INTRODUCTION

• ALPAKA REISEN E.I.R.L. is a company in the tourism sector dedicated to the sale of tourist services nationwide through service brokerage, which includes: sale of transport tickets, private transfers, lodging and food services, tourist packages and full days located on Geranios Mza Street . 10 Interior 7 Residencial La Angostura, Ica. ALPAKA REISEN E.I.R.L is obliged to comply with current Peruvian legislation on the protection of personal data, Law No. 29733 Protection of Personal Data and its complementary provisions.
• Therefore, ALPAKA REISEN E.I.R.L. is committed to:
  •  The collection and use of personal information.
  •  Ensure the quality and security of the information.
  • Respect the rights of people with respect to information about themselves.
• ALPAKA REISEN E.I.R.L. is committed to the protection, management and adequate treatment of personal data to which it has access in the regular operation of its businesses. This commitment includes the review and continuous improvement of the organization’s processes in order to guarantee adequate protection of said personal data and the guidelines established by ALPAKA REISEN E.I.R.L for the collection and processing of personal data in order to ensure respect of the rights of their owners and compliance with the current regulatory framework. The Policy may be supplemented with procedures, regulations and/or additional guidelines that develop what is established in this document, provided that they are aligned with its guiding principles.

OBJECTIVE

• The purpose of this document is to establish principles, uniform practices and responsibilities regarding the processing of personal data in which ALPAKA REISEN E.I.R.L is involved.

 

SCOPE

• This document is applicable to all the processes of ALPAKA REISEN E.I.R.L that will use personal data of the clients destined to be contained in the different databases of ALPAKA REISEN E.I.R.L and to their treatment.
• The Policy will be known and fully complied with by all the workers of ALPAKA REISEN E.I.R.L. and suppliers. For the purposes of interpreting this Policy, the definitions contained in the Law are applicable, and especially those included below.

DEFINITIONS

• Personal data: Any information that identifies a natural person or that which can be identified through reasonably used means. For example, the ID, physical address, full name. Sensitive data: Personal data made up of biometric data that by themselves can identify the owner; data referring to racial and ethnic origin; economic income, political, religious, philosophical or moral opinions or convictions; union membership; and health-related information.
• Treatment of personal data: Any operation or technical procedure, automated or not, that allows the collection, registration, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, deletion, communication by transfer or diffusion or any another form of processing that facilitates the access, correlation or interconnection of personal data. In summary, the processing of personal data regulates all possible forms of use and processing of personal data within the organization from its entry to its possible elimination or conservation.
• Consent: Prior, free, unequivocal and express authorization that the individual must grant to authorize the processing of their personal data.
  •  Prior: Must be obtained before collection.
  • Free: It should not be forced or conditioned.
  • Unequivocal and express: There should be no doubt about its manifestation and it must be recorded in some tangible medium. Personal data bank: Organized set of personal data, automated or not, regardless of the support, be it physical, magnetic, digital, optical or others that are created, whatever the form or modality of its creation, formation, storage, organization and access.
• Owner of the personal data bank: Natural person, private legal entity or public entity that determines the purpose and content of the personal data bank, its treatment and security measures. Person in charge of the personal data bank: Any natural person, private legal entity or public entity that alone or acting jointly with another carries out the processing of personal data on behalf of the owner of the personal data bank. Anonymization procedure : Processing of personal data that prevents identification or that does not make the owner of the personal data identifiable. The procedure is irreversible. Dissociation procedure: Processing of personal data that prevents identification or that does not make the owner of the personal data identifiable. The procedure is reversible.

RESPONSIBLE FOR COMPLIANCE

• ALPAKA REISEN E.I.R.L will assign and communicate the corresponding responsibilities to all personnel and suppliers, for the fulfillment of this Policy.
• The area responsible for annually reviewing this Policy and making the respective adjustments within ALPAKA REISEN E.I.R.L. will be the General Management. Likewise, said Management will be in charge of answering any query related to the application and scope of this Policy.
• Without prejudice to this, all employees of ALPAKA REISEN E.I.R.L as well as all suppliers and third parties with whom ALPAKA REISEN E.I.R.L is linked in the regular exercise of its business and have access to or process personal data are subject to compliance with the Policy. Finally, no employee of ALPAKA REISEN E.I.R.L should perform on behalf of the Company. actions or incur in omissions that entail a breach of the Law.

CONFIDENTIALITY

• This Policy will be for the internal and exclusive use of ALPAKA REISEN E.I.R.Land, therefore, is confidential. Any use other than that indicated is prohibited and must be authorized expressly and in writing by the General Management.
• The personal data to which both the workers of ALPAKA REISEN E.I.R.L and related third parties have access or participate in their treatment may not be treated or used in any way without the prior consent of the owner of the personal data even after termination. of its relationship with ALPAKA REISEN E.I.R.L, except for the exceptions regulated by law.
• In the case of workers who, due to the nature of their functions, have access to confidential and sensitive personal information, ALPAKA REISEN E.I.R.L will try to develop specific training and awareness actions. The people who intervene in the processing of personal data are obliged to keep professional secrecy and maintain confidentiality with respect to them. Said obligation will be maintained even after the end of its relationship with ALPAKA REISEN E.I.R.L

PRINCIPLES

• All employees of ALPAKA REISEN E.I.R.L must permanently comply in the exercise of their functions with the principles established in the Law that we detail below: a. Legality. The treatment of personal data carried out by ALPAKA REISEN E.I.R.L will be done in accordance with the provisions of the Law. The collection of personal data by fraudulent, unfair or illegal means is prohibited.
• Consent. ALPAKA REISEN E.I.R.L may not process personal data that does not have the prior, express, unequivocal and free consent of its owner as necessary, except for the exceptions provided by law.
• Purpose. ALPAKA REISEN E.I.R.L will collect personal data clearly indicating the purpose for which it performs said collection, which must be determined, explicit and lawful. The personal data subject to processing may not be used for purposes other than or incompatible with those for which they were obtained, except with the consent of the owner. In this sense, ALPAKA REISEN E.I.R.L will comply with implementing measures that guarantee:
  • The collection, storage and conservation of personal data comply with the principles of proportionality and purpose.
  • The proper protection of personal data in compliance with appropriate technical and legal security measures. It should be noted that ALPAKA REISEN E.I.R.L may not disclose personal data unless ordered by reasoned order of the judge or with the authorization of its owner, with the guarantees provided by law. Likewise, ALPAKA REISEN E.I.R.L may not refuse to Deliver information containing personal data to a public entity, provided that said request is made for strict compliance with the powers of said entities assigned by current legislation.
• Proportionality. All treatment of personal data carried out by ALPAKA REISEN E.I.R.L must be adequate, relevant and not excessive to the purpose for which they were collected.
• Quality. The personal data that will be processed by ALPAKA REISEN E.I.R.L must be true, exact and, as far as possible, updated, necessary, pertinent and adequate with respect to the purpose for which they were collected. They must be kept in such a way that their security is guaranteed and only for the time necessary to fulfill the purpose of the treatment, respecting the legal terms of conservation of applicable documents and information.
• Security. ALPAKA REISEN E.I.R.L and the third parties to whom it entrusts the processing of personal data must adopt the necessary and appropriate technical, organizational and legal measures to guarantee the security of personal data against different risks, such as accidental loss or destruction by accident, unauthorized access, covert use or infection of malware or computer viruses. These measures will be established, communicated and, if applicable, updated by ALPAKA REISEN E.I.R.L
• Adequate level of protection. In the event that ALPAKA REISEN E.I.R.L carries out international transfers of personal data, it must guarantee a sufficient level of protection for the personal data that is going to be processed or, at least, comparable to that provided by law.
• Rights of personal data holders. ALPAKA REISEN E.I.R.L will have a simple and free procedure for dealing with the rights of personal data holders contemplated in the Law:
  • information,
  • access,
  • updating,
  • inclusion,
  • rectification,
  • deletion,
  • prevent supply,
  • opposition and
  • objective treatment.
• Therefore, ALPAKA REISEN E.I.R.L:
  • Will take the necessary measures to inform the owner of the personal data about the rights conferred by the Law.
  • Will adopt the measures that allow the owner of the personal data to keep them updated.
  • Will comply with responding in a timely manner and within the legal deadlines to the requirements and requests related to the rights of the holders of personal data mentioned above; In the processes of attention to the rights of holders of personal data, the following guidelines will apply.
  • The deletion or rectification of personal data will not proceed when it affects the legitimate rights or interests of ALPAKA REISEN E.I.R.L, its shareholders, employees or directors or third parties or when there is a legal obligation to preserve personal data.
  • ALPAKA REISEN E.I.R.L may reject certain requirements when the disclosure of personal data may compromise or hinder ongoing judicial or administrative proceedings.

 

TRANSFERS OF PERSONAL DATA

• The personal data subject to treatment by ALPAKA REISEN E.I.R.L may only be assigned or transferred to third parties for the fulfillment of the purposes related to the legitimate interest of the assignor and the assignee and with the prior, express, free, unequivocal and informed consent. of the owner of the personal data. Such consent will not be required in the cases permitted by law.

 

COLLECTION OF SENSITIVE DATA

• ALPAKA REISEN E.I.R.L will only collect personal data and/or sensitive data when strictly necessary and in compliance with the principles of purpose and proportionality. When the collection and processing of said data is derived from the fulfillment of a legal obligation, ALPAKA REISEN E.I.R.L will inform the owner of the data of such a situation prior to its collection.

DISCLOSURE OF PERSONAL DATA

• ALPAKA REISEN E.I.R.L will not disclose personal data to third parties except when:
  • It is necessary for the purpose for which the personal data was collected; as in the provision of services through third parties and suppliers.
  • The owner of the personal data is informed before the disclosure or at the time of the collection of the personal data.
  •  The owner of the personal data gives his prior and express consent.
  • Consent is not required by law.
  • Personal data is required by public entities within the scope of their legal powers and powers.
  • The personal data is necessary to satisfy the legitimate requirements of any company interested in acquiring any of the operations of ALPAKA REISEN E.I.R.L, with the prior consent of its owner; or,
  • Access to personal data is by auditors and lawyers and other professionals obliged to keep professional secrecy.

DELETION OF PERSONAL DATA

• Once the processing of personal data has been completed and the principle of purpose has been fulfilled, and provided that there is no legal mandate or reason that justifies the conservation of personal data, ALPAKA REISEN E.I.R.L will proceed to eliminate them from its records. Alternatively, ALPAKA REISEN E.I.R.L may apply dissociation processes, or equivalent when, for any commercial, statistical or market analysis reason, they justify the convenience of keeping such data. ALPAKA REISEN E.I.R.L will opportunely define the respective procedures that are necessary for the elimination of personal data.

PENALTIES REGIME

• An employee who commits any infraction of the provisions established in this Policy will be considered a serious offense and liable to sanction. ALPAKA REISEN E.I.R.L will take the disciplinary measures it deems pertinent in cases of non-compliance with the obligations stipulated herein by the employees.

DISSEMINATION AND COMPLIANCE WITH THE POLICY

• ALPAKA REISEN E.I.R.L will endeavor to:
• • comply with the provisions of this Policy;
  • make known, observe and respect this Policy by each employee;
  • post this Policy in easily accessible places; and
  • sign confidentiality obligations with employees, users, contractors and third parties who access the personal data included in the databases.