“Hotel Support Services” (hereinafter the Company), located at Calle 29 No. 218B between 30 and 32, Colonia García Gineres, Postal Code 97070, Mérida, Yucatán, Mexico, is committed to protecting the Personal Data of each and every one of its clients and takes all necessary measures to do so. Therefore, the Company provides this Privacy Notice in order to comply with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations.

What is the Company's Privacy Notice?

This document, generated by the Company, is made available to all its clients so that they are aware of what data may be collected from them, how it will be processed or used, the purposes for which it is collected, how it will be protected, the rights of the data subjects, as well as all other relevant information concerning their personal data. In this way, the Company fulfills its purpose of regulating the legitimate, controlled, and informed processing of customers' personal data, thereby guaranteeing the privacy and confidentiality of said information.

What information is considered Personal Data?

Any information concerning an identified or identifiable natural person, including sensitive personal data, which is considered to be data that affects the most intimate sphere of its owner.

What data might the Company request from its customers?

The Company may request the following information from its customers for the performance of its functions or activities:

• Full name.
• Home.
• Emails.
• Banking information, credit card numbers, expiration dates and security codes, and/or any other related information.
• Official identification.
• Bank references.

The Company may request sensitive Personal Data whenever necessary to carry out the services it offers, and the data subject hereby grants their consent.

How can the information be provided to the Company?

The requested information must be provided in one of the following ways:

• When the client or owner provides them directly to Company personnel.
• When the customer or owner uses the Company's website or online services.
• When obtained by the Company through any other source permitted by current legislation.

Who will be responsible for protecting Personal Data?

Specifically assigned and highly trained personnel, hired by the Company for the complete and total security of its clients.

 It is important to mention that the sole owner of the Personal Data received by the Company will always be the client who provides it; therefore, the Company has an unavoidable and crucial commitment to protect the Personal Data received.

How will the Company protect the Personal Data it receives from its clients?

The Company will at all times ensure compliance with the principles of Personal Data protection established in the applicable law, adopting the necessary security measures for their application. Likewise, the Company will take the appropriate measures to ensure that this Privacy Notice is respected at all times.

Administrative, technical and physical security measures will also be employed to protect Personal Data against damage, loss, alteration, destruction or unauthorized use or processing.

What principles will the Company observe in the processing of Personal Data?

The principles of lawfulness, consent, information, quality, purpose, loyalty, proportionality and responsibility, which are defined in the Law on the matter.

Likewise, absolute security and confidentiality will be observed with respect to the Personal Data obtained by the Company, these obligations remaining in effect even after the termination of relations with the data subject.

It is the responsibility of the client or owner of the Personal Data to ensure that the data provided directly to the Company is truthful and complete, as well as to notify of any modifications to the same in order to comply with the obligation to keep the information updated.

Can consent for the processing of Personal Data be revoked?

It is understood that the data subject has tacitly consented to the processing of their Personal Data, given that this Privacy Notice has been made available to them and they have not expressed opposition to it; however, the data subject remains completely free to revoke their consent at any time by following the procedure established in this Notice.

What rights does the owner of Personal Data have and how can they exercise them?

The owner of the Personal Data has the following rights:

Right of revocation: The holder may revoke in whole or in part the consent previously given for the processing of his personal data, without retroactive effects being attributed to it.

Right of limitation: The holder may limit the use and disclosure of their personal data.

Right of access: The holder has the right to access their personal data held by the Company, as well as to know the Privacy Notice.

Right of rectification: The data subject has the right to rectify or modify their personal data when it is inaccurate or incomplete. Right of erasure: The data subject has the right to erase their personal data, which will result in a blocking period followed by the complete deletion of the data, in accordance with applicable law. Erasure will apply to all of the data subject's personal data contained in the Company's database, or only to part of it, as requested.

Right to object: The data subject has the right, for legitimate reasons, to object to the processing of their personal data. In this case, the Company may not process the data for any reason.

The aforementioned rights may be exercised by the data subject at any time. The data subject may exercise any of these rights by:

i) Written letter addressed to the privacy department of the Company at the latter's address.

ii) By email to the address: sbs@hotelmargaritasmerida.com

The Company will, in all cases, promptly respond to the requests of the data subject, provided that none of the exceptions contained in the Law on the matter apply, and the applicant complies with the provisions of Article 29 and other related and applicable provisions of the same.

In order for the Company to process a request from a holder, the latter must attach the following information and documentation:

i) Name of the Holder, email address or other means for the Company to communicate the response to your request.

ii) The documents with which you prove your identity or your personality.

iii) A clear and precise description of the personal data with respect to which the right of access, rectification, revocation, cancellation, opposition, limitation of use or disclosure is sought, as well as any other data or document that may facilitate the location of the same.

The obligation to provide access to information will be considered fulfilled by the Company when, if requested by the owner, the latter's Personal Data is made available to the latter at the Company's address or through one of the forms established in article 33 of the Law on the matter.

The time limits for responding to requests from the holders may not exceed those established in the Law on the matter.

What are cookies and what will the Company use them for?

A cookie is a small piece of information sent by a website and stored in the user's browser, allowing the website to track the user's previous activity. Cookies are used to understand the interests, behavior, and demographics of those who visit or use our website, thereby better understanding their needs and interests and providing them with improved service. They may also be used to promote and enforce website rules and security. Users and visitors of the website agree that the Company may use a tracking system through the use of cookies.

 Will Personal Data be transferred?

The owner of the Personal Data expressly authorizes the Company to transfer said data only to the persons necessary to carry out the purposes or services for which it was contracted.

Therefore, only those individuals authorized by the Company, whether employees, service providers, partners, and/or any other person with a relationship to the Company who needs to know the information to perform the contracted services, will have access to Personal Data. Third parties to whom information is transferred are aware of this Privacy Notice and assume the obligations set forth herein.

What will the Personal Data be used for?

The personal data obtained by the Company with the full knowledge of its clients will be used, including but not limited to, the following purposes:

i) For the identification of the Company's clients.

ii) Sending promotional materials, if the customer agrees.

iii) To properly monitor their stay.

iv) For the rating of the services offered by the Company.

v) For the updating and verification of data and information.

vi) Know our customers policies.

vii) For the payment of services contracted by the client.

viii) In general, to carry out all the necessary actions to provide a first-class service and to fulfill the purposes and obligations arising from the relationship that the Company has with the owner.

In the event that the Personal Data held is required by an authority of any kind, whether for legal proceedings, to respond to any claim or legal actions, or to protect the rights of the Company, its clients and/or third parties; this data will be made available in strict compliance with the Law on the matter.

The Company may not process personal data for purposes other than, or that are not compatible or analogous to, those described above, unless explicitly permitted by current regulations or the data subject's consent has been obtained for the new processing.

Should the Company require the use of the Personal Data collected for purposes other than those agreed upon in the legal relationship with the data subject and in this Privacy Notice, the data subject will be notified in writing, by telephone, and/or electronically through the website www.hotelmargaritasmerida.com, explaining the new uses intended for said information in order to obtain their consent. With this Privacy Notice, data subjects are duly informed of the data collected from them and for what purposes, as well as the fact that the Privacy Notice may be consulted at any time on the Company's website www.hotelmargaritasmerida.com, and by accepting the terms contained herein, they agree to the terms contained herein.

Where and how can I find out if the Privacy Notice changes?

This Privacy Notice may be changed, updated, or modified. When this happens, it will be posted in the "Privacy Notice" section of the Company's website, www.hotelmargaritasmerida.com

How can I contact them?

We are at your complete disposal at the Company's address located at Calle 29 number 218B between 30 and 32, Colonia Garcia Gineres, postal code 97070 in the city of Merida, Yucatan, Mexico, as well as through our website and by email at Info@hotelmargaritasmerida.com. This Privacy Notice is governed by the current and applicable legislation in the United Mexican States; any controversy that arises from its application must be resolved before the competent jurisdictional bodies in the City of Merida, Yucatan, Mexico.