Visita Monserrate

Visita Monserrate

Bogotá, Colombia

Back to home

Data Processing Policy

In accordance with Law 1581 of 2012

1. Legal Framework

This Personal Data Processing Policy is established in compliance with Statutory Law 1581 of 2012, Decree 1377 of 2013 (compiled in Decree 1074 of 2015), and other concordant regulations governing the protection of personal data in Colombia.

2. Identification of the Controller

Visita Monserrate

Operator of the Visita Monserrate website

Address: Bogotá D.C., Colombia

Email: info@visitamonserrate.com

3. Definitions

For the purposes of this policy, the following definitions shall apply:

  • Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
  • Database: An organized set of personal data that is subject to Processing.
  • Personal Data: Any information linked or that can be associated with one or more identified or identifiable natural persons.
  • Sensitive Data: Data that affects the privacy of the Data Subject or whose misuse may lead to discrimination.
  • Data Processor: Natural or legal person who carries out the Processing of personal data on behalf of the Controller.
  • Data Controller: Natural or legal person who decides on the database and/or the Processing of data.
  • Data Subject: Natural person whose personal data is subject to Processing.
  • Processing: Any operation on personal data, such as collection, storage, use, circulation, or deletion.

4. Guiding Principles

The processing of personal data shall be governed by the following principles:

  • Legality: Processing shall be carried out in accordance with the law
  • Purpose: Processing shall serve a legitimate purpose
  • Freedom: Processing requires prior consent from the Data Subject
  • Truthfulness: Information must be truthful, complete, and up to date
  • Transparency: The Data Subject may access information about their data
  • Restricted access and circulation: Processing is subject to limitations
  • Security: Information must be handled with security measures
  • Confidentiality: Persons processing data must guarantee its confidentiality

5. Data Collected

Visita Monserrate collects and processes the following personal data:

5.1 Identification data

  • First and last names
  • Type and number of identity document
  • Date of birth
  • Nationality

5.2 Contact data

  • Email address
  • Mobile phone number
  • Phone number
  • Residential address (when applicable)

5.3 Browsing data

  • IP address
  • Device and browser information
  • Cookies and session data

6. Purposes of Processing

Personal data will be processed for the following purposes:

6.1 Necessary purposes

  • Manage ticket and service purchases
  • Issue and send access tickets
  • Verify buyer identity
  • Process payments and issue invoices
  • Handle requests, complaints, and claims
  • Fulfill legal and contractual obligations

6.2 Authorized purposes

  • Send commercial and promotional information
  • Conduct satisfaction surveys
  • Prepare market studies and statistics
  • Personalize the user experience

7. Data Subject Authorization

Authorization for personal data processing will be obtained through the following means:

  • Express acceptance when making a purchase
  • Checking a verification box on digital forms
  • Written or verbal authorization when required
  • Unequivocal conduct by the data subject that implies authorization

Authorization may be revoked at any time by the Data Subject by sending a request to info@visitamonserrate.com.

8. Rights of the Data Subject

In accordance with Law 1581 of 2012, the Data Subject has the right to:

  • Know, update, and rectify their personal data
  • Request proof of the authorization granted
  • Be informed about the use given to their personal data
  • File complaints with the Superintendence of Industry and Commerce (SIC)
  • Revoke authorization and/or request data deletion
  • Access their personal data free of charge

9. Procedure for Exercising Rights

To exercise their rights, the Data Subject must:

  1. Send a written request to info@visitamonserrate.com
  2. Provide their complete identification
  3. Clearly describe the right they wish to exercise
  4. Attach supporting documents (if applicable)

Response times:

  • Inquiries: maximum 10 business days
  • Claims: maximum 15 business days

10. Data Transfer and Transmission

Personal data may be transferred or transmitted to:

  • Payment gateways for processing transactions
  • Technology service providers
  • Competent authorities when required by law

In all cases, we ensure that third parties comply with protection standards equivalent to or higher than those established in this policy.

11. Security Measures

Visita Monserrate implements the following security measures:

  • Data encryption in transit and at rest
  • Database access control
  • Periodic information backups
  • Information security policies
  • Staff training on data protection
  • Access monitoring and auditing

12. Validity and Storage

Personal data will be stored for the time necessary to fulfill the described purposes and applicable legal obligations. Specifically:

  • Transaction data: 5 years (in accordance with tax regulations)
  • Marketing contact data: until consent revocation
  • Browsing data: 1 year

13. Service Channels

For inquiries, claims, or exercise of rights related to personal data:

Data Protection Officer

Email: info@visitamonserrate.com

Hours: Monday to Friday, 8:00 AM - 5:00 PM

You may also file complaints with the Superintendence of Industry and Commerce (SIC) at www.sic.gov.co

14. Modifications

This policy may be modified at any time. Changes will be communicated through the website and will take effect upon publication. The last update date is indicated at the beginning of this document.

15. Effective Date

This Data Processing Policy takes effect as of December 2024.