DESTINAZIONI
RESORT NEI CARAIBI
Repubblica Dominicana, Samaná

Bahia Principe Grand Samana

Bahia Principe Grand El Portillo

Repubblica Dominicana, La Romana

Bahia Principe Luxury Bouganville

Bahia Principe Grand La Romana

Repubblica Dominicana, Punta Cana

Bahia Principe Fantasia Punta Cana

Bahia Principe Luxury Ambar

Bahia Principe Grand Aquamarine

Bahia Principe Luxury Esmeralda

Bahia Principe Grand Turquesa

Bahia Principe Grand Punta Cana
Messico, Riviera Maya

Bahia Principe Luxury Akumal

Bahia Principe Luxury Sian Ka'an

Bahia Principe Grand Tequila

Bahia Principe Grand Coba

Bahia Principe Grand Tulum

Giamaica, Runaway Bay

Bahia Principe Luxury Runaway Bay

Bahia Principe Grand Jamaica
HOTEL IN SPAGNA
Tenerife

Bahia Principe Fantasia Tenerife

Bahia Principe Sunlight Costa Adeje

Bahia Principe Luxury Tenerife

Bahia Principe Sunlight San Felipe
Mallorca

Bahia Principe Sunlight Coral Playa
Golf
Scoprire
Bahia Principe Luxury
Bahia Principe Grand
Bahia Principe Fantasia
Bahia Principe Sunlight
Suggerimenti

Suggerimenti

Famiglie
Solo adulti
Matrimoni nei nostri resort
Lune di miele
Suggeritore
Check-In Online
My Bahia Principe
LE MIE PRENOTAZIONI

IL MIO LIVELLO

I MIEI BENEFICI

I MIEI VIAGGI

I MIEI DATI E PREFERENZE

TOUR

Informativa sulla privacy

Privacy Policy

This privacy policy (“Policy”) applies to Bahia Principe and our direct and indirect subsidiaries (“BP,” “us,” “our,” or “we”). We use information about you to fulfil our commitment to providing an unparalleled guest experience in connection with all your interactions with us. As part of that undertaking, we are committed to safeguarding the privacy of the personal information we gather.

To fulfil our commitment to providing an unparalleled guest experience, we need to collect, use and share personal information. This privacy policy explains how we do that when you book with us, travel with us interact with us through our websites or applications, or otherwise stay at one of our properties listed on our www.bahia-principe.com website.

Please read this Policy carefully. You will find important information on the processing of your personal information when you interact with us on property, through our websites, or on our applications.

We reserve the right to update our Policy at any time according to business decisions and to comply with any changes in legislation or case law.

If you have any doubts or require any clarification regarding our Policy or your rights, you may contact us through the channels indicated below.

In the case that you provide third-party personal information, you will undertake to obtain prior consent from the information subjects and inform them of the content of this Policy.

Who is the data controller?

The data controller of your personal information is MANAGEMENT HOTELERO PIÑERO S.L., with Tax ID number B57211732 and registered address Avenida Gabriel Roca 33, Edifico Mediterráneo 5b,5ºc y 5-1º 07014, Palma, Illes Balears.

In addition to the postal address, you can contact the data controller via the following channels:

Telephone: 900 535 167 / + 34 971 225 614

Email: reservations@bahia-principe.com

Data Protection Officer: dpd.privacy@bahia-principe.com

Hyatt Group and Group Piñero

Bahia Principe is operated as a joint venture between the Grupo Piñero and the Hyatt Group. Hyatt Group is a leading resort brand-management, leisure travel and hospitality group with a unique business model serving travellers and destinations worldwide.

This Policy does not apply to the processing of your personal information by the Hyatt Group. For more information on how the Hyatt Group processes your information, please see its privacy policy: https://world.hyatt.com/content/gp/en/privacy.html.

Grupo Piñero is a leading, hotel, golf, real estate, tour and mobility company. This Policy does not apply to the processing of your personal information by Grupo Piñero. For more information on how Grupo Piñero processes your information, please see its privacy policy: https://www.grupo-pinero.com/en/privacy-policy/.

What personal information do we obtain?

Category	Details	Source
Identification information	First name Surname Salutation Professional and work information Passport and visa information Details of your government issued ID	You Anyone who makes a booking on your behalf Anyone who checks in on your behalf Booking channels Third parties who offer promotions, loyalty benefits, or special access to our members
Demographic information	Gender Age Date and place of birth Nationality	You Anyone who makes a booking on your behalf Anyone who checks in on your behalf Booking channels Third-party data providers such as demographic data providers and advertising networks Third parties who offer promotions, loyalty benefits, or special access to our members
Contact information	Home or work address(es) (including country of residence and postcode) Telephone numbers Email addresses	You Anyone who makes a booking on your behalf Anyone who checks in on your behalf Booking channels Third parties who offer promotions, loyalty benefits, or special access to our members
Stay information	Booking channels Places of stay and booked stays Due date and actual dates of stays Other purchases, preferences, requests and feedback Physical and digital room key usage Hotel complaints and incident reports	You Booking channels Anyone who makes a booking on your behalf or travels with you Us
Loyalty information	World of Hyatt program details Privilege Club program details Other loyalty scheme participation details	You Anyone who makes a booking on your behalf or travels with you Anyone who checks in on your behalf Booking channels
Payment information	Account or card details Billing address	You Booking channels
Purchase history	Records of purchases Invoices	You Us Third-party providers at our properties (e.g., spas and business) Booking channels
Preferences and inferences	Records of any preferences, consents and objections you have provided to us or others Records of inferences we or others draw about you, based on other information we or they know about you	You Anyone who makes a booking on your behalf or travels with you Third-party data brokers and marketers Third-party providers at our properties (e.g., spas and business) Booking Channels
Correspondence	Calls, voice messages, faxes, chats, texts, letters, emails, and other communications sent between us or made by or to you at Hyatt Locations Times, duration and size of those calls, letter and emails	You Us Booking channels
Login details	Username Password	You
Social media platform information	Username for social media platforms (for example, Facebook, Google or X) used to access BP’s platforms and other services Emails associated with social media platforms	You Social media platforms
Other booking platform information	Username for other booking platforms which we may use to connect you to our portfolio Emails associated with other booking platforms	You Other booking platforms operated by third parties
Third-party information	Publicly available information about you Information you place on social media sites Police or other governmental reports Vehicle information Emails associated with third-party platforms	You Social media sites and other third-party sources Police and other government authorities
Website or mobile application data	IP address Your browser and device type, manufacturer and operating system Your device IDs Your advertising ID Your location from time to time Internet connection and mobile network details Information collected via cookies (including third-party cookies) and similar technologies (please see our Cookies Policy for more information) Log files and clickstream Web page and app interaction information Analytics and usage tracking	You Third-party data providers such as demographic data providers and advertising network
Pictures and images	Pictures and images you share with us on social media or other third-party websites and applications Marketing and promotional materials you agree to be a part of Pictures and images for facilitating claims, litigation, and disputes	You Us
CCTV and other video surveillance	Your image captured within CCTV images	You Us
Other video and/or audio	Phone recordings (subject to consent requirements jurisdiction) Video and audio you share with us directly, through social media, or other third-party websites and applications Video and/or audio for facilitating claims, litigation, and disputes	You Us
Biometric information	Unique information about your appearance or physical attributes used to identify you	You
Consent Records	Records of your consent	You

Why do we process your personal information?

We use your personal information to administer your travel or the services you receive from us. To the extent permitted by applicable law, we also use your personal information for our wider business interests, such as planning, risk management and marketing. We describe that in more detail in the table below.

Lawful reasons for use

When we process your personal information as one of our guests or someone else with whom we do business, we process that information on the basis of one more of the following so called “legal bases” depending on the circumstances:

Performance of a contract: If you make a booking to travel with or receive services from us, our main lawful basis for using your personal information is the performance of our contract with you.
Legitimate interests: If you are traveling with or receiving services from us but someone else in your party or family contracted with us to make the booking, our lawful basis is our legitimate interest in administering your travel and services.

Our main lawful basis for using your information for our wider business purposes – such as planning, risk management and marketing – is the legitimate interests in providing, improving, and developing our services. We will not use your information for the purposes of a legitimate interest where this legitimate interest is overridden by your interests or fundamental rights and freedoms.

Legal obligations: Where necessary, we will use your personal information to meet our tax and other legal obligations.

We and the separate and distinct legal entities that manage, operate, franchise, license, or own properties and/or provide services in connection with the BP locations, Hyatt Locations and World of Hyatt also use your personal information as controllers to meet our tax and other legal obligations.

Sensitive personal information

Where we use your special category information or other information that is treated as sensitive personal information in a specific territory/country, certain jurisdictions require that we identify an additional ground to process that information. Such additional ground will mainly be that the use is necessary for compliance with the law or other substantial public interest. However, at times we may also rely on your consent. Where we rely on your consent, we will explain at the time what we need your information for and what we will do with it.

Purpose and lawful basis

The table below sets out in more detail how we use your information and our lawful bases.

Purpose / activity	Information we use	Lawful basis / condition
Administering travel and providing products and services, or through products and services developed in the future (such as customer support, personalization, VIP services, concierge services, loyalty programs, destination services, excursion providers, or contests)	Identification information Demographic information Contact information Stay information Loyalty information Payment information Purchase history Preferences and inferences Correspondence Login details Social media platform information Other booking platform information Third-party information Website or mobile application data Biometric information	Performance of a contract Legitimate interests
Taking payments	Identification information Contact information Payment information	Performance of a contract
Interacting with third parties (such as your travel agent, credit card provider, group travel booker, employer, destination services, excursion providers, airline operator or third-party loyalty or points schemes) to process your booking, coordinate your stay, or fulfil services you have requested	Identification information Demographic information Contact information Stay information Loyalty information Payment information Purchase history Preferences and inferences Correspondence Other booking platform information Website or mobile application data	Performance of a contract Consent Legitimate Interests
Correspondence, feedback, market research and surveys	Identification information Demographic information Contact information Stay information Loyalty information Payment information Purchase history Preferences and inferences Correspondence Other booking platform information Website or mobile application data	Performance of a contract Legitimate interests Consent
Business planning, improvements and development	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Preferences and inferences Correspondence Social media platform information Other booking platform information Third-party information Website or mobile application data	Legitimate interests
Marketing, contests, sweepstakes and other promotions	Identification information Demographic information Contact information Preferences and inferences Social media platform information Other booking platform information Third-party information Website or mobile application data	Consent Legitimate interests
Safety, cyber incident and crime prevention, prevention of harmful activities	Identification information Contact information Demographic information Stay information Website or mobile application data CCTV and other video data Login details Third-party information Biometric information	Performance of a contract Legitimate interests Legal obligations
Tax, legal and regulatory requirements or compliance obligations on Hyatt, property owners and other third parties involved in administering your travel or providing our services	Identification information Demographic information Contact information Stay information Loyalty information Payment information Purchase history Correspondence Other booking platform information Third-party information Website or mobile application data	Legal obligations
Providing our platforms and applications	Website or mobile application data Login details	Consent (for non-essential cookies) Legitimate interests
Processing credit applications	Identification information Contact information Purchase history Payment information Correspondence Third-party information	Consent Legitimate interests Legal obligations
Management of our internal systems, processes and our use of technology, including audits, testing and upgrading of systems	Identification information Demographic information Contact information Stay information Loyalty information Payment information Purchase history Preferences and inferences Correspondence Login details Social media platform information Other booking platform information Third-party information Website or mobile application data CCTV and other video surveillance Biometric information	Legitimate interests

For how long will your personal information be stored?

We will retain your personal information (including your sensitive personal information) for as long as is reasonably necessary for the purpose for which information was collected, or as legally required.

We generally delete your personal information within ten years after our last contact with you subject to: (i) regulatory requirements that we are subject to, including laws and regulations related to tax, employment, accounting, and securities; (ii) whether a legal claim might be brought against us, for which the information would be relevant; (iii) the necessity of the information to provide our services to our customers; and (iv) the types and sensitivity of personal information being processed.

To whom may we transfer your personal information?

International transfers

Due to the international nature of our business, we transfer your personal information to other territories/countries. These territories/countries may have different laws and privacy compliance requirements to those that apply in your country of residence.

For example, we transfer your personal information to the property owners and operators that own, lease, franchise, license, or manage the property. We also transfer your personal information to the third-party suppliers responsible for administering your travel and providing our services.

Safeguarding your personal information

When we transfer your personal information to another country, we will ensure that country has been recognised as providing an adequate level of data protection or implement appropriate EU approved standard contractual clauses (or, where applicable, appropriate clauses approved for use in other jurisdictions) or another approved mechanism to safeguard your personal information. Where we have not implemented an appropriate safeguard, we will rely on an exemption, such as your consent or the performance of the contract for our services.

Hyatt Group

We may also disclose your information to the Hyatt Group for the purposes described in this Policy or in the Hyatt Group’s privacy policy, including for providing you with our services, the Hyatt Group’s services and for administering World of Hyatt or other membership or loyalty programs. We will safeguard any transfer of your information to the Hyatt Group outside the European Economic Area with standard contractual clauses approved by the European Commission.

Once Hyatt Group holds your information, it will be transferred to the major locations in which Hyatt Group operates including the United States of America, Hong Kong and Germany (a full list of the locations where your information could be transferred can be found by selecting “All” at www.hyatt.com/explore-hotels).

Hyatt has implemented binding corporate rules to protect personal information it transfers to other countries. You can find out more about how the Hyatt Group safeguards international transfers of personal information here – https://world.hyatt.com/content/gp/en/privacy/guest-policy.html.

Please contact us if you want further information on the methods used by BP and Hyatt Group to safeguard your information outside the European Economic Area.

Grupo Piñero

We may also disclose your information to Grupo Piñero for the purposes described in this Policy or in the Hyatt Group’s privacy policy.

Our service providers and suppliers of goods

Like most international hotel brands, we may outsource the processing of certain functions or the provision of goods and/or information to third parties. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers or suppliers, we oblige those third parties to protect your personal information with appropriate security measures.

Reservations and other requests at third-party locations

Our services, including our websites, allow you to make requests for reservations and other items or services with third parties, and excursions offered by third parties. Where you make such a request, you are directing us to pass your information and information about your request that you provide to us, to the third party, including third-party property managers and owners. The information we provide to these third parties will be handled in accordance with their own privacy policies and procedures, and not this Policy.

Consumer insights

Where we hold personal information about you, we may disclose this personal information to other companies that may also hold information about you. These companies may combine the information to better understand your preferences and interests, thereby enabling them and us to serve you better. If your personal information is used for direct marketing purposes, you have the right to object to that (i.e., to opt out) by contacting us using the relevant contact details below.

On-property companies

At your direction, we may share your personal information with companies and other organizations that own and manage the spas, restaurants, health clubs, and other outlets at our hotels so they can send you information about the services you have booked (e.g., scheduling reminders), provide you with those services, charge their services to your room account, and/or send you information and promotions about other services that you may be interested in.

Business transfers

As we continue to develop our business, we may sell hotels and other assets, or cease being the manager or franchisor of a BP hotel. In those circumstances, we may include the personal information collected about you, or control of that personal information, as a business asset in any such transfer. Also, in the unlikely event that we, or substantially all our assets, are acquired, personal information collected about you, or control of such information, may be one of the transferred assets. In each case we may also transfer information to third-party legal, technical or financial advisers as part of the relevant transaction.

Similarly, we may disclose your personal information to a third party whom we acquire to facilitate mergers and acquisitions of our business and for the furtherance of the purposes described in this Policy.

Property owners and operators

We will share your personal information with hotel owners and operators. The hotel owner or operator will use your personal information on behalf of our brand to administer your travel or provide our services; they do so subject to the limitations set out in this Policy and the contractual obligations we have imposed on them to secure your information. These entities also use your personal information as independent controllers to meet their own tax and other legal obligations.

Group bookings

We will share your personal information with any person who books, checks in or makes purchases on your behalf.

Regulators and official authorities

We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law, lawfully requested to do so by a governmental entity, determine that it is necessary or desirable to comply with the law, or to protect or defend our rights or property in accordance with applicable laws.

Summary of Recipients

Without limiting the disclosures above, further information about what information we share with service providers and third parties is included in the table below. Please note that the table below contains personal information we share where necessary on an occasional or one-off basis, as well as personal information that we share routinely.

Service provider / third party	Purpose	Information shared
Hyatt and Grupo Piñero
Hyatt Group	Administrative support Intra-brand services Group analytics and business planning Marketing and commercial services World of Hyatt participation Please refer to the Hyatt Privacy Policies available here – www.hyatt.com/info/privacy-policy for more information on how Hyatt Group Companies use your personal information.	Identification information Demographic information Contact information Stay information Preferences and inferences Loyalty information Purchase history Consent records Social media platform Information Other booking platform information Third-party information Website or mobile application data Other video and/or audio
Grupo Piñero	Marketing and administrative support	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Preferences and inferences Consent records Correspondence Social media platform information Other booking platform information Third-party information Website or mobile application data
Our Service Providers and Suppliers
CRM Providers	CRM software	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Preferences and inferences Consent records Correspondence Social media platform information Other booking platform information Third-party information Website or mobile application data
Office and Email Software Provider	Email and document services Enterprise software	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Consent records Preferences and inferences Correspondence CCTV and other video surveillance Other video and/or audio
Property Management Software Provider	Property management software	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Preferences and inferences Correspondence
E-Billing and Invoicing Software Provider	Invoicing software	Identification information Demographic information Contact information Stay information Loyalty information Purchase history
Travel Services Booking Providers	Booking software	Identification information Demographic information Contact information Stay information Loyalty information Payment information Other booking platform information
Travel Services Channel Management Providers	Channel management software	Identification information Demographic information Stay information Loyalty information
Treasury Management and Finance Software Provider	Finance software	Identification information Stay information Payment information Purchase history
Payment Processers	Payment processing	Identification information Payment information
Third-party Data Centres	Document and data storage	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Consent records Social media platform Information Other booking platform information Third-party information Website or mobile application data CCTV and other video surveillance Login details Other video and/or audio
Payment Service Providers (please check information at point of sale)	Point of sale and payment services	Identification information Purchase history Payment information
Third-Party Contact Centre Providers	Contact centre services	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Preferences and inferences Correspondence CCTV and other video surveillance
Social Media Platforms	Account access	Identification information Contact information Loyalty information Social media platform information Website or mobile application data
Other IT Service Providers	IT system support and maintenance	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Consent records Correspondence CCTV and other video surveillance Other video and/or audio
External Auditors	Statutory audits	Identification information Stay information Loyalty information Purchase history
External Law Firms	Legal advice	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Consent records Correspondence Social media platform Information Other booking platform information Third-party information Website or mobile application data Other video and/or audio
Reservations and Other Requests at Third-Party Locations	Take bookings Provide feedback on bookings made with us	Identification information Demographic information Contact information Stay information Purchase history Preferences and inferences Loyalty information Correspondence Other booking platform information Consent records
Third-Party Marketing and Analytics Providers	Marketing and customer analytics services	Demographic information Contact information Stay information Loyalty information Purchase history Preferences and inferences Consent records Social media platform Information Other booking platform information Third-party information Website or mobile application data
External Accountants	Accounting services	Identification information Stay information Loyalty information Purchase history
E-Folio Program Providers	Provision of services to you or your employer or client	Identification Information Stay Information Payment information
Independent third parties
On-Property Companies	Food and beverage, sporting, tourist, retail and leisure activities	Identification information Stay information Loyalty information
As Part of Business Transfers and Transfers of Ownership of Hotel Properties	Business transfers Provide our services Legal obligations	Identification information Demographic information Contact information Stay information Loyalty information Payment information Purchase history Preferences and inferences Login details Consent records Correspondence Social media platform information Other booking platform information Third-party information Website or mobile application data CCTV and other video surveillance Biometric information Other video and/or audio
Regulators and Official Authorities	Legal obligations	Identification information Demographic information Contact information Stay information Loyalty information Payment information Purchase history Preferences and inferences Correspondence Login details Consent records Social media platform Information Other booking platform information Third-party information Website or mobile application data CCTV and other video surveillance Biometric information Other video and/or audio
Social Media Platforms	Account access Marketing services	Identification information Demographic information Contact information Loyalty information Website or mobile application data Social media platform information
Marketing Agencies and Suppliers and Advertising Networks	Marketing services Serve you with advertising for AGL services Serve you with ads for third-party products and services that you may be interested in	Identification information Demographic information Contact information Preferences and inferences Social media platform information Website or mobile application data Consent records
Third Parties who Promote Our Services Jointly with Us (Including Airlines and Credit Card Providers)	Provide and fulfil cross-promotional offers and activities Provide ads and marketing for AGL services Provide ads and marketing for the partner’s products and services Provide analytics Provide services to us	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Payment information Preferences and inferences Social media platform information Other booking platform information Website or mobile application data Third-party information Consent records
Anyone who makes a booking on your behalf Anyone who checks in on your behalf	Administering travel and providing services	Identification information Demographic information Contact information Stay information Loyalty information Purchase history Other booking platform information CCTV and other video surveillance

Children

We do not sell products or services for purchase by children. You may only use our platforms if you are at least 18 years of age and can form legally binding contracts under applicable law. We do not knowingly solicit or collect information from children under 18 years of age. We will only collect information relating to children with the specific permission of parents or guardians.

What are your rights?

You have the right to:

Access your information;
Object to the use of your information;
Erasure of your information;
Portability of your information to other organisations;
Correct and update your information if it is inaccurate;
Restrict our use of your information while any concerns you raise are resolved;
Complain to your data protection authority; and
Withdraw your consent.

Please be aware that these rights are not absolute and there may be situations where they cannot be exercised or they are not relevant to you or your personal information.

You can exercise these rights by contacting us via the methods provided in this Policy. Please be sure to include your full name, address and telephone number so that we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require in order to make that determination.

Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.

If you submit a request to correct or update your personal information, and if we agree that the personal information is incorrect, or that the processing should be stopped, we will delete or correct the personal information. If we do not agree that the personal information is incorrect, we will tell you that we do not agree, explain our refusal to you, and record the fact that you consider that personal information to be incorrect in the relevant file(s). If you are unhappy with the way we have handled your request, you can escalate your concern to the Data Protection Officer by sending an email to dpd.privacy@bahia-principe.com. In some cases, you may also be able to complain to a data protection authority. You can find out more information about your rights on the website of your country’s data protection authority.

European Economic Area, Switzerland and United Kingdom

If you are based in the European Economic Area, Switzerland or the UK or receiving services from a Hyatt Location in one of these jurisdictions, you have the right to:

Access your information;
Object to the use of your information;
Erasure of your information;
Portability of your information to other organisations;
Correct and update your information if it is inaccurate;
Restrict our use of your information while any concerns you raise are resolved;
Complain to your data protection authority; and
Withdraw your consent.

The relevant contact details to exercise these rights are set out in this Policy. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so that we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.

Mexico

The processing of personal data carried out in Mexico, or to which Mexican law applies, shall be governed in accordance with the general provisions of the Privacy Policy and this section for Mexico, which together shall be understood as the “Integral Privacy Policy for Mexico”.

If you are based in Mexico or otherwise subject to the Mexican data protection laws (including the Federal Law on the Protection of Personal Data Held by Private Parties Act (for the purposes of this section, “the Act”)), the data controller for the use, processing, and protection of your personal information will be the company: MANAGEMENT HOTELERO PIÑERO S.L., with Tax ID number B57211732 and registered address Avenida Gabriel Roca 33, Edifico Mediterráneo 5b,5ºc y 5-1º 07014, Palma, Illes Balears. You can find the relevant contact details at Section 1 (Who is the data controller?) above.

In addition to any relevant rights outlined in this Policy, you have the right to:

learn how we use this information and the specific terms and conditions governing its use; and
opt-out of direct marketing.

You can find out more information about your rights on the website of the Mexican Authority responsible for overseeing Data Protection – the Ministry of Good Government and Anticorruption (Secretaría Anticorrupción y Buen Gobierno) (https://portal-transparencia.buengobierno.gob.mx/proteccion-de-datos-personales/).

The additional provisions in relation to the rights of data subjects are as follows:

Consent

If you are based in Mexico or otherwise subject to the Mexican data protection laws, where necessary you consent to Hyatt’s use of your personal information as described in this Policy, unless you provide an express objection, by sending an email to dpd.privacy@bahia-principe.com. Consent is not required for any processing that is necessary for a contract between you and BP, or in respect of the matters referred to in Article 9 of the Act.

Where we rely on consent to process your personal information, you have the right to withdraw that consent. However, in certain cases, we may not be able to fulfil your request or immediately stop processing your information due to legal or tax obligations we are subject to. Additionally, withdrawing your consent for certain purposes might result in our inability to provide the service you requested, or terminate the agreement we have with you. Therefore, you may withdraw your consent or object to only those purposes that are not essential for performing the agreement we have with you or for complying with our obligations.

Your consent may be provided by agreeing to this Policy, through a third party, in person or through any other reasonable means used by BP.

By providing any third party’s personal information to BP, you confirm that you have provided the third party with a copy of this Policy and where necessary have obtained their consent to any handling of their personal information by BP.

The above is without prejudice to your ability to exercise your rights under the Act.

Limit the use and disclosure of your information

You may also limit the use and disclosure of your personal information by registering with:

the public registry to avoid advertising, managed by the Federal Consumer Protection Agency (“PROFECO”), which prevents your information from being used to receive advertising or offers of goods and services. To do so, please visit the official website of PROFECO; or
our exclusion list, which ensures that your personal information is not processed by us for marketing, advertising, or commercial purposes.

How to make a request

In order to: (i) exercise any of your rights, including to request details from us of the terms applicable to exercising your rights or further information about how to exercise your rights; (ii) withdraw your consent, and (iii) limit the use or disclosure of your personal information or obtain more information about the procedure and requirements to do so, you must submit a request to us using the relevant contact details at Section 1 (Who is the data controller?) above.

Your request should include:

full name of the owner of the personal information;
a description of the personal information related to your request;
a specific reference to the right(s) you want to exercise, if applicable, or if you want to withdraw consent or limit the use or disclosure of your personal information; and
your address or other means for delivering our response to your request.

To verify your identity, please attach a copy of your official identification document to your request. If the request is submitted by a legal representative, you must also provide proof of their authority to act on your behalf.

Please note that the team in charge of processing your request for exercising your rights or revoking consent will respond to your request within twenty business days, starting from the date on which you submitted your request.

It is your responsibility to periodically review the most current version of the Policy. Any modifications to the Policy will be communicated to you in the same manner in which this Policy has been made available to you. In the event that we need to collect specific consent due to changes made to the Policy, or in cases where the modifications imply or result in a new Policy, the new Policy will be disclosed to you in the same manner as this Policy in order to obtain your consent. It will be understood that you expressly accept this Policy until we receive any communication to the contrary.

If your express consent to this Policy is required, it will be understood that you expressly accept the content of this Policy and the processing of your Personal Data when you use or receive the services or in the event any type of registration is done by you, unless we receive a withdrawal of consent.

In the event of any conflict between the general terms of this Policy and the provisions applicable for Mexico, the local jurisdiction terms shall prevail. All interpretation and enforcement of this Policy for Mexico shall be carried out in accordance with the applicable legal framework and mandatory regulations of the relevant jurisdiction.

United States and California notice at collection

For purposes of exercising the rights described for United States residents in this Section, please note the following additional details regarding how we collect and use your personal information as described in this Policy:

Depending on the nature of our interactions with you, we may collect, and use for our business and commercial purposes, the following categories of personal information as set forth in applicable Californian law: identifiers; Californian customer records (such as birthdate, contact information, and payment information); characteristics of protected classifications under California or federal law (such as demographic information); commercial information; biometric information; Internet or other electronic network activity information; professional or employment information; education information; geolocation data; audio, electronic or visual information; sensitive personal information (as set forth in Section 3 (What personal data do we obtain?) above); and inferences.
We use the above categories of personal information for the business and commercial purposes described in Section 4 (Why do we process your personal information?) above. We may use and disclose sensitive personal information for the purposes described in Sections 4 (Why do we process your personal information?) and 6 (To whom may we transfer your personal information?) above.
We collect personal information from the following categories of sources, as more fully described in Section 3 (What personal data do we obtain?) above: directly from you, automatically from your devices, from other booking platforms, from our service providers, from social media, from our business partners, from people who book or check in on your behalf, and from our affiliates and subsidiaries.
We may disclose each of these categories of personal information to the extent permitted by applicable law with the following categories of parties, as more fully described in Section 6 (To whom may we transfer your personal information?) above: affiliates and subsidiaries, service providers, business partners, advertising networks, data analytics providers, social media networks, other booking platforms, credit reporting bodies, with entities for our legal compliance purposes, law enforcement or government authorities where required, and with potential acquirers or creditors.
We may “sell” or “share” for purposes of cross-context behavioral advertising the following categories of personal information: identifiers; customer records; demographic information; commercial information; website data or other electronic network activity; geolocation data; and inferences. We sell and share this personal information with advertisers, advertising networks, and social networks. We do not knowingly sell or share the personal information of consumers under 16 years of age.
We only use and disclose sensitive personal information for purposes specified under applicable Californian privacy regulations. We retain your sensitive personal information as described in Sections 4 (Why do we process your personal information?) and 5 (For how long will your personal information be stored?) above.

From time to time, we may collect personal information in connection with a promotion, offer, program, or discount, including the World of Hyatt loyalty program. See here for World of Hyatt’s terms and conditions. We or our vendors may disclose such personal information in connection with our World of Hyatt alliances, including those listed here. The offers and incentives made available through them are generally related to the value of the relationships that we have with the individuals who participate. Participation is voluntary, and you may withdraw at any time by contacting us using the information set forth at Section 1 (Who is the data controller?) above.

Depending on the privacy laws in your United States state of residence, you may also be able to make some or all of the following requests with respect to your personal information, all of which are subject to certain exceptions, specific definitions, and limitations under applicable law and regulation:

Access/right to know: You can request to confirm whether we process personal information about you, and you can request that we disclose to you the categories of personal information collected about you (including sensitive personal information), the categories of sources from which the personal information is collected, the categories of personal information sold, shared or disclosed, the business or commercial purpose for collecting, selling or sharing the personal information, the categories of third parties (or, in certain states, a list of third parties as defined in applicable state law) to whom we disclose the personal information, the specific pieces of personal information collected about you, and information about the logic involved in any automated decision-making processes used by us (if applicable), as well as a description of the likely outcome of the process with respect to you.
Deletion: You can request that we delete the personal information that we maintain about you, subject to certain exceptions.
Do not sell or share my personal information: You can request to opt out of the sale of your personal information and the sharing of your personal information for cross-context behavioral advertising. We and other parties use cookies and related technology for advertising purposes, which could constitute a “sale” or “sharing” of your personal information according to some privacy laws. If you would like to opt out of such cookie-based tracking for advertising purposes, you can update your cookie preferences on our websites by clicking on the “Cookie Center” link in the footer of the page you are viewing. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting aboutads.info/choices.

Your opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache. This means you need to adjust your cookie preferences on each website, device, and browser you use.

Opt-out of processing for targeted advertising: We may use personal information obtained (or in some instances inferred) from your activities across unaffiliated sites to send more relevant advertising to you, including certain categories of personal information (as set forth in Section 3 (What personal data do we obtain?) above). You can request that we stop using your personal information for such targeted advertising by following the steps below and also updating your cookie preferences by clicking on the “Cookie Center” link that may be in the footer of our websites. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting aboutads.info/choices. Your opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your cookies or your browser’s cache. This means you need to adjust your cookie preferences on each website, device, and browser you use.
Correct or update my personal information: You have the right to request that we correct, update, or modify the personal information we maintain about you. If you have an account, you can also update your profile information any time by visiting the account settings page within your account.
Opt-out of automated decision-making: You have the right to request to opt-out of any profiling or automated decision-making, to the extent we engage in those processing activities. If we ever use automated decision-making technology to make a significant decision about you, you will receive a separate pre-use notice further describing the data processing and how to opt-out.
Limit the use of my sensitive personal information: If you are a California resident, please note that we only use and disclose sensitive personal information for purposes specified under applicable California privacy regulations, such as to carry out our relationship with you (e.g., providing our goods and services that you’ve requested, maintaining the quality of our services, and protecting our services against illegal activity).

As is the case for all consumers, regardless of residency, we will not deny you any products or services, nor charge you different prices, nor discriminate against you in any other manner in response to you exercising any of these rights.

Eligible individuals can request to exercise these rights by emailing or calling us using the contact information at Section 1 (Who is the data controller?) above, or by clicking on the link in the footer of the page you are viewing.

We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. You can submit an appeal if you are not satisfied with the outcome of your request. To do so, please use the contact details provided below.

Please note that after you opt out of sale, sharing, or targeted advertising, your use of our websites may still be tracked by us and our service providers.

We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the personal information, the nature of your request, and whether you have an account with us.

You may designate an authorised agent to make a request on your behalf. When submitting the request, please ensure the authorised agent is identified as an authorised agent and ensure the agent has the necessary information to complete the verification process.

If you reside in California, you also have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please write to us using the contact information provided at Section 1 (Who is the data controller?) above. Indicate in your correspondence that you are a Californian resident making a “Shine the Light” inquiry.

Sei in:

Ciao! Ti aiuto con il tuo viaggio? 😊