reason your password becomes compromised, you should immediately: change it, modify your registration information, and contact us through any channel.
Special clauses for Mexico.
a) Identification: all those that allow to identify the Owner.
b) Contact: all information that allows to maintain or contact with the Owner.
c) Patrimonial and financial: all those that allow to know the forms of payment that the Owner will use for the payment obligations that it assumes through the Sales Channels.
d) Historical: all those related to your travel history, places of stay, contracted services, travel companions or products purchased, the level of satisfaction with them, as well as your browsing habits or preferences that the Owner himself expresses.
e) Personal characteristics: all those data obtained through the photographs, videos, audios or other content that the Owner makes public on their social networks provided that in some way it labels or refers to the Responsible or the brands of which it is the owner or participating in any type of campaign that the Responsible controls.
f) In addition to all of the above, the Owner is informed that the Responsible will not collect or process sensitive Personal Data, as defined in the Federal Law on Protection of Personal Data Held by Private Parties, so you are invited not to provide them by any means and, in case that, despite our invitation, these are communicated to the Responsible, who will proceed to cancel them.
g) For the purposes of this section, “Treatment” shall mean the collection, use, disclosure or storage of Personal Data by any means.
II. What do we do with the Owner’s Personal Data?
1. Primary purposes. The Responsible will process your data for the following purposes that give rise and that are necessary for the existence, maintenance and fulfillment of the legal relationship between the Responsible and the Owner:
a) Manage your tourist reservation, carry out the transactions that the Owner has initiated and process payments and invoices or other tax documentation related to your reservation.
b) Analyze, verify and / or corroborate that the Owner has sufficient capacity and powers to sign a contract with the Responsible or be bound through another legal instrument with the Responsible regarding the services provided.
c) Analyze, verify and / or corroborate that the means of payment provided by the Owner is legitimate or has sufficient funds to and comply with the payment obligations that result in its charge of products or services that it acquires or contracts, respectively, through the platform of the Responsible.
d) Keep the reservation history in our database to be able to solve any doubt through customer service.
e) Maintain a customer identification file on the Owner.
f) Manage your requests and respond to your questions or comments.
g) Send you confirmation and updates about your trip, as well as any relevant information about it. This information may be sent via email, SMS, WhatsApp or other instant messaging service to the means of contact provided by you. These messages may contain (but are not limited to) information about grupocun services, as well as contact details of suppliers that could help your travel experience at destination.
h) Comply with our legal obligations, including cooperating with any request from public bodies protected by law. As well as exercising the corresponding judicial or extrajudicial actions to demand compliance with the contracts that the Owner makes through the platform of the Responsible.
i) Provide information to third party providers involved in the provision of services or sale of products offered through the platform of the Responsible.
2. Secondary purposes. The Responsible will process your Personal Data for the following purposes that do not give rise and are not necessary for the existence, maintenance and fulfillment of the legal relationship between the Responsible and the Owner:
a) Offer you products and services, individually or jointly with third parties, in addition to those you have already contracted through the Responsible platform.
b) Perform internal analysis regarding sales and/or consumption patterns.
c) Measure the satisfaction of our customers with our products, services and attention.
d) Contact the Owner to provide customer service, conduct surveys, statistics or analysis on consumption habits or preferences.
e) Send special offers and information to participate in contests and sweepstakes, in our loyalty program.
f) Develop internal studies on the interests, behaviors and demographics of users, to offer better services or provide users with information related to their preferences, better understand their needs and interests, improve our commercial and promotional initiatives, personalize their contents, presentation and services and / or show advertising or promotions of interest to users.
g) Whenever you choose to do so, remember certain data of your means of payment and billing data, to facilitate purchases, contracts and / or future billing through the Sales channels, as appropriate.
h) Provide fraud prevention services in favor of its related companies or third parties.
It is made known to the Owner that the mechanism that the Responsible has implemented for the Owner to express its refusal to process their Personal Data in accordance with the purposes included in numeral 2 of this subsection, consists of sending a request under the heading of “Refusal of Processing of Secondary Personal Data”. The Owner must address the Address or email address firstname.lastname@example.org, observing the requirements indicated in the subsection of “IV. How are the ARCO Rights and other rights of the Owner exercised?” of these Privacy Policies.
III. What are the purposes that justify the Transfers of Personal Data?
IV. How are the ARCO Rights and other rights of the Owner exercised?
V. When is your personal data deleted from our systems?
In the event that the Owner does not exercise his ARCO rights in the terms established in the previous paragraph, it is made known that the Responsible will eliminate his personal data within a maximum period of 10 (ten) years from the conclusion of the commercial relationship between the parties, in accordance with the provisions of the law.
VI. Disabling Cookies
Internet Explorer https://support.microsoft.com/es-mx/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=es