Privacy Policy
Our commitment to protecting your personal data in accordance with Law 29733.
I. Introduction
MACHUPICCHU GOLDEN S.R.L. is firmly committed to respecting and complying with all legal and regulatory provisions applicable to it. It also understands that personal data, being an integral part of people's privacy, and also fundamental to our activity, must be processed in such a way that not only complies with the law but also involves measures that generate an environment of trust and security for the public regarding such processing.
II. Objective
The purpose of this Policy is to inform the public of our commitment to the protection of their personal data, as well as the guidelines under which we process it in the course of our commercial activities, the purpose for which we do so, and the procedures by which the data owners may exercise the rights provided for in the Personal Data Protection Regulations.
III. Scope
This Policy applies to all personal data processing activities carried out by MACHUPICCHU GOLDEN S.R.L. (hereinafter “MACHUPICCHU GOLDEN”). It also applies to those persons or companies to whom MACHUPICCHU GOLDEN entrusts the processing of personal data for which it is responsible.
IV. Definitions
The terms used with an initial capital letter in this policy are defined in Annex No. 1.
V. Guiding Principles
MACHUPICCHU GOLDEN undertakes to respect the guiding principles established in the Personal Data Protection Regulations. These are:
- Principle of legality
- The processing of personal data is carried out in accordance with the law; the collection of personal data by fraudulent, unfair or unlawful means is prohibited.
- Principle of consent
- The processing of personal data requires the consent of its owner, unless one of the exceptions provided for by law applies. Such consent must be free, prior to its collection or processing, express and unequivocal, and informed.
- Principle of purpose
- Personal data must be collected for a specific, explicit and lawful purpose, and its processing must not extend to a purpose other than that for which it was collected.
- Principle of proportionality
- The processing of personal data must be adequate, relevant and not excessive in relation to the purpose for which it was collected.
- Principle of quality
- The personal data to be processed must be truthful, accurate and, as far as possible, up to date, necessary, pertinent and adequate for the purpose for which it was collected.
- Principle of security
- The owner of the personal data bank and the person in charge of the personal data bank must adopt the technical, organisational and legal measures necessary to guarantee the security of the personal data.
- Principle of availability of remedy
- The owner of personal data must have the administrative or judicial means necessary to claim and enforce their rights when these are violated by the processing of their personal data.
- Principle of adequate level of protection
- For the cross-border flow of personal data, a sufficient level of protection must be guaranteed for the personal data to be processed or, at least, comparable to that provided for by the Personal Data Protection Law or by international standards on the matter.
VI. Purpose of the Processing of Personal Data
MACHUPICCHU GOLDEN processes personal data of collaborators, clients and potential clients, suppliers, employees and other persons who make up its stakeholders, in accordance with the purposes authorised by each of them in the consents they have granted to MACHUPICCHU GOLDEN, subject to the exceptions to the consent requirement provided for by the Personal Data Protection Regulations.
MACHUPICCHU GOLDEN informs that it will process personal data, among others, for the following general purposes:
- To comply with the obligations arising from the contractual and non-contractual relationships established with the owner of the personal data.
- To communicate to its stakeholders commercial information about its business activity, goods and services, according to the consent obtained from the owner of the personal data.
- To comply with its legal obligations as an employer.
- To carry out follow-up and monitoring for security risk management purposes through its video-surveillance and biometric registration devices, and others that may be provided.
- To carry out due diligence activities and business risk management.
- To supply the Personal Data to third parties, in Peru or abroad, with whom Machupicchu Golden has a contractual relationship and to whom it is necessary to provide the data to fulfil the contracted object.
- To transfer personal data to the related companies listed in Annex 2 of this policy, within the framework of the purposes reported here.
- To process it so that, by virtue of the services rendered, the client may make use of the benefits of the “discount coupons” loyalty program through any of the communication, sales or redemption channels provided, both in person and remotely.
- To automatically complete the documents associated with the transactions carried out by the Owner based on the services used.
- To develop commercial actions or after-sales services, of a general nature or aimed personally at the Owner, intended to improve their experience as a client through the Communication Channels.
- To keep the Owner of Personal Data informed, through the Communication Channels, about the delivery process and status of the contracted services.
The processing of personal data for the aforementioned purposes, and for any other lawful purpose other than those mentioned above, is duly reported to the owners of the personal data, requiring specific authorisation according to the stakeholder concerned, in compliance with the principle of consent and with the exceptions provided for in the Personal Data Protection Regulations.
VII. Consent
MACHUPICCHU GOLDEN will require the free, prior, express, unequivocal and informed consent of the owner of the personal data for its processing, except in the cases of exception expressly established by the Personal Data Protection Regulations.
MACHUPICCHU GOLDEN will not require consent to process your personal data obtained from sources accessible to the public, whether free of charge or not, for the use for which they were made accessible to the public; likewise, it may process your personal data from non-public sources, provided that such sources have your consent to process and transfer such personal data.
VIII. Rights of the Owners
In accordance with the Personal Data Protection Regulations, the owners of personal data have the following rights:
- 1. Right of access and information
- As a consequence of the right of access, the owner of personal data has the right to obtain the information about themselves that is subject to processing in data banks owned by MACHUPICCHU GOLDEN, the way in which their data was collected, the reasons that motivated its collection, the transfers made or planned, and to whom, among others. The right to information, in turn, grants the owner the right to know, prior to the collection of their data, the purpose for which their data will be processed, the existence of the data bank in which it will be stored, the identity and address of the owner of the data bank and of those in charge of the processing, whether personal data will be transferred and to whom, the retention period, among others.
- 2. Right of rectification, updating and inclusion
- The owner of personal data has the right to the updating, inclusion and rectification of their personal data being processed by MACHUPICCHU GOLDEN when it is partially or totally inaccurate, incomplete, or when omission, error or falsehood has been detected.
- 3. Right of cancellation or deletion
- The owner of personal data may request the cancellation or deletion of their personal data that is not related to or necessary for the execution of the obligations of MACHUPICCHU GOLDEN provided for in the signed contracts or those established by current regulations.
- 4. Right to prevent supply
- The owner of personal data has the right to prevent their personal data from being supplied, especially when the supply affects their fundamental rights, unless the supply is carried out between the owner of the personal data bank and a person in charge of the personal data bank for the purpose of its processing.
- 5. Right of opposition
- The owner of personal data may oppose the processing of their personal data at any time. Opposition will proceed to the extent that the processing does not have contractual or legal justification.
- 6. Right of revocation
- The owner of personal data may withdraw at any time the consent previously granted. The revocation will not reach the uses and/or processing that may be carried out in the scenarios authorised by the regulations.
- 7. Right to objective processing
- The owner of personal data has the right not to be affected by a decision based solely on the processing of personal data intended to evaluate certain aspects of their personality or conduct, unless this occurs within the framework of a contract or in cases of evaluation for the purpose of incorporation into a public entity, in accordance with the law, without prejudice to the possibility of defending their point of view to safeguard their legitimate interest.
- 8. Right to protection
- In the event that the owner or the person in charge of the personal data bank denies the owner of personal data, totally or partially, the exercise of the rights established in this Law, the owner may appeal to the National Authority for the Protection of Personal Data by way of a claim, or to the Judiciary for the purposes of the corresponding habeas data action.
- 9. Right to be compensated
- The owner of personal data who is affected as a result of the breach of this Law by the owner or by the person in charge of the personal data bank or by third parties has the right to obtain the corresponding compensation, in accordance with the law.
IX. Procedure for exercising the rights of the Owner of the Personal Data
Owners may revoke their consent or exercise their legal rights by writing to reservas@machupicchugolden.com indicating their full name, passport or national identity document, and attaching a copy of said document.
In the event that the owner of the personal data needs to exercise their rights through a representative, the representative must send a power of attorney legalised by a notary public authorising them as such, together with their identity document.
X. Term of the Processing of Personal Data
The personal data processed by MACHUPICCHU GOLDEN will be stored for the time necessary to fulfil the processing purposes authorised by the owner, without prejudice to the owner's ability to exercise the aforementioned rights at any time.
XI. Security of Personal Data
In compliance with current regulations, MACHUPICCHU GOLDEN adopts the appropriate legal, organisational and technical measures to guarantee the security of personal data, preventing its alteration, loss, improper processing or unauthorised access.
For this purpose, it makes available all the necessary human and technological resources, applying them in proportion to the nature of the data stored and the risks to which it is exposed.
MACHUPICCHU GOLDEN will only process personal data stored in repositories that meet the security conditions required by current personal data protection regulations.
XII. Modifications
Should any change or modification of this Policy occur, its current text will be published on our web portal: https://www.machupicchugolden.com/ in the Privacy Policy section.
XIII. General Information
As part of our activity, we process personal data in compliance with the provisions of the Personal Data Protection Regulations.
The personal data we process is stored in personal data banks owned by MACHUPICCHU GOLDEN, duly registered with the Personal Data Protection Authority.
Annex No. 1
Definitions
The words and terms defined below, when written with an initial capital letter as done in their respective definitions that follow, whether or not necessary according to the spelling rules for the use of capital letters, and regardless of where in this policy they are used, or whether they are used in a particular person, number, mood, tense or grammatical variable, as necessary for the proper understanding of the policy, shall have the meanings ascribed to each of said words or terms below:
- Personal Data Protection Law
- Law 29733 and its amendments.
- Regulations of the Personal Data Protection Law
- Supreme Decree No. 003-2013-JUS and its amendments.
- Personal data bank
- An organised set of personal data, whether automated or not, regardless of the medium, be it physical, magnetic, digital, optical or others that may be created, whatever the form or modality of its creation, formation, storage, organisation and access.
- Sensitive data
- Personal data consisting of biometric data that by itself can identify the owner; data relating to racial and ethnic origin; economic income; political, religious, philosophical or moral opinions or convictions; union membership; and information related to health or sexual life.
- Person in charge of the personal data bank
- Any natural person, private legal entity or public entity that, alone or acting jointly with another, processes personal data on behalf of the owner of the personal data bank.
- Personal Data Protection Regulations
- Refers to the Personal Data Protection Law, the Regulations of the Personal Data Protection Law, and their amendments and complementary rules.
- Owner of personal data
- The natural person to whom the personal data corresponds.
- Owner of the personal data bank
- A natural person, private legal entity or public entity that determines the purpose and content of the personal data bank, its processing and the security measures.
- Transfer of personal data
- Any transmission, supply or disclosure of personal data, of a national or international nature, to a private legal entity, a public entity or a natural person other than the owner of the personal data.
- Processing of personal data
- Any technical operation or procedure, whether automated or not, that allows the collection, recording, organisation, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, deletion, communication by transfer or dissemination, or any other form of processing that facilitates access, correlation or interconnection of personal data.
- ARCO Rights
- Rights held by every natural person as the owner of personal data.
- Request to exercise ARCO Rights
- The request for access, rectification, updating, inclusion, cancellation, deletion or opposition made by the owner of personal data regarding their information.
- Consent of the data subject
- Any free, specific, informed and unequivocal expression of will by which the data subject accepts, whether through a statement or a clear affirmative action, the processing of personal data concerning them.
- Communication Channels
- Physical mail, e-mail, text messages (SMS and/or MMS), digital media such as Facebook, Instagram or “WhatsApp” or other similar platforms, mobile phone number or any means of communication that the Owner of Personal Data provides to MACHUPICCHU GOLDEN.
The Management.
