General privacy policy

The protection of your data is very important to us


GENERAL PRIVACY POLICY FOR THE PROTECTION OF PERSONAL DATA OF TRAVELERS, CLIENTS AND USERS 


Index


14. VALIDITY 

1. ABOUT US 

1.1 The Airlines Aerovías del Continente Americano S.A., Avianca; Tampa Cargo S.A.S; commercial companies established in the Republic of Colombia, Aerolíneas Galápagos S.A., Aerogal; a commercial company incorporated in the Republic of Ecuador, Taca International Airlines S.A., incorporated in the Republic of El Salvador, Líneas Aéreas Costarricenses S.A. Lacsa, incorporated in the Republic of Costa Rica, Trans American Airlines S.A., incorporated in the Republic of Perú, Aviateca S.A., incorporated under the laws of Guatemala, Servicios Aéreos Nacionales, Sociedad Anónima (SANSA), incorporated in the Republic of Costa Rica, Isleña de Inversiones, S.A. de C.V., incorporated in the Republic of Honduras hereon referred to both individually as well as collectively as THE AIRLINES, for all purposes of the provision and marketing of air passenger transport services, and related services and products such as tourism packages, air and/or ground transport services, express courier services, airport services, training services, loyalty programs, may act under the commercial brands AVIANCA, AEROGAL, AVIATECA, LACSA, TACA, AVIANCA CARGO, AVIANCA SERVICES, AVIANCA TOURS, DEPRISA, PREFERENCIA "Programa para viajes empresariales", AVIANCA EXPERIENCE AIRPASS, AVIANCA STORE, just under the commercial brand AVIANCA, all respectively responsible and/or tasked with the treatment of personal information.

1.2 The Loyalty program LIFEMILES, a joint program of the AIRLINES managed and operated by LifeMiles Corp., has its own Privacy Policy which is available in www.lifemiles.com 

1.3 The Privacy Policy applicable to the product FLYBOX is available in www.flybox.co​ 


2. ACCEPTANCE OF THIS PRIVACY POLICY 

2.1 The express acceptance of this Privacy Policy and that of the Treatment of Personal data and information pursuant to the terms thereof, occurs when the traveler, client or user holders of the same, delivers the data at the points of sale and customer service, including Call Centers, or when he/she acquires or uses any of our products or services or when he/she presses the function key “Continue” or when they keep surfing on our websites (www.avianca.com, www.taca.com, www.deprisa.com, www.lifemiles.com, www.preferenciacorporativo.com, www.aviancaservices.com, www.aviancacargo.com, www.aerogal.com.ec, www.tacaregional.com, www.flybox.co, www.aviancaexpress.com, link.avianca.com, www.sociosyamigos.com), or when they use any of our mobile applications and electronic services in any version such as eKiosks 

2.2 For the purposes of this Policy, “Treatment” is understood to be any operation or set of operations about personal data and information such as use, collection, storage, disclosure, circulation or suppression of the same. 

2.3 Upon the acceptance of this General Privacy Policy each of our travelers, clients or users, as proprietors of the information and the personal data collected, expressly authorizes that we, THE AIRLINES, carry out the treatment of the same on a partial or total basis, including but not limited to, collection, storage, recording, use, circulation, processing, suppression, transmission and/or transfer within the travelers, clients or users’ country or to any other (s) country (ies) of the data provided. The above, for the purposes set forth in this Policy and specially authorizes us to: 

a. Use the information and the personal data supplied in order to send to the electronic mails recorded by the traveler, customer or user, the boarding pass and/or the document confirming the transaction as well as any other information related to the product and service acquired 

b. Use the received information for marketing purposes of our products and services and the products and services of third parties with which we THE AIRLINES have a business relationship. ​

c. Share the personal data and information with commercial representatives, tour operators including hotels, car rental companies, insurers, among others, as required for handling the reservations of travel plans and other tourist services. 

d. Supply the personal data and information to the control, surveillance, administrative, police and judiciary, national and international authorities, by virtue of a legal or regulatory requirement and /or to use or disclose this personal data and information in defense of the rights and/or the property of THE AIRLINES, of their clients of our websites or of their users for the detection and fraud prevention, for the prevention, detection, arrest or persecution of criminal acts or when THE AIRLINES in good faith consider that the personal data and information delivery is in the best interest of the air safety. 

e. Allow the auditors and third parties access to the personal data and information to carry out internal and external audit process inherent to our commercial activity. 

f. Consult and update the information and personal data. 

g. Contract with third parties the storage and/or information and personal data processing for the right performance of the contracts performed with us following the safety and confidentiality standards under which we are obliged to. 

h. Transfer the personal data and information in the event of a change of control of one or more of THE AIRLINES or of any of the business units through merger, acquisition, bankruptcy, division or creation to the new authority controlling THE AIRLINES or the business unit. If as a result of the control of change, the Responsible for the information treatment and the personal data is changed, this situation shall be informed to the personal data and information holders so that they use the rights in accordance with the applicable law. 

The conditions under which the holders shall use their rights, shall be indicated when the change in the control is announced. 



3. PURPOSE OF THE PRIVACY POLICY 

3.1 The Privacy Policy aims at communicating the travelers, clients or users what kind of personal data and information we collect, for which purposes, how we use it, when we share it and how we protect them, as well as the rights of holders of information and the procedures to perform them. 

3.2 The personal data and information are administered by our travelers, clients or users so to facilitate the delivery of our services. THE AIRLINES acknowledge the importance of safety, privacy and confidentiality of personal data and information that our travelers, clients or users supply through the different commercialization channels of our products and services (including websites, sale offices, call centers, mobile applications and ekiosks), and we are committed to the protection and suitable treatment of the same, pursuant to the legal regime for the protection of personal data applicable in each territory that we operate in.


4. PERSONAL DATA AND INFORMATION THAT WE OBTAIN: 

4.1 We THE AIRLINES collect personal information and data from our travelers, clients or users, which can vary depending on the requirements of the local authorities, technological facilities, nature of products and/or service to be supplied, among others, for such purposes, we can collect the following personal data and information, which can be stored and/or processed in servers located in computer centers, whether they are of their own or hired with third parties, based in different countries: 

a. Name and Last names. 

b. Date of birth. 

c. Gender. 

d. Postal and electronic addresses (personal and/or work). 

e. Profession or occupation. 

f. Cardholder personal data (names and surnames, type and identification number) 

g. Identification type and number. 

h. Marital status and/or relationship with minors or disabled people who request our services 

i. Fax (personal and/or work). 

j. Information of domicile where the cardholder receives his/her bank statements 

k. Company he/she works in and position. 

l. Nationality and country of residence. 

m. Fixed and cellular phone numbers (personal and/or work). 

n. Credit card (s) information (number, banking institution, expiration date). 

o. Client IP, through cookies.

p. Frequent Flier Card number and information about transactions and activities related to the frequent flier program LifeMiles. 

q. For flights from and to the United States, the “Redress Number” shall be collected at the request of the government authorities of that country. 

r. Necessary information to facilitate the journey and other services, including name of the travel companion(s), contacts for accident cases or any other contingency, preferred seating, special meals or medical requirements. 

s. Information of purchasing channels (including travel agencies, direct sale points or those of the representatives or agents, call centers, websites, mobile applications). 

t. Use of products and services, such as self-registration machines, flight status notification and online check-in. 

u. Personal data and information collected through surveys, focus groups and other market research methods. 

v. Information required by officers or representatives of THE AIRLINES, such as sales area representatives and/or relationships with clients aimed at reviewing requests or claims. 

w. Biometric data, including images, photos, videos, voices and/or sounds, fingerprints identifying or that makes it possible to identify our travelers, clients or users and/or any individual that is or transits in any place where THE AIRLINES have installed equipment. 

x. Health information (medical conditions deemed as contraindications for flying as per the treating doctor´s discretion) and medical verifications requested to the client, traveler or user, in order to supply, within the viability and possibilities of our operation, the facilities and elements for his/her suitable medical assistance, during the delivery of the air transport, as well as to determine the viability of the journey.

4.2 Under no circumstances should the holders of personal information and data be obligated to authorize the treatment of sensitive information. Without detriment to the foregoing, if the information holder provides any sensitive personal data to the AIRLINES in order to make possible any service, he/she must expressly consent to the treatment of the sensitive personal information or data by THE AIRLINES in accordance with this Privacy Policy. 

4.3 In addition, for security purposes, THE AIRLINES may collect, store, share, and check against other local and international administrative, control, and surveillance authorities, police authorities, and judicial authorities the personal information and data, including the biometric data of our travelers, clients, or users obtained through image, audio, or video recording devices located within our facilities (such as administrative offices, points of sale (POS), VIP lounges, airport information booths, call centers). The AIRLINES must inform of this to the general public by means of Privacy Notices posted at information and data collection places. 

4.4 We, THE AIRLINES, on account of our activity as transporters, are obligated to provide specific information and personal data of passengers, or cargo, or express and/or courier packages to the aeronautical, immigration, and customs authorities in addition to other regulatory government entities or local and international security entities prior to the departure or before landing in each destination territory or at any time after the transport contract has been fulfilled. In general, the information refers to the identity information of the passengers traveling on board, their itinerary, as well as the contents of their respective travel documentation (such as passport, visa, etc.) or related to the goods being transported. 



5. PURPOSES OF THE PERSONAL INFORMATION AND DATA TREATMENT

5.1 The collected personal information and data are used to process, confirm, meet, and provide the acquired services and/or products, directly and/or with the participation of other airlines or third party product or service vendors, and to enable reservations, modifications, cancellations and itinerary changes, reimbursements, servicing queries, complaints and claims, payment of compensations and indemnifications, accounting records, mail, credit and debit card, and other payment instrument processing and verification, promoting and advertising our activities, products, and services, conducting financial transactions such as payments, collections, or refunds, attending to legal procedures, reporting, or meeting the requirements of the different local and international administrative control and surveillance authorities, police or judicial authorities, banking institutions and/or insurance companies for internal administrative and/or commercial purposes, including market research, audits, accounting reports, statistical analyses, billing, and the offering and/or acknowledgement of benefits through our loyalty programs, for the execution of the transport contract and other supplementary services and activities, identification of fraud and prevention of asset laundering and other illegal or criminal activities, and/or to enable the operation of loyalty programs and other purposes set forth herein. 

5.2 The personal information and data treatment by those responsible and in charge of this is within the framework of guarantee and respect of the treatment principles defined by the applicable law. These principles are lawfulness, legality, liberty, transparency, consent, information, quality, restricted access and circulation, purpose, loyalty, proportionality, security, and confidentiality. 

5.3 We hereby notify that these activities may involve third parties, including flight reservation system vendors, security tools for the processing of bank transactions, call centers, tourism service operators, banking institutions and insurance companies, our representatives or agents, loyalty programs administrators and that such activities may be performed in countries other than the country where the service is contracted or the product is purchased, notwithstanding other purposes contained hereunder and in the terms and conditions of all products and services inherent to every one of our business units. 

5.4 We, THE AIRLINES do not sell or assign any personal information and data of our travelers, clients, or users to third parties for a price. The data transferred by us to third parties under the terms of this Policy is conducted exclusively based on meeting the purposes contained hereunder. 


6. VALIDITY OF THE PERSONAL INFORMATION AND DATA TREATMENT

6.1 The information provided by travelers, clients, or users may remain stored for up to ten (10) years from the date of the last treatment to allow us to meet all legal and/or contractual obligations under their responsibility, especially in terms of accounting, fiscal, and tax matters or for the time it may take to meet any applicable provisions and cover any administrative, accounting, fiscal, legal, and historical aspects of the information, or in any event provided in the law. 


7
. INFORMATION TRUTHFULNESS AND ACCURACY

7.1 Travelers, clients, or users shall provide us with truthful and accurate personal information and data to formalize the reservation and to make the contracted services possible, as well as any other services that they may require and agree to provide the required information under the conditions thereof. 

7.2 We, THE AIRLINES presume the truthfulness of the provided information and we neither verify nor assume any obligation to verify the identity of travelers, clients, or users, nor the veracity, validity, sufficiency, or authenticity of the data provided by each of them. Therefore, we will not be held liable for any damages and/or torts of any nature which may arise from the failure to provide truthful, valid, sufficient, or authentic personal information and data, including damages and torts which may result from homonymy or identity theft. 


8. MINOR CHILD AND ADOLESCENT INFORMATION

8.1 Minors or children under age may use our products and services, provided they do so through or duly authorized by their parents, legal custodians, or legal guardians. In the event the parents or legal custodian or guardian of a child detects any non-authorized data treatment, he/she may forward a complaint or claim to the following email address: contactenos@avianca.com. THE AIRLINES will see to it that the personal data of minor children and adolescents are used properly, ensuring that such data treatment will abide by all applicable laws, respecting their superior interest and fundamental rights, and as possible, taking into consideration their opinion as holders of their own personal data. 



9. USE OF COOKIES AND WEB BEACONS 

9.1 We THE AIRLINES may use cookies, web beacons, and other such technologies on our web sites, mobile applications, electronic kiosks, and electronic devices used to access these in order to learn the origin, activities, and preferences of travelers, clients, or users when browsing the web, increasing the functionality and accessibility of the web sites, verifying that the users meet the required criteria to process their requests, and to adapt their products and services to the needs of users, obtaining the following general information: 

• Type of browser and operating system used.

• Web sites visited.

• IP address.

• Browsing time duration.

• Device language. 

• Links accessed.  

• Site visited prior to visiting avianca.com

9.2 These cookies, web beacons, and other similar technologies may be disabled and deleted by the user whenever he/she wishes to do so. To this end, our travelers, clients, or users can consult and/or request assistance from the Internet browser they are using. 

 

 
 

 
10. PERSONAL INFORMATION AND DATA PROTECTION, SECURITY, AND CONFIDENTIALITY

10.1 The protection, security, and confidentiality of the personal information and data of our travelers, clients, or users is essential to THE AIRLINES. We have information security policies, standards and procedures, which may be revised from time to time at the discretion of THE AIRLINES, aimed at protecting and preserving the integrity, confidentiality, and availability of personal information and data, regardless of the media or format in which they are found, their temporary or permanent location, or how they are transmitted. In this sense, we have the support of security technological tools and we implement industry-wide security practices, which include: transmission and storage of sensitive information through secure mechanisms such as data encryption, the use of secure protocols, assurance of technological components, information access restriction only to authorized personnel, information backups, software safe development practices, among others. 

10.2 Third parties contracted by THE AIRLINES are equally obligated to abide by and comply with this Privacy Policy, the information security policies and manuals of THE AIRLINES, and with the security protocols which we use in all of our processes. 

10.3 Any agreement of THE AIRLINES with third parties (contractors, external consultants, temporary collaborators, etc.) that involves the treatment of the personal information and data of our travelers, clients, or users, includes a confidentiality agreement, highlighting their commitments to the protection, care, security, and preservation of the confidentiality, integrity, and privacy of the information. 



11. PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF INFORMATION HOLDERS 

11.1 All travelers, clients, or users are entitled to know their personal data held under our control and to exercise the rights they have as the holders thereof, under the terms of applicable data protection standards and in accordance with the provisions of this General Privacy Policy.

11.2 To this effect, THE AIRLINES have set a general procedure for the exercise of the rights by the personal information and data holders, contained in section 12 hereunder, without detriment to the enforcement of specific stipulations which may be contemplated in the local laws of each territory. Should there be discrepancies between the general procedure and the specific stipulations in the applicable local standards, the specific stipulations shall prevail. 


12. GENERAL PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF PERSONAL INFORMATION AND DATA HOLDERS, APPLICABLE TO ALL TERRITORIES IN WHICH THE AIRLINES OPERATE: 

12.1 Travelers, clients, or users are entitled to consult and know the details of the treatment of their personal data required by THE AIRLINES and to correct them when they are inaccurate or incomplete, and to cancel them when they are not being used for legal or contractual purposes or in accordance with the purposes and terms contemplated in this Privacy Policy. 

12.2 By agreeing to this General Privacy Policy, the traveler, client, or user freely, expressly, and previously states that he/she has been informed of the rights granted by the applicable laws as the holder of his/her personal data, and which are listed below: 

a. To know, update, and correct any personal information and data before the entity responsible for or in charge of the treatment of his/her personal information and data.

b. To request proof of the authorization granted to the entity responsible for the treatment, except when expressly excluded as a requirement for the treatment. 

c. To be informed by the entity responsible for or in charge of the treatment, upon prior request, with respect to the use given to his/her personal information and data.

d. To file before the competent authorities any complaints on grounds of infringement of the applicable personal data protection regime.

e. To revoke the authorization and/or request the suppression of the personal information and data under the terms of this Privacy Policy.

f. To access his/her personal information and data which have been subject to treatment, upon prior request to THE AIRLINES, under the terms of the applicable standards in force. For data reviews which frequency is more than once per calendar month, THE AIRLINES will charge the holder requesting such information for any expenses incurred in the delivery, reproduction, and document certification, as the case may be. 

12.3 The procedures for the exercise of his/her rights are as follows: 

(I) REVIEWS: Holders, authorized persons, or assignees may review their personal information and data stored in our databases, in which case the requested information shall be provided, upon prior verification of the legitimate reasons for making such request. The request for review shall be responded within ten (10) business days at maximum from the reception date. In the event a request for review cannot be responded within said term, the reasons for the delay shall be informed to the sender, providing a new date for such purpose without exceeding under any circumstances five (5) business days following the due date of the original term. 

(II) COMPLAINTS: If the holders, authorized persons, or assignees consider that their personal information and data contained in our databases should be corrected, updated, or suppressed, or when they notice any alleged non-compliance with any provisions contained in the regulations, they may forward a complaint to us, and such complaint shall be undertaken to under the following rules: 

a. A complaint must be made through a request addressed to THE AIRLINES, with the claimant´s identification, a description of the facts giving rise to the complaint, the claimant´s address, and any other required documentation. If the complaint is incomplete, the missing information or documents will be required within five (5) days following the reception of the complaint. If the sender of the complaint fails to complete the required information within a period of two (2) months, it will be understood that he/she has desisted from the complaint. 

b. In the event that we are not capable of resolving a complaint, the case will be forwarded to a competent person within two (2) business days, and the claimant will be informed in due time. 

c. The maximum term to respond to a complaint shall be fifteen (15) business days from the day after the date of the reception, duly supported. In the event a request for review cannot be responded within said term, the reasons for the delay shall be informed to the claimant, providing a new date for such purpose without exceeding under any circumstances eight (8) business days following the due date of the original term. 

12.4 In order to render their rights effective, travelers, clients, or users may exercise their rights to know, update, correct, and suppress their personal information and data by sending a request to contactenos@avianca.com, or through the Suggestions and Complaints service at www.avianca.com, or through the available Call Center lines in the countries where we operate. 

12.5 The areas in charge of attending to requests, reviews, or complaints, before which the holder of the information may exercise his/her rights, according to the business or service unit, are: 

a. CLIENTS OF AIR TRAVEL SERVICES AND OTHER RELATED SERVICES: Attention channels: Call Center Avianca, www.avianca.com, contactenos@avianca.com Responsible Area: AVIANCA Client Services. 

b. DEPRISA: Attention channels: Call Center Deprisa, Deprisa.com Responsible Area: Deprisa Client Services. 

c. AVIANCA SERVICES: Attention channels: salesaviancaservises@avianca.com Responsible Area: Avianca Services. 

d. AVIANCA CARGO: Attention channels: aviancacargo.com Responsible Area: Avianca Cargo. 

12.6 The holder must include the following information in his/her request: 

a. First, middle and last names 

b. Document number 

c. Email address 

d. Subject 

e. Type of document 

f. Telephone 

g. Country 

12.7 In the event any traveler, client, user, or third party deems the contents used in any of our contact and marketing channels, such as web sites, mobile apps, and electronic kiosks, to be in violation of his /her intellectual property rights, he/she should send us a communication, including the following information to the email addresses provided above: 

a. Personal information: name, address, phone number, and email address of the claimant. 

b. Authentic signature, with the personal information of the holder of the infringed intellectual property rights or of the person authorized to act on behalf of the holder of the infringed intellectual property rights. 

c. Accurate and complete indication of the protected contents protected by the infringed intellectual rights, as well as its location. 

d. Express and clear statement that the use of the indicated contents has been conducted without the consent of the holder of the infringed intellectual rights. 

e. Express and clear statement, and under the claimant´s responsibility, that the information provided in the notification is true and accurate and that the use of the contents constitutes a violation of his/her intellectual property rights. 

12.7.1 Any claims originating from these facts shall be subjected to applicable legal undertakings for their treatment and solution. 


12.8 A request for the suppression of the information and to revoke the authorization, or a request for limiting the use and disclosure of the personal data shall not proceed when the Holder has a legal or contractual obligation to remain in the database, in the terms provided by the applicable laws. 


12.9 We have identified some territories in which the local laws contemplate specific stipulations. For further information regarding such specific stipulations, see the Appendices listed below: 

a. Appendix Colombia 

b. Appendix Mexico 

c. Appendix Peru 

d. Appendix European Union 

e. Appendix Canada 

f. Appendix United States 

 

 
 


13. AMENDMENTS TO THE PRIVACY POLICY 

13.1 THE AIRLINES reserve the right to make amendments to or revise this Privacy Policy in response to new legislations, internal policies, or new requirements to render or offer our services or products. 

13.2 These amendments shall be made available to the public through the following means: billboards visible located at their establishments or customer service centers, our web sites, Smartphone apps or electronic kiosks (Privacy Warning), or via the latest provided email address.

13.3 Subject to the applicable laws, the Spanish version of this Privacy Policy shall prevail over any other version released in any other language. In the event of any inconsistencies between the Spanish version and any translation of this Privacy Policy into another language, the Spanish version shall prevail. 


14. VALIDITY 

14.1 This General Privacy Policy is effective from the date of its publication. The latest published revision is dated March 27, 2015. 

*If you are a Supplier of any of THE AIRLINES and wish to consult the privacy conditions applicable to your personal information and data, please see our Privacy Policy for Suppliers.
**If you are an active employee, ex- employee, pensioner, retiree, related third party, beneficiary, or a candidate for a position in THE AIRLINES and wish to consult the privacy conditions applicable to your personal information and data, please see our Privacy Policy for Collaborators. 
***If you are a shareholder of Avianca S.A. and wish to consult the privacy conditions applicable to your personal information and data, please see our Privacy Notice for Shareholders. 



APPENDIX COLOMBIA 

 

For the treatment of personal information and data conducted in Colombia, the procedures for the exercise of the rights of Holders shall be those provided in Law 1581 of 2012 and its regulatory decrees. 

In compliance with Article 10 of Decree 1377 of 2013, THE AIRLINES request your authorization to continue with the treatment of your personal information and data, in accordance with this Privacy Policy. 

Furthermore, in compliance with section a) of article 26 of Law 1581 of 2012, we inform you that by expressly agreeing to this Privacy Policy you grant us the authorization to broadcast and/or transfer your personal information and data to third party countries where we operate, which may have different levels of personal data protection levels from those required in Colombia, namely, El Salvador, Peru, Ecuador, Bolivia, Guatemala, Brazil, Costa Rica, USA, Uruguay, Paraguay, and Argentina. You may exercise your rights to know, update, correct, and/or suppress your personal data by writing to us at contactenos@avianca.com, in accordance with the general procedures described in section 12 of this General Privacy Policy. 

In order to enforce their rights, travelers, clients, or users may exercise their right to know, update, correct, and suppress their personal information and data by submitting us a request at contactenos@avianca.com, or through the Suggestions and Complaints service at www.avianca.com, or at the Call Center from Bogotá by calling to the number 4013434, or from other cities in Colombia to the number 018000953434, in accordance with this Privacy Policy. 

The contact information of THE AIRLINES in Colombia is: 

• Address: Avenida Eldorado No. 59 – 15, Bogota. 

• Telephone number in Bogota: 4013434 

• From other cities in Colombia: 018000953434 

 • Email: contactenos@avianca.com  


APPENDIX MEXICO 

For the treatment of personal information and data conducted in Mexico, the procedures for the exercise of the rights of Holders shall be those provided in the Federal Law for the Protection of Personal Data in Possession of Private Parties (DOF 05-07-2010), and its respective Regulations (DOF 21-12-2011). 

1. Procedures for the exercise of the ARCO rights in Mexico: 

Pursuant to that established in the Mexican law, the holders of personal information and data have the right to access, correct, cancel, or oppose to the treatment of their personal data, for which the following procedure must be followed: 

The area responsible for the treatment of personal data (Information and Intelligence Direction) may be contacted through the following channels and for the delivery of the required information and documentation: 

• Email: contactenos@avianca.com 

• Address: Avenida Eldorado No. 59 – 15, Bogota, Colombia 

A request for the access, correction, cancellation, or opposition must contain at least: 

• Full name and home address of the holder of the personal information and data, and any other means for communicating the response to the request. 

• Documents confirming the identity or legal representation of the holder of the personal information and data. 

• A clear and accurate description of the personal information and data in relation to which the holder is seeking to exercise any of the above mentioned rights. 

• Any other element or document that will enable locating the personal information and data.

• Instructions for the changes to be made and/or on the limitations of use of the personal information and data, in accordance with that established in this Privacy Policy. 

• Documentation supporting the petition. 

We THE AIRLINES shall communicate to the holder of the personal information and data the determination adopted within twenty (20) business days from the date of reception of the request. This term may be extended by us only once for an equal period of time, provided the circumstances justify such extension. Based on the foregoing and pursuant to the provisions of the Law, THE AIRLINES shall inform the holder of the personal information and data the sense and reason(s) for the resolution via the same means through which the request was made, and such resolution shall be accompanied with relevant proof, as the case may be. 

When the request is appropriate, it will be made effective by THE AIRLINES within 15 business days following the notification of the adopted resolution. 

The holder may submit to the Federal Institute for Access to Information (IFAI) an application for the protection of the data, according to the received response or the failure to respond of THE AIRLINES. 

Such request shall be submitted by the holder within 15 business days following the date of reception of the response to the holder by THE AIRLINES, and shall be subject to that provided in the Law. 

In the event of requests to access personal information and data, the requestor or legal representative will be previously required to confirm his/her identity. 

The information access obligation shall be deemed to be fulfilled once THE AIRLINES have made the personal information and data available or delivered simple copies or electronic documents to the holder. 

 In the assumption that a traveler, client, or user requests the access to his/her personal information and data, presuming that THE AIRLINES are responsible when actually we are not, THE AIRLINES shall respond to the holder indicating this via any means of communication, being this enough for the request to be considered responded. 

The response to a request for the access, correction, cancellation, or opposition to personal data shall be free of charge. Our clients, travelers, or users shall only cover any justified shipping expenses or the cost of reproduction in copies or other formats, which will be informed in due course and time. 

In the event the same client, traveler, or user repeats a request for the Access, correction, cancellation, or opposition to the personal information and data within a period of less than 12 months from the date of the last request, the response to such request will have an additional cost indicated by THE AIRLINES, in accordance with that provided in Article 35 of the Federal Law for the Protection of Personal Data. 

We THE AIRLINES may deny the access, in whole or in part, to the personal information and data or the correction, cancellation, or opposition to the treatment thereof in the following assumptions: 

• When the requestor is not the holder, or the legal representative is not duly authorized for such purpose.

• When the requested personal information and data are not contained in the database of THE AIRLINES.

• When the rights of a third party are likely to be harmed.

• When there is a legal impediment or resolution of an authority.

• When the correction, cancellation, or opposition has been previously performed, rendering the request unfounded or unjustified. 

The cancellation of the personal information and data shall give rise to a blocking period, after which the respective personal data will be suppressed. Once the cancellation of the personal information and data has been completed, THE AIRLINES shall notify the holder. 

Having done the above, THE AIRLINES may keep the personal data exclusively for the purposes of responsibilities derived from the treatment referred to in this Policy. When the personal information and data have been shared with third parties or other entities in charge prior to the correction or cancellation, and such information is being treated by such third parties, THE AIRLINES must notify them of the request made by the holder in order for them to proceed to make the respective correction or cancellation. 

We THE AIRLINES will not be obligated to cancel personal information and data in the cases of the assumptions provided in Article 26 of the Federal Law for the Protection of Personal Data, neither when the holder has a legal or contractual obligation to remain in the database, in the terms provided by law. Furthermore, when the collected personal information and data are no longer necessary to meet the purposes provided in this Policy and in the applicable legal dispositions, the personal information and data shall be cancelled and removed from the databases of THE AIRLINES. 

2. Mechanisms and procedures to revoke the consent: Holders may, at any moment, revoke their consent to treatment of their personal information and data. To this end, holders must send us an email written in the Spanish language to the following address: contactenos@avianca.com, and must include the same requirements indicated for the exercise of the ARCO rights, specifying the personal information and data for which he/she wishes to revoke the consent to treatment. The revocation of the specified data shall take place within a term no longer than fifteen (15) business days from the reception of the sender´s email. 

3. Holder´s options for limiting the use or disclosure of his/her personal information and data: 

Holders, at any moment, may limit their consent to treatment of their personal information and data for marketing and promotion purposes by sending us an email to the following address: contactenos@avianca.com, mentioning the limitations. 

Within a term no longer than ten (10) business days from the reception of the holder´s email, we shall stop sending him/her information. 

The contact information of THE AIRLINES in Mexico is: 

  • Address: Avenida Paseo de la Reforma 195-301, Colonia Cuauhtémoc, CP 06500, Mexico, DF. 
  • Telephone number in Mexico: 01800 1233120
  • Email: contactenos@avianca.com 


APPENDIX PERU 

For the treatment of personal information and data conducted in Peru, the procedures for the exercise of the rights of Holders shall be those provided in the Law 29733 and the Supreme Decree 003-2013-JUS (hereinafter referred to as the Law and its Regulations). 

Travelers, clients, or users have the right to know the details of the treatment of their personal information and data performed by us, to know the personal information and data collected, to oppose when appropriate, to request the correction when these are inaccurate or incomplete, as well as to cancel them when these are not being used in accordance with the law, to the terms and conditions of the acquired product or service, to the respective contract, or the terms contemplated in this Privacy Policy. 

By accepting this Privacy Policy, you freely, expressly, and previously state that you have been informed of the rights granted by the Peruvian Law as the holder of your personal information and data, and which are listed below: 

(I) Access 

(II) Information 

(III) Correction or update 

(IV) Cancellation 

(V) Opposition 

In order to exercise these rights, the holder must send a request addressed to THE AIRLINES, including the following:

  • First, Middle, and Last Names and requestor´s identification documents (copy of the national identity card or passport).
  • Specific petition giving rise to the request.
  • Home address and/or email address for response notification purposes.
  • Documentation supporting the petition (for the cases of correction, cancellation, or opposition).
  • Requestor´s signature 

The procedures for the exercise of the rights are the following: 

a) Right to Access and Information: 

Holders may exercise the right to access and view the data stored in our database, in which case we shall provide access to the requested information. 

The request for the access shall be responded within a maximum term of twenty (20) business days from the day after the date of reception of the request. 

In the event it is not possible to respond to a claim within such period, the claimant shall be informed of the reasons for the delay, and the response term will be extended for an additional twenty (20) business days. Furthermore, the holder of the data may exercise the right to the information as to how his personal data were collected. 

Such request shall be responded within eight (8) business days maximum from the day after the date of reception of the request. In the event the request to exercise the right to access or information is incomplete, the requestor, within five (5) days following the reception of the request, will be required to send the missing information. If you fail to submit such required information after five (5) days from the date of the requirement, your request will be considered not submitted. 

b) Right to correct, update, oppose, or cancel 

If the holder considers that the information contained in a database must be subjected to correction, updating, or suppression, he/she may submit a request, duly supported, which will be undertaken under the following rules: In the event the request is incomplete, the requestor, within five (5) days following the reception of the request, will be required to send the missing information. 

If you fail to submit such required information after five (5) days from the date of the requirement, your request will be considered not submitted. 

On the other hand, in the event the information or documents supporting the request are insufficient, THE AIRLINES may require, within seven (7) days following the reception of the request, any additional documentation to respond to the request, requiring the holder to deliver such additional documentation within ten (10) business days. Similarly, if you fail to deliver the required information, your request will be considered not submitted. 

During the correction or cancellation process, THE AIRLINES or the entity in charge shall proceed to block the access to the data by third parties. 

The maximum term for responding to a request to exercise the right to correction, update, opposition, or cancellation shall be ten (10) business days from the day after the date of reception of the request. In the event it is not possible to respond to a claim within such period, the claimant shall be informed of the reasons for the delay, and the response term will be extended for an additional, and no longer than, ten (10) business days. 

The contact information of THE AIRLINES in Peru is:  

  • Telephone number in Peru (Lima): 2136060 
  • Email: contactenos@avianca.com 

APPENDIX EUROPEAN UNION  

For travelers, clients, or users residing in a country of the European Union, and for passengers who purchase their air tickets in a country of the European Union, the provisions contained in this General Privacy Policy shall govern. In addition, in order to ensure the optimal protection of their personal information and data, pursuant to the legislation in force, the following will apply: 

It is possible that in some cases, the recipients of personal information and data are located outside the European Union and may have total or partial access thereto (last names and first name, passport number or citizen ID card number, destination, etc.), all of which are intended for the sole purpose of executing the transportation contract and/or the acquired services or products, or for reasons legally provided in and under the protection of the standards in force. In the event of the transfer of data outside of the European Union, this will be performed in accordance with the respective standards in force (e.g. for Spain, the Organic Law 15/1999, of December 13, for the Protection of Personal Data, and for the United Kingdom, the Data Protection Act 1998 of March 1st, 2000). 

Certain information and data are indispensable for the completion of a transport contract or the provision of acquired services, and the passenger may refuse to such collection and treatment. However, such refusal could make it impossible to complete the transport contract or lead to its cancellation. In addition, the supply of inaccurate information could lead to preventing the passenger from boarding the aircraft or to being denied entry into any foreign country. 

When completing a contract, the passenger must be informed of which information is mandatory and which is not, to the extent that the failure to provide the mandatory information will automatically cancel the services for which they were required. 

Users may also refuse the options to receive any type of information regarding the services of THE AIRLINES when asked for any email address, and may, at any time, withdraw from the information services he/she may have signed up for. 

Holders of personal data may exercise the rights to opposition, access, correction, and cancellation of their data in the terms provided in the applicable law (in Spain, Organic Law 15/1999 for the Protection of Personal Data). For this, they may address THE AIRLINES, including their identity documents. 

The contact information of THE AIRLINES within the European Union is: 

  • Avianca C/Castelló 23, 4º Izq. 28001 Madrid Spain 

  • Email: contactenos@avianca.com  



APPENDIX CANADA 

For the treatment of personal information and data conducted in Canada, the procedures for the exercise of the rights of Holders shall be those provided in the Personal Information Protection and Electronic Documents Act, also known as PIPEDA or Act, which is a federal law that sets out rules for how private organizations may collect, use or disclose personal information within Canada. PIPEDA applies in all Canada, except in the provinces of British Columbia, Alberta, and Quebec, as these provinces have their own privacy laws, which have been declared substantially similar to the federal law, PIPEDA. 

PIPEDA imposes a general obligation on all organizations to collect, use, and disclose personal information for purposes that are reasonable and appropriate under certain circumstances. It also provides a list of 10 principles which must be met by private organizations when collecting, using, and disclosing the personal information of any traveler, client, or user. 

Users may also refuse the options to receive any type of information regarding the services of THE AIRLINES when asked for any email address, and may, at any time, withdraw from the information services he/she may have signed up for. 

The holder of the personal information and data may exercise his/her rights by sending a request, complaint, or claim to contactenos@avianca.com, and such request, complaint, or claim shall be responded in the terms of this Privacy Policy and applicable laws.  


 
APPENDIX UNITED STATES 
 

The Department of Transportation of the United States of America (hereinafter referred to as DOT) provides that THE AIRLINES must inform their travelers, clients, or users sufficiently about the collection, use, and disclosure of personal information and data.

Even though no federal privacy laws currently exist that specifically regulate the treatment of personal information and data in this country, the DOT may investigate and prevent any practice related to the sale of air travel services, including the treatment of personal information and data of our travelers, clients, or users. 

THE AIRLINES are also committed to complying with the Children´s Online Privacy Protection Act of the United States of America, also known as COPPA).

The COPPA regulates the protection of children´s privacy in the United States, authorizing the DOT to engage in the investigation of any use of the personal information and data of children under 13 years of age on the web. 

In the event a child under 13 years of age provides us with personal information and data without the prior consent of the parents, tutor, or legal representative, these may submit a request, complaint, or claim to THE AIRLINES via the following email: contactenos@avianca.com. Such request, complaint, or claim shall be duly responded in the terms of this Privacy Policy and applicable laws.


​​​

​​​

Announcement of Privacy to Shareholders

Your data protection is important to us

In order to comply with the provisions laid down in Article 10, Decree 1377 of 2013, regulated by Law 1581 of 2012, the company Aerovías de Continente Americano, S.A. Avianca, as responsible for the personal data processing, requests their Shareholders authorization to continue the processing of their personal data according to the following Policy:

Aerovías de Continente Americano, S.A. Avianca identified with NIT 890.577.100 (Taxpayer Identification Number), with corporate headquarters located in Barranquilla, Colombia, informs that the personal information provided by you as Shareholder of the Company is processed to keep the information recorded in the Company Shareholders Registry System updated so it can be used to contact and send information about the decisions made by the Company with regards to its shareholding, as well as to pay the dividends authorized by the General Shareholders’ Meeting.

The information and personal data are collected, stored, used and shared with the internal areas involved in the cycle of reports and payment that may be located in third countries, and with the Internal Audit, Fiscal Audit Office, Legal Authorities and Inspection, Monitoring and Control Authorities, in case they need it. The information will be stored during the life of the company. The information holders may exercise their rights to know, update, modify and/or remove their personal data pursuant to the provisions of Law 1581 of 2012 and its regulatory decrees, by sending their request to gobiernocorporativo@avianca.com, or by calling to the hotline: 018000120282.

Privacy Policy for Suppliers

Confidentiality and adequate protection of the personal information entrusted to the Companies is of outmost importance. By their code of ethics all the companies operating under Avianca trademark are committed to managing their suppliers’ data in a responsible manner.

The Companies need to collect certain personal data to carry out the activities related to the commercial operation. They have legal and social obligation to comply with legal and security regulations to protect those collected personal data for the purposes described in this privacy policy, which can be consulted in our website www.avianca.com.

1. Responsible for the information collected

The airlines Aerovías del Continente Americano S.A. Avianca, Tampa Cargo S.A., limited commercial partnerships incorporated in the Republic of Colombia, Aerolíneas Galápagos S.A. Aerogal, limited commercial partnership incorporated in the Republic of Ecuador, and the so called Grupo Taca Airlines: Taca International Airlines S.A., incorporated in the Republic of El Salvador, Líneas Aéreas Costarricenses S.A., Lacsa, incorporated in the Republic of Costa Rica, Trans American Airlines S.A., incorporated in the Republic of Peru, Aviateca, S.A., incorporated under the laws of Guatemala, are responsible for the information and personal data processing, and are referred to herein as “The Companies”.

2. Collected data

To effectively meet our obligations arising from the purchase of goods or contracting of services it is necessary to collect certain information from our suppliers such as:

Company or natural persons names

​Trade names ​Tax information ​Information for payment via bank transfer
​Contacts ​Copy of documents supporting tax and banking information ​Mail address, electronic mail, telephone and/or fax number of the supplier and its


Any other support required by the nature of the contract of purchase or the service performed

From the moment the suppliers provide information they consent the Companies to maintain in their records all the information provided through any means in order to get their personal and control data.

3. Purposes of Data Processing

The information collected may be used for the following purposes:

 

​Conduct assessments and selection of potential suppliers ​Compliance with fiscal and legal aspects with government and regulatory entities
​Establish business relations to purchase goods or services ​Control and payment for goods and services received
​Qualitative and quantitative assessments of the level of the services received from the suppliers ​Communication of policies and procedures of how to do business with suppliers
​Process control and accounting records of the obligations undertaken with the suppliers ​Consultations, audits and reviews derived from the business relation with the supplier

Any other activity necessary for the effective implementation of the business relationship between the supplier and the Companies.

The information necessary to comply with legal and contractual obligations and to perform processes related with the suppliers, will be obtained, including the purposes outlined in this document and those they authorize.

4. Transfer and Transmission of Data

The information provided by the suppliers will be handled as indicated in this privacy policy for suppliers, unless they authorize in writing the use of their information for other purposes. Physical and electronic access to the data provided will be limited to the officials who need to access that information to meet the purposes outlined.

The Companies undertake to ensure the compliance with all legal protection principles related to the transmission and transfer of any information of suppliers. Likewise, they express their commitment to have respected at all times this privacy policy.

The Companies inform the following purposes:

Because we are part of a business group operating internationally, it is necessary to offer make available to any of the companies comprising the Group the information collected from suppliers to conduct processes in which they are linked.

Often we are legally required to provide part of the information to administrative, legal, fiscal and regulatory authorities.

The suppliers agree that if the societies comprising the Companies are subject, in whole or in part of sale, merge or other transfer to another entity, it is possible that some personally identifiable information will be transferred as part of said operation.

5. Update or Inactivation of Information

Eventually we will request our suppliers to review and update the information we have of them.

Likewise, suppliers may request changes to the information provided and to exercise legal rights as owners of the personal data by contacting afiliacion.proveedores@avianca.com.

Suppliers may at any time and for legitimate reason object in writing the treatment of their personal data. If their request is appropriate, the Companies will not continue processing said data.

The Companies have a policy to make periodic purification processes of the information from those suppliers with which they have finished or interrupted their business relationship..

6. Validity of the information and data processing

The information provided by the suppliers will be stored for a period of ten (10) years from the date of the last process, to enable the compliance with the legal and/or contractual obligations especially in accounting and fiscal or tax matters.

7. Protection, security and confidentiality of information

The information provided by goods and/or services suppliers is vital for the Companies, so we have established policies, procedures and standards of security of the information, which purpose is to protect and preserve its integrity, confidentiality and availability, independently of the medium or format it is stored, its temporary or permanent location or the way it is transmitter and/or transferred.

In this regard, we rely on technological tools and implement security practices recognized in the industry, that include: transmission and storage of sensitive information through secure mechanisms, such as encryption, use of secure protocols; assurance of technological components, restriction access to information only to authorized personnel, information backup, safe practices of software development, among others.

8. Changes to Privacy Policy

This privacy policy may be modified when the deemed necessary by Companies. We reserve the right to update and make significant changes to this policy, as well as to our practices in processing information. The suppliers have the right to request at any time a copy of the privacy policy then in force, and also have the right to exercise their rights as owners of personal data pursuant to the current and applicable law.

9. Validity

This privacy policy is effective as of the date of its publication in the informative channels of the Companies.

Last review published: July 23, 2013.

The contact details of the Companies in Colombia are: Address: Avenida Eldorado No. 59 – 15, Bogotá.

Phones: In Bogota 4013434, or from other cities in Colombia 018000953434 

 

 

Privacy Policy for Contributors

1. About us

The Companies Aerovías del Continente Americano S.A. Avianca, Tampa Cargo S.A., limited commercial partnerships incorporated in the Republic of Colombia, Aerolíneas Galápagos S.A. Aerogal, limited commercial partnership incorporated in the Republic of Ecuador and Líneas Aéreas Costarricenses S.A., Lacsa, incorporated in the Republic of Costa Rica, hereinafter referred to, individually and collectively, as the Companies, all of them respectively liable and/or in charge of the management of personal data.

2. Purpose of the Terms and Conditions of the Processing of Personal Data of the COMPANIES

This document contains our policy of information and personal data processing in relation to the selection, correlation, personnel management and legal and extralegal benefits administration. This document is purported to communicate the type of information we collect and the purpose of the processing, as well as the situations where the information is likely to be shared, and the different mechanisms to protect the information, the holders’ rights and the procedures to exercise them.

For the Companies it is necessary that employees provide their personal information in order to manage the personnel and to implement the legal and extralegal obligations derived from the existence of an employment contract. The Companies acknowledge the importance of security, privacy and confidentiality of the personal data provided by people through diverse channels of personnel recruitment, staff and legal and extralegal benefits management websites, as well as other mechanism such as: websites, resume templates, formats of biometric systems, legal and extralegal rights. So we are committed to protecting and carefully handling them according to the legal regime of personal data protection applicable in the Colombian territory. This document is applicable to the processing of the information received from candidates to vacancies in each of the Companies (hereinafter candidates), as well as from active employees and retired personnel, pensioners, related parties, familiar group and beneficiaries. 

The above mentioned website may be disabled or change domains according the reorganization processes we implement, changes that will be timely informed to our candidates, active employees and retired persons, pensioners and other people who have had an employment contract with the Companies.

3. Information and personal data obtained

The Companies collect information and personal data from candidates as well as from active employees, retired persons, pensioners and related parties, familiar group and beneficiaries who have or had an employment contract with THE COMPANIES that may include in full or in part, depending of the Companies needs among others, the following data:

In the case of candidates for any position:

 

​Names and last names ​Date of birth Contact landline and mobile telephones Profession or occupation
​Identification type and number ​Gender ​Postal and electronic addresses (personal and/or work) Academic profile
​Nationality ​Marital status ​Fax (personal and/or work) ​Professional profile

In the case of active employees, retired persons, pensioners and other people who have or had an employment contract with the Companies:

​Names and last names ​Marital status ​Home telephone ​Cellular telephone ​Health provider entity – prepaid Fax (personal and/or work) ​Profession or occupation Academic profile ​ Professional profile
​Identification type and number ​Nationality ​Department ​Blood group ​Recruitmen date ​Date of birth ​Mother´s name Father’s name ​Previous employment
​Date of birth ​Physical impairment ​Type of contract ​Function table ​Worked days per week ​Monthly working hours ​Weekly working hours
​Type of payment ​Bank of payment
​Gender ​Payment agency ​Pension fund ​Health fund
​Unemployment fund Compensation office
​Medical records ​Postal and electronic addresses (personal and/or work)
 

And for other related parties (recognizing them as: natural persons other than employees working under employment contracts, providing services to the Companies under any other contracts, or that are at the services of any contractor or supplier of goods and services whether natural or legal person, who have entered into a civil or business contract with the Companies, and who in virtue of any of these agreements perform duties or functions of operational, technical, administrative or commercial support).

 

​Names and last names ​Cellular telephone
​Date of birth ​Gender ​Marital status ​Home telephone ​Identification type and number Contract term Transportation bonus
Contribution union Fax (personal and/or work)
​Salary
​Inc to pax
​Function ​Position Mother´s name ​Profession or occupation

​Academic profile
Professional profile ​Recruitment date
Date of birth
Nationality ​Departament ​Blood group ​Contribution union
​Father´s name
​Previous employment
Physical impairment Medical records
​Type of contract ​Contract term ​Transportation bonus
​Inc to pax
​Bank of payment ​Position
​Salary
​Function
​Function table ​Worked days per week
​Monthly working hours

​Weekly working hours ​ Type of payment
​Payment agency
​Pension fund
​Health fund
​Pension fund Compensation office
​​​Relationship with any official-degree of relatedness​ ​Health provider entity – prepaid ​ ​Postal and electronic addresses (personal and/or work) ​ ​

In the case of the family and beneficiaries (it refers to data of family members to enjoy the benefits of tickets or extralegal benefits according to resume information and the registration form, beneficiary documents).

 

​Name (beneficiary) Date of birth (of the beneficiary)​ Departament ​Blood relation
​Country ​Nacionality ​Validity start date (Start date in the Company) Sex


These data can be stored and/or processed on servers located in data centers, whether owned or contracted with third party suppliers, located in Colombia or in different countries, with the condition that the active employees, retired persons, pensioners, other related parties, families and beneficiaries and other persons who has or had an employment contract with the Companies, accept this Privacy Policy. Additionally, for security reasons, the Companies may collect, store, share and compare with different administrative authorities of national control and surveillance policy or legal authorities, biometric information and personal data of the candidates, active employees,, retired persons, pensioners, other related parties, families and beneficiaries and other persons who has or had an employment contract with the Companies, obtained directly or through image, audio or video recording devices located in our facilities, such as administrative offices, points of sale, VIP lounges, airports, service modules at airports, call centers, maintenance shops, operations schools, hangars and others.

4. Validity of the information and personal data processing

The information provided by the candidates to occupy a vacant position in the Companies, will be stored up to two (2) years from the date of the last processing, or for the time required to meet the provisions applicable to the subject concerned and the administrative, accounting, fiscal, legal and historical aspects of the information or another legal and/or contractual obligation of the Companies.  

The information given by active workers, retired persons, pensioners and other persons who have or had an employment contract with the Companies will be physically stored in electronic means or other available to the Companies for this purpose, following the provisions of the Substantive Labor Code Art. 264.

5. Truthfullnes of the information

Candidates, active employees, retired persons, pensioners, other related parties, family and beneficiaries should provide to the Companies true information about their personal data to carry out the processes of: Human Talent Attraction, formalization of employment relationship, as well as to enable the service rendering of contracted personnel, to manage the benefits and legal and extralegal labor obligations under which conditions they accept to provide the required information.

The Companies believe rely on the truthfulness of the information provided and do not verify, or assume the obligation to verify the identity, and either the authenticity of the documents submitted by the candidates, active employees, retired persons, pensioners and other persons who has or had an employment contract with the Companies, either the validity, sufficiency and authenticity of the data provided by each of them. Therefore, we assume no responsibility for damages of any kind that may be originated from the lack of truthfulness, validity, sufficiency or authenticity of the information, including any damages that may be due to homonymy or impersonation. All of the foregoing, without prejudice of the administrative sanctions and legal consequences specifically established in the Substantive Labor Code on the existence of the employment relationship.

6. Information of children and adolescents under legal age

The Companies may be depository of information on children and adolescents under legal age, who have bonds of consanguinity or affinity or just are part of the family of active employees, retired persons, pensioners, other related parties and persons who have or had an employment contract with the Companies. We, the Companies will ensure proper use of personal data of children and adolescents under age, guaranteeing that during their data processing their interests and fundamental rights will be respected, and when possible taking into account their opinion as owners of their personal data.

7. Purposes of personal data processing

The information collected is used to recruit and select the personnel that will occupy the vacancies of the Companies, process, confirm and meet the legal and extralegal labor obligations derived from the existence of an employment or labor contract, as well to make transactions, reports to the different national and international administrative authorities of control and surveillance, police and legal authorities, banks and/or insurance companies, for internal administrative purposes such as: collective benefits administration, payroll, recognition of legal obligations, payment of extralegal benefits, audits, accounting reports, statistical analyses, billing, payment of legal contributions to the general system of social security, training and formation, access to inter-company agreements, recognition of social benefits by the General System of Social Security (disabilities, licenses and others) among other processes involved in personnel management. 

By accepting this Privacy Policy, our candidates, active employees, retired persons, pensioners other related parties, families and beneficiaries, in their quality of owners of the data collected, authorize the Companies to process them, partially or totally, including the collection, storage, recording, use, circulation, processing, removal, transmission and/or transfer of the data to third countries to perform the activities related to the administration of collective benefits, payroll, recognition of legal obligations, payment of extralegal benefits, audits, accounting reports, statistical analyses, billing, payment of legal contributions to the general system of social security, training and formation, access to inter-company agreements, recognition of social benefits by the General System of Social Security (disabilities, licenses and others) among other processes involved in personnel management.

We inform that in the activities of Human Talent attraction and management, third party suppliers may be involved such as head hunters, suppliers of training systems, among others without prejudice to other purposes already informed in this document.

Additionally, active employees, retired persons, pensioners other related parties, families and beneficiaries, in their quality of owners of the data collected by accepting this privacy policy authorize us to: Use electronically the data provided by them, through websites, intelligent telephones (Smartphones), among others, to send to the registered electronic addresses, payment forms, training courses and any other kind of information directly or indirectly related to the employment contract, as well as to share personal data with banks, companies offering benefits to our active employees, among other.

Provide personal data to control and surveillance police and legal authorities by a legal or regulatory requirement, and/ or use or disclose this information and personal data in defense of their rights. Allow the access to the information and personal data to auditors or third parties contracted to perform internal or external auditing processes inherent to the business activity we develop.

Consult and update personal data at any time, to keep updated such information. 

Outsource the storage and/or processing of the information and personal data for the execution of contracts entered with us, with the security and confidentiality standards to which we are bound. 

Transfer and transmit those data to countries other to those where the information is collected, for which we, the Companies will seek the protection of such data in accordance with the security and confidentiality standards set forth in this document.

Transfer the personal data to a prospective buyer of one of our business units, for which we will provide opportune information to candidates, active employees, retired persons, pensioners other related parties, families and beneficiaries, and other persons who have or had an employment contract with the Companies, owners of such data, so that they exercise the rights to update, modify and remove those data which they are entitled under the applicable law.

8. Cookies and web beacons use

The Companies may use cookies, web beacons and other similar technologies in their web sites and electronic devices used to access them, to know the origins, activities and preferences of their passengers, customers and users when navigate on the web, to increase the functionality and accessibility to the websites, to verify that users meet the criteria required to process their requests and to tailor their products and services to the users’ needs, being able to obtain the following general information:

Language of the device ​Accessed liks ​Duration of Navigation ​Web site visited before entering Avianca.com
​Visited web sites ​IP address ​Type of browser and operating system used

These cookies, web beacons and other similar technologies can be disabled or deleted by the User whenever he desires. To this effect, the User can check and/or request the assistance from the internet browser he is using.

9. Protection, security and confidentiality of the information

The information of the candidates, active employees, retired persons, pensioners other related parties, families and beneficiaries, and other persons who have or had an employment contract with the Companies, is of vital importance to us, so we have established policies, procedures and standards of information security, which purpose is to protect and preserve the integrity, confidentiality and availability of the information regardless of the media or way it is presented, its temporary or permanent location and how it is transmitted.

In this sense, we rely on technological security tools and implement security practices recognized in the industry, which include: transmission and storage of sensitive information through secure mechanisms, such as encryption, use of secure protocols; assurance of technological components, restriction access to information only to authorized personnel, information backup, safe practices of software development, among others. 

Third parties contracted by the Companies are also bound to adhere and comply with policies and manuals of information security, as well as with the security protocols we apply to all our processes.

10. Procedure to exercise the rights of the information owners. The candidates, active employees, retired persons, pensioners other related parties, families and beneficiaries, and other persons who have had an employment contract with the Companies, have the right to access the personal data under our control and to exercise their rights as holders thereof in the terms of data protection regulations applicable to them and as provided in this Privacy Policy. In the case of personal data which processing is performed in Colombia, the procedures to exercise the owners rights will be the provisions of Law 1581 of 2012 and regulatory decrees.

The candidates, active employees, retired persons, pensioners other related parties, families and beneficiaries, and other persons who have had an employment contract with the Companies have the right to consult and know the details of the personal data processing we carry out, as well as to modify them in case they are inaccurate or incomplete and to cancel them when they are not being used according to the purposes and legal or contractual terms, or the purposes and terms specified in this Privacy Policy.

To make their rights effective, the candidates, active employees, retired persons, pensioners other related parties, families and beneficiaries, and other persons who have had an employment contract with the COMPANIES, can exercise their rights, know, update, modify and cancel their personal data by sending a request to compensacionynomina@avianca.com, in accordance with this Privacy Policy. The request should include the following data:

 

​Names and last names Type of document ​Document number ​Telephone
​Email address ​Country ​Subject

In the event that any candidate, active employee, retiree, pensioner, related third party or member of the family and/or beneficiary, considers that a content used in any of our contact channels such as websites, applications for intelligent telephones (Smartphones), involves a violation of their intellectual property rights, they should send a notice with the following information to the address above indicated:

Personal Data: name, address, telephone number and email address of the complainant.

Authentic signature, with the personal data of the owner of the infringed intellectual property rights or of the authorized person to act on behalf of the owner of those rights.

Accurate and complete indication of the content protected by the infringed intellectual property rights as well as its location.

Clear and express statement that the use of the indicated content is made without the consent of the owner of the infringed intellectual property.

Express and clear statement under the responsibility of the claimant that the information provided in the notice is accurate, and that the use of the content constitutes a violation of their intellectual property rights.

Claims arising from these facts will be subject for their treatment and solution to the applicable legal procedures, depending on the nature and scope thereof.

11. Information contained in network users, virtual platforms and working tools

The information resources are provided to the active employees for exclusively for the implementation of the employment contract, and the information assets and informatics resources are exclusively for business purposes and should be treated as assets dedicated to provide the tools to perform the work required. The Companies reserve the rights to monitor and supervise the information contained in systems, services and equipment, in accordance with the provisions of the General Policy of Information Security.

12. Modifications to the Privacy Policy

We, the Companies reserve the right to make at any moment modifications or updates to this Privacy Policy by virtue of any new legislation, internal policies or new requirements for the provision or offer of our new services or products.

These modifications or changes will be available to the public through the following means: visible ads in our facilities or customer service centers, our websites, applications for intelligent telephones (Smartphones) or online newsstands (Privacy Notice) or through the last email address given.

13. Acceptance of this Privacy Policy

Each candidate, active employee, retiree, pensioner, related third party or family member and/or beneficiary accepts the processing of their personal data according to the terms of this Privacy Policy, when provide the data through: website, resume submission, signing of employment contract, presentation and filling out of forms to enjoy legal and extralegal benefits.

14. Validity

This General Privacy Policy is effective as of the date of its publication.

Last review published: July 23, 2013.

Contact details of the Companies in Colombia are:

Address: Avenida Eldorado No. 59 – 15, Bogotá.

Phones: In Bogotá through 4013434, or from other cities in Colombia through 018000953434