Privacy policy

Introduction

At RESERVA NATURAL ISLA CLARA S.A.S. ZOMACwe are committed to protecting the personal data of our guests, employees, suppliers, and other data subjects. This Personal Data Processing Manual has been prepared in compliance with current Colombian legislation—particularly Law 1581 of 2012, Law 1266 of 2008and Decrees 1377 of 2013 and 1074 of 2015and in accordance with the guidelines issued by the Superintendence of Industry and Commerce (SIC) regarding personal data protection.

Its purpose is to establish the guidelines and procedures through which the hotel collects, uses, stores, shares, and protects personal information, guaranteeing the fundamental right to habeas data and ensuring the effective application of the principles of legality, purpose limitation, freedom, truthfulness, quality, transparency, restricted access, security, and confidentiality in data processing.

This policy includes special obligations regarding sensitive data, data of children and adolescentsand financial datain accordance with applicable regulations.

Scope of Application

This policy applies to all databases and personal data processing activities in which RESERVA NATURAL ISLA CLARA S.A.S. ZOMAC acts as the data controller. It covers personal information collected through our online reservation systems, video surveillance cameras, biometric access controls, WiFi networks offered to guests, digital forms (website and mobile applications), and social media interaction channels, as well as personal data obtained in person at our facilities (e.g., during guest check-in).

It also includes financial and asset-related personal data collected to process payments, personal data of minors obtained in connection with family services, images of employees and visitors captured during our activities, and, in general, any sensitive or confidential data whose administration is our responsibility.

Statement of Legal Compliance

This policy incorporates the provisions of Statutory Law 1581 of 2012 (General Personal Data Protection Regime) and its implementing decrees, as well as Statutory Law 1266 of 2008 financial and credit data protection). Where personal data processing is governed by Law 1266 of 2008, the specific rules of that law shall apply in conjunction with the principles of Law 1581 of 2012.

Additionally, the hotel ensures compliance with instructions and guidelines issued by the SIC, including those related to the processing of minors’ data, use of images, security incident management, and the implementation of the accountability principleAll employees and contractors of RESERVA NATURAL ISLA CLARA S.A.S. ZOMAC who handle personal data must observe this policy and ensure its full application.

Definitions

For ease of understanding, the following basic definitions are provided in accordance with Law 1581 of 2012, Article 3:

Personal Data: Any information linked or that may be associated with an identified or identifiable natural person (e.g., name, identification number, phone number, email address, fingerprint, video image).

Public Data: Personal information classified as public by law or the Constitution, or that is neither private nor sensitive, such as marital status, profession, status as a merchant or public servant, and information contained in public records.

Private Data: Personal information of an intimate or reserved nature, known only to its owner.

Semi-Private Data: Information that is not intimate or reserved but whose disclosure may be of interest to a specific group or sector (e.g., credit history).

Sensitive Data: Data affecting the data subject’s privacy or whose misuse may result in discrimination, including ethnic origin, political orientation, religious or philosophical beliefs, union membership, physical or mental health, genetic data, biometric data (fingerprints, facial features, iris), and sexual life.

Data Subject: The natural person to whom the personal data refers.

Data Controller: The legal entity (the hotel) that decides on the database and the processing of personal data.

Data Processor: A natural or legal person who processes personal data on behalf of the controller.

Processing: Any operation performed on personal data, such as collection, storage, use, circulation, or deletion.

Authorization: Prior, express, and informed consent granted by the data subject for the processing of their personal data.

Guiding Principles for Data Processing

RESERVA NATURAL ISLA CLARA S.A.S. ZOMAC fully adopts the guiding principles established in Article 4 of Law 1581 of 2012, which govern all personal data processing activities carried out by the hotel:

Legality

Purpose Limitation

Freedom

Truthfulness or Quality

Transparency

Restricted Access and Circulation

Security

Confidentiality

All personal data is handled with the technical, human, and administrative measures necessary to prevent unauthorized access, loss, misuse, or fraud.

Processing of Special Categories of Data

The hotel observes special obligations when processing sensitive data, minors’ data, and financial or credit data, in accordance with the law and SIC guidelines:

Sensitive Data

Processing is generally prohibited unless the data subject gives explicit prior consent or a legal obligation exists. Biometric data is collected exclusively for internal security or access control purposes, with encryption and strict confidentiality safeguards.

Data of Children and Adolescents

The hotel refrains from collecting or processing minors’ private data without verifiable parental or legal guardian authorization and a clear purpose that benefits the minor. The use of minors’ images for marketing purposes is strictly prohibited without written authorization.

Financial and Credit Data

Financial and payment-related data is processed with heightened security and confidentiality, strictly for payment processing, pre-authorizations, or refunds, and in compliance with Law 1266 of 2008 and international standards such as PCI DSS, where applicable.

Purposes of Data Collection and Use

Personal data processing is carried out exclusively for legitimate purposes, including but not limited to:

Hotel reservations and service provision

Loyalty programs and marketing (with consent)

Video surveillance for physical security

Biometric access control

WiFi internet services

Online forms and social media interactions

Employee and human resources management

Supplier and business partner management

No incompatible or additional processing will be carried out without new authorization from the data subject.

Rights of Data Subjects

In accordance with Article 8 of Law 1581 of 2012, data subjects have the right to:

Access and consult their data

Update and rectify inaccurate data

Request deletion or suppression

Revoke authorization

File complaints with the SIC

The exercise of these rights is free of charge.

Procedures for Requests and Complaints

RESERVA NATURAL ISLA CLARA S.A.S. ZOMAC has established clear procedures, response times, and contact channels to address data subject requests and complaints, fully complying with applicable law.

Contact Information:

Email: ecohotelislaclara1@gmail.com

Website: www.islaclarahotel.com

Address: Zona Rural Vereda Río Claro – San Francisco, Antioquia

Phone: +57 314 8119727

Security Measures and Confidentiality

The hotel implements administrative, technical, and physical security measures, including access controls, encryption, backups, monitoring mechanisms, secure deletion procedures, risk assessments, and incident notification protocols, in line with SIC guidance and best international practices.

International Data Transfers

Where international data transfers or transmissions are required, the hotel ensures adequate protection levels, contractual safeguards, SIC authorizations when necessary, and explicit data subject consent, in compliance with Law 1581 of 2012.

Integration with Compliance Programs (SAGRILAFT and PTEE)

The hotel integrates data protection principles into its anti-money laundering (SAGRILAFT) and corporate ethics (PTEE) programsensuring confidentiality, proportionality, and lawful processing.

National Database Registry (RNBD)

RESERVA NATURAL ISLA CLARA S.A.S. ZOMAC complies with its obligations to register applicable databases with the National Database Registry (RNBD) and to report updates and annual claims, as required by the SIC.

Validity and Updates

This Personal Data Processing Policy is effective as of November 15, 2025 and remains in force until modified. Any substantial changes will be communicated to data subjects through official channels.

Data Controller:

RESERVA NATURAL ISLA CLARA S.A.S. ZOMAC

NIT 901.524.037-1

San Francisco, Antioquia

Address: Zona Rural Vereda Río Claro

Email: gerencia@islaclarahotel.com

Phone: +57 314 359 5274

Discover our ecosystem

Language

Spanish | English

CONTACT

Let's stay in touch.

Whether you're planning your stay or simply dreaming of the island, we're here to help. Send us a message. We'll get back to you shortly.