Privacy Policy

PLEASE READ THESE PRIVACY POLICIES CAREFULLY, AS THEY CONTAIN IMPORTANT INFORMATION ABOUT THE CONDITIONS AND CLAUSES ON THE HANDLING OF INFORMATION, AS WELL AS THE OBLIGATIONS AND LEGAL AND REGULATORY PROVISIONS RELATED TO THE USE OF THE LOBBY APPLICATION.

Welcome to LOBBY is an online platform, available at https://lobbypms.com, that allows users to manage and control the hotel. LOBBY facilitates the management of reservations, registration of consumption and payments made by guests, printing of invoices, reception shifts, cleaning, accounting and much more.

The User agrees that he/she is entering into a binding contract with LOBBYPMS S.A.S
NIT 900881345 (hereinafter LOBBY). LOBBY is committed to protecting the User’s information. Therefore, LOBBY respects and protects the User’s data to ensure proper compliance with Law 1581 of 2012 and Decree 1377 of 2013, which develops the constitutional right of all persons to know, update and rectify the information that has been collected about them in databases, and other rights, freedoms and constitutional guarantees referred to in Article 15 of the Constitution; as well as the right to information enshrined in Article 20 of the same.

The User who uses and enjoys LOBBY must know and accept the following Privacy Policy (“Privacy Policy“).

The person who logs in, connects to, accesses or uses the LOBBY application acknowledges that the terms and conditions constitute a legally binding and enforceable contract between such person and LOBBY.

Definitions: When reading these privacy policies you should be aware of the following definitions of some of the terms used.

• Holder: Each of the natural persons to whom the personal data relates, may be the Users of the Platform.
• Personal Data: Set of information susceptible of being related to one or more natural persons.
• Sensitive Data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.
• Data Processing (or “Processing”): Any operation or set of operations on personal data, such as collection, recording, registration, organization, conservation, modification, extraction, consultation, transmission, deletion, destruction, use.
• Data Controller:Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data.
• Data Processor:Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller.
• Data Base: Organized set of personal data that are subject to Processing.
• General Data Protection Regulation (GDPR)/General Data Protection Regulation (GDPR).

LOBBY implements its data collection and processing, in accordance with the current legal regulations, for which LOBBY adapts and has the following:

• It has a security protocol established and implemented by the entire team, which is trained with all the security standards on personal data that are collected and stored in LOBBY, for proper use of this information.
• It uses for the management of information, tools and integrations with third parties that comply with the RGPD/GDPR regulation for specific purposes without the right to be shared or used for a purpose other than the one initially authorized by the user.
• It complies with the general principles of personal data protection in terms of data quality, consent and right to information; and offers all data subjects the rights of access, rectification, data portability, restriction, suppression and opposition.
• It complies with the general criteria of lawfulness, fairness and transparency of data processing. The purposes are determined, explicit and legitimate.
• Applies data minimization by collecting only adequate, relevant and limited to what is necessary. It guarantees the accuracy and updating of the data and keeps them only for the time necessary for the purposes of processing.
• It adapts the appropriate technical and organizational measures to ensure an adequate level of security.

Policy of Treatment or Handling of Personal Data.

1. Authorization or consent for the use of personal data.

LOBBY requires the free, prior, express and informed consent of the Data Subject for the processing of personal data, except in cases expressly authorized by law. Such authorization shall be granted by: the Data Subject, who must prove his or her identity sufficiently, according to the conditions indicated by LOBBY; or the assignees, guardians, representatives or attorneys-in-fact of the Data Subject, who must prove such quality, representation or power of attorney.

The User expressly authorizes LOBBY, to manage the personal data entered in the Platform as follows:

(i) LOBBY can access the personal data entered to the Platform by the User (ii) Update and rectify the information in the event of partial, inaccurate, incomplete, fractioned, misleading, or those whose treatment is prohibited or has not been authorized. (iii) Request proof of the authorization granted (iv) File complaints with the competent authority for violations in accordance with the provisions of current regulations. (v) Revoke the authorization when the principles and legal standards in force are not met. (vi) Refrain from answering questions about sensitive data.

The User authorizes LOBBY to use, transfer to third parties, store and use the User’s personal information in order to improve the service on the Platform and to comply with its legal obligations. .

LOBBY, has its main domicile in the city of Medellín at the address Calle 11#43B-50 Oficina 406.

The data processing policy as well as the Terms of Use and Privacy Policy can be found on our website https://lobbypms.com/.

LOBBY in order to guarantee the principle of consent, obtains the authorization of the holder for the Processing of Data in a free, clear and transparent manner, through different means, including the physical document, email, website, application or any other format that allows evidence that the Information Processing Policy was disclosed and that the holder expressly authorizes the Processing of their personal data.

LOBBY may provide the information of Data Subjects to the following:

• To the Data Subjects, their heirs or representatives at any time and through any means when requested to LOBBY.
• To the judicial or administrative entities in the exercise of their functions that make any request to LOBBYfor the information to be delivered to them.
• To third parties authorized by any law of the Republic of Colombia.
• To third parties to whom the Data Subject expressly authorizes to deliver the information and whose authorization is delivered to LOBBY.

The Holder’s Authorization shall not be required in the following cases:

• Information required by a public or administrative entity in the exercise of its legal functions or by court order.
• Data of a public nature.
• Cases of medical or sanitary emergency.
• Processing of information authorized by law for historical, statistical or scientific purposes.
• Data related to the Civil Registry of Persons.

The holders of personal data may at any time revoke the authorization granted to LOBBY for the processing of their personal data or request the deletion of the same, as long as it is not prevented by a legal or contractual provision.

2. Purposes and Uses of Personal Data

LOBBY in the development of its corporate purpose and its relationships with employees, customers, suppliers, creditors, strategic allies, subsidiaries, distributors, among others, collects data that are limited to those personal data that are relevant and appropriate for the following purposes:

• To carry out administrative, human resources, payroll and internal management activities for the
• Establish consolidated and updated customer information.
• To develop commercial, promotional, advertising and informative activities.
• Create a close understanding of your customers and third parties for segmentation, marketing and sales activities.
• Contacting Registrants to monitor and evaluate the quality of our products and services.
• Develop supplier management activities, including invoicing, commercial management and collections.
• Improve the User experience in the Application
• To know the preferences of the Users and the general trends in the Application.
• Enable the general operation of the Application.
• Customize the User’s experience in the Application.
• To provide registered Users with certain information and services available.

In connection with the above purposes, LOBBY may:

• Obtain, store, compile, exchange, update, collect, process, reproduce and/or dispose of partial or total data or information of the Personal Data Holders.
• Classify, sort and segment the information provided by the Data Subject.
• Compare, verify and validate the data obtained in due form with credit bureaus with which it has commercial relations.
• Extend the information obtained, under the terms of the Law, to the companies with which it contracts the services of collection, storage, management and Processing of its Databases, prior the due authorizations and legal requirements that may be necessary in that sense.
• Transfer partial or total data or information to its subsidiaries, businesses, affiliated companies and/or entities and strategic allies.
  • Transfer of data to the Tourist Accommodation Information System (SIAT).

In the event that the Platform allows it, by authorizing the processing of their personal data, the User authorizes LOBBY to use and transfer the data of their guests to the Tourist Accommodation Information System (SIAT) of the Ministry of Commerce, Industry and Tourism, through the completion of the Accommodation Registration Card.

If the tourist accommodation service provider does not have access to the Internet or to LOBBY, it will download from the website of the Ministry of Commerce, Industry and Tourism, the local version that will be fed daily with the guest’s information. The tourist accommodation service provider shall adopt an authorization protocol in which it shall inform the guest of the processing of his personal data for statistical purposes.

The information collected in the Lodging Registration Card is for the exclusive use of DANE and the Ministry of Industry and Commerce for the elaboration of statistical analysis on tourist visits of nationals and foreigners.

• Reporting of domestic or foreign guests’ information to SIRE.

By authorizing the processing of your personal data, the User authorizes LOBBY to use and transfer the data of its guests to SIRE (Information System for Reporting of Foreigners), which is the platform of Migration Colombia where all Colombian lodging businesses must report daily the entry and exit of foreigners.

It is the User’s responsibility to register in the SIRE, for this purpose, he/she must log in to the web portal of Migración Colombia and request the registration where he/she will obtain a user account and password.

Similarly, it is the responsibility of the user to verify each day the list of people who reported to Migración Colombia through the automatic connection. In any case the person can always send the information manually, here we leave a guide for your disposal. Lobby is not responsible for the lack of verification of this data as well as failures in sending to SIRE because this is a legal obligation of each of the accommodations, which can not be completely delegated and the person always has the possibility to send the data manually.

Guide: https://soporte.lobbypms.com/hc/es/articles/4406746860307-Gu%C3%ADa-for-reporting-information%C3% B3n-to-the-immigration-system %C3%B3n-SIRE-Colombia

3. Data Subject Rights

• Know, access, update, rectify, delete and consult your Personal Data at any time with respect to the data that you consider partial, inaccurate, incomplete, fractioned, those that induce to error or those whose Treatment is expressly prohibited or has not been authorized.
• Object, complain, complain and request the portability of your data.
• Request at any time a proof of the authorization given to LOBBY
• Be informed by LOBBY of theuse it has made of Personal Data, upon request.
• Consult the control and security mechanisms in place and request specific related information.
• Request the deletion of any data and/or revoke the authorization when you consider that LOBBYhas notrespected your constitutional rights and guarantees, or simply when you wish to do so.
• File before the Superintendence of Industry and Commerce the complaints considered pertinent to enforce their right to Habeas Data against LOBBY.

4. Retention of information

LOBBY retains your personal information for the period necessary for the purposes set out in this privacy policy. Sometimes, we may retain your information for longer periods as permitted or required by law, for example, to maintain suppression lists, prevent abuse, if required in connection with a claim or legal proceeding, to enforce our agreements, for tax or accounting purposes, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also store the information securely and isolate it on backup disks to prevent it from being processed until deletion can take place.

5. Duties of LOBBY as Data Controller

LOBBY recognizes that Personal Data is the property of its Data Controllers and that only they may decide about it. In accordance with the above, LOBBY assumes the following duties in its capacity as Data Controller:

• To have the channel to obtain express authorization from the Data Subject to carry out any type of data processing.
• Request and keep, under the conditions set forth in the Personal Data Protection Law, a copy of the respective authorization granted by the Data Subject.
• To clearly and expressly inform Data Owners of the Processing to which they will be subject and the Purpose of such Processing by virtue of the authorization granted.
• Guarantee to the owner of the information, at all times, the full and effective exercise of the right of habeas data.
• To provide to the Data Processor, as the case may be, only data whose processing is previously authorized in accordance with the provisions of the Personal Data Law.
• To inform the rights of all data subjects with respect to their data.
• Maintain and ensure the security of stored Personal Data records to prevent their deterioration, loss, alteration, unauthorized or fraudulent use.
• Periodically and timely update and rectify the data, each time the data owners report news or requests.
• Inform the identification, physical and/or electronic address and telephone number of the person or area that will have the capacity of Data Controller.
• In case there are substantial changes in the content of this Information Processing Policy which may affect the content of the authorization that the Holder has granted to the COMPANY, the COMPANY will communicate the changes in a timely and efficient manner before or at the latest at the time of implementation of the new policies.

6. Information received from Users

LOBBY may collect two types of data and information:

6.1 Non-Personal Information: This is anonymous and non-identifiable information (“Non-Personal Information“). LOBBY does not know the identity of the User who first accesses the Application without logging in or registering as a User. Non-Personal Information is categorized into technical information and behavioral information, as detailed below:

6.1.2 Technical information

• Operating system type (Windows, Linux, etc..)
• Browser type (Explorer, Firefox, Chrome, Safari, etc…)
• Screen resolution (e.g. 800 x 600, 1024 x 768, etc..)
• Keyboard and browser language (e.g. English)
• IP address.
• Computer configurations, settings and any other technical data or similar information.

6.1.3 Behavioral information

• Links that the User uses while browsing the Application.
• Information related to the User’s activities in the Application, such as the date of access, time of access to the page, duration of the visit to the page, among others.
• Any information about the behavior in the Application.

6.1.4 Location information:

If the User allows the Application to access location services through the permissions system used by the mobile operating system, LOBBY may also collect the exact location of the User’s device or the approximate location of the IP address.

6.1.5. Use and preference information:

We collect information about the User and visitors to the Platform when they interact with the Services, expressed preferences and selected settings. In some cases LOBBY does this through the use of cookies, pixel tags and similar technologies that create and maintain unique identifiers.

6.1.6. Device information:

We may collect information about the User’s mobile device, including, for example, hardware model, operating system and version, file and software names and versions, preferred language, unique device identifier, advertising identifiers, serial number, device movement information and mobile network information.

6.1.7. Registration information:

When the User interacts with the Services, LOBBY collects server logs, which may include information such as device IP addresses, dates and times of access, application features or pages visited, application crashes and other system activity, browser type, and the third-party site or service you were using prior to interacting with our Services.

6.2 Personal Information: It is individually identifiable information (“Personal Information“) that identifies the User and is of a private nature. Personal Information collected by LOBBY consists of personal data voluntarily entered by the User:

6.2.1 Profile Configuration. The User creates a profile within the Platform by entering name, surname, telephone number, current e-mail address and a password, which must be handled confidentially.

6.2.2 Information for the Service: The registered User, when requesting a service from LOBBY, will enter the information to perform the service himself, such as address and telephone number, such information will be handled confidentially.

7. Database

LOBBY is responsible and in charge of the processing of the following databases:

1. LOBBY/LOBBY PMS user database .
2. Database of clients, suppliers, reservations, sales, purchases, expenses and product inventories of the company that contracts the service.

Each database collects and stores the respective personal information, with prior authorization and in accordance with the purposes set forth in this privacy policy. Such information may be handled internally, i.e., within LOBBY and/or externally, such as with suppliers or third parties. The personal information contained in this database is kept for the duration of the business relationship plus an additional period of 10 years. If in an individual case, there are indications of a need for protection or historical interest of this data, the term will be extended.

The tourist accommodation service provider shall adopt an authorization protocol in which it shall inform the guest of the processing of his personal data for statistical purposes, as these must be transferred to the Tourist Accommodation Information System (SIAT) of the Ministry of Commerce, Industry and Tourism, through the completion of the Accommodation Registration Card, in compliance with the Colombian legal provisions.

8. Collection of User Information

There are the following moments when LOBBY receives the information:

8.1 At the time of registration in the Platform.

8.2 When the User enters the information to place the order for the product(s)

8.3 When the User uploads any other type of information on the Platform for the provision of the service or purchase of any product.

9. Transfer of data to third parties

As a general rule, your data will not be passed on to third parties, except in cases where we are legally obliged to do so, where the transfer of data is necessary for the establishment of the contractual relationship or where you have given us your explicit prior consent to the transfer of the data.

• For internaldata handling, the data may be known to authorized LOBBY personnel who are familiar with the security and data collection procedures.
• For externaldata handling, i.e., when transferring or transmitting personal data to third parties, such as suppliers or affiliated companies, among others, we will ensure that they comply with the legislation on data protection, with the security measures and the same guarantees granted by us, in accordance with Article 28 of the GDPR. We also recommend that you consult the data protection policy of the relevant provider. The scope of the data transmitted will be the minimum necessary. The foregoing in accordance with the authorizations that have been granted by the Data Controllers of the personal data. LOBBY for these cases will sign the transmission contract in accordance with the terms of Decree 1074 of 2015. Once the need to process the Personal Data ceases, they will be removed from LOBBY’s databases in secure terms.
  • Transfer of data to the Tourist Accommodation Information System (SIAT).

In case the platform allows it, by authorizing the processing of personal data, the User authorizes LOBBY to use and transfer the data of its guests to the Tourist Accommodation Information System (SIAT) of the Ministry of Commerce, Industry and Tourism, through the completion of the Accommodation Registration Card.

The information collected in the Lodging Registration Card is for the exclusive use of DANE and the Ministry of Industry and Commerce for the elaboration of statistical analysis on tourist visits of nationals and foreigners.

• Reporting of domestic or foreign guests’ information to SIRE.

By authorizing the processing of personal data, the User authorizes LOBBY to use and transfer the data of its guests to the SIRE (Information System for the reporting of foreigners) which is the platform of Migration Colombia where all Colombian lodging businesses must report daily the entry and exit of foreigners.

Similarly, it is the responsibility of the user to verify each day the list of people who reported to Migración Colombia through the automatic connection. In any case the person can always send the information manually, here we leave a guide for your disposal. Lobby is not responsible for the lack of verification of this data as well as failures in sending to SIRE because this is a legal obligation of each of the accommodations, which can not be completely delegated and the person always has the possibility to send the data manually.

Guide: https://soporte.lobbypms.com/hc/es/articles/4406746860307-Gu%C3%ADa-for-reporting-information%C3% B3n-to-the-immigration-system %C3%B3n-SIRE-Colombia

10. Announcements

Users agree that LOBBY may use their contact information for the purpose of informing them about Offers or Promotions that may be of interest to them and with their prior authorization to send them advertisements and other marketing material, transmitted to the email address provided by the User.

The User may unsubscribe from the service of sending marketing material at any time by sending a notification by mail that the advertisement was sent. It is clarified that LOBBY is not responsible for the content of such advertisements and the products delivered or services provided by third parties.

11. Cookies and storage of local information

When accessing or using the application, LOBBY may use technologies such as “cookies” (or similar technologies), which store certain information on your computer (“Local Storage”) and which allow automatic activation of certain features and better use of the service.

The cookies used in the service are created per session, do not include any information about the User, except the session password, which is deleted at the end of the session in the application (usually after 24 hours). Most browsers allow you to erase cookies from your hard drive, accept cookie blocking, or receive a warning before a cookie is stored. To delete or disable the Local Storage option the User must use the configuration option according to the specific instructions provided by the technology provider. However, if the User blocks or deletes cookies the User’s online experience may be limited.

LOBBY uses certain third-party cookies each time the User visits the application or when visiting other websites that use similar cookies without altering the Platform service. Third-party cookies are stored only as non-personal information, such as the history of the web pages visited, the duration of your browsing, etc.

12. Security

• LOBBYprevents, takes care and adopts the technical, human and administrative measures necessary to maintain the security of User information and seeks to prevent its loss, adulteration, access or consultation of unauthorized third parties to the Platform through industry standard technologies and internal procedures, including through the use of symbols and encryption mechanisms. However, LOBBY does not guarantee that unauthorized access will never occur.
• LOBBY has security protocols and access to information, storage and processing systems, including physical security risk control measures. The system is constantly monitored through vulnerability analysis. LOBBY staff who process personal data execute these protocols in order to guarantee the security of the information.
• LOBBY hasa duty to notify Users within 72 hours of a data security breach.
• Access to the different databases is restricted even for employees and collaborators.
• All employees and third parties have signed confidentiality clauses in their contracts and are committed to the proper handling of databases in compliance with the guidelines on the treatment of information established by law.
• It is the user’s responsibility to have all the security controls on their computers or private networks for their navigation to our portals.

13. Changes to the Privacy Policy

Any User information is governed by the Terms and Conditions and Privacy Policy of the Platform, LOBBY reserves the right to modify them at any time, so the User is recommended to visit this page frequently. In the event of any material change, LOBBY will endeavor to post a notice of such modification on the Application.

Any changes to the Privacy Policy shall be effective as of the “last updated” date and the User’s continued use of the service as of the date of last revision shall constitute acceptance thereof.

14. Attention to inquiries, petitions, complaints and claims

Any holder or assignee of Personal Data has the right, free of charge, to make inquiries and requests to LOBBY to know, access, update, rectify, delete information, request data portability and revoke authorization, or to make requests, complaints and claims regarding the Treatment that LOBBY gives to the information.

The Holders may contact the Administrative Area responsible for the attention of requests, complaints and claims through the e-mail [email protected]. Responsible: Stuart Cunningham.

The inquiry must be addressed to the name of the Administrative Area, with the full name of the Holder, the description of the inquiry, request, petition, complaint or claim, the address of residence, contact telephone number and e-mail. The holder of the information must submit and/or attach the following documents:

• If it is the Holder: Valid identity document.
• In the case of a successor: Valid identity document, Civil Registration of Death of the Beneficiary, Document that proves the capacity in which he/she is acting and the number of the Beneficiary’s identity document.
• In the case of a legal representative and/or attorney-in-fact: Valid identity document, document proving the capacity of legal representative and/or attorney-in-fact of the holder and the holder’s identity document number.

In the event that the consultation is incomplete, LOBBY will request the interested party to correct the faults within five (5) days of receipt of the claim. After two months from the date of the request, without the applicant submitting the required information, it will be understood that the claim or request has been withdrawn.

The consultation will be answered within a maximum term of ten (10) business days from the date of filing. When it is not possible to attend the consultation within such term, the reasons for the delay will be informed, and the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

Upon expiration of the respective legal term, LOBBY does not remove from the databases the personal data of the Data Subject who requested it, the Data Subject shall have the right to request the Superintendence of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data.

15. Revocation of authorization and/or deletion of data

Any holder or assignee of Personal Data has the right to request LOBBY the total or partial deletion of their Personal Data. To do so, the procedure established in the previous point of this document will be followed.

The deletion of Data will operate and will be definitive as long as the same: (a) are not being processed in accordance with the provisions of the legislation in force, (b) are no longer necessary for the purpose for which they were collected or, (c) the period of time required to fulfill the purpose for which they were collected has been exceeded.

LOBBY may deny the deletion when: (a) The Data Subject has a legal and/or contractual duty to remain in the database; (b) The deletion of the data would hinder ongoing judicial or administrative proceedings.

16. Validity

The present Information Processing Policies are effective as of July 7, 2018 and the Databases containing the information of the Data Controllers will be valid for a period of 10 years, extendable for equal periods.

17. General

In case of any dispute between the User and LOBBY in relation to the Terms and Conditions and Privacy Policy, the parties agree to bring disputes before the Court of Arbitration of Colombia and agree that such courts are competent to resolve disputes of such claims. The laws of Colombia govern the Terms and Conditions, as well as any claim that may arise between the User and the Platform, regardless of the provisions on conflicts of laws.

17.1 User concerns or doubts

If you have any questions (or comments) about the Privacy Policy, the User can send an email to the following address: [email protected] LOBBY will respond as soon as possible.

17.2 LOBBY Notification and Contact Details

LOBBY is located at the following address and the contact details are as follows, the above for the purpose of being notified of any judicial or any other type of act.

Address: Calle 11 # 43B-50 Office 406

Tel: +57 3116248080

E-mail: [email protected]

Last Update: April 17, 2024.