Policies

To comply with the obligations contracted by AVIANET with the workers who own the information, in relation to the payment of salaries, social benefits, and others established in the employment contract and current labor regulations.

Inform the employee of any new developments that arise during the course of the employment contract and even after its termination.

Evaluate the quality of the services we provide.

Conduct internal studies on the habits of the employee who owns the information or request personal information for the development of management programs or systems.

Perform the payroll deductions authorized by the employee.

Manage your requests, administer activities, provide clarifications, and conduct investigations.

Marketing and sales of our products and services.

The sending, by traditional and electronic means, of technical, operational and commercial information on products and services offered by associates or suppliers, currently and in the future.

Develop studies and programs that are necessary to determine consumption habits.

To transmit and/or transfer data to other companies, business partners, or third parties in order to fulfill our obligations. This transmission and transfer may even be made to third countries that may have a different level of data protection than Colombia, when necessary for the fulfillment of our obligations.

The request for surveys, which the worker is not obliged to answer.

To transfer, either by transmission or transfer, the information received to all judicial and/or administrative entities when necessary for the fulfillment of duties as an employer to comply with obligations related to labor, social security, pensions, occupational risks, family compensation funds (Comprehensive Social Security System) and taxes.

Transferring the employer's personal information to third parties who legitimately have the power to access such information, which includes, but is not limited to, companies of the Aviatur Ltda. Business Group.

To properly deliver, by way of transmission or transfer, the personal information of the worker to all entities that have a relationship with the compliance of the responsible party in their capacity as employer.

Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of AVIATUR and its labor obligations acquired by virtue of the execution of the employment contract or by operation of law.

Conduct consultations in various databases and authorized sources (such as OFAC lists, UN, among others) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our prevention and risk management policies - SARLAFT.

The processing of personal data will be carried out with the prior authorization of the data subject, except in cases where the data is publicly available. For this purpose, a data processing authorization form has been implemented, which must be completed by the data subject at the time they provide their personal information. This authorization explains the scope and purposes of the personal data processing, addresses authorization by a third party, the processing of data concerning minors and sensitive data, defines the channel for data subjects who wish to exercise their rights under habeas data law, and indicates where this policy is located. To carry out data processing, AVIANET employs all measures aimed at maintaining the confidentiality of the information.

Authorization will be obtained through any means that can be subsequently verified, such as the website, forms, formats, in-person activities, or social media, etc. Authorization may also be obtained from the unambiguous conduct of the data subject that reasonably allows the conclusion that they granted authorization for the processing of their information.

If you provide us with personal information about someone other than yourself, such as your spouse or a coworker, we understand that you have that person's authorization to provide us with their data. We do not verify, nor do we assume the obligation to verify, the identity of the user/client, nor the truthfulness, validity, sufficiency, or authenticity of the data they provide. Therefore, we assume no responsibility for damages or losses of any kind that may arise from inaccuracies, name discrepancies, or identity theft.

Since AVIANET belongs to the Aviatur Business Group, your personal information may be shared with other companies within the group, business partners, and/or third-party providers (including flight, hotel, and car reservation systems, transaction security validators, banks, financial networks, and tourism services). These processes may take place in locations different from where the purchased tourism service or product is contracted, for the same purposes indicated for the collection of your personal data. These entities are obligated to comply with the corresponding confidentiality, transmission, or transfer agreements.

The Personal Data collected will be processed manually or automatically and incorporated into the corresponding files or databases (hereinafter, the "File"), either as the data processor or the data controller. The processing period will be determined taking into account the regulations applicable to each purpose and the administrative, accounting, tax, legal, and historical aspects of the information.

When the service is provided to a minor or a person with a disability, and their personal data is collected, AVIANET will always request authorization from the minor's legal representative. However, if you provide personal information of the aforementioned individuals without being their legal representative, you represent that you have the authorization of the respective legal representative, directly assuming the corresponding responsibility. AVIANET will strive to ensure that their rights and best interests are respected at all times. The representative must guarantee their right to be heard and consider their opinion regarding the processing of their data, taking into account the maturity, autonomy, and capacity of the minors. Representatives are informed that answering questions about the data of minors is optional. The data of minors, which falls under a special protection category, will be processed in accordance with applicable legislation and our personal data policy.

The companies of the Aviatur Business Group have adopted the legally required levels of security for the protection of personal data, and have installed all the technical means and measures at their disposal to prevent the loss, misuse, alteration, unauthorized access and illegitimate removal of the personal data provided to AVIANET; however, the data subject should be aware that security measures on the Internet are not unbreakable.

If you choose to delete your information, to the extent permitted by law, we will retain certain personal information in our files for accounting and tax purposes to identify transaction data, prevent fraud, resolve disputes, investigate conflicts or incidents, enforce our terms and conditions of use, and comply with legal requirements.

However, when you decide to revoke your authorization, the hosted information will not be used for the purposes provided herein, only in the terms strictly necessary and defined in the previous paragraph.

Security risks to consider when making online transactions:

It's possible for a user to be tricked through emails or DNS server spoofing into visiting a fake website that looks identical to the real one, but where their card details are entered into the fraudulent system, resulting in the theft of cardholder information. Therefore, it's crucial to promote the idea that users should only access known domains for online transactions to minimize these risks.

It is possible that the computer the user is using for the transaction may have spyware or malicious software installed without their knowledge. This software could capture everything typed on the keyboard or information from input devices and send it to a network or host on the internet. Therefore, it is recommended that the transaction be carried out on a home or office computer whenever possible.

It is possible that the account holder may impersonate the account holder if the holder denies having sent and/or received the transaction and it is used by a third party.

It is recommended that the computer used for electronic transactions has an updated and active antivirus program to mitigate the risk of fraud.

If your personal information was collected or provided before July 30, 2013, and you did not object to the transfer of your personal data, it will be understood that you have given your consent. If you wish to confirm your consent or express your objection, you may do so by sending an email to privacidad@aviasolucioneshoteleras.com.

Like other websites, AVIANET uses certain technologies, such as cookies and device fingerprinting, to make your visit to our site easier and more efficient, providing you with personalized service and recognizing you when you return. For the purposes of this Privacy Notice, "cookies" are defined as text files that a website transfers to a user's computer hard drive to store certain records and preferences.

Websites may allow third-party advertising or features that send "cookies" to the owners' computers.

Cookies are associated only with an anonymous user and their computer, and do not, by themselves, provide the user's name and surname. In many cases, you can browse any of AVIANET's websites anonymously. When you access any AVIANET website, your IP address (your computer's internet address) is recorded to give us an idea of which parts of the website you visit and how long you spend in each section. We do not link your IP address to any of your personal information unless you have registered with us and logged in using your profile.

Therefore, in certain applications AVIANET may recognize users after they have registered for the first time, without requiring them to register on each visit to access areas, services, or products reserved exclusively for them.

Other services will require the use of specific access keys, and even the use of a digital certificate, depending on the characteristics determined.

The cookies used cannot read cookie files created by other providers. AVIANET encrypts user identification data for added security.

To use the AVIANET website, it is not necessary for the user to allow the installation of cookies sent by AVIANET, although in that case it will be necessary for the user to register in each of the services whose provision requires prior registration.

NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA

AVIANET may transfer data to other data controllers when authorized by the data subject, by law, or by an administrative or judicial order.

INTERNATIONAL AND NATIONAL DATA TRANSMISSION TO PROCESSORS

AVIANET may send or transmit data to one or more processors located within or outside the Republic of Colombia in the following cases: a) When it has authorization from the data subject and b) when, without authorization, there is a data transmission contract between the controller and the processor.

DUTIES OF THE DATA CONTROLLER

To guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the holder.

Properly inform the data subject about the purpose of the collection and the rights they have by virtue of the authorization granted.

Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use or unauthorized or fraudulent access.

To process inquiries and claims made in accordance with the terms set forth in this law.

Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, to address inquiries and complaints.

Inform the data subject, upon request, about the use given to their data.

Inform the data protection authority when security code violations occur and there are risks in the management of data subjects' information.

Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

DUTIES OF DATA PROCESSORS

To guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use or unauthorized or fraudulent access.

To promptly update, rectify or delete data in accordance with the terms of this law.

Update the information reported by the data controllers within five (5) business days from receipt.

To process inquiries and complaints made by the holders in accordance with the terms set out in this law.

Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, to address inquiries and complaints from data subjects.

Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendency of Industry and Commerce.

Allow access to information only to people who are authorized to access it.

Report to the Superintendency of Industry and Commerce when violations of security codes occur and there are risks in the management of the information of the holders.

Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

REQUESTS, COMPLAINTS AND CLAIMS

For the purpose of receiving requests, complaints, and inquiries related to the handling and processing of personal data, AVIANET has designated the email address privacidad@aviasolucioneshoteleras.com to receive, review, and respond to them. Therefore, you may send your requests to this address, and they will be processed in accordance with Law 1581.

Inquiries: Data subjects or their successors may inquire about the data subject's personal information held in our database. AVIANET will provide them with all the information contained in the individual record or linked to the data subject's identification. Inquiries will be addressed within a maximum of ten (10) business days from the date of receipt. If it is not possible to address the inquiry within this timeframe, the interested party will be informed, and the date on which their inquiry will be addressed will be indicated, which in no case may exceed five (5) business days following the expiration of the initial timeframe.

Claims: The owner or their successors who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with AVIANET, which will be processed under the following rules:

The claim must be submitted in writing to AVIANET, including the claimant's identification, a description of the events giving rise to the claim, the claimant's address, and any supporting documents. If the claim is incomplete, AVIANET will request the missing information from the claimant within five (5) days of receiving the claim. If the claimant fails to provide the required information within two (2) months of the date of the request, the claim will be considered withdrawn.

Once the complete claim is received, a note stating "claim in process" and the reason for the claim will be added to the database within no more than two (2) business days. This note must remain until the claim is resolved.

The maximum time to address the claim will be fifteen (15) business days, starting from the day after the date of receipt. If it is not possible to address the claim within this period, the interested party will be informed and the date on which their claim will be addressed will be indicated, which in no case may exceed eight (8) business days following the expiration of the first period.

In any case, the owner or successor may only file a complaint with the Superintendency of Industry and Commerce once the consultation or claim process with AVIANET has been exhausted.

The area responsible for receiving and processing complaints is the Information Security Management.

The request for deletion of information and revocation of authorization will not be granted when the holder has a legal or contractual duty to remain in the database.

DATA OF THE DATA CONTROLLER

Company name: Operadora de Hoteles Avia SAS

Address: Andino Business Center, Carrera 11 # 82-01 Floor 4, Bogotá DC - Colombia

Email: privacidad@aviasolucioneshoteleras.com

Telephone: ( 57 1) 3817111

Website: www.aviasolucioneshoteleras.com

QUESTIONS OR SUGGESTIONS

If you have any questions or concerns about the collection, processing, or transfer of your personal information, or if you believe that the information contained in a database should be corrected, updated, or deleted, please send us a message to the following email address: privacidad@aviasolucioneshoteleras.com.

For more information about AVIATUR, including its identity, address, and contact methods, please visit www.aviasolucioneshoteleras.com. This website contains the terms and conditions applicable to the published services and products, which can be consulted at any time for further information.

VALIDITY

AVIANET reserves the right to modify this policy to adapt it to new legislation or case law, as well as to best practices in the tourism sector and other sectors of the economy that are part of the business group. In such cases, AVIANET will announce the changes on this page a reasonable time before they take effect.

GENERAL AND COEXISTENCE POLICIES

1. Upon arrival you will need to sign a lodging contract.

2. We will scan your identity documents (ID card or passport) as well as the Colombian immigration stamp in the case of passports.

3. In the building lobby there is a 24/7 reception desk that will provide you with all the information.

4. Every person entering the building, without exception, must present their original identification document so that the security personnel can carry out the respective validations.

5. For the admission of minors, they must be accompanied by one or both parents or legal guardian assigned in accordance with the established “Policies for Minors”.

6. No one other than those registered at check-in is allowed entry.

7. Parking spaces are for the exclusive use of the owners, tenants, or users of the private units, according to their assigned space. Each guest must occupy the space assigned to their unit.

8. It is prohibited to store, consume, sell or distribute any drug or narcotic or hallucinogenic substance in private units or in the common property of the building.

9. It is forbidden to use your private property for purposes contrary to morality and good customs, or for purposes prohibited by law or by the authorities.

10. Refrain from using private units for purposes that cause harm or annoyance to other occupants of the building, avoiding parties or gatherings with loud music.

11. The property is pet-friendly. Organic waste must be collected by its owners. It is the guest's responsibility to keep the building's common areas clean.

12. The use of linens (bath towels, hand towels, room linens) is solely for personal hygiene during your stay. Improper use of linens (use in the kitchen, cleaning shoes, stains, or damage from other uses) will result in damage to the linens and will be charged.

POLICIES FOR MINORS

1. In New York, the safety of minors is a priority, which is why we have adopted the measures dictated in Law 679 of 2001 (ESCNNA), which aims to dictate protection measures against exploitation, pornography, sex tourism and other forms of sexual abuse with minors, through the establishment of preventive and punitive rules and the issuance of other provisions in development of article 44 of the Colombian political Constitution.

2. Nova York requires that all minors traveling with their parents must present a birth certificate (or equivalent document) that proves the relationship.

3. Nova York requires that any minor traveling with a guardian or relative who is “NOT” their parents must present an original notarized permission signed by the parents indicating: Date of stay, name of the parents with identification number, name of the minor with identification number, name and identification number of the person they authorize to stay and be in charge of the minor, and a copy of the document of all those mentioned above.

If the above requirements are not met, Nova Iorque will prevent the minor and their companion from leaving its premises and will notify the competent authorities to guarantee the minor's safety.

TAXES

The rates shown on this page do not include the 19% VAT tax. This tax will be charged at check-in.

1. Foreign guests arriving in the country for cultural tourism, business, meetings, health and wellness will be exempt from paying VAT.

2. For the purposes of applying the exemption, foreigners and nationals who enter the national territory without the intention of establishing themselves in Colombia and who prove such status with the documents indicated in this paragraph 1 of Decree 297 are considered residents abroad. The foreigner residing abroad must prove their status by presenting their original passport; the Andean Card or the Mercosur Card, verifying their immigration status with the valid Entry and Stay Permit stamp.