A.Identity and domicile of the Data Controller.

In compliance with the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter referred to as LFPD) and in accordance with applicable provisions, Golf & Resorts, S.A. de C.V. (hereinafter and indistinctively referred to as “Data Controller”) having corporate domicile for hearing and being served notices at Carretera Cancún Puerto Morelos Km 21, Manzana 01, Lote 1 – 11, Edificio A, Supermanzana 47, Municipio Benito Juárez, Cancún, Quintana Roo, C.P. 77506, expressly informs: 

B.Personal data collected and subjected to processing.

In order to fulfill the purposes described herein, we collected the following types of personal data:  

  1. Identification data.
  2. Personal characteristics data.
  3. Economic, financial and insurances data. 

C.Processing of sensitive personal data.

The Data Controller does not collect any sensitive personal data for any of the purposes listed below. 

D.Processing purposes.

  1. Initial and necessary purposes:
    1. To provide the expressly engaged services, under any of modalities thereof, as a member of the Data Controller.
    2. To secure the functionality and quality of the benefits acquired, by means of the hiring or confirmation of the services provided by third-parties which services are or have been requested by the users themselves before or during the stay thereof.
    3. To allow you access to our on-line services.
    4. To notify you about any changes performed to our services.
    5. To invoice the delivered goods and services provided by the Data Controller, as well as to conduct debt collection even judicially or through third parties.
    6. To submit communications about offers and new products and/or services offered by the Data Controller.
    7. To make the statistics and the historical registry of the members.
  2. Additional purposes:
    1. To make satisfaction surveys. 

In addition to the foregoing, we inform you that the personal data corresponding to third-parties, which you provide to Data Controller for the compliance with the purposes described above (e.g. family data) shall be provided after such people has been informed on the existence of the processing and on the contents hereof. 

E.Additional purposes. Processing denial.

When collecting your personal information, we will make available physical or electronic means (such as verification boxes or check boxes) so that you can clearly indicate that you do not want us to process your personal information for additional purposes. If you have not expressed your opposition at the time of providing your personal data to the Data Controller, we may process them for the said additional purposes. At any time, you may revoke your consent for the processing of your personal information in relation to the additional purposes indicated, through the mechanisms provided in this Privacy Notice and in accordance with current legislation. 

F.Transfer of personal data.

Your personal data (including your sensitive data) may be transferred to and processed by other parties different from Data Controller. Addressees of such transferences (either national or international) correspond to the following categories: 

  1. Holding, subsidiary or affiliate corporations of the Data Controller, for the purposes of having centralized-information protection; registration and un-registration control; control, management and administration of Data Controller´s memberships; changes to services provision thereof; and Data Controller’s users’ statistics preparation in an aim to assess, improve and design new services for said users.
  2. Unaffiliated third-parties (service providers) for the sole and exclusive purpose that such third-parties assist Data Controller in providing the services related to your reservation of services and in engaging additional necessary services or services expressly requested by Data Subjects during the stay thereof (observance of the legal relationship between Data Controller and Data Subjects / compliance with the agreements concluded or to be concluded in Data Subject’s best interest by Data Controller and a third-party).
  3. Collection companies to recover any unpaid credits and to judicially or otherwise collect them.
  4. Business partners for promoting and/or sponsor of products, services and special offers. 

G.Data transfer consent.

The personal data transfers referenced at numbers from 1 to 3 above do not require your consent for the conduction thereof, pursuant to the provisions of LFPD article 37. For the conduction of the transfer of the personal data mentioned under number 4 above, we require your consent. 

The knowledge and acceptance hereof through the electronic means which Data Controller uses for collecting personal data, particularly the webpage www.palacepremier.com/home entails that you award your consent for your personal data being transferred to “Business Parties”. At all times, you may inform to Palace Premier that you intend to withdraw your consent for the future transfer of your personal data. For the rest of the events, your personal data shall not be transferred to any third-parties without your consent, except for exceptions contained at article 37 of the LFPD. Transfer thereof shall always meet the conditions set forth at article 37 of the LFPD. 

H.ARCO rights exercise.

For all legally possible cases, you may, at all times, enforce your access, rectification, cancellation and opposition rights (hereinafter referred to as ARCO rights) through procedures we have implemented.  

Your request shall comply with requirements set forth on the effective legislation, by means of a document addressed to our Data Privacy Officer, whose domicile is Carretera Cancún Puerto Morelos Km 21, Manzana 01, Lote 1 – 11, Edificio A, Supermanzana 47, Municipio Benito Juárez, Cancún, Quintana Roo, C.P. 77506.  

The request shall contain the following information: 

  1. Your name and domicile or any other means for letting you know the answer to your request;
  2. The documents proving your identity or, if applicable, your power of attorney;
  3. A clear and precise description of the personal data with regard to which any ARCO rights are to be enforced; and
  4. Any other element or document which makes it easy to locate personal data. 

Data Controller shall inform to you, within a twenty business day maximum term from the date when Data Controller receives the relevant request, on the adopted determination. If your request is accepted, it shall be conducted within a fifteen business day term after the date when Data Controller communicates the answer. In case the information provided in your request is mistaken or insufficient, or in the event that documents required for proving your identity or power of attorney are not enclosed thereto, Data Controller, within the five business days after your request had been received, shall demand that deficiencies are corrected in order to process your request. In these cases, you shall have ten business days for the performance of the correction; which period shall commence on the day after receipt thereof. It shall be deemed that the relevant request has not been submitted should you do not answer within said term.  

You may obtain the requested information or personal data through single copies thereof, electronic documents in conventional formats (Word, PDF, etc.), by means of a restricted and authorized access to the system processing your personal data (access) or trough any other lawful means guaranteeing and accrediting the efficient exercise of the requested right. 

Alternatively, Data Subjects may address the request to derechosarco@palaceresorts.com, meeting all the aforementioned requirements, stating as subject thereof as follows: “ARCO Rights and/or Revocation of Consent”. Procedure terms shall be the same mentioned at paragraph above. The usage of electronic means for enforcing the ARCO rights authorizes Data Controller to answer the relevant request through the same means thereof, unless Data Controller clearly and expressly establishes any other means for such purposes.  

You shall be responsible for updating your personal data held by Data Controller; therefore, you guarantee and shall be liable, in any case, for the veracity, accuracy, effectiveness and authenticity of personal data provided and bind to keep such data updated, communicating any change to Data Controller. 

I.Consent revocation.

You may revoke your consent for the processing of your personal data, without any retroactive effects, in all cases were such revocation does not entail that it will be impossible to fulfill any obligations arising from an effective legal relation between you and Data Controller. The procedure for revoking the consent, if applicable, shall be the same one that is set forth at the foregoing section H. ARCO rights exercise. 

J.Limitations to the disclosure of your personal data.

You may limit the usage or disclosure of your personal data by addressing the relevant request to our Data Protection Officer. Requirements for proving your identity, as well as the procedure for answering your request shall be the same as those indicated at section H. ARCO rights exercise. 

I.Automated means for collecting personal data.

Data Controller uses cookies for facilitating the surfing the webpage www.palacepremier.com/home. Said cookies constitute a tool used by web servers for saving and recovering information saved at the browser used by the users or visitors of the webpage that allows saving the personal preferences thereof to provide a better surfing experience.  

The cookies have an expiry date, which may vary from webpage session or visit lasting to a specific date from which cookies shall stop functioning. Most cookies used at www.palacepremier.com/home only relate to an anonymous User and the informatics equipment thereof, cookies do not provide any references which allow deducting the name and last name of the User. Cookies cannot read any data from your hard disk nor infect your texts with any viruses.  

We can also collect information by using web beacons, pixel tags, clear gifs or any similar means (generically referred to as “web beacons”) which allow us to obtain non-personal or added information; for instance, domain names, the areas of the site you are visiting, your operating system, the version of the operating system you use, the version of the browser and the URL before your visit. Said information is used to improve your experience at the site and to understand traffic patterns.  

It is also possible that we may use advertisements of third-parties at our sites. Said advertisers may also use cookies and pixel tags to identify among other things, the advertisements you have been displayed and webpages thereof. Data Controller does not have the control over the usage of said technology by third-parties; therefore we cannot be liable for actions and policies thereof.  

You may configure your browser to automatically accept or reject all cookies or to be displayed a notice on screen about the receipt of each cookie and to decide on that moment if it shall be implanted on the hard disk or not. We suggest you to consult the help section of your browser in order to know how to change the configuration of the acceptance or rejection of cookies. Even when you configure your browser for rejecting all cookies or for expressly rejecting the cookies of www.palacepremier.com/home, you may surf the website with the one inconvenient of not enjoying the functions of the site which require the installation of some cookies. In all cases, you may, at any time, eliminate the cookies of www.palacepremier.com/home implanted on your hard disk, by following the procedure established under the help section of your browser. 

L.Amendments or updating to this Full Privacy Notice.

Data Controller may amend, update, extend or otherwise change the terms, conditions and scope of this Full Privacy Notice at any time at its entire discretion. In which event, Data Controller shall publish such changes at the website www.palacepremier.com/home section “Privacy Notices”.


Last Updated: 

July 16th, 2021.