General considerations: Aware of the importance of the protection and good management of the personal information provided by the holders of the information, the travel and tourism agency oiotravel, who acts as responsible for the information received, has designed this policy and procedures that together allow you to make proper use of your data.
Objective: With the implementation of this policy, it is intended to guarantee the preservation of information and security on the treatment that will be given to it to all customers, suppliers, employees and third parties from whom oiotravel has legally obtained information and personal data.
Principles for the processing of personal data: The processing of personal data must be done respecting the general and special rules on the matter and for activities permitted by law. Consequently, the following principles are applied for purposes of this policy:
Principle of legality: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.
Principle of purpose: The treatment must obey a legitimate purpose under the Constitution and the Law.
Principle of freedom: The treatment can only be exercised with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves consent.
Principle of transparency: In the treatment, the right of the owner to obtain from the data controller, at any time and without restrictions, information about the existence of data that concerns him must be guaranteed.
Principle of access and restricted circulation: Treatment is subject to the limits that derive from the nature of personal data, the provisions of the law and the Constitution. In this sense, the treatment can only be carried out by persons authorized by the owner and/or by the persons provided by law.
Principle of security: The information subject to Treatment by the Person in Charge of the Treatment or Responsible for the Treatment referred to in this law, shall be handled with the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
Principle of confidentiality: All persons involved in the processing of personal data that do not have the nature of public are obliged to guarantee the preservation of information, even after the end of their relationship with any of the tasks involved in the treatment, being able to only make provision or communication of personal data when this corresponds to the development of the activities authorized in this law and the terms thereof.