1. The purpose of this privacy policy, hereinafter referred to as the "Data Privacy Policy," is to inform you how your personal data, as a client, buyer, or user of the website, is used. Likewise, it will detail the types of personal data that may be processed, the purposes for the Processing of your personal data, the rights granted to you as the Data Subject, the procedures to exercise those rights, and the obligations under the data protection laws of Colombia and of the countries in which the companies provide their services.
This Privacy Policy applies to Pervolare Network LLC.
The Companies recognize the importance of the security, privacy, and confidentiality of the personal data of their clients, buyers, and users, hereinafter referred to as the “Data Subject” or “Data Subjects,” when carrying out any activity involving personal data, such as collection, storage, use, retention, transmission and/or transfer at the local and/or international level, deletion or destruction, which will be defined in this policy as “processing,” “to process,” or “processed” of the Data Subjects, in accordance with the legal data protection framework applicable in the territory where the Companies operate and in accordance with the purposes described in this data privacy policy.
2. Scope of the data privacy policy
This Privacy Policy applies to all personal data that is processed manually or through automated means within the framework of your relationship as a client, buyer, and/or user of the Companies.
3. Key Definitions
3.1. Data Protection Authority: The competent administrative authority that oversees and monitors compliance with personal data protection.
3.2. Authorization: The prior, express, and informed consent that you grant to the Companies or partners to carry out the Processing of your Personal Data.
3.3. Personal Data: Any information that relates or is linked to one or more data subjects.
3.4. Private Data: Information that is only relevant to the Data Subject.
3.5. Semi-private Data: Data that is not of an intimate, reserved, or public nature, and whose knowledge is of interest to the Data Subject and/or a specific group of people or society in general.
3.6. Publicly Accessible Data: Data that does not fall under the definition of private or semi-private, such as profession, marital status, among others.
3.7. Sensitive Data: Reserved data that affects the privacy of the Data Subject and whose misuse could result in discrimination, such as health status, sexual orientation, race, or ethnicity.
3.8. Data Controller: The natural or legal person, public or private, that processes the Personal Data of the Data Subjects and also determines the database and/or the Processing of the Data Subjects’ Personal Data.
3.9. Claim: The request that the Data Subjects or their duly accredited representatives may make to correct, update, or delete the Data Subject’s Personal Data, or to revoke the previously granted authorization.
3.10. Data Subject: Any individual whose Personal Data is subject to Processing.
3.11. Transfer: Occurs when the Data Controller sends Personal Data to a recipient, either within or outside the country, who assumes responsibility and processes such data independently.
3.12. Transmission: Refers to the communication of Personal Data, whether within or outside the country, by a Controller to a Processor, who will process the data on behalf of and under the instructions of the Controller.
3.13. Processing: Any operation or set of operations performed on Personal Data, such as collection, storage, use, circulation, or deletion.
4. Principles for processing the data of clients, buyers, or users
4.1. Principle of Legality
The Processing of personal data must be carried out in strict compliance with applicable laws, ensuring that each action is supported by a valid legal basis.
4.2. Principle of Purpose
The Processing of personal data must be aligned with a legitimate purpose under applicable laws, which must be clearly communicated to the Data Subject.
4.3. Principle of Freedom
The Processing of personal data may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data must not be obtained or disclosed without the corresponding authorization, unless there is a legal or judicial mandate that exempts it. In jurisdictions where there are legal bases other than consent or legal mandate, this principle shall be reasonably adapted to such context.
4.4. Principle of Veracity or Quality
The information subject to Processing must be truthful, complete, accurate, updated, verifiable, and understandable. The Processing of data that is partial, incomplete, fragmented, or that may lead to error is prohibited.
4.5. Principle of Transparency
The Processing of data must guarantee the Data Subject’s right to obtain information from the Controller regarding the existence of data concerning them.
4.6. Principle of Restricted Access and Circulation
The Processing of personal data is subject to the limitations arising from the nature of the data and from applicable legal provisions.
4.7. Principle of Security
Processing must incorporate the necessary technical, human, and administrative measures to ensure the security of personal data, preventing its alteration, loss, consultation, unauthorized or fraudulent use or access.
4.8. Principle of Confidentiality
All persons involved in the Processing of non-public personal data are obligated to maintain the confidentiality of the information, as established by applicable laws.
4.9. Principle of Reasonableness
The personal data processed must be strictly necessary to fulfill the purposes established in the corresponding database.
4.10. Principle of Time Limitation
Data Controllers may only collect, store, use, or circulate personal data for the time that is reasonable and necessary, according to the purposes that justified their processing.
4.11. Principle of Demonstrated Accountability
Data Controllers must be able to demonstrate to the Data Protection Authorities that they have implemented appropriate and effective measures to comply with the obligations established in applicable laws.
5. Data Controllers
Pervolare Network LLC
EIN86-2282342
7191 W 24th AVE # 35 Hialeah Florida 33016
tratamientodedatos@pervolare.com
6. Situations in which others are responsible for your data.
There are situations in which others are responsible for your data. When you contract services that are not directly managed by the Companies, but by independent third parties, these third parties will act autonomously in the processing of your Personal Data, assuming responsibility as Data Controllers. We recommend reviewing their own data protection policies.
Examples:
With the companies providing your assistance services.
With insurance companies such as DKV.
7. Types of data collected and processed by the company
Identification Data: Includes name, address, phone number, email, identity document number and type, place and date of birth, age, nationality, photograph, country of residence, signature, gender, marital status, among others.
b. Third-party Data: Names and surnames of family members or emergency contacts, age, phone number, email, mobile number, relationship, among others.
c. Employment Data: Information such as salary, salary type, affiliations to the social security system, job position, work address, phone number, fax, work history, employment certificates, among others.
d. Educational Data: Includes academic history, professional degree, study certificates, graduation dates, among others.
e. Banking Data: Bank account number, billing information, financial statements, tax identification number (NIT), unique tax registration (RUT), credit card information, among others.
f. Health Data: Health status, test results, lab analyses, medical diagnoses, medications, treatments, among others.
g. Relevant data for the service you acquire: Certificate number, Purchase number, Contracted plan, Destination country, Travel purpose, among others.
7.1. Special Categories of Data
Sensitive Data
Sensitive data refers to those that reveal delicate and private aspects of a person, such as information related to gender, health status or medical condition, biometric data used for unique identification (such as photographs, videos, audio recordings or fingerprints), religious affiliation, ethnic or racial origin, and criminal records (in case they are necessary to comply with legal obligations or to provide additional services). Additionally, the company’s websites may identify location data in a limited manner, such as the country and city of users.
In the course of our activities, we may request sensitive data, such as information related to your health. This data will be processed in accordance with the principles established by law, ensuring confidentiality and protecting your right to privacy, with the aim of preventing any form of discrimination. The data subject is not obligated to provide us with this type of data. However, it is important to know that some procedures and processes may require the processing of such data.
Sensitive Personal Data may be processed in the following circumstances:
Consent: When you have provided your consent and/or authorization to the Companies.
Legal Compliance: To comply with obligations and duties imposed by law on the Companies.
Vital Interest: When processing is necessary to safeguard your vital interest or that of other persons (for example, in situations requiring specific medical assistance, special and/or security services).
Judicial Proceedings: When the data is necessary for the recognition, exercise, or defense of a right in a judicial proceeding.
Public Health: When required to prevent the spread of contagious diseases or for other public health interventions, including the implementation of travel restrictions.
Data of Minors
The Companies recognize the importance of especially protecting the Personal Data of children and adolescents (hereinafter, "Minors") and guarantee that the processing of their information will be carried out respecting their best interests and fundamental rights. The Companies will be responsible for the processing of the Personal Data of Minors who are users of their products and/or services, in accordance with the purposes established in this Privacy Policy.
The consent for the processing of Minors' data must be granted and/or authorized by the holder of parental authority and/or the legal representative of the minor (parents and/or guardians), in accordance with the regulations applicable in the region or country where the Minor's Personal Data is processed. The Personal Data of Minors will not be used for marketing, promotional purposes or for profiling.
If you, as a parent, guardian, or legal representative, discover that the personal data of a minor under your custody has been collected without your authorization, we ask that you notify us immediately via email at ventas@seguroparaviaje.com. We will address your request diligently and take the necessary steps to correct the situation, including the deletion of the unauthorized data.
8. Purpose of Personal or Sensitive Data
Website: If the data subject accesses our websites, they may be used for the purpose of offering and marketing our products and services. This includes, but is not limited to:
Sending promotional and advertising communications about our services, special offers, and news that may be of interest.
Conducting market studies and behavior analysis to personalize and improve the offer of our services.
Providing recommendations and suggestions on products and services that may interest you, based on your profile and preferences.
Sharing them with our providers and partners.
Likewise, their purpose will be to register you on our digital platforms; manage the provision of our services; address your inquiries, complaints and/or claims; execute the contractual relationship; and other administrative, historical, and statistical purposes.
Digital Channels (Chat, WhatsApp, Call Center or Email): We may use your personal data for the following purposes:
To inform you about our products and services
Manage and administer our products and services
Coordinate the provision of medical assistance in accordance with your contractual relationship with the company
Handle your inquiries, complaints, and/or claims
Carry out administrative, historical, and statistical activities.
9. Cookies
Cookies are small pieces of information that websites you visit send to your browser. They allow websites to remember details about your visit and your preferences as a user, making future visits easier and the experience more useful. Other technologies may also be used, such as unique identifiers that identify your browser and operating system, apps or devices, as well as pixels and local storage, to achieve these goals.
It is important to note that the Companies and external service providers they hire or subcontract may use cookies and trackers on their digital platforms.
9.1. Types of Cookies
The cookies and other technologies mentioned below may be stored on your browser, application, or device, depending on the settings you choose.
Strictly necessary cookies: These cookies are essential to access fundamental features of a service. For example, they allow remembering preferences such as the selected currency, session information (such as the contents of a shopping cart), and product optimizations that help maintain and improve the service.
Advertising cookies: These cookies allow ads to be targeted to users based on their interests, improve reporting on advertising campaign results, and prevent users from seeing ads they have already viewed.
Analytics cookies: These cookies collect data that helps services understand how you interact with them. The information collected is used to: (i) improve the content and features of the services, providing you with a more satisfactory experience, and (ii) help websites and applications understand how visitors interact with their services.
Personalization cookies: These cookies enhance your experience by offering personalized content and features according to the settings of your application or device.
10. Who we share your data with
To fulfill the purposes mentioned above, the Companies, acting as Data Controllers, may share, transmit, and/or transfer your Personal Data, both nationally and internationally, to the following categories of third parties and/or recipients:
Government Authorities: This includes national and international authorities for administrative oversight and control, immigration, police, judicial, and customs authorities.
Airlines: Companies with which the Companies have code-share agreements. These companies will process your Personal Data as Data Controllers, following their own policies.
Service Providers and Commercial Agents: Including operators, medical service providers, pharmacies, among others.
Complementary Services: Car rental companies, lodging/hotels, ground transportation, florists, for those plans that include such services.
Allied Third Parties: Partners involved in commercial activities, customer analysis, and needs satisfaction together with the Companies.
Financial Entities: Payment gateways and payment processors, government billing entities.
In some cases, the recipients of the information and personal data may be located outside the country where they were initially collected. This is necessary to carry out the requested service and its complementary services, by selecting providers that comply with the Company's quality standards and respecting the legally established grounds, all under applicable regulations.
To ensure an adequate level of protection, the Companies establish binding legal agreements, such as transmission agreements, contractual clauses, and others that comply with industry standards and current legislation.
11. Protection of your data
The Companies apply information security policies, procedures, and standards to protect the integrity, confidentiality, and availability of your Personal Data, regardless of the medium, format, or duration of storage, as well as during transmission.
To do this, they use recognized industry technologies and practices, which include: encryption, secure protocols, restricted access control, backups, secure software development, and protection measures such as firewalls, antivirus, and IPS, among others.
Likewise, third parties who need to process your Personal Data must comply with this Privacy Policy and follow the established security guidelines and protocols, which will be provided to them to ensure a uniform standard of protection.
11.1. Data Subject Rights
As the Data Subject, you have rights regarding the Processing of your Personal Data in accordance with applicable legislation. These rights include:
Access, update, and correct your Personal Data before the Controller or Processor.
Request proof of the authorization granted to the Controller, except when the law exempts this obligation.
Be informed clearly and transparently, upon request, about the use that has been given to your information and Personal Data.
File complaints before the competent authorities for violations of the applicable personal data protection regulations.
Revoke your authorization or request the deletion of your Personal Data, as established in this Privacy Policy.
Access your processed Personal Data, by requesting it from the Companies, in accordance with current regulations.
How to exercise your rights
Without prejudice to the specific procedures established by applicable law, below are the available channels for exercising your rights as a Data Subject.
If you wish to exercise your rights regarding your Personal Data, the Companies have enabled the following email as the official channel for receiving requests, inquiries, and complaints exclusively related to this matter: tratamiendodedatos@seguroparaviaje.com
You must prove your identity and ownership before the Companies. This is to prevent unauthorized or fraudulent inquiries, use and/or access by persons who are not authorized or do not have the legal mandate to act on your behalf.
If the request is made by a third party on behalf of the Data Subject, the third party must adequately demonstrate the conferred power and/or legal mandate by sending the supporting documents of such representation.
The request to exercise any of the rights you have as a Data Subject must be submitted in writing through the channel enabled by the Companies. It must be addressed to the Data Controller and include, at minimum, the following information:
Data of the Data Subject and their legal representative or proxy.
A copy of the identification document or an equivalent document that validates the identity of the Data Subject. If acting through legal representation, the representative’s identification document must also be included.
A detailed description of the request and mention of the invoked right.
Physical and/or electronic address for sending the response and notifications.
Supporting documents for the request (if applicable).
The request will be processed only if the identity and ownership of the applicant are verified and the above-mentioned requirements are met. If the Companies require additional information, you may be asked to complete your request.
Data retention period
We will retain your Personal Data only for as long as necessary to fulfill the purposes for which they were collected, including any legal, regulatory, tax, accounting, or reporting obligations. We may retain them for a longer period in the event of a claim or if there is a reasonable likelihood of litigation in connection with our relationship with you.
In determining the retention period, we assess factors such as: the amount, nature, and sensitivity of the data, the potential risk of unauthorized use or disclosure, the purposes of the processing and whether those purposes can be achieved through other means, as well as applicable legal or regulatory requirements.
In general, we will retain your Personal Data for as long as there is a commercial relationship with any of the Companies, and for up to an additional 10 years, unless a contractual provision, legal requirement, or order from an authority establishes a different term.
Modifications to the Privacy Policy
The Companies may modify or update this Privacy Policy at any time, to adapt it to legislative changes, adjustments in their internal policies, or new requirements related to the provision of their services or products. Updates will be made available through official channels such as the website, mobile app, or any other means that ensures broader dissemination and transparency of the information.
In accordance with applicable legislation, the Spanish version of this Privacy Policy shall prevail in the event of discrepancies with translations into other languages.
Effective Date
This Privacy Policy enters into force as of its publication and replaces any previous version. The Companies may modify, update, or withdraw its content at any time. In case of substantial changes, we will inform you in a timely manner before or at the time of implementing the new provisions, either by publishing the updated version on this site or through another notification or acceptance mechanism directed to the Data Subject.