Hyatt Centric Guatemala City

Privacy Notice

1. Background and scope

This Privacy Notice ("Notice") sets out how Travel Experiences A-1 processes and protects the privacy of your personal information.

In Travel Experiences A-1. We need to collect, use and disclose personal information to perform our functions and business activities, including making and managing travel bookings on behalf of our customers. We are firmly committed to protecting the privacy and confidentiality of personal information and maintaining various physical, electronic and procedural security measures to protect the personal information in our care.

For the purposes of the General Data Protection Regulation 2016/679 ("GDPR") and other similar legislation, we are a "data controller" (or equivalent) for the processing of the personal information you provide to us in connection with our provision of services in business trips, events, leisure trips and for the purpose of marketing activities.

There may be instances where local data protection laws impose more restrictive information handling practices than the practices set forth in this Notice. Where this occurs, we will adjust our information handling practices in your jurisdiction to comply with these local data protection laws.

2. What personal information do we collect?

In general, the type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel-related services and/or products on your behalf.

Here are some types of personal information we will process from you:

• Contact (such as name, postal/residential address, telephone number, email address);

• Payment account (credit/debit card details, including card type, card number, security number and expiration date);

• Passport information;

• Details of the loyalty/frequent flyer program;

• And other details relevant to your travel arrangements or required by relevant travel service providers (e.g. airlines and accommodation or tour providers).

We also collect online identifiers, such as your IP address and data about your device and the network you are using to connect with us.

When you contact us for other purposes, we may also collect personal information about you in connection with those purposes. For example, to respond to a query or comment you have submitted to us. We also collect information that is required for use in the business activities of Travel Experiences A-1 and our related entities, including, for example, financial details necessary to process various transactions, audio, electronic and visual information (such as video surveillance images) used for security purposes, voice recordings for quality control and dispute resolution, and relevant personal information that you may choose to provide to us.

In some circumstances, we may collect personal information from you that may be considered confidential information under local data protection laws. Confidential information may include (without limitation) your racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, membership in political, professional or commercial associations (to be used in the booking of special rates), biometric and genetic information, passwords and financial information and health information Please note that, where necessary for travel arrangements, we may collect from a responsible adult personal information relating to a child of any age, but we do not knowingly collect such information directly from children.

We will only collect confidential information in accordance with your local data protection laws, with your explicit consent and where reasonably necessary for, or directly related to, one or more of our functions or activities (for example, to make travel arrangements), unless they are required or authorised to do so by law. To the extent permitted or required by local data protection laws, you consent to us using and disclosing your sensitive information for the purpose for which it was collected. For example, it is if you reveal your religious beliefs to us because you are interested in, for example, certain holiday packages, in which case you give us your consent for us to use and disclose that information in connection with the facilitation of your request. We will not use or disclose confidential information for purposes other than those for which it was collected, unless we subsequently receive your consent to use it for another purpose.

3. How do we collect personal information?

We will only collect personal information in accordance with local data protection laws. We generally collect your personal information directly from you during the course of your relationship with us.

Generally, in these cases:

• When you deal with us in person, by phone, letter, email;

• When you visit any of our websites; or

• When you connect with us through social media.

• When you purchase or inquire about travel arrangements or other products and services;

• When you participate in contests or register for promotions;

• When you subscribe to receive marketing from us (e.g. e-newsletters);

• When you ask us for brochures or other information; or

• When you provide information or use our services on social media.

In some circumstances, it may be necessary for us to collect personal information about you from a third party. This includes when a person makes a travel reservation on your behalf that includes travel arrangements for you (for example, a family or group booking or a travel booking made for you by your employer). When this occurs, we will rely on the authority of the person making the travel booking to act on behalf of any other traveller in the booking.

When you make a travel reservation on behalf of another person (for example, a family or group reservation or a travel reservation made for an employee), you agree to have obtained the other person's consent for Travel Experiences A-1 to collect, use and disclose the other person's personal information in accordance with this Notice and that you have informed the other person about this Notice.

You must inform us immediately if you become aware that someone else has provided us with your personal information without your consent or if you did not obtain consent before providing us with someone else's personal information.

4. How do we use your personal information?

When you contact us in connection with a travel booking or enquiry, the purpose for which we collect your personal information is usually to provide you with travel advice and/or assist you with booking travel and/or travel-related products and services. However, the purpose of the collection may differ depending on the particular circumstances described in this Notice (e.g., collection of your personal information for the purpose of entering a contest, providing feedback, etc.).

When you book or arrange travel-related products and services through us, we generally act as agents for the relevant travel service providers (for example, for a hotel). In this case, we process your personal information as necessary to provide the services you requested from us. This typically includes the collection of personal information about you both for our internal purposes as described in this Notice and for the travel service provider for whom we act as an agent (e.g., to provide you with the booked services). For example, if you book a flight through us, then we use your personal information to allow your flight to be booked and disclose it to the airline so that it can provide you with the flight service.

Therefore, we may share your information with our travel service providers, such as hotels, airlines, car rentals or other suppliers, who fulfill your travel reservations. Please note that these travel service providers may also use your personal information as described in their respective privacy policy and may contact you as necessary to obtain additional information about you, facilitate your travel booking, or provide you with the requested services. We encourage you to review the privacy policies of any third-party travel service provider whose products you purchase through us. We will provide you with copies of all relevant terms, conditions and privacy policies of the travel service provider upon request.

We act as agents for or on behalf of many thousands of travel service providers around the world, so it is not possible for us to establish in this Notice all the travel service providers for which we operate or their locations.

Other purposes for which we process personal information include:

• Provide you with services and tools you choose to use (for example, saving travel preferences on our websites to a wish list or saving personal information to allow online forms to be pre-filled);

• Protect against, deter, detect and investigate fraudulent, unauthorized or illegal activities;

• Develop and improve our products and services and those of our related entities;

• To serve our relationship with you, among other things, by creating and maintaining a customer profile to enable our brands to provide you with a better service or by presenting options on our website that we believe may interest you based on your browsing and preferences;

• Involve you in market research, measure customer satisfaction and seek feedback on our relationship with you and/or the service we have provided to you;

• To facilitate your participation in loyalty programs;

• For research and analysis in connection with our business and services, including, but not limited to, trends and preferences in sales and travel destinations and use of our websites;

• To comply with our legal obligations, including complying with requests from government or law enforcement authorities, and any applicable customs/immigration requirements related to your travel; and

• Other purposes authorized or required by law (for example, to prevent a threat to life, health or safety, or to enforce our legal rights).

Where permitted by local data protection laws, we may use your personal information to send you specific marketing activities related to our products and services (and those of third parties) that we believe may be of interest to you, unless you have requested not to receive such information. These may include, but are not limited to, mailings, email marketing and notifications, as described below, and phone calls.) We will only use your personal information to send you electronic marketing materials (including email, email, SMS, MMS and iM) if you have opted in or have not opted out of receiving them, depending on applicable law.

5. Is personal information disclosed to third parties?

We do not and will not sell, rent or trade your personal information. We will only disclose your personal information to third parties in the ways set out in this Notice and in particular as set out below, and in accordance with your local data protection laws. Please note that, in this Notice, when we say "disclose," this includes transferring, sharing (including verbally and in writing), sending or making available or making accessible your personal information to another person or entity.

Your personal information may be disclosed to the following types of third parties:

• Our independent contractors, suppliers and service providers, including but not limited to.

• Our related entities and brands;

• Travel service providers, such as travel wholesalers, tour operators, airlines, hotels, car rental companies, transfer managers and other related service providers;

• Financial institutions such as banks, when processing financial transactions;

• A person who makes their travel reservation on your behalf, when you travel with a reservation made on your behalf by another person (for example, a family member, friend or co-worker);

• Your employer, when you are an employee of one of our corporate, commercial or government clients and participate in an event or travel for work purposes;

• Customs and Immigration to comply with our legal obligations and any applicable customs/immigration requirements related to your travel;

• Government agencies and public authorities to comply with a valid and authorized request, including a valid court order or other legal process;

• Various regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes;

• Law enforcement agencies where we suspect that unlawful activity has been or may be carried out and personal information is a necessary part of our investigation or reporting of the matter; and

• third-party services or applications when you use them to log into your account (e.g., if you use a third-party service or application (e.g., Facebook, Google) to log into your Travel Experiences A-1 account, we share certain personal information with that third party).

On our websites, you may choose to use certain features that may be accessed through other entities that are not affiliated with us, or for which we partner with them. These features, which include social media and geolocation tools, are operated by third parties, including social media, and are clearly identified as such. These third parties may use or share personal information in accordance with their own privacy policies. We strongly suggest that you review the privacy policies of third parties if you use the relevant features.

6. Is personal information transferred abroad?

We may disclose your personal information to certain recipients abroad, as set forth below. We will ensure that such international transfers are necessary for the performance of a contract between you and the recipient abroad or are subject to appropriate or appropriate security measures as required by your local data protection laws (e.g. GDPR, China cybersecurity law, etc.).

The information may be transferred to an overseas recipient (other than any of our overseas related entities) located in a jurisdiction where you will not be able to seek redress under your local data protection laws and who does not have an equivalent level of data protection as in your jurisdiction. To the extent permitted by your local data protection laws, we will not be responsible for how these overseas recipients handle, store and process your personal information.

Travel service providers located abroad

In providing our services to you, it may be necessary for us to disclose personal information to relevant overseas travel service providers. We deal with many different travel service providers around the world, so the location of a relevant travel service provider for your personal information will depend on the travel services being provided. In most cases, the relevant travel service providers will receive your personal information in the country in which they will provide the services to you or in which their business or management is based.

Our external service providers located abroad

We may also disclose your personal information to third parties located abroad for the purpose of providing services to us, including the storage and processing of such information. In general, we will only disclose your personal information to these recipients abroad in connection with the facilitation of your travel booking and/or to enable them to provide administrative and technical services on our behalf.

China Cybersecurity Law Requirements

Personal information that is collected and generated within the territory of the People's Republic of China is stored within the territory of China, except in the following situations:

1. When the international transfer is required or authorized by the traveler

2. We may transfer your personal information abroad when you use our platform to book hotels, airlines, and services or products related to overseas travel.

We will ensure that such international transfers are necessary for the performance of a contract between you and the recipient abroad, or are subject to appropriate or appropriate security measures as required by your local laws.

We use key service providers located in India, Indonesia, Philippines, Hong Kong, USA, UK, Spain and Australia. We also deal with many different service providers around the world, so it is not possible for us to set out in this Notice all the different countries to which we may send your personal information. However, if you have any specific questions about where or to whom your personal information will be sent, please refer to the "Comments/Complaints/Contact" section below (section 14).

7. Information Security

We are committed to safeguarding and protecting personal information and will implement and maintain appropriate technical and organizational measures to ensure an appropriate level of security to protect any personal information provided to us from destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access. to personal information transmitted, stored or otherwise processed. Travel Experiences A-1 has implemented various physical, electronic, and organizational security procedures to protect the personal information it holds from loss and misuse, and from unauthorized access, modification, disclosure, and interference. Travel Experiences A-1 regularly reviews security technologies and will strive to protect your personal information as fully as we protect our own sensitive information.

8. Your rights in relation to the personal information we collect

If you want to make a subject access request to:

• Access, update, modify, rectify, delete, object to or obtain a copy of the personal information we hold about you; or

• Restrict or prevent us from using any personal information we hold about you, including by withdrawing any consent you have previously given for the processing of such information;

We reserve the right to deny you access for any reason permitted by applicable laws. Such exemptions may include national security, corporate finance, and confidential referrals. If we deny access or correction, we will provide you with written reasons for such refusal unless it is unreasonable to do so and, where required by local data protection laws, we will record your request and the denial thereof in our records.

You have the right to lodge a complaint with a relevant supervisory authority. Additional correspondence regarding your request should only send us a letter to the email reservations1@instrip-global.com.

Please note that if you request that we restrict or stop using the personal information we hold about you, or withdraw a consent you have previously given for the processing of such information, this may affect our ability to provide services to you or adversely affect the services. we can provide you. For example, most travel bookings must be made with the traveler's full name and must include contact details and appropriate identification (e.g. passport details). We cannot make reservations for you without that information.

You must always provide accurate information and agree to update it when necessary. You also agree that, in the absence of any updates, we may assume that the information submitted to us is correct, unless we subsequently realize that it is not correct.

In any of the situations listed above, we may ask you to prove your identity by providing us with a copy of a valid means of identification so that we can comply with our security obligations and prevent the unauthorized disclosure of personal information.

To the extent permitted by law, we reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests related to your access to your personal information, and for any additional copies of the personal information you request from us.

9. Social Media Integrations

Our websites and mobile applications may use social media features and widgets (such as "Like" and "Share" buttons/widgets) ("SM Features"). These are provided and operated by third party companies (e.g. Facebook) and hosted by a third party or hosted directly on our website or mobile application. The SM Features may collect information such as the page you are visiting on our website/mobile application, your IP address and may set cookies to allow the SM Function to function properly.

If you are logged into your account with the third party company, then the third party may link information about your visit to and use of our website or mobile application to your social media account with them. Similarly, your interactions with SM functions may be recorded by third parties. In addition, the third-party company may send us information in accordance with its policies, such as your name, profile picture, gender, friend lists, and any other information you have chosen to make available, and we may share information with the third-party company. in order to provide targeted marketing to you through the third-party social media platform. You can manage the sharing of information and opt out of targeted marketing through your privacy settings for the third-party social media platform.

Your interactions with these SM Features are governed by the privacy policy of the third-party company providing them. To learn more about the data practices of these third-party companies and to learn more about what personal information is collected about you and how the third party uses such personal information, please see their privacy policy directly.

10. IP Addresses

When you access our website, use any of our mobile applications, or open electronic correspondence or communications from us, our servers may record data about your device and the network you are using to connect with us, including your IP address. An IP address is a series of numbers that identify your computer and are usually assigned when you access the Internet.

We may use IP addresses for system administration, investigation of security issues, and collection of anonymous data about the use of our website and/or mobile applications. We may also link IP addresses to other personal information we hold about you and use it for the purposes described above (for example, to better tailor our marketing and advertising materials, provided that you have opted in to receive electronic marketing).

11. Tracking Technologies / Cookies

We may use third-party web analytics services on our websites and mobile applications, such as those listed in our Cookie Policy. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyze how visitors use our websites and applications.

For information about our use of cookies and tracking technologies, please see our Cookie Policy on our website.

12. Linked Sites

Our websites may contain links to third-party websites over which we have no control. We are not responsible for the privacy practices or the content of such websites. We encourage you to read the privacy policies of the linked third-party websites you visit, as their privacy policy and practices may differ from ours.

13. Comments/Complaints/Subject Access Requests/Contact

You can direct any questions or complaints about the use or disclosure of your personal information to the contact information to our email reservations1@instrip-global.com

14. Changes to our Notice

We may modify this Notice from time to time. If we make a change to the Notice, the revised version will be posted on our website. We will post a prominent notice on our website to notify you of any significant changes to our Notice and indicate at the end of the Notice when it was last updated. It is your responsibility, and we encourage you, to check the website from time to time to determine if there have been any changes.

This Privacy Notice was last updated on August 05, 2022.